So, I'm re-tooling my home network as a gift to myself for Christmas (I'm lame, I know this. It's okay.). There've been a ton of random people around, and the parking lot in my apartment complex is routinely packed. I'm thinking... people visiting for the holidays, right? Right... college students? Laptops? Hmm...
I have a few spare 2.4 GHz decently high-gain antennae around the apartment. Since the project is a strip-and-clip, let's have a little fun, shall we?
Important things to note:
- RoadRunner enters this premises, and terminates at a Linksys WRT54G with hacked firmware.
- The user-serviced network uses a 172.16.253.0 / 24 IP addressing scheme.
- All network backbone equipment uses a different addressing space to protect it from the users.
Part of this reorganization project was to migrate wireless connectivity away from the WRT54G and to a WAP55AG, providing 5.1GHz and 5.8GHz wireless coverage, as a compliment to the 2.4GHz space (is the 2.4 even necessary anymore? I could just go with 802.11A as the production - note to self, acquire 802.11N access point).
From a network security standpoint, I would have first removed the antennae from the new AP, plugged it into a dry-loop segment, configured the security on the device to match the production network, install it, and then allow it to broadcast.
I did not follow my standard security practices. Instead, I opted to add a pair of new, non-protected SSIDs to my production network for a short period of time. linksys-a and linksys-g. These SSIDs were properly gatewayed, and had a direct connection to the 'net. Any college student visiting Auntie Whomever on break would've been able to hit the AP, and hit the net. Good enough, right?
Right.
Within two hours, I had two machines show up in my DHCP clients table with YOUR-Zxxxxxx PC names. Why is this important? Best guess is that these machines are Hewlett-Packard or Compaq (yes, the Hewlett-Packard "Compaq") laptops. The default system name on their image provides the prefix "YOUR", because HP are a bunch of retards. One of these machines is running Windows XP Home, SP1 (??!!), and another is running Windows Vista Home Premium (>.<). The Vista box was a no go - locked down pretty well, actually. Except the blank Administrator password. I was able to get vitals on the machine, but not actually access the data onboard. Ah well. Guess Vista's UAC security model does have it's uses. There were a TON of unprotected services, tho, and a quick look at metasploit revealed that the box could've been tagged. Good thing for them I had another machine to poke with a stick?
The XP Home SP1 box tho, now has a few gigabytes of pornographic material - some of which involving animals - on it. On the desktop. With a batch file in the startup folder that should kick it off when 'Heidi' goes to restart. Oops. Part of HPs image also leaves the actual, honest-to-god 'Administrator' password blank. Blank. The password itself is not 'blank'. It's that the Administrator account has no password. How fucking stupid is that? (This system was also running Norton's SecurePC SystemGuard or whatever it's called.)
This whole network reogranization was driven by a project box which I'd stupidly plugged into the network in order to run WinderZUpdate (lolhax). Yeah, that thing - while having Norton SystemDrag installed - still had more malware than a loose freshman cheerleader. Thankfully, existing security measures prevented the machine from infecting others; one network monitor exists soley to manage the VLANs on production - if malicious activity is detected, it'll drop the port into a nonroutable segment. This explained why the machine all of a sudden disappeared in the middle of a backup. Fucking good-for-nothing Norton. I can't stand people who actually put stock in that bloated shit.
Morals of the story?
- Don't connect to a network that isn't yours. Period.
- Mind your fucking passwords.
- Don't try to protect your 'puter' with useless shitware like Norton.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment