On Tue, 03 Jul 2007 14:35:12 -0400, Lester Stiefel
>Trish wrote:
>> I have WindowsXp pro sp2/Antivir/Kerio/Wifi wireless internet connection/
>> Adaware / Spybot/ Proxomitron.
>> REcently caught the System Administrator accessing files on my Laptop thru
>> the same wireless net connection. My Kerio Firewall latest version did not
>> show a prompt to allow or deny the connection to System Admn. My computer do
>> not belong to a network just internet connection through a router.
>> Tcpview software shows a new "System" named connection while the Admn
>> connected.
> Sounds like you have smart hacker on your hands.
Doesn't have to be all that smart, if your WiFi setup is insecure.
Wireless on the Internet (WAN) side of the router is OK, as you're in
public territory at that point anyway.
But wireless on the LAN side of the router is extremely bad news, as
it will bypass your Internet-facing defenses.
Do NOT allow that to happen! I avoid the whole mess by not using
WiFi, but if you must use WiFi, then:
- make sure it is encrypted
- use WPA2 or WPA, not WEP (disable WEP)
- use a fully-random key that is at the very least 8 characters long
- if using a less-random key, then I'd use 20+ characters long
Actually, I'd use a 20+ random character key, if forced to use WiFi
>Noting this is a WiFi connection you may need to use the
>hardware firewall in your router or modem.
You should at least be using NAT routing anyway, but WiFi access on
the LAN side of the router will bypass this anyway. Your attacker
would be considered "in the house" already.
>Second, are you on the WiFi connection, or on a land-based
>connection?
>If on a land-based connection, check to see if your device
>has a detachable antenna. If the antenna i detachable, i
>would suggest removing it.
>You may need to fire the problem over directly to MS
>developers if your on the WiFi connection, for further
>assistance. WiFi connections are inherently insecure and
>cannot be trusted for confidential business.
WiFi can "approach" wired safety only if you are using strong keys and
WPA or WPA2, and these keys are not tokenized (e.g. written down) or
shared. OTOH, WEP keys with 6 or less characters can be dumb-cracked
in a few minutes, which is why the "hacker" doesn't have to be smart.
Also, if you are not on a LAN, then KILL all the "network admin" stuff
that XP Pro waves around, i.e.
- either null or strong account password (i.e. not a weak password)
- kill hidden admin shares
- block File and Print Sharing (F&PS) at the Windows firewall
- block Remote Desktop and Remote Assistance
Hidden admin shares are not exposed to networking in XP Home, but will
be exposed by XP Pro if the user account password is anything other
than null (empty). Bypassing a non-null password via TweakUI etc. is
NOT the same as having a null password!
Hidden admin shares are a bloody menace, because they expose all of
every HD volume to writes, so an attacker can not only read your
stuff, but drop malware to auto-run when you start the OS.
Hidden admin shares are only "hidden" from you; they always have the
same predictable names, and are thus even easier to automate than
"normal" network shares you create with your choice of names.
If you have one PC and one Ethernet router, buy a cable and KILL the
WiFi at both the router and the PC. Ripping out the aerial isn't
enough, if your attacker is within the augmented range that can be
attained using various commonly-available "fishing" antennae.
>------------------------- ---- --- -- - - - -
I'm on a ten-year lunch break
>------------------------- ---- --- -- - - - -