LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-19-2018, 06:33 AM   #1
Danwilliams1989
LQ Newbie
 
Registered: Feb 2018
Location: Swansea
Distribution: Ubuntu
Posts: 27

Rep: Reputation: 0
Exclamation Hacked by my neighbour who is using kali Linux I think


.

I have a BT hub 6A itís my 4th one.

So my walls are thin enough for me to know my neighbours have hacked me. I can often hear them bragging about it. Iíve called BT so many times like more than 15 and they say itís fine their end but yet every device I have has been modified. Anyway.

I have used an app called Fing to do some port scans and to get some info. I have screenshots but I canít put them up in here by the looks of it.

Anyway my router shows up as BTHUB.
It says itís netbios name is BTHUB (have no idea what that is) and itís saying itís a file server.

So a scan reveals that the following ports are open

53
Domain name server
80
Http

But then I get this
139
Netbios-ssn

443
Secure World Wide Web ssl

445
Microsoft-ds
Smb directly over IP

8888
Sun-answerbook
Sun answer http server or gnump3d streaming music server

10080
Amanda
Amanda backup util

Sometimes Iím getting a upnp port opening as well on 1900
5000

When I use another device I constantly have this port open

62078
Iphone-sync

I read online that apparently this is a way that some hackers are able to remotely access devices.
Is there anyone who can tell me whatís going on.

I keep upnp off now because of it but yet they are still able to log on and switch it on and come set port forward rules from port 0 to 0 it says on the technical log.

Iím not sure if this is supposed to happen but I have a loop back on my router 127.0.0.1 and Iím pretty sure they have forced my IP to remain static.

Not only this when you go to the IPv6 settings there is no dns it says not available.

When I went on my pc it said there was no IPv6 connection at all.

Also when I do a portscan localhost using my iPhone I get the following ports open

1080
Socks

1083
Ansoft-lm-1
Anasoft license manager

8021
FTP-proxy
Common ftp proxy port.

Also I have seen something on my computer screen called teredo isatap where it says media disconnected.

Iíve had my email password blocked about 40 times this is not an exaggeration.

I think they are using Cisco equipment to link up our hubs.

When I leave the house and connect to a friends Wifi if I do a localhost scan on fing I get

1990
Stun p1 Cisco

It is saying my address assignment is static.
That IPv6 is not configured on the technical logs it has shown some unusual MAC addresses but then they disappear off the devices.

I am getting new static route added with an External IP address that hasnít changed.

Also with this fing app you can see upnp service info.
For my router I get this

Hostname bthub
Upnp name BT Homehub 6.0A

Upnp services

WanCommonInterfaceConfig(1)
WanPPPConnection(1)

Net bios name BTHUB
File server : Yes

I am also getting NFLC Media Server show up when there is nothing except my phone connected.

I did a cmd net local group I think and it came up with IPC$ and ADMIN$ which means someone is remotely logging in as admin and is sharing files.

I have done a scan over my mums she lives across the road and theyíve tried to stop me from using her Wifi in the past.

When I do a port scan on her router sheís with virgin we get

80
Http

1900
Upnp

5000
Complex main upnp

Her upnp services then show as

Layer3Forwarding(1)
WanCommonInterfaceConfig(1)
WanIPConnection(1)

And she had a few unknown devices on there as well.

Iíve spoke to BT and they are swearing blind that I canít be hacked itís not possible but it seems to be all these servers popping. I have a upnp scanner on my android and randomly after some code has been changed itís showing that they are trying to make requests using that.

I just donít know what or who else to ask please help
 
Old 02-19-2018, 08:33 PM   #2
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,513

Rep: Reputation: 1012Reputation: 1012Reputation: 1012Reputation: 1012Reputation: 1012Reputation: 1012Reputation: 1012Reputation: 1012
I would change your passwords, lock the BT 6 down at the MAC (level 2) level, so only certain MAC addresses can connect. Disable administration through the wireless interface and remotely, close the ports you're not using, set ports 1 to 1024 to outgoing only, but only the ones you use, ie 53, 80, 443; allow high ports only (1024:65535) for incoming traffic, get a vpn service, put packet filtering firewalls on all PCs on the network.

Choose passwords that are at least 8 characters long, with at least one uppercase letter, one number and one special character (above the number keys). Choose passwords that are easy to remember and difficult to guess.

The BT 6A is not secure out of the box. It's not a great security appliance. But it doesn't cost much. If yours is not flexible enough to allow the control I've recommended, you could look for a Watchguard on eBay.
 
Old 02-19-2018, 08:38 PM   #3
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 10,292

Rep: Reputation: 4845Reputation: 4845Reputation: 4845Reputation: 4845Reputation: 4845Reputation: 4845Reputation: 4845Reputation: 4845Reputation: 4845Reputation: 4845Reputation: 4845
Quote:
So my walls are thin enough for me to know my neighbours have hacked me. I can often hear them bragging about it.
Have you tried asking them to stop?
 
2 members found this post helpful.
Old 02-19-2018, 08:44 PM   #4
Danwilliams1989
LQ Newbie
 
Registered: Feb 2018
Location: Swansea
Distribution: Ubuntu
Posts: 27

Original Poster
Rep: Reputation: 0
Yeah you canít do that on this hub. Well if you can I donít know how to.

How do I disable adminstrarion through wireless interface and remotely

How do I port forward what numbers do I choose

I got a vpn Iím using nord but theyíve put on my devices IPsec VPN and its tunnelling my connection to them I think.

I donít know what packet filtering

Iím thinking of getting netgear nighthawk x6 r8000

Also can you make head or tail of this I think theyíve made it so I constantly got a static IP which is going in their favour

I have no IPv6 connection on the pc or dns in my hub settings and its saying my ip is static

I did landroid and had this back


Interfaces:
dummy0
MAC: a2:4e:97:92:87:e9
sit0
p2p0
MAC: d6:0b:1a:5e:0f:74
lo
IPv6: ::1
IPv4: 127.0.0.1
rmnet_usb0
MAC: a2:4c:70:ae:34:fe
wlan0
IPv6: fdaa:bbcc:ddee:0:6897:ff42:1f05:e3c3
IPv6: 2a00:23c4:4f0f:a200:6897:ff42:1f05:e3c3
IPv6: 2a00:23c4:4f0f:a200:d60b:1aff:fe5e:f74
IPv6: fe80::d60b:1aff:fe5e:f74
IPv6: fdaa:bbcc:ddee:0:d60b:1aff:fe5e:f74
IPv4: 192.168.1.68
MAC: d4:0b:1a:5e:0f:74
Bytes: 90,609 IN, 21,450 OUT
Packets: 163 IN, 215 OUT
rev_rmnet0
MAC: ce:ff:22:0b:02:ae
rev_rmnet1
MAC: fa:54:aa:ee:f9:47
rev_rmnet6
MAC: 06:1f:05:28:38:6e
rev_rmnet5
MAC: ce:a1:eb:f5:32:72
rev_rmnet7
MAC: d6:ba:ad:44:3d:99
rev_rmnet3
MAC: ca:a5:b8:fc:03:3d
rev_rmnet2
MAC: e6:09:ee:80:a1:5f
rev_rmnet4
MAC: 2a:96:f2:26:e3:65
rev_rmnet8
MAC: 0a:c5:be:1c:de:b0
rmnet0
rmnet1
rmnet6
rmnet5
rmnet7
rmnet3
rmnet2
rmnet4

Ipv4 Routes:
192.168.0.0/255.255.0.0 dev wlan0
192.168.1.254/255.255.255.255 dev wlan0
default via 192.168.1.254 dev wlan0

IPv6 Routes:
2a00:1450:4009:809::200a/128 via fe80::42c7:29ff:fe17:7c25 dev wlan0
2a00:1450:4009:80a::2004/128 via fe80::42c7:29ff:fe17:7c25 dev wlan0
2a00:1450:4009:80a::200e/128 via fe80::42c7:29ff:fe17:7c25 dev wlan0
2a00:1450:4009:80c::200a/128 via fe80::42c7:29ff:fe17:7c25 dev wlan0
2a00:1450:400c:c09::bc/128 via fe80::42c7:29ff:fe17:7c25 dev wlan0
2a00:1450:4010:c0d::bc/128 via fe80::42c7:29ff:fe17:7c25 dev wlan0
2a00:23c4:4f0f:a200:6897:ff42:1f05:e3c3/128 dev lo
2a00:23c4:4f0f:a200::/64 dev wlan0
2a00:23c4:4f0f:a200:d60b:1aff:fe5e:f74/128 dev lo
::1/128 dev lo
default dev lo
default via fe80::42c7:29ff:fe17:7c25 dev wlan0
fdaa:bbcc:ddee:0:6897:ff42:1f05:e3c3/128 dev lo
fdaa:bbcc:ddee:0:d60b:1aff:fe5e:f74/128 dev lo
fdaa:bbcc:ddee::/64 dev wlan0
fe80::/64 dev wlan0
fe80::d60b:1aff:fe5e:f74/128 dev lo
ff00::/8 dev wlan0
ff02::1/128 dev wlan0
ff02::1:ff05:e3c3/128 dev wlan0

