Had a Security Scare

the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
in Off-Topic
So I have been selling some stuff on eBay and one of the things was my Apple Airport Extreme. Since it had been sold I reset the device so the new owner could get in and do their thing. I was watching tv and trying to check something on my phone (hooked up to my wifi, a Linksys router) and nothing would come up. I had to run out and figured it was just an internet issue. I get home and my dad says he can't get online, I take a look and he's connected to my wifi. But he still could not get out, so I do an IP config and get an address in the 10.x.x.x range. My jaw drops, that isn't my network range and when I check my phone I was getting the same address. Now I am scared, did someone hack my wifi? If so, for how long and what had they gotten? As I am attempting to get into the Linksys, I checked to see if I have anything plugged directly into it and see what I thought was my linux box. Turns out, the Airport Extreme was plugged into it so I yank the power on that and bam my phone gets the correct IP address and I get a flood of emails. Seems when I factory reset the Airport, it started handing out IP addresses and since it wasn't setup it wasn't getting out to the internet thus neither were any of the devices connected to it. Ah, what a day....
WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
· Share on FacebookShare on Twitter

Comments

  • CoolhandlukeCoolhandluke Member Posts: 118
    I had a similar issue once (and i'll bet im not alone on this one). I work in a school and a new teacher decided to bring in his own AP without asking/letting us know. He's handing out DHCP addresses all over the place (contending with our DHCP), took me 30 mins to track him down. Yup we don't use port security so it serves us right.
    [CCENT]->[CCNA]->[CCNP-ROUTE]->COLOR=#0000ff]CCNP SWITCH[/COLOR->[CCNP-TSHOOT]
    · Share on FacebookShare on Twitter
  • CodeBloxCodeBlox Member Posts: 1,363 ■■■■□□□□□□
    Heh, I can't say something like thats happened to me. But, on my home router, I have some access control restrictions in place for someone limited to just the day time up until midnight ( 6am - 11:59pm) at my moms request. Well, one day one of my sisters kept complaining about not being able to get to the internet and I did an ipconfig. She had an apipa address (169.254.x.x). Long story short I eventually check the router and due to the fact that we had a power outage the night before, the time also reset causing her to not be able to reach the internet in the middle of the day. Corrected the time and there, she was able to get to the internet.
    Currently reading: Network Warrior, Unix Network Programming by Richard Stevens
    · Share on FacebookShare on Twitter
  • CodeBloxCodeBlox Member Posts: 1,363 ■■■■□□□□□□
    Coolhandluke wrote: »
    I had a similar issue once (and i'll bet im not alone on this one). I work in a school and a new teacher decided to bring in his own AP without asking/letting us know. He's handing out DHCP addresses all over the place (contending with our DHCP), took me 30 mins to track him down. Yup we don't use port security so it serves us right.
    Isn't there like a DHCP snooping feature that you could implement on the switches so that only your DHCP server hands out addresses?
    Currently reading: Network Warrior, Unix Network Programming by Richard Stevens
    · Share on FacebookShare on Twitter
  • CoolhandlukeCoolhandluke Member Posts: 118
    On some of the switches yeah, other nope. Various makes/models.
    [CCENT]->[CCNA]->[CCNP-ROUTE]->COLOR=#0000ff]CCNP SWITCH[/COLOR->[CCNP-TSHOOT]
    · Share on FacebookShare on Twitter
  • TurgonTurgon Banned Posts: 6,308 ■■■■■■■■■□
    Coolhandluke wrote: »
    I had a similar issue once (and i'll bet im not alone on this one). I work in a school and a new teacher decided to bring in his own AP without asking/letting us know. He's handing out DHCP addresses all over the place (contending with our DHCP), took me 30 mins to track him down. Yup we don't use port security so it serves us right.

    It does serve you right, but I dont mean that in a bad way. People are so wired at home these days they will plug all kinds of crap in at work assuming it will work, what we do is easy and there will be no problems. Take precautions from fools with tools!
    · Share on FacebookShare on Twitter
  • CoolhandlukeCoolhandluke Member Posts: 118
    You have to make a trade off between manageability/security in some cases. I'm the only one at work who configures switches etc (3 of us in the department). If my boss cannot just plug in a computer and get a network connection he will be all over my ass complaining about it. He has never configured/logged into a switch (and probably never will). I have configured port security on some "High risk" areas of the network but beyond that ..... his problem if there is an issue. I'm not saying its an excuse for low security, just that it would make my job impossible if we were to lock things down to much.
    [CCENT]->[CCNA]->[CCNP-ROUTE]->COLOR=#0000ff]CCNP SWITCH[/COLOR->[CCNP-TSHOOT]
    · Share on FacebookShare on Twitter
  • TurgonTurgon Banned Posts: 6,308 ■■■■■■■■■□
    Coolhandluke wrote: »
    You have to make a trade off between manageability/security in some cases. I'm the only one at work who configures switches etc (3 of us in the department). If my boss cannot just plug in a computer and get a network connection he will be all over my ass complaining about it. He has never configured/logged into a switch (and probably never will). I have configured port security on some "High risk" areas of the network but beyond that ..... his problem if there is an issue. I'm not saying its an excuse for low security, just that it would make my job impossible if we were to lock things down to much.

    I understand the trade off. Suggest you get some computer user policy circulated. On top of that, some really good monitoring so that you know at a stroke if something is on network doing less than desirable things. Many open source tools for that.
    · Share on FacebookShare on Twitter
  • powerfoolpowerfool Member Posts: 1,666 ■■■■■■■■□□
    CodeBlox wrote: »
    Isn't there like a DHCP snooping feature that you could implement on the switches so that only your DHCP server hands out addresses?

    That would actually be a very good feature for these devices to implement. With so much concern about WiFi and home networking, this one is a no brainer. Just have it setup out of the box... since these devices are the Firewall/Router/Switch/AP all-in-one, it should be very easy from a configuration standpoint... if you have it hand out addresses, block others from doing so. You can have it as a default and offer a checkbox to override it. Fairly simple.
    2024 Renew: [ ] AZ-204 [ ] AZ-305 [ ] AZ-400 [ ] AZ-500 [ ] Vault Assoc.
    2024 New: [X] AWS SAP [ ] CKA [ ] Terraform Auth/Ops Pro
    · Share on FacebookShare on Twitter
  • joshmadakorjoshmadakor Member Posts: 495 ■■■■□□□□□□
    Coolhandluke wrote: »
    I had a similar issue once (and i'll bet im not alone on this one). I work in a school and a new teacher decided to bring in his own AP without asking/letting us know. He's handing out DHCP addresses all over the place (contending with our DHCP), took me 30 mins to track him down. Yup we don't use port security so it serves us right.
    This would piss me off. I work in a school as well, but I've never seen this happen. We have an instructor that teachers Server 2008 classes but he always tells us what his plans are ahead of time teaching DHCP.
    WGU B.S. Information Technology (Completed January 2013)
    · Share on FacebookShare on Twitter
Sign In or Register to comment.