Results 1 to 18 of 18

Thread: WARNING Hacked VOIP

  1. #1
    Premium Member
    Join Date
    Mar 2009
    Posts
    438
    Thanks
    202
    Thanked 61 Times in 47 Posts
    Rep Power
    150
    Reputation
    698

    Angry WARNING Hacked VOIP

    Hi all, I noticed my MNF balance rapidly going down only on checking my account did I realise some asehole had hacked into my VOIP. I don't call Israel or Egypt. I called my provider (MNF) & after checking they said I had default admim admin as moden P/W & also had remote access enabled. They changed p/w & turned off remote.
    Any one else had this problem?

  2. The Following 2 Users Say Thank You to hogwort For This Useful Post:

    Phoenixcomms.com.au (24-01-12),Posterman (03-03-12)



Look Here ->
  • #2
    Senior Member
    Join Date
    Dec 2010
    Location
    Adelaide
    Posts
    568
    Thanks
    195
    Thanked 171 Times in 100 Posts
    Rep Power
    155
    Reputation
    1787

    Default

    nope are you using their adaptor
    I use a VOIP modem, not been hacked that I can tell
    can't see how someone could hack it unless they knew your MNF number (not DID) and your password - MNF didn't have default passwords when I signed up I don't see how they could have got your details unless someone hacked into your modem from the street - even then MNF can't change your modem password only you can do that

  • #3
    Senior Member

    Join Date
    Jan 2008
    Location
    Shenzhen China
    Age
    54
    Posts
    2,052
    Thanks
    924
    Thanked 1,087 Times in 637 Posts
    Rep Power
    459
    Reputation
    12660

    Default

    Quote Originally Posted by wort View Post
    Hi all, I noticed my MNF balance rapidly going down only on checking my account did I realise some asehole had hacked into my VOIP. I don't call Israel or Egypt. I called my provider (MNF) & after checking they said I had default admim admin as moden P/W & also had remote access enabled. They changed p/w & turned off remote.
    Any one else had this problem?
    I think this is a known vulnerability with a particular model router in the market at the moment, I know another provider that discovered this problem and blocked all the accounts of their customers with this model and sent an email out advising the users to change the default state of their routers before they would re-enable the accounts, a few customers got a bit angry because they had missed the email because their contact details weren't up to date, I suspect they potentially saved a lot of heartache though

  • #4
    Premium Member
    Join Date
    Mar 2009
    Posts
    438
    Thanks
    202
    Thanked 61 Times in 47 Posts
    Rep Power
    150
    Reputation
    698

    Default

    I'm using a voip modem router netcommnb9wmax.

  • #5
    Senior Member
    Join Date
    Dec 2010
    Location
    Adelaide
    Posts
    568
    Thanks
    195
    Thanked 171 Times in 100 Posts
    Rep Power
    155
    Reputation
    1787

    Default

    1) change your admin password of your modem
    2) change your MNF password also, I assume you can contact MNF to do that - seems like you did that
    3) maybe you can block international dialing in your modem or through MNF?

  • #6
    Premium Member
    Join Date
    Mar 2009
    Posts
    438
    Thanks
    202
    Thanked 61 Times in 47 Posts
    Rep Power
    150
    Reputation
    698

    Default

    MNF asked If I wanted to barr International but I call O/S for 10cents untimed every few weeks.

  • #7
    Senior Member
    Join Date
    Dec 2010
    Location
    Adelaide
    Posts
    568
    Thanks
    195
    Thanked 171 Times in 100 Posts
    Rep Power
    155
    Reputation
    1787

    Default

    I had a quick look on whirlpool forums - didn't see any posts suggesting this was a wide spread problem with MNF and the router you have wort

  • #8
    Senior Member
    Join Date
    Apr 2010
    Location
    Tasmania
    Posts
    928
    Thanks
    72
    Thanked 27 Times in 24 Posts
    Rep Power
    141
    Reputation
    86

    Default

    if it was going on often I ashume it was a neibough. or could have been someone that used to do what I used to do I used an Modified old MMDS (Wireless) Galaxy PayTV antenna there a dime a dozen here in tassie as Austar was using them right up until the dooms day of Ird1 (Old analouge scrambled images (inverted sync and inverted colour burst)) easy fixed with a TV tuner and a 3 chip de-scrambler anyway thats another story. if they are using one of these antenna's they could be anywhere upto 2-3Km's away if line of sight I used to be able to connect to a mates place and from a street map he was 2.4Km's away (Line of sight) and used to get 3 out of 5 bars on the signal meter and I was the only one using the antenna he just had an old 11Mbit Access Point, aparently you can get 5+ Km's if you use old 11Mbit gear if you point 2 of these antenna's at each other aparently the old WiFi gear was a lot Higher Wattage than the newer 54Mbit and 300Mbit gear thats why I have kept all mine I have 5 old Orinoco PCMCIA 11Mbit cards and a old netgear Access Point all with external antenna connectors also have a 16 slot waveguide antenna but unfortunatly there is no one line of sight to me that I know to connect to. If i where you I would run a wireless sniffer program (cant remember what the most common one was it was V 0.4.0 of this program) with a WiFi reciever either USB/PCI or one in a laptop you cant use a AP or router for this and see what comes up some stupid people put there name as the AP name usually there last name if you find a name look it up in the phone book or whitepages.com.au and see if someone close has a wireless connection
    ---------------------------------------------------
    3 x 90CM Hills Offset, 1.2M Aluminium Offset, 1.2M Offset,
    1.7M Offset.

  • #9
    Senior Member
    Join Date
    Apr 2010
    Location
    Tasmania
    Posts
    928
    Thanks
    72
    Thanked 27 Times in 24 Posts
    Rep Power
    141
    Reputation
    86

    Default

    Oh yeah also check the logs in your WiFi router if you havn't cleared it as it will tell you there MAC address and some will even tell you the computer name
    ---------------------------------------------------
    3 x 90CM Hills Offset, 1.2M Aluminium Offset, 1.2M Offset,
    1.7M Offset.

  • #10
    Senior Member

    Join Date
    Jan 2008
    Location
    Shenzhen China
    Age
    54
    Posts
    2,052
    Thanks
    924
    Thanked 1,087 Times in 637 Posts
    Rep Power
    459
    Reputation
    12660

    Default

    Quote Originally Posted by DJmatt View Post
    if it was going on often I ashume it was a neibough. or could have been someone that used to do what I used to do I used an Modified old MMDS (Wireless) Galaxy PayTV antenna there a dime a dozen here in tassie as Austar was using them right up until the dooms day of Ird1 (Old analouge scrambled images (inverted sync and inverted colour burst)) easy fixed with a TV tuner and a 3 chip de-scrambler anyway thats another story. if they are using one of these antenna's they could be anywhere upto 2-3Km's away if line of sight I used to be able to connect to a mates place and from a street map he was 2.4Km's away (Line of sight) and used to get 3 out of 5 bars on the signal meter and I was the only one using the antenna he just had an old 11Mbit Access Point, aparently you can get 5+ Km's if you use old 11Mbit gear if you point 2 of these antenna's at each other aparently the old WiFi gear was a lot Higher Wattage than the newer 54Mbit and 300Mbit gear thats why I have kept all mine I have 5 old Orinoco PCMCIA 11Mbit cards and a old netgear Access Point all with external antenna connectors also have a 16 slot waveguide antenna but unfortunatly there is no one line of sight to me that I know to connect to. If i where you I would run a wireless sniffer program (cant remember what the most common one was it was V 0.4.0 of this program) with a WiFi reciever either USB/PCI or one in a laptop you cant use a AP or router for this and see what comes up some stupid people put there name as the AP name usually there last name if you find a name look it up in the phone book or whitepages.com.au and see if someone close has a wireless connection
    this is something that happens via an attack on port 80 of the WAN interface, not related to Wi-Fi access, note the comments about remote access being enabled in the first post

  • #11
    Senior Member
    Join Date
    Apr 2010
    Location
    Tasmania
    Posts
    928
    Thanks
    72
    Thanked 27 Times in 24 Posts
    Rep Power
    141
    Reputation
    86

    Default

    Ok mate cant help you there. have a fair knowledge in Wifi so thought that maybe that was how they where doing it
    ---------------------------------------------------
    3 x 90CM Hills Offset, 1.2M Aluminium Offset, 1.2M Offset,
    1.7M Offset.

  • #12
    Senior Member

    Join Date
    Jan 2008
    Location
    Shenzhen China
    Age
    54
    Posts
    2,052
    Thanks
    924
    Thanked 1,087 Times in 637 Posts
    Rep Power
    459
    Reputation
    12660

    Default

    Quote Originally Posted by DJmatt View Post
    Ok mate cant help you there. have a fair knowledge in Wifi so thought that maybe that was how they where doing it
    regardless, making sure your Wi-Fi is setup correctly is always a good idea

  • The Following User Says Thank You to jok11n For This Useful Post:

    Phoenixcomms.com.au (24-01-12)

  • #13
    Member Extradry's Avatar
    Join Date
    Jan 2008
    Location
    Bald Knob RD Bald KNOB
    Posts
    305
    Thanks
    163
    Thanked 153 Times in 50 Posts
    Rep Power
    163
    Reputation
    783

    Default

    Quote Originally Posted by DJmatt View Post
    Oh yeah also check the logs in your WiFi router if you havn't cleared it as it will tell you there MAC address and some will even tell you the computer name
    Not hard to spoof a mac address, change the hostname to a connected client and you will almost not know they were there. (apart from funny entries in your arp table)

    MITM attack, get the MNF number and hash, crack the hash (10 mins on plaintext.info)

    Use someone else’s wireless to make calls with your new found account details.

    People really need to secure the routers with WPA2 and non-dictionary (12 or greater character password)

    Those whom have a standard Bigpond wireless gateway with the partial Mac address after bigpond SSID, that use the default WPA key as supplied on the card should change it. (takes 30 seconds to reverse the SSID and default WPA key)

    Not that this is what happened to the OP but it always pays to be careful. Often SPA adapters are placed in the DMZ zone, very easy victims with default passwords. Once you have control you can lock the user out and add remote access. Better still leave the same password and unlees they look at the bill...........

    Cheers
    Extra
    Last edited by Extradry; 29-05-11 at 09:17 AM.

  • The Following User Says Thank You to Extradry For This Useful Post:

    Phoenixcomms.com.au (24-01-12)

  • #14
    Junior Member
    Join Date
    Jun 2011
    Posts
    13
    Thanks
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Reputation
    15

    Default

    changing ur passwords will be the best solutions.........

  • The Following User Says Thank You to Danial For This Useful Post:

    Phoenixcomms.com.au (24-01-12)

  • #15
    Premium Member
    Join Date
    Mar 2009
    Posts
    438
    Thanks
    202
    Thanked 61 Times in 47 Posts
    Rep Power
    150
    Reputation
    698

    Default

    Thanks all for your help. I've changed pass words & closed remote access. MNF have refunded all hackers used credit. All's well though keeping a close eye on my account. Would have liked to track the arseholes but don't know how.
    Cheers,
    Wort.

  • #16
    Junior Member
    Join Date
    Aug 2008
    Posts
    9
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Reputation
    10

    Default

    Quote Originally Posted by JasonC View Post
    can't see how someone could hack it unless they knew your MNF number (not DID) and your password - MNF didn't have default passwords when I signed up I don't see how they could have got your details unless someone hacked into your modem from the street - even then MNF can't change your modem password only you can do that
    Ports are used for these services like everything else on the net, and port scanners are used to find open and active ports, ie they can see by the port being used to what services use those ports and then try default user names and passwords, ie ending in unpleasentness!

    I know of a few websites using the same system for hacking webcams all over the world )

    NB: Security is the key.

  • #17
    Junior Member
    Join Date
    Aug 2008
    Posts
    9
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Reputation
    10

    Default

    Quote Originally Posted by wort View Post
    Thanks all for your help. I've changed pass words & closed remote access. MNF have refunded all hackers used credit. All's well though keeping a close eye on my account. Would have liked to track the arseholes but don't know how.
    Cheers,
    Wort.
    If they are this smart to hack you, then they will be smart enough to hide behind proxies etc, and trying to find them will be harder than cracking your password !!! )

  • #18
    Junior Member
    Join Date
    Feb 2008
    Posts
    67
    Thanks
    7
    Thanked 9 Times in 8 Posts
    Rep Power
    140
    Reputation
    55

    Default

    Can they not tell you the numbers/ip/address of the persons called in those places?

    Then start a trace and make them pay ;-)

  • Bookmarks

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •