Phoenixcomms.com.au (24-01-12),Posterman (03-03-12)
Hi all, I noticed my MNF balance rapidly going down only on checking my account did I realise some asehole had hacked into my VOIP. I don't call Israel or Egypt. I called my provider (MNF) & after checking they said I had default admim admin as moden P/W & also had remote access enabled. They changed p/w & turned off remote.
Any one else had this problem?
Phoenixcomms.com.au (24-01-12),Posterman (03-03-12)
Look Here -> |
nope are you using their adaptor
I use a VOIP modem, not been hacked that I can tell
can't see how someone could hack it unless they knew your MNF number (not DID) and your password - MNF didn't have default passwords when I signed up I don't see how they could have got your details unless someone hacked into your modem from the street - even then MNF can't change your modem password only you can do that
I think this is a known vulnerability with a particular model router in the market at the moment, I know another provider that discovered this problem and blocked all the accounts of their customers with this model and sent an email out advising the users to change the default state of their routers before they would re-enable the accounts, a few customers got a bit angry because they had missed the email because their contact details weren't up to date, I suspect they potentially saved a lot of heartache though
I'm using a voip modem router netcommnb9wmax.
1) change your admin password of your modem
2) change your MNF password also, I assume you can contact MNF to do that - seems like you did that
3) maybe you can block international dialing in your modem or through MNF?
MNF asked If I wanted to barr International but I call O/S for 10cents untimed every few weeks.
I had a quick look on whirlpool forums - didn't see any posts suggesting this was a wide spread problem with MNF and the router you have wort
if it was going on often I ashume it was a neibough. or could have been someone that used to do what I used to do I used an Modified old MMDS (Wireless) Galaxy PayTV antenna there a dime a dozen here in tassie as Austar was using them right up until the dooms day of Ird1 (Old analouge scrambled images (inverted sync and inverted colour burst)) easy fixed with a TV tuner and a 3 chip de-scrambler anyway thats another story. if they are using one of these antenna's they could be anywhere upto 2-3Km's away if line of sight I used to be able to connect to a mates place and from a street map he was 2.4Km's away (Line of sight) and used to get 3 out of 5 bars on the signal meter and I was the only one using the antenna he just had an old 11Mbit Access Point, aparently you can get 5+ Km's if you use old 11Mbit gear if you point 2 of these antenna's at each other aparently the old WiFi gear was a lot Higher Wattage than the newer 54Mbit and 300Mbit gear thats why I have kept all mine I have 5 old Orinoco PCMCIA 11Mbit cards and a old netgear Access Point all with external antenna connectors also have a 16 slot waveguide antenna but unfortunatly there is no one line of sight to me that I know to connect to. If i where you I would run a wireless sniffer program (cant remember what the most common one was it was V 0.4.0 of this program) with a WiFi reciever either USB/PCI or one in a laptop you cant use a AP or router for this and see what comes up some stupid people put there name as the AP name usually there last name if you find a name look it up in the phone book or whitepages.com.au and see if someone close has a wireless connection
---------------------------------------------------
3 x 90CM Hills Offset, 1.2M Aluminium Offset, 1.2M Offset,
1.7M Offset.
Oh yeah also check the logs in your WiFi router if you havn't cleared it as it will tell you there MAC address and some will even tell you the computer name
---------------------------------------------------
3 x 90CM Hills Offset, 1.2M Aluminium Offset, 1.2M Offset,
1.7M Offset.
Ok mate cant help you there. have a fair knowledge in Wifi so thought that maybe that was how they where doing it
---------------------------------------------------
3 x 90CM Hills Offset, 1.2M Aluminium Offset, 1.2M Offset,
1.7M Offset.
Phoenixcomms.com.au (24-01-12)
Not hard to spoof a mac address, change the hostname to a connected client and you will almost not know they were there. (apart from funny entries in your arp table)
MITM attack, get the MNF number and hash, crack the hash (10 mins on plaintext.info)
Use someone else’s wireless to make calls with your new found account details.
People really need to secure the routers with WPA2 and non-dictionary (12 or greater character password)
Those whom have a standard Bigpond wireless gateway with the partial Mac address after bigpond SSID, that use the default WPA key as supplied on the card should change it. (takes 30 seconds to reverse the SSID and default WPA key)
Not that this is what happened to the OP but it always pays to be careful. Often SPA adapters are placed in the DMZ zone, very easy victims with default passwords. Once you have control you can lock the user out and add remote access. Better still leave the same password and unlees they look at the bill...........
Cheers
Extra
Last edited by Extradry; 29-05-11 at 09:17 AM.
Phoenixcomms.com.au (24-01-12)
changing ur passwords will be the best solutions.........
Phoenixcomms.com.au (24-01-12)
Thanks all for your help. I've changed pass words & closed remote access. MNF have refunded all hackers used credit. All's well though keeping a close eye on my account. Would have liked to track the arseholes but don't know how.
Cheers,
Wort.
Ports are used for these services like everything else on the net, and port scanners are used to find open and active ports, ie they can see by the port being used to what services use those ports and then try default user names and passwords, ie ending in unpleasentness!
I know of a few websites using the same system for hacking webcams all over the world )
NB: Security is the key.
Can they not tell you the numbers/ip/address of the persons called in those places?
Then start a trace and make them pay ;-)
Bookmarks