So, you have caught your son misbehaving. Maybe he killed an animal, looked at porn, his room is messy, or he has bad grades or something. Whatever. Has done something that requires you to swiftly and harsly punish him. You then suddenly remember that he has a computer in his room, and you can punish him by taking away his access to the internet.
If you switch the breaker on your son's room so he can't use his computer, but the modem and wireless router are also in his room, you won't be able to get online on your computer either because there is no power to these devices. Don't call your Internet Service Provider (or ISP) saying that their service is horrible, because you are just being too stupid to realize that you are an idiot.
This equipment shouldn't be in his room anyway.
Friday, September 25, 2009
Stupid Customer Tip #2
Monday, September 21, 2009
Attacking a Time Warner Call Center
Last year, I mentioned that I would tell a true story of an attempt from someone in the Netherlands to break into a router at the call center I work at. As you already know, I took a years hiatus from this blog due to personal matters. Well, I figured I would tell the story as I wrote it to 2600 Magazine. They never published it, so don't look for it in any of the issues. **NOTE** All names and IP addresses have been changed to protect the innocent and guilty.
Attacking a Time Warner Call Center
I work for Time Warner Cable as a Tier 3 Technical Support Rep in a northeastern division of the company. The following is a report of the events that took place on a Friday evening while I was at work. It's about someone from Germany who tried desperately to get into a residential modem and router that are in the Time Warner call center I work at.
When I walked into work at 5:00 PM, I was thinking it was going to be a normal Friday night in the call center. I would take some calls, help some customers, and when 9:00 PM rolled around, I would go home. I didn't think that I would be fending off a German intruder trying to gain access to our router.
As Tier 3 tech support representatives, we are allowed to bring in personal laptops and connect them to various wireless networks throughout the call center. We use these for testing purposes and for added troubleshooting when we are talking to a customer on the phone. Therefore, we depend on these internet connections that are specially setup for the Tier 3's to use. Usually there is no problems connecting to them, but tonight was different. Tonight we were gonna be fighting to use them.
It started practically when I walked into the door. I had just sat down in my cubicle and logged into my work computer when I booted up my laptop. I got my work desktop all situated with the billing and service call system, Outlook, Firefox, and AIM. I looked over at my laptop and saw the Gnome log-on screen, so I logged into my laptop and opened up terminal once it had fully booted. I pressed Fn+F2 to turn on my wireless card configured my wlan0 card to the essid, "Isle A near DNOC" and ordered DHCP to give me an address. I opened up Firefox and I was unable to get a webpage.
I checked my IP address using iwconfig and I still had an IP, but I could not ping out. Thinking maybe the router got unplugged, I did a quick iwlist scan on my wlan card and there was no "Isle A near DNOC"; only "NETGEAR". Someone had done a full factory reset on the router. I stood up and talked to Garry who was sitting in the cubicle next to mine and asked him if he was having problems getting online with his laptop. He told me he was and then Jared walked over and said that someone was hitting the router with Denial-of-Service (DOS) attacks. We were actually getting DOS attacked from two separate IP's: 77.177.201.255 and 71.167.8.76
Using tracert in Windows, Jared was able to determine the domain names where these IP's were originating from. 71.167.8.76 was pool-71-167-8-76.nycmny.fios.
This fight was not going to be quite so easy. While I was nmapping the attacker from Germany, Garry came to me and asked what the name of my computer was. I told him that it was Unr3a1r00t and he told me to stop DOS attacking the network. I asked him what he meant and he said that the log files on the router showed that DOS attacks were coming from my IP. Puzzled, I assured him that I wasn't and took a look at the log files. Sure enough the private IP address that was linked to my computer was sending DOS attacks. This could mean only one thing: the attacker from Germany was using the nmap connection that was made between us and either spoofed my IP, or was sending DOS attacks through the connection to make it look like they were coming from me. In addition, he started to use proxy servers to make it look like some attacks were coming from different IP addresses in different countries throughout the world.
I immediately stopped the nmap process and went over to Jared to tell him what had happened. He carefully watched the log file and saw as it grew that the attacker was not just making it look like attacks were coming from my laptop, but his as well. We were all very frustrated and perplexed how and why someone would be doing this. We knew at this point that we were dealing with somebody that greatly surpassed our abilities.
I came up with the idea to try and change the public IP address of the router, thinking that the attacker would potentially go away if he couldn't connect anymore using the original IP. So we switched which modem the Netgear router was getting it's internet from. Now it would get a totally different IP address and because the two modems were getting their connections from completely different regional switches, he would have to actually look at a different spot on the internet for the router. Unfortunately for us, literally within a few minutes of making the swap, he had found the router again. We knew this meant that he had to have found the router using it's MAC address.
He then proceeded to hit the router with everything he had. DOS attacks were coming from completely different proxies every other second. We had to constantly reconnect our laptops to the router and the internet was unbearably slow. He was able to get into the router and assign his computer a local IP address within our network. I quickly told Jared to change the router's management log-on password and gave him a 27 character password that had a combination of uppercase and lowercase letters, numbers, and symbols. It was at this point he was brute forcing the modems management log-on trying to get a remote connection. These attacks were coming in at one point, as frequenly as four times a second; from completely different proxy IP addresses that never once repeated.
Jared was constantly refreshing the log file and within five minutes, the attacker had already attempted to remote into the routers management system a few hundred times. We concluded the obvious fact that he had to be using some kind of bot that was able to change proxy connections every ¼th of a second. Since the password that I came up with is very secure, for the time being he wasn't going to get in any time soon. Therefore, Jared took this time to look at all the configuration settings on the router.
It was now 9PM and we still really had no fully usable internet connection. Jared asked me if anyone had turned on UPnP. We never found out who turned it on, but we believe that it was this connection type that the attacker was using to try and get into our network. We came to this conclusion, because as soon as Jared turned it off, the DOS attacks stopped and there were no more attempts to log into the router's management system.
Now whether or not turning off UPnP was really the reason the attacks stopped, or because the attacker figured it was no longer worth the fight, could probably still be debated. The point was to try and get these attacks to stop, so we could actually use the wireless connection to troubleshoot for customers calling in. Jared sent me the log text files for me to try and find information on what exactly went down.
I concluded that the attacker was only initially trying to get into our router so he could use the connection for his personal use. When I nmapped him, it piqued his interest in trying to get in, because to him this meant that whoever was behind that router atleast knew halfway what they were doing. He knew he wasn't dealing with complete newbs because we blocked him from getting in and he was ready to face the challenge.
Once it was all done, I was able to go home. I told Jared I would look a little into the issue over the weekend and he said he was gonna do the same. The internet connection was fully restored and all was back to normal. The next day, we still saw some random DOS attacks on the router so we eventually just swapped it out for a different and better wireless setup. Since making the swap to a different modem/router, the problems have gone away completely.
We have since upped the security of the router and are taking measures to ensure that the log files are constantly monitored to avoid anymore intrusion attempts. I do have to say, that it was very interesting to see how someone who was essentially breaking into a network wouldn't care that he had been found out. Instead he actually chose to fight the people behind the router for access to a network he shouldn't have been accessing.
At this point though, it doesn't matter. I had fun playing with the attacker and I am sure it was fun for him to try and get in. We also learned a lot and that of course is always a good thing. Shout outs to Jared, Garry and Justin; you all know who you really are. Finally, a shout out to The Q 357 for just being a good friend and for helping me stay motivated.
Stupid Customer Tip #1
I am going to start posting a series of "Stupid Customer Tips" for those of you who are subscribed to a service of some kind (phone, cable, etc) but may not be the brightest light bulbs in the box. These tips are meant to HELP you understand a little more in a straight-forward in your face kind of way. Basically, these are customer bitch slaps for the absolute DUMBEST people on the planet. If you are a dumb customer of a service provider (again, phone, cable, etc) then please heed these tips.
If you do not have power in your home, it should come as no big surprise when your cable services do not work. Electricity is an absolute NECESSITY to power your cable equipment and any other electronic devices in your home (TV, computer, etc.). This is also why if you do not have electricity, your lights do not turn on. Now, as the cable company, we do not provide or control the flow of electricity to your home. Your ELECTRIC COMPANY controls this.
So if you are in the middle of a power outage, do NOT call your cable company and bitch and moan that 10-year old Jimmy cannot watch Dora the Explorer or that you are missing your precious soap operas. You will want to call your ELECTRIC COMPANY to complain about their service not working. Jimmy should be outside playing anyway, and you shouldn't watch soap operas; they are not helping your intelligence levels.
Saturday, September 19, 2009
A Year and A Bunch of New Gadgets
So it has been more than a year since I have posted anything on here. There have been a lot of personal things that have happened over the last year. I will have more time now a days to post on here more often, so it should definitely not be another year before I post again.
So where to start? Well, around this time last year, I found out that my oldest sister had uterine cancer. Turned out to be lymphoma as well, but she had to have a hysterectomy done, as well as having to go through chemotherapy. She completed chemo about Feb of this year and so far she is still cancer free. Which is good. There have also been some very personal things in my family, that I will not go into here, but lets just say I now have a totally ass-hat of a brother-in-law who married my other sister. Can't stand him, but whatever.
In other news, I have also broken up with my girlfriend of 3 years. It was not working the way that I had hoped, and it was in the best interest of both of us to end it. I have begun to move on with my life, and I really hope she has done the same.
So now that those are out of the way, it's time to get to the new gadgets in my life. Hehehe. Lets, see, the list starts with a Xbox 360 purchased at a Circuit City earlier this year. I have since gotten Halo 3 of course, which I liked a lot. The multiplayer part of the game is definitely the best part of the game, however, Microsoft in it's infinite greediness forces you the player to download the first three map-packs released for Halo 3. This means that if you buy the game off the shelf, and go to play on Live, you will have to spend an additional $30 on maps in order to play online. Of course these maps will now be included with the upcoming Halo 3: ODST. I really hate M$.
Then I finally joined the HD class. I got a Sharp AQUOS 40” 1080p HDTV. Cost a pretty penny, but I definitely like it, and like looking at the nice HD picture while watching the Yankees on YES. It also goes good with my 360 cause now I can game in high definition, which is certainly helping me in CoD4.
Finally, I have also gotten a new computer to replace my old Gateway laptop. It is a Lenovo Ideapad S10 netbook. Has the Intel Atom processor, 1GB of memory, 160GB HDD with no CD-ROM and a 10” screen. It's really nice, and a solid little computer. I have actually since purchasing it back in.... February I think, gotten upgrades for it. First, I got a Rosewill external DVD burner for it, which is really good. I have also gotten a larger HDD, 500GB and upped the RAM to 2GB.
The most recent thing I have gotten for it, and for a computer I plan on building over the next year is a keyboard. It is the Happy Hacking Keyboard Lite 2. I purchased it from Amazon.com for around $90 after shipping. It is a great little keyboard with only 65-keys and I fucking love this thing. I will post a picture of it tomorrow with a full review on it. In the meantime, the Yankees are playing the Mariners, so I am going to go watch the game.
