Strange activities trough WLAN

Data that travels over the air and how to protect (or decipher) it

Strange activities trough WLAN

Post by fraggl0 on Sat May 10, 2014 6:00 pm
([msg=80632]see Strange activities trough WLAN[/msg])

Hey Guys, im new here - hope you experts can help me out.
After short research about some Ports I was linked to this forum.

Situation:
My WLAN connection break sometimes or is slow as hell.
I changed my Pass few weeks ago, cause i had a bad feeling.
Today I caught activity from a unknown IP-Address in my (W)-Lan.

Code: Select all
Starting Nmap 6.00 ( http://nmap.org ) at 2014-05-10 23:30 CEST
Nmap scan report for 192.168.1.161
Host is up (0.0058s latency).
Not shown: 981 closed ports
PORT      STATE    SERVICE
9/tcp     filtered discard
37/tcp    filtered time
280/tcp   filtered http-mgmt
593/tcp   filtered http-rpc-epmap
1322/tcp  filtered novation
1583/tcp  filtered simbaexpress
3128/tcp  filtered squid-http
3476/tcp  filtered nppmp
3918/tcp  filtered pktcablemmcops
5226/tcp  filtered hp-status
5544/tcp  filtered unknown
6692/tcp  filtered unknown
6881/tcp  filtered bittorrent-tracker
7103/tcp  filtered unknown
8086/tcp  filtered d-s-n
16016/tcp filtered unknown
20828/tcp filtered unknown
35500/tcp filtered unknown
55555/tcp filtered unknown
Nmap done: 1 IP address (1 host up) scanned in 61.06 seconds


I had to start nmap a few times before I got those result.
Furthermore I got the MAC from this stupid thing and can't assign it to any of my devices - wtf is going on?

Could this be a Proxy / Sniffer Client in my Network consider the ports?

Pings arent consistent:
Code: Select all
--- 192.168.1.161 ping statistics ---
868 packets transmitted, 274 packets received, 68.4% packet loss
round-trip min/avg/max/stddev = 3.316/538.346/6684.425/815.920 ms


What would you guys do ?
How to traceback this sucker?

Thanks!
fraggl0
New User
New User
 
Posts: 1
Joined: Sat May 10, 2014 5:35 pm
Blog: View Blog (0)


Re: Strange activities trough WLAN

Post by limdis on Sat May 10, 2014 8:04 pm
([msg=80634]see Re: Strange activities trough WLAN[/msg])

Why didn't you just login to your router and check the ACL for connected clients? If you see something connected that isn't supposed to be there block their MAC address. Easy.

But, since you took it this far let me start by saying that nmap is great footprinting tool. It's not designed to track down targets like you last question suggests. For that you are going to want to collect so network traffic (wireshark is good for that) and follow streams to see what all is going on.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1395
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)



Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests