Hi folks,
We had an interesting incident happen recently... similar
to a drive by shooting really.
I arrived home early one morning from a late night geekmaid
gig up in the city... :) It was about 3:30am and after a short
while I noticed that our AP was acting strange... Instead of
green lights blinking happliy in the dark, I saw a steady
amber light glowing, flanked by an occassional red light
that flickered intermitently. This is the first time it's
ever acted this way.
So I booted up StarBabe to see if I could connect to the
net and I couldn't. I power cycled the AP and she still
came up in the same strange state. Our AP does NAT and DHCP
for our local network which connects to the Internet via
DSL. I checked the DSL modem and it looked fine... all green
lights but just no activity.
Strange.
I then called another geekmaid who is a network wizard and
he took the AP to see what was up... He did a post mortem
and the Lucent Card in the AP was fine. It turns out that
somehow, the AP flash ram was wiped and blank... hence the
weird state of the AP. :)
Now I thought that someone had prehaps driven by and shot
down our AP. But it turns out that the intruder more likely
accessed the AP from the Internet via the DSL connection!
I run an open network here with free access4all via our AP
which allows anyone to connect via wireless.
It looks like someone tried to wipe the AP as it was in
a state ready to be reloaded with new firmware. But they got
stuck at that point it seems.
It's good it happened as it gave us a chance to:
1) Upgrade the firmware (Flash ROM) on the AP and the
wireless Lucient Silver card so it can do more things now
(like custom set our SSID to be Art.Net).
2) We had downtime so we could do a power cleanup of the
cables in the dungeon which is our NOC here. We had some
serious cleanup that needed to be done as there were
cascading power strips everywhere! Not to mention the
issues with reversed power wiring which was causing shocks
from MoonBabes minitower chasis. We still need to get
grounded here for sure as our outlits are setup as
Open Ground... yikes!
3) And we also put in a VPN firewall between the DSL modem
and our internal network which was donated by another
geekmaid while we look to aquire new hardware.
Now I want to set up a DMZ so that I can put the open AP
there. In the meantime I am still running the AP inside the
firewall but we have everything else on other internal
networks and the AP is on it's on insecure network.
Anyways, it was pretty sureal having the AP shot down in
this way. I guess we were asking for it as we were running
wide open here. Now we just need to make sure that no
unauthorized beings/apps can alter the AP and DSL modem from
the Internet in the future. We have set a password on
the AP and I am looking to see if there is such a thing for
the DSL modem which is a Westel.
Would love to hear if anyone else has experience similar
things.
thanks,
-lile
hacker artist
GeekMaids.Com: Creating Order out of Chaos... Cleaning and Beyond!
SCALD(sm) - System Cleanup and Lock Down! (a new service provided by GeekMaids.Com)
--
general wireless list, a bawug thing <http://www.bawug.org/>
[un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
