Hello people whats up
so I've been trying an app on android that are connected to my network I found an unknown ip address so what I did next is firing up kali and attempting to use nmap on that ip address I got shocking results
this guy seems a hacker to me im not sure but the manufacturer is DLink and the OS is Linux 2.6.x or something he has ports open too which seems interesting to me he has 80 and 53 open
he is a hacker then using my network or what and what I can do at this point or can I know who he is because I think he is one of those sneaky neighbours and if thats so im mad because I had alot of issues on my network
im using WPA2 encryption and I wanna do something before I change the password
so any help would be appreciated :)
22 Responses
Well there are a bunch of great tutorials by OTW. One of which explains how you can bump someone off of a wifi network. Another explains how you can sniff packets from somebody on your network to see what they're up to. If he is connecting to your network you can find a bunch more info from his LAN ip address.
Ya cool ill check them out .. So do u know anything else I can do on kali to that ip
Or maybe some links to some of the tutorials
What is the IP address that you're seeing. If it is 192.168.1.1 or 192.168.1.2 it could be your router? Port 80 is http, and port 53 is for DNS. A router would probably show these ports as open. Also Dlink make routers. Just thought I would ask. If you have a router and you don't know it's IP address, find out. Someone please correct me if I'm wrong with any of that.
it's 192.168.0.108
Try visiting that URL by manually typing it into the URL field in your browser. You may well find you are confronted with a login page to a router.
No, Energy Wolf. You are right. Thos are the questions I'd ask.
Sounds like a router to me..
allmost 100% confident its a router. however i can send you a some small scripts to run with absolutely every permission available on your computer and then you'll be able to confirm you have an intruder :)
Alright thanks that would be appreciated bro
for a while i suspected its my access point because its DLink but in the app that im using i can see this ip address as dlink 192.168.0.50 and this 192.168.0.108 as dlink so that what make me wonder
I just ran nmap on that ip address as well as i did before
D-LINK SYSTEMS, INC | WIRELESS AP : LOGIN
OS CPE: cpe:/o: linux:linuxkernel: 2.6
OS details : Linux 2.6.9 - 2.6.33
Network distance : 1 hop
What do you guys think?
Yeah I'm pretty sure that's your router.
Questions
Do you own any D-Link gear?
Have you been patching your gear's firmware?
Data
The OS is embedded so its a router. the question is who's?
This could be an invader using his gear as a repeater.
This could just be my gear on the network.
Odd IP on target.
Unconfirmed MAC of Target.
Have not checked logs on router.
Did not sniff the wire.
Have not set up active/passive MITM to peek a boo target.
Blurbs
If you are crafty you could <insert words here> against him. IF Target is a Target
Really think its a router. But ASS u me nothing until confirmed.
What to do?
Patch router firmware
Change password reboot router...
Side notes
D-Link routers are a huge target for auto drive by, dropping zombie ware on them.
D-Link has been in the news repeatedly over the last few months for sheety gear.
Kernels
2.6.9 = Zonked
2.6.33 = Man-Eating Seals of Antiquity
Conclusions
Speculation at best until conformation is made.
No i dont have a dlink gear or patched the firmware
Thanks anyway
Sounds like a router; easiest way to check is to enter the IP address into your browser.
ghost_
is the ip address of the access point include two the default gateway and the actual ip if yes then it's mine cause i have two the default 192.168.0.50 and 192.168.0.108
Thanks guys I changed the wireless password just in case ;)
Most routers run a Linux kernel of some sort. The IP address is not 192.168.1.1 or 192.168.1.2, which is indeed weird, however not impossible.
Question to all:
Can you have more than one router on the same network?
Answer to all:
Yes, but unless you have the skills to successfully hook up two routers on the same network, it is very unlikely. If this is indeed a hacker who has penetrated your WiFi, it very well might be the hacker's router.
Keep an eye to see if the IP address pops in and out, as a hooked-up router wouldn't do this. Also, do try visiting the IP address in your web browser. If you get a login screen, it is a router. If you do not, it may just be a regular device.
I Already typed the address in the bar , and yes it's a login page but I couldn't access the router with default if it's mine I don't think i changed the login credentials
Anyway I will keep digging
Guess I should read better next time. #Rewind
"SOMEONE GOOD"
Attackers IP: "it's 192.168.0.108"
"for a while i suspected its my access point because its DLink but in the app that im using i can see this ip address as dlink 192.168.0.50 and this 192.168.0.108 as dlink so that what make me wonder"
Do you own any D-Link gear?
"No i dont have a dlink gear or patched the firmware
Thanks anyway"
"is the ip address of the access point include two the default gateway and the actual ip if yes then it's mine cause i have two the default 192.168.0.50 and 192.168.0.108"
Nothing to worry ...
I'm sure 94% that it's mine how foolish but it's always good to be aware
Thanks people , it was a good discussion :D
Good for all of us. ;)
Share Your Thoughts