D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-655 => Topic started by: subscriptions@achernar.us on January 29, 2009, 09:15:27 PM
-
My logs show that someone from IP 200.155.56.65 tried to hack into my NAS. Is there a way to block this ip address from getting past my DIR-655?
-
Use MAC Filtering to allow only known entities access to your network.
-
And use the security features...(open door)
-
Blocking the MAC address will work for keeping someone on the internet (WAN) from getting past the router? I thought that's only used for connecting to the router.
Whoever attempted to log into my Nas was in another country so I would like to block any incomming trafic by their IP address.
Would setting up an Inbound Filter work?
Chris
-
You can. But these guys never use the same IP twice if they are serious hackers :)
In order to get past or in the router they need MAC authorization. So they cannot connect. And in order to get past the router they heve to connect. They can ring the bell on the frontdoor, but the door stays closed, so to say.
-
Show me the logs.
-
This is the log from my NAS.
My router has a port open so I can access the Media Station from the internet. It would be nice to be able to block IP's if I detect a hack attempt.
I've been told auto IP blocking will eventually be added in an upcoming firmware.
212411 1 1/29/2009 23:02:52 root 200.155.56.65
212410 1 1/29/2009 23:02:47 root 200.155.56.65
212409 1 1/29/2009 23:02:42 roberto 200.155.56.65
212408 1 1/29/2009 23:02:37 test 200.155.56.65
212407 1 1/29/2009 23:02:33 oracle 200.155.56.65
212406 1 1/29/2009 23:02:28 admin 200.155.56.65
212405 1 1/29/2009 23:02:23 tomcat 200.155.56.65
212404 1 1/29/2009 23:02:18 root 200.155.56.65
212403 1 1/29/2009 23:02:13 root 200.155.56.65
212402 1 1/29/2009 23:02:09 admin 200.155.56.65
212401 1 1/29/2009 23:02:04 roberto 200.155.56.65
212400 1 1/29/2009 23:01:59 root 200.155.56.65
212399 1 1/29/2009 23:01:55 carlosfarah 200.155.56.65
212398 1 1/29/2009 23:01:50 root 200.155.56.65
212397 1 1/29/2009 23:01:45 mailtest 200.155.56.65
212396 1 1/29/2009 23:01:40 mailtest 200.155.56.65
212395 1 1/29/2009 23:01:36 atkchance 200.155.56.65
212394 1 1/29/2009 23:01:31 ftpuser 200.155.56.65
212393 1 1/29/2009 23:01:26 root 200.155.56.65
212392 1 1/29/2009 23:01:21 test1 200.155.56.65
212391 1 1/29/2009 23:01:17 root 200.155.56.65
212390 1 1/29/2009 23:01:12 root 200.155.56.65
212389 1 1/29/2009 23:01:07 root 200.155.56.65
212388 1 1/29/2009 23:01:02 r00t 200.155.56.65
212387 1 1/29/2009 23:00:58 root 200.155.56.65
212386 1 1/29/2009 23:00:53 sercon 200.155.56.65
212385 1 1/29/2009 23:00:48 vox 200.155.56.65
212384 1 1/29/2009 23:00:44 root 200.155.56.65
212383 1 1/29/2009 23:00:39 root 200.155.56.65
212382 1 1/29/2009 23:00:34 root 200.155.56.65
212381 1 1/29/2009 23:00:30 shoutcast 200.155.56.65
212380 1 1/29/2009 23:00:25 root 200.155.56.65
212379 1 1/29/2009 23:00:20 root 200.155.56.65
212378 1 1/29/2009 23:00:16 user123 200.155.56.65
212377 1 1/29/2009 23:00:11 aa 200.155.56.65
212376 1 1/29/2009 23:00:06 root 200.155.56.65
212375 1 1/29/2009 23:00:02 mata 200.155.56.65
212374 1 1/29/2009 22:59:57 root 200.155.56.65
212373 1 1/29/2009 22:59:53 carlosfarah 200.155.56.65
212372 1 1/29/2009 22:59:48 root 200.155.56.65
212371 1 1/29/2009 22:59:43 root 200.155.56.65
212370 1 1/29/2009 22:59:39 root 200.155.56.65
212369 1 1/29/2009 22:59:34 root 200.155.56.65
212368 1 1/29/2009 22:59:30 root 200.155.56.65
212367 1 1/29/2009 22:59:25 root 200.155.56.65
212366 1 1/29/2009 22:59:21 root 200.155.56.65
212365 1 1/29/2009 22:59:16 root 200.155.56.65
212364 1 1/29/2009 22:59:11 root 200.155.56.65
212363 1 1/29/2009 22:59:07 root 200.155.56.65
212362 1 1/29/2009 22:59:02 admin 200.155.56.65
212361 1 1/29/2009 22:58:58 root 200.155.56.65
212360 1 1/29/2009 22:58:53 root 200.155.56.65
212359 1 1/29/2009 22:58:49 root 200.155.56.65
212358 1 1/29/2009 22:58:44 root 200.155.56.65
212357 1 1/29/2009 22:58:39 oracle 200.155.56.65
212356 1 1/29/2009 22:58:35 root 200.155.56.65
212355 1 1/29/2009 22:58:30 roma 200.155.56.65
212354 1 1/29/2009 22:58:26 root 200.155.56.65
212353 1 1/29/2009 22:58:21 teste 200.155.56.65
212352 1 1/29/2009 22:58:17 teste 200.155.56.65
212351 1 1/29/2009 22:58:12 clock 200.155.56.65
212350 1 1/29/2009 22:58:07 clock 200.155.56.65
212349 1 1/29/2009 22:58:03 dredlord 200.155.56.65
212348 1 1/29/2009 22:57:58 root 200.155.56.65
212347 1 1/29/2009 22:57:54 root 200.155.56.65
212346 1 1/29/2009 22:57:49 root 200.155.56.65
212345 1 1/29/2009 22:57:44 root 200.155.56.65
212344 1 1/29/2009 22:57:40 root 200.155.56.65
212343 1 1/29/2009 22:57:34 root 200.155.56.65
212342 1 1/29/2009 22:57:30 root 200.155.56.65
212341 1 1/29/2009 22:57:25 skeng 200.155.56.65
212340 1 1/29/2009 22:57:21 root 200.155.56.65
212339 1 1/29/2009 22:57:17 root 200.155.56.65
212338 1 1/29/2009 22:57:12 root 200.155.56.65
212337 1 1/29/2009 22:57:07 root 200.155.56.65
212336 1 1/29/2009 22:57:03 lukman 200.155.56.65
212335 1 1/29/2009 22:56:59 alex 200.155.56.65
212334 1 1/29/2009 22:56:54 apache 200.155.56.65
212333 1 1/29/2009 22:56:49 root 200.155.56.65
212332 1 1/29/2009 22:56:45 slib 200.155.56.65
212331 1 1/29/2009 22:56:40 root 200.155.56.65
212330 1 1/29/2009 22:56:36 root 200.155.56.65
212329 1 1/29/2009 22:56:31 root 200.155.56.65
212328 1 1/29/2009 22:56:27 root 200.155.56.65
212327 1 1/29/2009 22:56:22 root 200.155.56.65
212326 1 1/29/2009 22:56:17 user 200.155.56.65
212325 1 1/29/2009 22:56:13 user 200.155.56.65
212324 1 1/29/2009 22:56:08 user 200.155.56.65
212323 1 1/29/2009 22:56:04 user1 200.155.56.65
212322 1 1/29/2009 22:55:59 raul 200.155.56.65
212321 1 1/29/2009 22:55:55 print 200.155.56.65
212320 1 1/29/2009 22:55:50 print 200.155.56.65
212319 1 1/29/2009 22:55:46 setup 200.155.56.65
212318 1 1/29/2009 22:55:41 setup 200.155.56.65
212317 1 1/29/2009 22:55:37 vicky 200.155.56.65
212316 1 1/29/2009 22:55:32 mysql 200.155.56.65
212315 1 1/29/2009 22:55:28 mysql 200.155.56.65
212314 1 1/29/2009 22:55:23 mana 200.155.56.65
212313 1 1/29/2009 22:55:19 cvsuser1 200.155.56.65
212312 1 1/29/2009 22:55:15 cvsuser 200.155.56.65
212311 1 1/29/2009 22:55:10 jb 200.155.56.65
212310 1 1/29/2009 22:55:06 anda 200.155.56.65
212309 1 1/29/2009 22:55:02 test 200.155.56.65
212308 1 1/29/2009 22:54:57 test 200.155.56.65
212307 1 1/29/2009 22:54:53 test 200.155.56.65
212306 1 1/29/2009 22:54:49 test 200.155.56.65
212305 1 1/29/2009 22:54:44 test 200.155.56.65
212304 1 1/29/2009 22:54:40 test 200.155.56.65
212303 1 1/29/2009 22:54:36 test 200.155.56.65
212302 1 1/29/2009 22:54:31 test 200.155.56.65
212301 1 1/29/2009 22:54:27 admin 200.155.56.65
212300 1 1/29/2009 22:54:23 admin 200.155.56.65
212299 1 1/29/2009 22:54:18 admin 200.155.56.65
212298 1 1/29/2009 22:54:14 admin 200.155.56.65
212297 1 1/29/2009 22:54:10 admin 200.155.56.65
212296 1 1/29/2009 22:54:05 admin 200.155.56.65
212295 1 1/29/2009 22:54:01 admin 200.155.56.65
212294 1 1/29/2009 22:53:57 admin 200.155.56.65
212293 1 1/29/2009 22:53:52 root 200.155.56.65
212292 1 1/29/2009 22:53:48 oracle 200.155.56.65
212291 1 1/29/2009 22:53:43 oracle 200.155.56.65
212290 1 1/29/2009 22:53:39 oracle 200.155.56.65
212289 1 1/29/2009 22:53:34 oracle 200.155.56.65
212288 1 1/29/2009 22:53:30 oracle 200.155.56.65
212287 1 1/29/2009 22:53:25 oracle 200.155.56.65
212286 1 1/29/2009 22:53:21 oracle 200.155.56.65
212285 1 1/29/2009 22:53:16 oracle 200.155.56.65
212284 1 1/29/2009 22:53:12 oracle 200.155.56.65
212283 1 1/29/2009 22:53:07 oracle 200.155.56.65
212282 1 1/29/2009 22:53:03 mythtv 200.155.56.65
212281 1 1/29/2009 22:52:58 mythtv 200.155.56.65
212280 1 1/29/2009 22:52:54 mythtv 200.155.56.65
212279 1 1/29/2009 22:52:49 mythtv 200.155.56.65
212278 1 1/29/2009 22:52:44 root 200.155.56.65
212277 1 1/29/2009 22:52:40 root 200.155.56.65
212276 1 1/29/2009 22:52:35 root 200.155.56.65
212275 1 1/29/2009 22:52:31 root 200.155.56.65
212274 1 1/29/2009 22:52:26 root 200.155.56.65
212273 1 1/29/2009 22:52:21 root 200.155.56.65
212272 1 1/29/2009 22:52:17 root 200.155.56.65
212271 1 1/29/2009 22:52:12 root 200.155.56.65
212270 1 1/29/2009 22:52:07 root 200.155.56.65
212269 1 1/29/2009 22:52:02 root 200.155.56.65
212268 1 1/29/2009 22:51:57 root 200.155.56.65
212267 1 1/29/2009 22:51:53 root 200.155.56.65
212266 1 1/29/2009 22:51:48 root 200.155.56.65
212265 1 1/29/2009 22:51:43 root 200.155.56.65
212264 1 1/29/2009 22:51:38 root 200.155.56.65
212263 1 1/29/2009 22:51:34 root 200.155.56.65
212262 1 1/29/2009 22:51:29 root 200.155.56.65
212261 1 1/29/2009 22:51:24 root 200.155.56.65
212260 1 1/29/2009 22:51:19 root 200.155.56.65
212259 1 1/29/2009 22:51:14 root 200.155.56.65
212258 1 1/29/2009 22:51:09 root 200.155.56.65
212257 1 1/29/2009 22:51:04 root 200.155.56.65
212256 1 1/29/2009 22:50:59 root 200.155.56.65
212255 1 1/29/2009 22:50:55 root 200.155.56.65
212254 1 1/29/2009 22:50:50 root 200.155.56.65
212253 1 1/29/2009 22:50:45 root 200.155.56.65
212252 1 1/29/2009 22:50:40 root 200.155.56.65
212251 1 1/29/2009 22:50:35 root 200.155.56.65
212250 1 1/29/2009 22:50:30 root 200.155.56.65
212249 1 1/29/2009 22:50:25 root 200.155.56.65
212248 1 1/29/2009 22:50:20 root 200.155.56.65
212247 1 1/29/2009 22:50:15 mythtvmythtv 200.155.56.65
212246 1 1/29/2009 22:50:11 root 200.155.56.65
212245 1 1/29/2009 22:50:06 root 200.155.56.65
212244 1 1/29/2009 22:50:01 root 200.155.56.65
212243 1 1/29/2009 22:49:56 root 200.155.56.65
212242 1 1/29/2009 22:49:51 root 200.155.56.65
212241 1 1/29/2009 22:49:46 root 200.155.56.65
212240 1 1/29/2009 22:49:41 root 200.155.56.65
212239 1 1/29/2009 22:49:36 root 200.155.56.65
212238 1 1/29/2009 22:49:27 root 200.155.56.65
212237 1 1/29/2009 22:49:22 root 200.155.56.65
212236 1 1/29/2009 22:49:17 root 200.155.56.65
212235 1 1/29/2009 22:49:12 root 200.155.56.65
212234 1 1/29/2009 22:49:07 jerom 200.155.56.65
212233 1 1/29/2009 22:49:02 root 200.155.56.65
212232 1 1/29/2009 22:48:57 root 200.155.56.65
212231 1 1/29/2009 22:48:53 root 200.155.56.65
212230 1 1/29/2009 22:48:48 mythtv 200.155.56.65
212229 1 1/29/2009 22:48:43 root 200.155.56.65
212228 1 1/29/2009 22:48:38 root 200.155.56.65
212227 1 1/29/2009 22:48:33 root 200.155.56.65
212226 1 1/29/2009 22:48:28 root 200.155.56.65
212225 1 1/29/2009 22:48:23 root 200.155.56.65
212224 1 1/29/2009 22:48:19 root 200.155.56.65
212223 1 1/29/2009 22:48:14 root 200.155.56.65
212222 1 1/29/2009 22:48:09 root 200.155.56.65
212221 1 1/29/2009 22:48:04 root 200.155.56.65
212220 1 1/29/2009 22:47:59 root 200.155.56.65
212219 1 1/29/2009 22:47:54 root 200.155.56.65
212218 1 1/29/2009 22:47:49 root 200.155.56.65
212217 1 1/29/2009 22:47:44 root 200.155.56.65
212216 1 1/29/2009 22:47:40 root 200.155.56.65
212215 1 1/29/2009 22:47:35 root 200.155.56.65
212214 1 1/29/2009 22:47:30 root 200.155.56.65
212213 1 1/29/2009 22:47:25 root 200.155.56.65
212212 1 1/29/2009 22:47:20 root 200.155.56.65
212211 1 1/29/2009 22:47:15 root 200.155.56.65
212210 1 1/29/2009 22:47:11 root 200.155.56.65
212209 1 1/29/2009 22:47:06 root 200.155.56.65
212208 1 1/29/2009 22:47:01 root 200.155.56.65
212207 1 1/29/2009 22:46:56 root 200.155.56.65
212206 1 1/29/2009 22:46:51 root 200.155.56.65
212205 1 1/29/2009 22:46:46 root 200.155.56.65
212204 1 1/29/2009 22:46:42 root 200.155.56.65
212203 1 1/29/2009 22:46:37 root 200.155.56.65
212202 1 1/29/2009 22:46:32 root 200.155.56.65
212201 1 1/29/2009 22:46:27 root 200.155.56.65
212200 1 1/29/2009 22:46:23 root 200.155.56.65
212199 1 1/29/2009 22:46:18 root 200.155.56.65
212198 1 1/29/2009 22:46:13 root 200.155.56.65
212197 1 1/29/2009 22:46:08 admosfer 200.155.56.65
212196 1 1/29/2009 22:46:03 brc 200.155.56.65
212195 1 1/29/2009 22:45:59 root 200.155.56.65
212194 1 1/29/2009 22:45:54 suporte 200.155.56.65
212193 1 1/29/2009 22:45:49 root 200.155.56.65
212192 1 1/29/2009 22:45:44 marias 200.155.56.65
212191 1 1/29/2009 22:45:40 boavista 200.155.56.65
212190 1 1/29/2009 22:45:35 neto 200.155.56.65
212189 1 1/29/2009 22:45:30 LK 200.155.56.65
212188 1 1/29/2009 22:45:25 brc 200.155.56.65
212187 1 1/29/2009 22:45:20 root 200.155.56.65
212186 1 1/29/2009 22:45:16 root 200.155.56.65
212185 1 1/29/2009 22:45:11 root 200.155.56.65
212184 1 1/29/2009 22:45:06 root 200.155.56.65
212183 1 1/29/2009 22:45:01 root 200.155.56.65
212182 1 1/29/2009 22:44:56 root 200.155.56.65
212181 1 1/29/2009 22:44:52 sec 200.155.56.65
212180 1 1/29/2009 22:44:47 root 200.155.56.65
212179 1 1/29/2009 22:44:42 root 200.155.56.65
212178 1 1/29/2009 22:44:37 root 200.155.56.65
212177 1 1/29/2009 22:44:33 root 200.155.56.65
212176 1 1/29/2009 21:43:59 root 58.222.11.2
211647 1 1/29/2009 5:35:22 user 60.198.212.6
211646 1 1/29/2009 5:35:20 user 60.198.212.6
211645 1 1/29/2009 5:35:17 user 60.198.212.6
211644 1 1/29/2009 5:35:15 user1 60.198.212.6
211643 1 1/29/2009 5:35:12 raul 60.198.212.6
211642 1 1/29/2009 5:35:10 print 60.198.212.6
211641 1 1/29/2009 5:35:07 print 60.198.212.6
211640 1 1/29/2009 5:35:05 setup 60.198.212.6
211639 1 1/29/2009 5:35:02 setup 60.198.212.6
211638 1 1/29/2009 5:35:00 vicky 60.198.212.6
211637 1 1/29/2009 5:34:57 mysql 60.198.212.6
211636 1 1/29/2009 5:34:55 mysql 60.198.212.6
211635 1 1/29/2009 5:34:52 mana 60.198.212.6
211634 1 1/29/2009 5:34:50 cvsuser1 60.198.212.6
211633 1 1/29/2009 5:34:47 cvsuser 60.198.212.6
211632 1 1/29/2009 5:34:45 jb 60.198.212.6
211631 1 1/29/2009 5:34:42 anda 60.198.212.6
211630 1 1/29/2009 5:34:40 test 60.198.212.6
211629 1 1/29/2009 5:34:37 test 60.198.212.6
211628 1 1/29/2009 5:34:35 test 60.198.212.6
211627 1 1/29/2009 5:34:32 test 60.198.212.6
211626 1 1/29/2009 5:34:30 test 60.198.212.6
211625 1 1/29/2009 5:34:27 test 60.198.212.6
211624 1 1/29/2009 5:34:25 test 60.198.212.6
211623 1 1/29/2009 5:34:22 test 60.198.212.6
211622 1 1/29/2009 5:34:20 admin 60.198.212.6
211621 1 1/29/2009 5:34:17 admin 60.198.212.6
211620 1 1/29/2009 5:34:15 admin 60.198.212.6
211619 1 1/29/2009 5:34:12 admin 60.198.212.6
211618 1 1/29/2009 5:34:10 admin 60.198.212.6
211617 1 1/29/2009 5:34:07 admin 60.198.212.6
211616 1 1/29/2009 5:34:04 admin 60.198.212.6
