Hacked by my neighbour who is using kali Linux I think
.
I have a BT hub 6A it’s my 4th one. So my walls are thin enough for me to know my neighbours have hacked me. I can often hear them bragging about it. I’ve called BT so many times like more than 15 and they say it’s fine their end but yet every device I have has been modified. Anyway. I have used an app called Fing to do some port scans and to get some info. I have screenshots but I can’t put them up in here by the looks of it. Anyway my router shows up as BTHUB. It says it’s netbios name is BTHUB (have no idea what that is) and it’s saying it’s a file server. So a scan reveals that the following ports are open 53 Domain name server 80 Http But then I get this 139 Netbios-ssn 443 Secure World Wide Web ssl 445 Microsoft-ds Smb directly over IP 8888 Sun-answerbook Sun answer http server or gnump3d streaming music server 10080 Amanda Amanda backup util Sometimes I’m getting a upnp port opening as well on 1900 5000 When I use another device I constantly have this port open 62078 Iphone-sync I read online that apparently this is a way that some hackers are able to remotely access devices. Is there anyone who can tell me what’s going on. I keep upnp off now because of it but yet they are still able to log on and switch it on and come set port forward rules from port 0 to 0 it says on the technical log. I’m not sure if this is supposed to happen but I have a loop back on my router 127.0.0.1 and I’m pretty sure they have forced my IP to remain static. Not only this when you go to the IPv6 settings there is no dns it says not available. When I went on my pc it said there was no IPv6 connection at all. Also when I do a portscan localhost using my iPhone I get the following ports open 1080 Socks 1083 Ansoft-lm-1 Anasoft license manager 8021 FTP-proxy Common ftp proxy port. Also I have seen something on my computer screen called teredo isatap where it says media disconnected. I’ve had my email password blocked about 40 times this is not an exaggeration. I think they are using Cisco equipment to link up our hubs. When I leave the house and connect to a friends Wifi if I do a localhost scan on fing I get 1990 Stun p1 Cisco It is saying my address assignment is static. That IPv6 is not configured on the technical logs it has shown some unusual MAC addresses but then they disappear off the devices. I am getting new static route added with an External IP address that hasn’t changed. Also with this fing app you can see upnp service info. For my router I get this Hostname bthub Upnp name BT Homehub 6.0A Upnp services WanCommonInterfaceConfig(1) WanPPPConnection(1) Net bios name BTHUB File server : Yes I am also getting NFLC Media Server show up when there is nothing except my phone connected. I did a cmd net local group I think and it came up with IPC$ and ADMIN$ which means someone is remotely logging in as admin and is sharing files. I have done a scan over my mums she lives across the road and they’ve tried to stop me from using her Wifi in the past. When I do a port scan on her router she’s with virgin we get 80 Http 1900 Upnp 5000 Complex main upnp Her upnp services then show as Layer3Forwarding(1) WanCommonInterfaceConfig(1) WanIPConnection(1) And she had a few unknown devices on there as well. I’ve spoke to BT and they are swearing blind that I can’t be hacked it’s not possible but it seems to be all these servers popping. I have a upnp scanner on my android and randomly after some code has been changed it’s showing that they are trying to make requests using that. I just don’t know what or who else to ask please help |
I would change your passwords, lock the BT 6 down at the MAC (level 2) level, so only certain MAC addresses can connect. Disable administration through the wireless interface and remotely, close the ports you're not using, set ports 1 to 1024 to outgoing only, but only the ones you use, ie 53, 80, 443; allow high ports only (1024:65535) for incoming traffic, get a vpn service, put packet filtering firewalls on all PCs on the network.
Choose passwords that are at least 8 characters long, with at least one uppercase letter, one number and one special character (above the number keys). Choose passwords that are easy to remember and difficult to guess. The BT 6A is not secure out of the box. It's not a great security appliance. But it doesn't cost much. If yours is not flexible enough to allow the control I've recommended, you could look for a Watchguard on eBay. |
Quote:
|
Yeah you can’t do that on this hub. Well if you can I don’t know how to.
How do I disable adminstrarion through wireless interface and remotely How do I port forward what numbers do I choose I got a vpn I’m using nord but they’ve put on my devices IPsec VPN and its tunnelling my connection to them I think. I don’t know what packet filtering I’m thinking of getting netgear nighthawk x6 r8000 Also can you make head or tail of this I think they’ve made it so I constantly got a static IP which is going in their favour I have no IPv6 connection on the pc or dns in my hub settings and its saying my ip is static I did landroid and had this back Interfaces: dummy0 MAC: a2:4e:97:92:87:e9 sit0 p2p0 MAC: d6:0b:1a:5e:0f:74 lo IPv6: ::1 IPv4: 127.0.0.1 rmnet_usb0 MAC: a2:4c:70:ae:34:fe wlan0 IPv6: fdaa:bbcc:ddee:0:6897:ff42:1f05:e3c3 IPv6: 2a00:23c4:4f0f:a200:6897:ff42:1f05:e3c3 IPv6: 2a00:23c4:4f0f:a200:d60b:1aff:fe5e:f74 IPv6: fe80::d60b:1aff:fe5e:f74 IPv6: fdaa:bbcc:ddee:0:d60b:1aff:fe5e:f74 IPv4: 192.168.1.68 MAC: d4:0b:1a:5e:0f:74 Bytes: 90,609 IN, 21,450 OUT Packets: 163 IN, 215 OUT rev_rmnet0 MAC: ce:ff:22:0b:02:ae rev_rmnet1 MAC: fa:54:aa:ee:f9:47 rev_rmnet6 MAC: 06:1f:05:28:38:6e rev_rmnet5 MAC: ce:a1:eb:f5:32:72 rev_rmnet7 MAC: d6:ba:ad:44:3d:99 rev_rmnet3 MAC: ca:a5:b8:fc:03:3d rev_rmnet2 MAC: e6:09:ee:80:a1:5f rev_rmnet4 MAC: 2a:96:f2:26:e3:65 rev_rmnet8 MAC: 0a:c5:be:1c:de:b0 rmnet0 rmnet1 rmnet6 rmnet5 rmnet7 rmnet3 rmnet2 rmnet4 Ipv4 Routes: 192.168.0.0/255.255.0.0 dev wlan0 192.168.1.254/255.255.255.255 dev wlan0 default via 192.168.1.254 dev wlan0 IPv6 Routes: 2a00:1450:4009:809::200a/128 via fe80::42c7:29ff:fe17:7c25 dev wlan0 2a00:1450:4009:80a::2004/128 via fe80::42c7:29ff:fe17:7c25 dev wlan0 2a00:1450:4009:80a::200e/128 via fe80::42c7:29ff:fe17:7c25 dev wlan0 2a00:1450:4009:80c::200a/128 via fe80::42c7:29ff:fe17:7c25 dev wlan0 2a00:1450:400c:c09::bc/128 via fe80::42c7:29ff:fe17:7c25 dev wlan0 2a00:1450:4010:c0d::bc/128 via fe80::42c7:29ff:fe17:7c25 dev wlan0 2a00:23c4:4f0f:a200:6897:ff42:1f05:e3c3/128 dev lo 2a00:23c4:4f0f:a200::/64 dev wlan0 2a00:23c4:4f0f:a200:d60b:1aff:fe5e:f74/128 dev lo ::1/128 dev lo default dev lo default via fe80::42c7:29ff:fe17:7c25 dev wlan0 fdaa:bbcc:ddee:0:6897:ff42:1f05:e3c3/128 dev lo fdaa:bbcc:ddee:0:d60b:1aff:fe5e:f74/128 dev lo fdaa:bbcc:ddee::/64 dev wlan0 fe80::/64 dev wlan0 fe80::d60b:1aff:fe5e:f74/128 dev lo ff00::/8 dev wlan0 ff02::1/128 dev wlan0 ff02::1:ff05:e3c3/128 dev wlan0 Wifi connection: AP(BSSID): 40:c7:29:17:7c:28 Name(SSID): "BTHub6-MX3S" Signal(Rssi): -70 IP: 192.168.1.68 Netmask: 0.0.0.0 Gateway: 192.168.1.254 Dns1: 8.8.8.8 Dns2: 0.0.0.0 Dhcp Server: 0.0.0.0 Lease duration: 0s Sockets Information: sockets: used 211 TCP: inuse 0 orphan 0 tw 2 alloc 1 mem 1 UDP: inuse 0 mem 0 UDPLITE: inuse 0 RAW: inuse 0 FRAG: inuse 0 memory 0 I used another tool on my iPhone and this for my iPhone ap1: Flags: BROADCAST / MULTICAST / ARP awdl0: Address IPv6: fe80::94fe:84ff:fedd:6515 Flags: BROADCAST / UP / RUNNING / MULTICAST / ARP NetMask IPv6: ffff:ffff:ffff:ffff:: en0: Address IPv4: 192.168.1.80 Address IPv6: 2a00:23c4:4f0f:a200:f12d:9f2d:df66:37dd Destination IPv4: 192.168.255.255 Flags: BROADCAST / UP / RUNNING / MULTICAST / ARP NetMask IPv4: 255.255.0.0 NetMask IPv6: ffff:ffff:ffff:ffff:: en1: Flags: BROADCAST / UP / RUNNING / MULTICAST / ARP en2: Flags: BROADCAST / UP / RUNNING / MULTICAST / ARP ipsec0: Flags: POINTTOPOINT / UP / RUNNING / MULTICAST / ARP ipsec1: Flags: POINTTOPOINT / UP / RUNNING / MULTICAST / ARP ipsec2: Flags: POINTTOPOINT / UP / RUNNING / MULTICAST / ARP ipsec3: Address IPv4: 10.6.6.77 Destination IPv4: 10.6.6.77 Flags: POINTTOPOINT / UP / RUNNING / MULTICAST / ARP NetMask IPv4: 255.255.255.255 lo0: Address IPv4: 127.0.0.1 Address IPv6: fe80::1 Destination IPv4: 127.0.0.1 Destination IPv6: ::1 Flags: UP / LOOPBACKNET / RUNNING / MULTICAST / ARP NetMask IPv4: 255.0.0.0 NetMask IPv6: ffff:ffff:ffff:ffff:: pdp_ip0: Flags: POINTTOPOINT / MULTICAST / ARP pdp_ip1: Flags: POINTTOPOINT / MULTICAST / ARP pdp_ip2: Flags: POINTTOPOINT / MULTICAST / ARP pdp_ip3: Flags: POINTTOPOINT / MULTICAST / ARP pdp_ip4: Flags: POINTTOPOINT / MULTICAST / ARP utun0: Address IPv6: fe80::21c5:34f2:b95e:518f Flags: POINTTOPOINT / UP / RUNNING / MULTICAST / ARP NetMask IPv6: ffff:ffff:ffff:ffff:: Any chance that makes sense |
I think they are performing a man in the middle attack Because when I’m going between sites the tool I got is showing that I’m dropping down to http and being redirected to ad sites and then when I get back to the site it’s https again
|
Quote:
Quote:
If you have any trouble finding the configuration pages for specific things, google is a wonderful tool for getting you by in those situations. Or even the routers manual. And googling port forwarding or anything really. Quote:
Packet capturing is the analysis of network traffic, some great tools to get you started for that are wireshark, snort, and/or hexinject. Google them and you will be analyzing network traffic in no time. If you really wanted to go the extreme you could download ipfire and setup a PC with at least 2 nics to run on your network. Most likely modem->router because you want protection from the internet at least. It has a built in intrusion detection system that uses snort for intel gathering. However, why monitor a problem if you don't fix it? You can the get the guardian addon and turn your ids into an intrusion prevention system because it automatically stops ssh brute force attacks, well known httpd attacks, and automatically drops suspected packets. Going based on a set of community rules. Now with all that said, I think dugan said it perfectly ... Have you asked them to stop? If they are bragging about it they sound like kids who might have discovered hydra or aircrack-ng and a neighbor with weak passwords. I would definitely recommend a solid password for everything. Or going over to their house and raising hell like a neighborly feud should play out :) |
Yeah I asked them to stop and they reported me for harassment to the police. And now the police expect me to prove it. Action fraud are useless I’ve had my accounts hacked so many times. Then there’s ddos attack I had. I don’t have a router yet I’m going to get one now. They are using Cisco equipment because when I do a port scan over localhost I get stunp1 Cisco tunnelling. So I need something to match it I think they are using metasploit they are also using team viewer with a terminal so they can see my screen. I can see from the logs. They are using something called teredo isatap something. I have the ability to port forward but I don’t really understand how to do it and what ports to use. I think I’m connected to them by a vlan because it keeps showing up on my logs on the BT hub.
I’m thinking of getting rid of everything and starting from scratch with a high security router with ssid off maybe even getting a physical firewall. If I get stuck can you direct message on here and would you mind if I did ? I’m really sorry bud I’m new to all this they are deffo using Linux tho. I wanted to mention as well is that they are coming into the network port forwarding at port 0 and turning on upnp to guide and hack my devices how is that possible ? |
Quote:
|
Sounds like a headache having malicious neighbors like that to deal with. Yea, I would definitely recommend starting the whole network from scratch with a good secure router. And locking everything down before you even go online, no bssid broadcast and a overly strong password. Yea, I was given a p220 firewall from palo alto networks, so I'm going to experiment with that on my home network when it gets here. And if you get stuck feel free to contact me however, private or public I would love to help the best I can. Just note, I'm not a professional in security, my major is in development. I'm a cyber security enthusiast, I guess you can say..
Quote:
|
Quote:
Can you add people as friends on here ? |
Hey ... Gotta look at the bright side right? lol, they gained you knowledge so jokes on them.. And honestly, I guess I would probably look at it as a game. I'm not an important person and anyone with any information on me really isn't going to have much because I'm not a high target. But even though I could care less if I got hacked by a neighbor, I strongly believe in privacy and security for all on the internet. However, I would play the game and attack back. Only because they started it. I hate people who are malicious by default. Anyway, I befriended you, let me know if you need any help in the future.
|
Quote:
|
I’m learning networking atm I’m just finishing up how to share file and printers on a workgroup. That’s how basic my knowledge is atm. But you wait it won’t take me long to catch up
|
I can’t work out how to pm on here I don’t know if it’s because I’m using my iPhone. How do you do it
|
How likely would you say this scenario is?
They connected to your router's unsecured wifi network and got into your router's administration page via its default password (which wasn't changed). |
All times are GMT -5. The time now is 01:09 AM. |