Wifi connection:
AP(BSSID): 40:c7:29:17:7c:28
Name(SSID): "BTHub6-MX3S"
Signal(Rssi): -70
IP: 192.168.1.68
Netmask: 0.0.0.0
Gateway: 192.168.1.254
Dns1: 8.8.8.8
Dns2: 0.0.0.0
Dhcp Server: 0.0.0.0
Lease duration: 0s

Sockets Information:
sockets: used 211
TCP: inuse 0 orphan 0 tw 2 alloc 1 mem 1
UDP: inuse 0 mem 0
UDPLITE: inuse 0
RAW: inuse 0
FRAG: inuse 0 memory 0

I used another tool on my iPhone and this for my iPhone

ap1: Flags: BROADCAST / MULTICAST / ARP

awdl0: Address IPv6: fe80::94fe:84ff:fedd:6515
Flags: BROADCAST / UP / RUNNING / MULTICAST / ARP
NetMask IPv6: ffff:ffff:ffff:ffff::

en0: Address IPv4: 192.168.1.80
Address IPv6: 2a00:23c4:4f0f:a200:f12d:9f2d:df66:37dd
Destination IPv4: 192.168.255.255
Flags: BROADCAST / UP / RUNNING / MULTICAST / ARP
NetMask IPv4: 255.255.0.0
NetMask IPv6: ffff:ffff:ffff:ffff::

en1: Flags: BROADCAST / UP / RUNNING / MULTICAST / ARP

en2: Flags: BROADCAST / UP / RUNNING / MULTICAST / ARP

ipsec0: Flags: POINTTOPOINT / UP / RUNNING / MULTICAST / ARP

ipsec1: Flags: POINTTOPOINT / UP / RUNNING / MULTICAST / ARP

ipsec2: Flags: POINTTOPOINT / UP / RUNNING / MULTICAST / ARP

ipsec3: Address IPv4: 10.6.6.77
Destination IPv4: 10.6.6.77
Flags: POINTTOPOINT / UP / RUNNING / MULTICAST / ARP
NetMask IPv4: 255.255.255.255

lo0: Address IPv4: 127.0.0.1
Address IPv6: fe80::1
Destination IPv4: 127.0.0.1
Destination IPv6: ::1
Flags: UP / LOOPBACKNET / RUNNING / MULTICAST / ARP
NetMask IPv4: 255.0.0.0
NetMask IPv6: ffff:ffff:ffff:ffff::

pdp_ip0: Flags: POINTTOPOINT / MULTICAST / ARP

pdp_ip1: Flags: POINTTOPOINT / MULTICAST / ARP

pdp_ip2: Flags: POINTTOPOINT / MULTICAST / ARP

pdp_ip3: Flags: POINTTOPOINT / MULTICAST / ARP

pdp_ip4: Flags: POINTTOPOINT / MULTICAST / ARP

utun0: Address IPv6: fe80::21c5:34f2:b95e:518f
Flags: POINTTOPOINT / UP / RUNNING / MULTICAST / ARP
NetMask IPv6: ffff:ffff:ffff:ffff::

Any chance that makes sense
 
Old 02-19-2018, 08:46 PM   #5
Danwilliams1989
LQ Newbie
 
Registered: Feb 2018
Location: Swansea
Distribution: Ubuntu
Posts: 27

Original Poster
Rep: Reputation: 0
I think they are performing a man in the middle attack Because when I’m going between sites the tool I got is showing that I’m dropping down to http and being redirected to ad sites and then when I get back to the site it’s https again
 
Old 02-19-2018, 09:54 PM   #6
Triple Fault
LQ Newbie
 
Registered: Feb 2018
Location: 0x100000
Distribution: Debian Based
Posts: 17

Rep: Reputation: Disabled
Quote:
How do I disable adminstrarion through wireless interface and remotely
It depends on the router and how they lay out the configurations on the web portal. For instance, I have an orbi netgear router and I can navigate to Advanced Setup->Remote management and turn on or off wireless administration or I could allow access from a specific mac or ip, however, those are spoofable. So I would recommend turning off remote management all together.

Quote:
How do I port forward what numbers do I choose
Same as above, I navigate to Advanced Setup->Port Forwarding and set those settings there. For what numbers to choose, I can't give you any advice on that.

If you have any trouble finding the configuration pages for specific things, google is a wonderful tool for getting you by in those situations. Or even the routers manual. And googling port forwarding or anything really.

Quote:
I don’t know what packet filtering
Packet filtering is exactly that, the filter of specific packets, for example, say packets that are wrapped in ip headers, you would filter ip.
Packet capturing is the analysis of network traffic, some great tools to get you started for that are wireshark, snort, and/or hexinject. Google them and you will be analyzing network traffic in no time.
If you really wanted to go the extreme you could download ipfire and setup a PC with at least 2 nics to run on your network. Most likely modem->router because you want protection from the internet at least. It has a built in intrusion detection system that uses snort for intel gathering. However, why monitor a problem if you don't fix it? You can the get the guardian addon and turn your ids into an intrusion prevention system because it automatically stops ssh brute force attacks, well known httpd attacks, and automatically drops suspected packets. Going based on a set of community rules.


Now with all that said, I think dugan said it perfectly ... Have you asked them to stop? If they are bragging about it they sound like kids who might have discovered hydra or aircrack-ng and a neighbor with weak passwords. I would definitely recommend a solid password for everything. Or going over to their house and raising hell like a neighborly feud should play out
 
Old 02-19-2018, 10:11 PM   #7
Danwilliams1989
LQ Newbie
 
Registered: Feb 2018
Location: Swansea
Distribution: Ubuntu
Posts: 27

Original Poster
Rep: Reputation: 0
Yeah I asked them to stop and they reported me for harassment to the police. And now the police expect me to prove it. Action fraud are useless I’ve had my accounts hacked so many times. Then there’s ddos attack I had. I don’t have a router yet I’m going to get one now. They are using Cisco equipment because when I do a port scan over localhost I get stunp1 Cisco tunnelling. So I need something to match it I think they are using metasploit they are also using team viewer with a terminal so they can see my screen. I can see from the logs. They are using something called teredo isatap something. I have the ability to port forward but I don’t really understand how to do it and what ports to use. I think I’m connected to them by a vlan because it keeps showing up on my logs on the BT hub.

I’m thinking of getting rid of everything and starting from scratch with a high security router with ssid off maybe even getting a physical firewall. If I get stuck can you direct message on here and would you mind if I did ? I’m really sorry bud I’m new to all this they are deffo using Linux tho.

I wanted to mention as well is that they are coming into the network port forwarding at port 0 and turning on upnp to guide and hack my devices how is that possible ?
 
Old 02-19-2018, 10:13 PM   #8
Danwilliams1989
LQ Newbie
 
Registered: Feb 2018
Location: Swansea
Distribution: Ubuntu
Posts: 27

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by dugan View Post
Have you tried asking them to stop?
Yeah they reported me to the police for harassment lol guilty conscience
 
Old 02-19-2018, 10:24 PM   #9
Triple Fault
LQ Newbie
 
Registered: Feb 2018
Location: 0x100000
Distribution: Debian Based
Posts: 17

Rep: Reputation: Disabled
Sounds like a headache having malicious neighbors like that to deal with. Yea, I would definitely recommend starting the whole network from scratch with a good secure router. And locking everything down before you even go online, no bssid broadcast and a overly strong password. Yea, I was given a p220 firewall from palo alto networks, so I'm going to experiment with that on my home network when it gets here. And if you get stuck feel free to contact me however, private or public I would love to help the best I can. Just note, I'm not a professional in security, my major is in development. I'm a cyber security enthusiast, I guess you can say..

Quote:
I wanted to mention as well is that they are coming into the network port forwarding at port 0 and turning on upnp to guide and hack my devices how is that possible ?
I have no idea ...
 
