It was right after 11 at night when I got the notification that a device had connected to my network. It was reporting to be a liteon device with a hostname of just a bunch of numbers and letters. I was going to bring up my kali linux laptop and see what it was doing but I didn't want to give it enough time so I just did a quick port scan from my windows machine.
It was listening to ports 25 and 110, so it had a mail server on it. I was thinking maybe some kind of man in the middle attack to read any emails we may send. I haven't kept up with hacking in a long time ago I wasn't sure if arp poisoning was still a thing but if it was or something similar I figured it was possible to fool our network into thinking that the new ip was gmail or something. So I blocked the device from the network.
It was also listening to ports 119, 143, 465, 563, 587, 993, and 995.
Our router is an eero btw.
I know most of those other ports also have to do with e-mail services.
So did someone hack into our home network? The password isn't super easy but it is two dictionary words with multiple numbers at the end which I know isn't the safest. I am going to change the password to something much more difficult tonight.
I noticed that port 995 was specific to gmail... it also was one of the ports used by that cyclops botnet but from what I understand that was stopped... not that this couldn't be something new.
Anyway, thought I would make a post here to see what ppl knew about this or if anyone has noticed anything similar connecting to their networks.
Thanks for any info.
[link] [comments]
from hacking: security in practice https://ift.tt/nildw9c
Comments
Post a Comment