One of my ISP email accounts got hacked not long ago, they managed use the smtp server to send spam emails, but I detected it in time, and shut the account down as it wasn’t a key account. The ISP said it was a brute force attack.
I also had a telephone call from someone pretending to be from Microsoft, they said I had a virus and that I needed to install TeamViewer so he could check my PC…to cut a very long story short, I kept him on the phone for 20 minutes, and pretended to not know how to use the PC properly, he was trying to get me to run eventvwr to show me logs, but I kept making typing mistakes, which was making him so vex, I had to hold myself back in laughing, in the end I taught him a lesson and he put the phone down. A few weeks after this incident I heard this news – http://www.bbc.co.uk/news/technology-40430048
With all the cyber-attacks and the fact if it’s got an OS on it can be hacked, it was time to check all those OS based devices on my home network, from Routers, TV’s,PC’s, Laptop’s , Phone’s and all those internet of thing devices, the device list is ever growing, so you need to monitor and keep on a check on them all.
After my two incidents, I thought I’d use nmap its part of the Kali penetration tool kit, https://www.kali.org to check my home network, so I installed it on very small SD drive and booted from the live version and ran nmap, it was fast and easy. The toolkit contains many tools and can be overwhelming, but nmap is a good place to start the checks.
There are many nmap commands, but the one below will get you started. These are common ports the hacker’s tend to target.
Run the below command from the terminal and you should get a list of the different OS’s, devices, and port details, its good way to check what you have on your network and once you know, you can take action to use firewalls and upgrade your OS’s.
nmap -p 20,21,22,23,25,53,80,110,135,137,138,139,161,443,512,513,514,1433,3306,1521,5432,8080 192.168.0.* (CHANGE YOUR HOME SUBNET ADDRESS IF DIFFERENT)
It should look something like this.
Starting Nmap 7.60 ( https://nmap.org ) at 2017-07-25 19:24 UTC
Nmap scan report for 192.168.0.1
Host is up (0.015s latency).
PORT STATE SERVICE
20/tcp filtered ftp-data
21/tcp filtered ftp
22/tcp filtered ssh
23/tcp closed telnet
25/tcp filtered smtp
53/tcp filtered domain
80/tcp open http
110/tcp filtered pop3
135/tcp filtered msrpc
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
161/tcp filtered snmp
443/tcp closed https
512/tcp filtered exec
513/tcp filtered login
514/tcp filtered shell
1433/tcp filtered ms-sql-s
1521/tcp filtered oracle
3306/tcp filtered mysql
8080/tcp closed http-proxy
MAC Address: 22:E1:3A:BE:31:1A (your router)
From this list you can take the various actions, such as firewall blocks, os-patch updates etc.
There are many tips on the net on how to be more secure, here’s a few a key one’s for your home network that I use.
• Make sure you router passphrase is secure and uses WPA2
• Change default passwords of the router (make it a complex password – like JamEsBr0wn1977!£, this is a very strong password to crack see https://www2.open.ac.uk/openlearn/password_check/index.html , and change the name of the default SSID (this can tell the hacker what type of router you have, therefore they know the default password)
• Keep your OS updated
• Use firewalls and AV tools, and don’t open unsolicited emails!
• Disable the PIN enable access – not many people use it and with a brute force attack it’s an easy hack.
• If anyone calls and says there’s a virus on your pc and that they are from Microsoft or any other company, just keep them hanging on the line like I did and have fun at their expense, they will soon put the phone down.
If you don’t want to use nmap, and just want to check ports, you can use the script content below from github, it’s nothing like the feature rich nmap utility, but it will scan your IP device and tell you which ports are open, I created this a while ago because I didnt want to use any thirdparty software on a production enviroment and some basic perl code made it easy to check the ports