Jump to content
SleeplessinMacWorld

Mac Attacked. Please help my friend.

Recommended Posts

I wish I had the solution to this problem, but alas I don't so I am throwing it to the forum. I have a friend who received a call from her ISP. She tells me that her ISP accused her of downloading files from the Internet illegally. So apparently it seems someone is using her IP for their own selfish gain. I didn't think this was possible betwen the firewall and 128 bit encryption but I have not reached uber mac status. Is there anything she can do to prevent this from happening in the future. Thanks all.

Share this post


Link to post
Share on other sites

There are a few possibilities here besides her machine being compromised.

 

First, is she sure it was her ISP who called? She should get a name of a supervisor and call them herself using a phone number available to the public. It could be somebody phishing on the phone.

 

Second, I can't do it, but, I know it's possible to spoof an IP without access to the machine. Are they 'illegal' files present on her machine?

 

Does anyone else have physical access to her machine or did at the time the files were alledgedly downloaded?

Share this post


Link to post
Share on other sites

WEP has been well and truly cracked, in 64-bit and 128-bit.

 

Change to WPA immediately and choose a non-dictionary word as a password. If the router does not support WPA then change the WEP password on a daily basis.

Share this post


Link to post
Share on other sites
WEP has been well and truly cracked, in 64-bit and 128-bit.

 

Change to WPA immediately and choose a non-dictionary word as a password. If the router does not support WPA then change the WEP password on a daily basis.

 

 

She hasnt used any Wifi. Its all through an ethernet cable no router..

Share this post


Link to post
Share on other sites
There are a few possibilities here besides her machine being compromised.

 

First, is she sure it was her ISP who called? She should get a name of a supervisor and call them herself using a phone number available to the public. It could be somebody phishing on the phone.

 

Second, I can't do it, but, I know it's possible to spoof an IP without access to the machine. Are they 'illegal' files present on her machine?

 

Does anyone else have physical access to her machine or did at the time the files were alledgedly downloaded?

 

Yes she is sure. The strange thing is this.. this is what she replied to me with:

 

The strangest thing is that the whole thing occurred while I was in

Sacramento. I know the hotel high speed isn't super secure and I did

leave it on/plugged in for long periods of time so maybe someone was

able to hack in? But I didn't think my dsl IP would still reside on the

mac while I'm not at home.

Share this post


Link to post
Share on other sites
Yes she is sure. The strange thing is this.. this is what she replied to me with:

 

The strangest thing is that the whole thing occurred while I was in

Sacramento. I know the hotel high speed isn't super secure and I did

leave it on/plugged in for long periods of time so maybe someone was

able to hack in? But I didn't think my dsl IP would still reside on the

mac while I'm not at home.

 

"Not super secure" is an extreme understatement. Pretty much all hotel high speed connections are inherently insecure.

 

So, this is a laptop which she used on the road? Whenever one connects to someone elses network the machine is exposed to everybody else on the network at the time. So, if that's the case, it's not only possible but likely someone could have discovered her IP and used it to disguise their machine.

 

This really isn't a hack. Her machine was unlikely active in the downloading.

Share this post


Link to post
Share on other sites
"Not super secure" is an extreme understatement. Pretty much all hotel high speed connections are inherently insecure.

 

So, this is a laptop which she used on the road? Whenever one connects to someone elses network the machine is exposed to everybody else on the network at the time. So, if that's the case, it's not only possible but likely someone could have discovered her IP and used it to disguise their machine.

 

This really isn't a hack. Her machine was unlikely active in the downloading.

 

 

Thanks Huskermn. I will pass that information along. I am sure she will be grateful. Is there any application she can download when on business to prevent this from occuring in the future. Thanks again!

Share this post


Link to post
Share on other sites
"Not super secure" is an extreme understatement. Pretty much all hotel high speed connections are inherently insecure.

 

So, this is a laptop which she used on the road? Whenever one connects to someone elses network the machine is exposed to everybody else on the network at the time. So, if that's the case, it's not only possible but likely someone could have discovered her IP and used it to disguise their machine.

 

This really isn't a hack. Her machine was unlikely active in the downloading.

 

The statement it is "likely someone could have discovered her IP and used it to disguise their machine", especially in the context of file-sharing is not one I agree with.

 

The first problem is this. She is on the hotel network. Clearly she is not being blamed for file-sharing in the hotel as it is her home ISP, not the hotel's ISP, whi is making the accusation.

 

Therefore you are suggesting somebody was able to tell what her home's external IP address was from the hotel network they were bnoth connected to? Well unless she connected in some way to her home network from the hotel then this is really, really unlikely. They would have had to actually hack into her OS X account and start reading through logs or check her System Preferences. In toher words they would have to run an exploit to get into her system. Highly unlikely.

 

And even if this has happened there would still be the problem of spoofing her IP address in a file-sharing context. Spoofing IP addresses in email headers is one thing but spoofing IP addresses in a TCP handshake for file-sharing is another completely, and highly, highly unlikely.

 

To quote Wikipedia:

"Some upper layer protocols provide their own defense against IP spoofing. For example, Transmission Control Protocol (TCP) uses sequence numbers negotiated with the remote machine to ensure that arriving packets are part of an established connection. Since the attacker normally can't see any reply packets, he has to guess the sequence number in order to hijack the connection."

 

And then even if this were possible, it is likely the friend in question has a dynamic IP address at her home. So once the IP address changes the spoofer is lost.

 

The only bit of what you wrote that I agree with is:"Pretty much all hotel high speed connections are inherently insecure." There are many things to be wary of on hotel networks but this is not one of them.

 

Most likely:

1. The friend has Wifi at home which is not secure and is being used by others.

2. The friend has a Windows PC at home in addition to her Mac.

3. The friend has actually downloaded something through Limewire, Azureus or whatever.

4. The friend is running a service or making connections on a port usually assocaited with file sharing (e.g. She connectes to an FTP server which has been configured on port 9090, a port usually associated with file sharing)

5. Her ISP made an error.

 

:)

Edited by doz

Share this post


Link to post
Share on other sites

Or...

 

6. The spoofer picked an IP at random and they were just unlucky. It does happen.

Share this post


Link to post
Share on other sites
Most likely:

1. The friend has Wifi at home which is not secure and is being used by others.

2. The friend has a Windows PC at home in addition to her Mac.

3. The friend has actually downloaded something through Limewire, Azureus or whatever.

4. The friend is running a service or making connections on a port usually assocaited with file sharing (e.g. She connectes to an FTP server which has been configured on port 9090, a port usually associated with file sharing)

5. Her ISP made an error.

 

:)

 

I think there are still some other strong possibilities, but we would have to know more context to be sure. For example:

 

A - Does her home setup use a static IP address or a dynamically-assigned IP address via DHCP? The latter is certainly more common, but static IP addresses aren't necessarily rare either. If she has a static IP address it may still be hard to spoof, but the possibility of getting hacked at home is certainly higher...

 

B - Has she contacted the hotel chain to find out if they've had any other reports of possible "inside jobs"? For example, the network administrator(s) for a loosely monitored hotel network could probably harvest a lot of information (IP addresses, passwords, etc) from the machines that connect up through that network. Once an unscrupulous hacker gets that information, who knows where it might travel and how it might be used.

 

 

- Tim

Share this post


Link to post
Share on other sites
WEP has been well and truly cracked, in 64-bit and 128-bit.

 

Change to WPA immediately and choose a non-dictionary word as a password. If the router does not support WPA then change the WEP password on a daily basis.

 

I find this topic VERY interesting and want to know more. (Thanks for posting sleepless)

I have my personal home router set to use WPA2 Personal because that's what another tech told me to use a while back. Well, that works great if there are just Macs in the house. When I went out to visit my folks out east with my MBP and wanted to secure the router, I did the same thing and my Mom and I could connect just fine with our MacBooks using a password. When my brothers tried to connect wirelessly on their PCs, my one brother flipped out on me because he couldn't connect using WPA2. So we spent 2 hours setting up his router, upgrading the firmware, blah blah blah, to use WEP and generate a long key so we could all connect. Now you say WEP isn't as secure and it only figures!

 

Now my F-I-L is here to visit us for a while and has a Dell notebook and because this is a Mac house, he can't connect wirelessly. (ok, I'm really trying not to smirk here - not doing a very good job of it though)....so......what is the answer? How can Macs and PeeCees both connect wirelessly and be secure on the same network?

 

(I know the answer is for everyone to just get a Mac, but I'm workin on it!!!)

 

Thanks!

Mom

Share this post


Link to post
Share on other sites

Depends on the wireless card installed. Modern wireless cards support WPA no matter what machine they're installed in. Don't bother using WEP. It can be cracked in 10 minutes by pretty much anyone.

 

The only way to secure your network without WPA (in my opinion) is to use MAC filtering. You will limit which devices can access your network based on their MAC address (which is to say that particular network adapter's hardware address - these can't be changed without some considerable skill). How you set this up depends on what router you're using.

Share this post


Link to post
Share on other sites

I don't think I could do it, but, Steve Gibson and Leo Laporte talked about MAC spoofing quite awhile back.

 

I'd suggest looking through the Security Now podcast archives and listening to them. Great info every week on security.

 

If their PCs don't support WPA (must be fairly old) and they're only there temporarily, I probably wouldn't even bother with security.

Share this post


Link to post
Share on other sites

Here's the thing...I have a Linksys WRT54G v8 here at home AND at the clinic I do tech support for. I know not everyone is a fan of Linksys, but it's what was recommended to me and what is working out -knock on wood- quite well. While my F-I-L is here with his piece of crap Dell which is ancient, I had no choice but to use WEP and now I can't remember if it was 128 or 64, but it's all that would work. I hate the fact that I have to compromise my security so his POS can connect, but that's the way it is for now and it won't last forever.

 

Now, at the clinic, the only one using a Dell laptop is my client and I had a another PC tech working with me and he tried to get it to connect wirelessly but it wouldn't and I had no other choice to use WEP. It wouldn't connect with anything else either. I don't know how old his laptop is but I saw that it is running XP. It makes me nervous because I would rather not have it set up using WEP since the other 2 Mac laptops will be accessing it more than his PC laptop.

 

Do you think I should tell him that if he wants to bring his laptop on site, he has to connect to the net with one of 3 different ethernet cables and not be wireless? I don't want to have to do that, but he probably won't care since I don't think he's planning on bringing his laptop in all that much.

Share this post


Link to post
Share on other sites

Sorry, when I said I wouldn't bother with security, I was thinking of a home network of Macs, not a Health Care provider with patient information.

 

I don't have any problem with Linksys routers. I have one at home and one I set up for a friend. Seem to be fairly reliable.

 

While WEP is probably OK on a temporary basis a hard wired connection is almost always better from a security standpoint. If you're a real network geek (I'm not) you could probably lock the machine out of everything on the network except the internet.

Share this post


Link to post
Share on other sites

I don't know what the situation is over there, but the data protection act over here says that personal information must be kept secure to the best of the system operator's ability (or words to that effect) and in my opinion using WEP is not an option. It would be illegal over here (especially with information as sensitive as that). A hard wired connection would be your only option if their laptop is such a piece of crap.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing

    No registered users viewing this page.

  • Who's Online (See full list)

    There are no registered users currently online

×