211615 1 1/29/2009 5:34:02 admin 60.198.212.6
211614 1 1/29/2009 5:33:59 admin 60.198.212.6
211613 1 1/29/2009 5:33:57 root 60.198.212.6
211612 1 1/29/2009 5:33:54 oracle 60.198.212.6
211611 1 1/29/2009 5:33:52 oracle 60.198.212.6
211610 1 1/29/2009 5:33:49 oracle 60.198.212.6
211609 1 1/29/2009 5:33:47 oracle 60.198.212.6
211608 1 1/29/2009 5:33:44 oracle 60.198.212.6
211607 1 1/29/2009 5:33:42 oracle 60.198.212.6
211606 1 1/29/2009 5:33:39 oracle 60.198.212.6
211605 1 1/29/2009 5:33:37 oracle 60.198.212.6
211604 1 1/29/2009 5:33:34 oracle 60.198.212.6
211603 1 1/29/2009 5:33:32 oracle 60.198.212.6
211602 1 1/29/2009 5:33:29 mythtv 60.198.212.6
211601 1 1/29/2009 5:33:27 mythtv 60.198.212.6
211600 1 1/29/2009 5:33:24 mythtv 60.198.212.6
211599 1 1/29/2009 5:33:22 mythtv 60.198.212.6
211598 1 1/29/2009 5:33:19 root 60.198.212.6
211597 1 1/29/2009 5:33:17 root 60.198.212.6
211596 1 1/29/2009 5:33:14 root 60.198.212.6
211595 1 1/29/2009 5:33:12 root 60.198.212.6
211594 1 1/29/2009 5:33:09 root 60.198.212.6
211593 1 1/29/2009 5:33:07 root 60.198.212.6
211592 1 1/29/2009 5:33:04 root 60.198.212.6
211591 1 1/29/2009 5:33:02 root 60.198.212.6
211590 1 1/29/2009 5:32:59 root 60.198.212.6
211589 1 1/29/2009 5:32:57 root 60.198.212.6
211588 1 1/29/2009 5:32:54 root 60.198.212.6
211587 1 1/29/2009 5:32:52 root 60.198.212.6
211586 1 1/29/2009 5:32:49 root 60.198.212.6
211585 1 1/29/2009 5:32:47 root 60.198.212.6
211584 1 1/29/2009 5:32:44 root 60.198.212.6
211583 1 1/29/2009 5:32:42 root 60.198.212.6
211582 1 1/29/2009 5:32:39 root 60.198.212.6
211581 1 1/29/2009 5:32:37 root 60.198.212.6
211580 1 1/29/2009 5:32:34 root 60.198.212.6
211579 1 1/29/2009 5:32:32 root 60.198.212.6
211578 1 1/29/2009 5:32:29 root 60.198.212.6
211577 1 1/29/2009 5:32:27 root 60.198.212.6
211576 1 1/29/2009 5:32:24 root 60.198.212.6
211575 1 1/29/2009 5:32:22 root 60.198.212.6
211574 1 1/29/2009 5:32:19 root 60.198.212.6
211573 1 1/29/2009 5:32:17 root 60.198.212.6
211572 1 1/29/2009 5:32:14 root 60.198.212.6
211571 1 1/29/2009 5:32:12 root 60.198.212.6
211570 1 1/29/2009 5:32:09 root 60.198.212.6
211569 1 1/29/2009 5:32:07 root 60.198.212.6
211568 1 1/29/2009 5:32:04 root 60.198.212.6
209761 1 1/28/2009 15:28:12 faith 76.97.174.166
209760 1 1/28/2009 15:28:11 nicole 76.97.174.166
209759 1 1/28/2009 15:28:10 caroline 76.97.174.166
209758 1 1/28/2009 15:28:09 avery 76.97.174.166
209757 1 1/28/2009 15:28:08 trinity 76.97.174.166
209756 1 1/28/2009 15:28:07 destiny 76.97.174.166
209755 1 1/28/2009 15:28:05 bailey 76.97.174.166
209754 1 1/28/2009 15:28:03 gabriella 76.97.174.166
209753 1 1/28/2009 15:28:02 jenna 76.97.174.166
209752 1 1/28/2009 15:28:01 alexandra 76.97.174.166
209751 1 1/28/2009 15:28:00 katie 76.97.174.166
-
i'm more interested in the log for your firewall.
-
If you opened up the NAS to internet you're bound to get these attempts. Blocking an IP will not work, because you can only apply this 'after the fact'. That's the same as buying locks after a succesful break in.
Auto IP blocking is very 'vulnerable' solution and will not contribute to extended safety. If the outside IP has been able to connect to your NAS you are NOT running any security: no MAC filtering, no WPA etc. They don't put in these security features for nothing. If you don't use them: pay the price. :o
-
I think there has been some miscommunication here.
Nothing was hacked.
LAN side security measures are what everybody is suggesting, the "intruder" was not a LAN side client. Suggesting MAC filtering as a serious security layer is 100% flawed.
What did happen is a open door and welcome mat was left out for anybody to take advantage of and some body somewhere did. He is not an intruder or a hacker, he is at worst a guy running port scans on teh interwebs.
If you open ports they are open to anybody, if you use secure protocols and devices this is less of an issue.
-
Suggesting MAC filtering as a serious security layer is 100% flawed.
Breaking MAC filtering takes some time when using 'blind' brute force guessing technique. If the intruder sniffs your unprotected packets they can easily figure out a valid/used MAC address and use that one.
It is not a real secure method to use MAC filtering alone, I agree.
-
I think there has been some miscommunication here.
Nothing was hacked.
LAN side security measures are what everybody is suggesting, the "intruder" was not a LAN side client. Suggesting MAC filtering as a serious security layer is 100% flawed.
What did happen is a open door and welcome mat was left out for anybody to take advantage of and some body somewhere did. He is not an intruder or a hacker, he is at worst a guy running port scans on teh interwebs.
If you open ports they are open to anybody, if you use secure protocols and devices this is less of an issue.
Hence me asking for the firewall logs.
-
If the intruder sniffs your unprotected packets they can easily figure out a valid/used MAC address and use that one...
Actually your MAC address is never encrypted. MAC filtering has no place as a security feature at all. It is like using a ROT-13 (Caesar) cypher, only the lowest 2% will even be phased by it.
-
Actually your MAC address is never encrypted. MAC filtering has no place as a security feature at all. It is like using a ROT-13 (Caesar) cypher, only the lowest 2% will even be phased by it.
Never stated that is wa sencrypted...To the outside world it is not known, so guessing would delay the attempts. By sniffing the packets they used MAC's on the LAN are disclosed.
So in a way it is certainly a security feature, only the effect is very limited and will only keep away the not-so-dedicated hacker.
-
Well, it is like my father says.
"Locks exist to keep honest people honest, they will only ever slow down dishonest people"
-
I like that. I'm going to use that one. Tell your dad he is smart.
-
Well, it is like my father says.
"Locks exist to keep honest people honest, they will only ever slow down dishonest people"
Also applies to 18-year old daughters ;D
-
I knew there was a reason my father raised no daughters...
But in all seriousness can we either get to OP to clarify or this thread to die, as while it is amusing, anyone who comes in here looking for forensic networking tips is going to find something else entirely.
-
From a Dlink perspective you're right :-)
As to the topic, I think this thread has answered all questions that can be answered.
-
Eddie -- MAC filtering won't help. This is a WAN-side attack.
This is the log from my NAS.
My router has a port open so I can access the Media Station from the internet. It would be nice to be able to block IP's if I detect a hack attempt.
That will get old.
Make sure your NAS security is tight. If it's open to the Internet, it's going to be probed.
You can reduce these -- these measures are more prevention than security.
If you want to limit your port-forward entry to IP addresses on the network that you'll use when you're away, then you can do that (the IP addy that was attacking you first was in Brazil).
If possible, use a port that doesn't match a frequently-attacked service. This is tougher if your NAS or router won't support it.
HTH
-
Eddie -- MAC filtering won't help. This is a WAN-side attack.
Hi Rob,
You're right :) MAC filtering does not have any effect.
-
The router/firewall logs were never produced and I think this topic has reached the end of it's usefulness.
As always if anyone feels I've done them wrong by locking this thread, PM me with a good reason and I'll unlockify it. (Bush-ism).
-Lycan