Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Remote Desktop weird problem
Old 09-21-2008, 03:25 PM   #1
Full time employment: Posting here.
 
Join Date: Sep 2004
Posts: 607
Remote Desktop weird problem

Ok, so this one's got me REAL nervous.

We have a desktop PC in our office that we rarely login to using Remote Desktop. Remote Desktop is the only way we login to this PC since we don't have a keyboard/monitor hooked up to it.

Today, when I tried to login to it, the Remote Desktop connection logged in and it didn't have the usual username prefilled in in the Username box. It had some weird name: mohammed.mah something or other. The question is, how did it get there?!? We only have one username defined there and we never change it.

The other thing that has me nervous is that we got a weird DHCP address from our router and to make things worse, I had WEP/WAP turned off on my wireless router since we had some visitors and they wanted to get onto the net (I know, I took the easy way out!)

I'm scared to death of keyloggers, so I'm frantically running AVG my laptop to see if it sees anything.

Any ideas? Thanks.
__________________

__________________
WanderALot is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 09-21-2008, 03:35 PM   #2
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
cute fuzzy bunny's Avatar
 
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,697
Sounds like someone got into your network and logged into your remote desktop machine.

Wouldnt have mattered much if you had WEP enabled. WEP sucks. There are turnkey software packages you can load on a laptop that'll identify networks and crack the WEP key in a matter of minutes. WPA is a lot harder.

I'd turn the router off, thoroughly virus scan all the machines, reset the router to its factory defaults, change its name and then reconfigure it for WPA or WPA2 with a different key. Set it for invisible mode and mac filtering.

If the machine that you're using for remote desktop has any stored user/password info for any important sites like financial institutions, I'd change my password on those asap.

As far as the weird DHCP address...maybe you got it from someone elses router?

Also, see this:
http://www.mobydisk.com/techres/secu...e_desktop.html
__________________

__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
cute fuzzy bunny is offline   Reply With Quote
Old 09-21-2008, 04:03 PM   #3
Full time employment: Posting here.
 
Join Date: Sep 2004
Posts: 607
Thanks for the reply Bunny. A full scan is now running on both our laptops and the wireless network is turned off.

Yeah, I usually have invisible mode and mac filtering enabled, but got lazy when a visitor had to use our network. I'm hoping that maybe someone on my street got onto the wireless (since it didn't have any security enabled) and mistakenly thought our that PC was their PC and tried to login to it. If I was a hacker, I wouldn't try to login to a compromised PC using my username, so I'm hoping it's just a case of my network being open.

We actually use an old access point (Linksys) for our wireless and it only supports WEP. I need to see if I can get a firmware upgrade to get WAP.

I know I didn't get the DHCP address from another router since I checked to see which wireless network I had connected to.

I'm getting that sick feeling knowing that our data might have been compromised. And it's probably all due to my negligence.
__________________
WanderALot is offline   Reply With Quote
Old 09-21-2008, 04:31 PM   #4
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
cute fuzzy bunny's Avatar
 
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,697
Buy a new router. Current models that support wpa or better are <$25 after rebates.

Newegg.com - ZyXEL P-320W IEEE 802.3&#47;3u, IEEE 802.11b&#47;g Wireless Firewall Router &#40;Secure Broadband Sharing&#41; - Wireless Routers
CP Technologies WBR-6001 N_Max Wireless Broadband Router - WBR-6001 - Buy.com
__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
cute fuzzy bunny is offline   Reply With Quote
Old 09-21-2008, 04:47 PM   #5
Full time employment: Posting here.
 
Join Date: Apr 2005
Posts: 524
Maybe you can check the log file on the remote access machine. Perhaps another valid user typed this name in. Or you may see a zillion attempts to log in, none successful.

If the machine was compromised I wouldn't trust an antivirus program to fix it. Install from a backup, or do a fresh install. Otherwise, you never know what's on there.
__________________
JB is offline   Reply With Quote
Old 09-21-2008, 04:53 PM   #6
Full time employment: Posting here.
 
Join Date: Apr 2005
Posts: 524
Hey Bunny.
I have an old router and replaced it with the Zyxel a friend gave me. Looked like a great router with lots of useful features. A few days later I noticed that my internet connection was slow. I reset the router to the default config and it's still slow. I tried looking at the settings and couldn't find anything abnormal. I even updated to the latest firmware. Then I swapped it out for my old router and bingo, fast again. A quick google search indicates that others have the same issue. I would not recommend the 320SW.
--JB
__________________
JB is offline   Reply With Quote
Old 09-21-2008, 05:16 PM   #7
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
cute fuzzy bunny's Avatar
 
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,697
No experience with this model, but I've used Zyxel products before with good luck.

Off the top of my head it sounds like maybe it shifted from full duplex to half duplex.

Remote access isnt logged on XP by default, you have to turn it on.

Found this other more expensive option. This is a great router, usually runs $100...with no moving parts I'm not concerned about it being a refurb.

Amazon.com: Linksys WRT150N-RM Refurb Wireless-N Home Router: Electronics

Hey wanderalot...check out the dd-wrt firmware for an open source firmware option that may support WPA on your older hardware...

Supported Devices - DD-WRT Wiki
__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
cute fuzzy bunny is offline   Reply With Quote
Old 09-21-2008, 08:36 PM   #8
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
cute fuzzy bunny's Avatar
 
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,697
BTW, I bought one of those WRT150N's from amazon. Cheapest price by far that I've seen for a wireless-n router, and it'll take dd-wrt firmware.
__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
cute fuzzy bunny is offline   Reply With Quote
Old 09-22-2008, 07:51 AM   #9
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
donheff's Avatar
 
Join Date: Feb 2006
Location: Washington, DC
Posts: 8,642
Save your important data from the headless machine and then reformat it. If you don't want to do that right away set your routers to prevent connections to or from that machine to the outside world. It doesn't sound like Mohammad was a skilled hacker or he wouldn't have left evidence of his visit. He may have just poked around or left packaged scripts. Cut off the machine and it can't communicate with it's mother ship.
__________________

__________________
Every man is, or hopes to be, an Idler. -- Samuel Johnson
donheff is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cheap, decent desktop cute fuzzy bunny Other topics 94 05-04-2008 10:29 PM
Cheap, firebreathing desktop machine cute fuzzy bunny Other topics 30 04-26-2008 10:02 AM
Remote Deposit Capture MikeD FIRE and Money 14 01-30-2008 09:26 PM
Another really remote place FinallyRetired Travel Information 6 09-08-2007 04:12 PM
Cheap desktop computer cute fuzzy bunny Other topics 8 07-09-2005 01:00 PM

 

 
All times are GMT -6. The time now is 05:19 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.