Old 02-19-2018, 10:28 PM   #10
Danwilliams1989
LQ Newbie
 
Registered: Feb 2018
Location: Swansea
Distribution: Ubuntu
Posts: 27

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Triple Fault View Post
Sounds like a headache having malicious neighbors like that to deal with. Yea, I would definitely recommend starting the whole network from scratch with a good secure router. And locking everything down before you even go online, no bssid broadcast and a overly strong password. Yea, I was given a p220 firewall from palo alto networks, so I'm going to experiment with that on my home network when it gets here. And if you get stuck feel free to contact me however, private or public I would love to help the best I can. Just note, I'm not a professional in security, my major is in development. I'm a cyber security enthusiast, I guess you can say..


I have no idea ...
The ironic thing is I guess is that theyíve peaked my interest and now Iím teaching my self loads of things. I studied maths so Iím looking forward to reading up on the security especially cryptography.

Can you add people as friends on here ?
 
Old 02-19-2018, 10:35 PM   #11
Triple Fault
LQ Newbie
 
Registered: Feb 2018
Location: 0x100000
Distribution: Debian Based
Posts: 17

Rep: Reputation: Disabled
Hey ... Gotta look at the bright side right? lol, they gained you knowledge so jokes on them.. And honestly, I guess I would probably look at it as a game. I'm not an important person and anyone with any information on me really isn't going to have much because I'm not a high target. But even though I could care less if I got hacked by a neighbor, I strongly believe in privacy and security for all on the internet. However, I would play the game and attack back. Only because they started it. I hate people who are malicious by default. Anyway, I befriended you, let me know if you need any help in the future.

Last edited by Triple Fault; 02-19-2018 at 10:37 PM.
 
Old 02-19-2018, 10:48 PM   #12
Danwilliams1989
LQ Newbie
 
Registered: Feb 2018
Location: Swansea
Distribution: Ubuntu
Posts: 27

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Triple Fault View Post
Hey ... Gotta look at the bright side right? lol, they gained you knowledge so jokes on them.. And honestly, I guess I would probably look at it as a game. I'm not an important person and anyone with any information on me really isn't going to have much because I'm not a high target. But even though I could care less if I got hacked by a neighbor, I strongly believe in privacy and security for all on the internet. However, I would play the game and attack back. Only because they started it. I hate people who are malicious by default. Anyway, I befriended you, let me know if you need any help in the future.
I will do Iím just learning the basics of Linux I didnít even know it existed. Got plans to to build my own pc this year and to build up the house technologically using arduinos and raspberry pi never heard of one till now. Iím tempted to hack back but they donít leave the house thereís always one there and you can guarantee if something new hits my network within 5 mins it will be hacked and partitioned. I may need some help soon so Iíll keep that in mind haha. I canít hack atm so I just put wind chimes outside their bedroom window and they donít stop lmao !!!
 
Old 02-19-2018, 10:50 PM   #13
Danwilliams1989
LQ Newbie
 
Registered: Feb 2018
Location: Swansea
Distribution: Ubuntu
Posts: 27

Original Poster
Rep: Reputation: 0
I’m learning networking atm I’m just finishing up how to share file and printers on a workgroup. That’s how basic my knowledge is atm. But you wait it won’t take me long to catch up
 
Old 02-19-2018, 11:08 PM   #14
Danwilliams1989
LQ Newbie
 
Registered: Feb 2018
Location: Swansea
Distribution: Ubuntu
Posts: 27

Original Poster
Rep: Reputation: 0
I can’t work out how to pm on here I don’t know if it’s because I’m using my iPhone. How do you do it
 
Old 02-20-2018, 02:11 AM   #15
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 10,292

Rep: Reputation: 4845Reputation: 4845Reputation: 4845Reputation: 4845Reputation: 4845Reputation: 4845Reputation: 4845Reputation: 4845Reputation: 4845Reputation: 4845Reputation: 4845
How likely would you say this scenario is?

They connected to your router's unsecured wifi network and got into your router's administration page via its default password (which wasn't changed).
 
2 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
need help on kali linux on vmware after update kali sugar dady Linux - Laptop and Netbook 7 11-27-2017 01:44 AM
How to make Kali Linux look like Parrot OS (Configuring how Kali Linux looks) John1243 Linux - Distributions 1 03-21-2016 03:48 AM
LXer: Migrating from Kali Linux 2 to Kali Linux 2016.1 LXer Syndicated Linux News 0 02-01-2016 08:50 AM
Failed to fetch http://http.kali.org/kali/dists/kali/Release.gpg aymeric75 Linux - General 2 07-11-2015 06:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration