So, can... anyone help me?

Rent a booter you get a botnet.

It is quite easy to read and figure out what the information is provided by Wireshark. With just a basic understanding of network protocols and how they work, you can figure out what is going on your network. The catch is you have to take the time to fully understand how Wireshark works, and be able to interpret the information it gives you. I guess I find interpreting Wireshark easy because that the talent I was born with.

2 Likes

[quote=“Aremis, post:18, topic:123448”]
And even once you have the IP, what do you do? 100 bucks at a booter to basically ban the guy from the internet for a month?

Well, my response would be, block the Son of a Gun, or fight fire with fire, so what if it cost you $100 bucks, we future network Engineers have to do something to justify our jobs. LOL.: laughing:

2 Likes

Heh, I guess. I think people should just study this stuff on their own lol.

1 Like

You bros want to join me in starting a L1T InfoSec blog? :grin:

They don’t have a subsection for Security, so that may be the best place.

2 Likes

Actually I was thinking this would be the inevitable follow on after the, “Build your own PfSense router” on Level1Linux. Wireshark infosec seemed like the best clamping down on the firehose that made the most sense. Both are very useful tools that both teach and keep you out of heaps of trouble. There is a really basic intro to Wireshark on Hak5 but nothing like could fly here.

I’d join :U

Chris Sanders has a book that is phenomenal. He has a few, actually, but the one I am referring to is Practical Packet Analysis. He uses Wireshark for a lot of the exercises in the book, and provides really great instruction.

Dude is a beast when it comes to Blue Team.

Please do! I’ve been mulling around various blog ideas for a long time. Just don’t have the balls to start out on my own :smiley:

2 Likes

Great pointer for a resource. Thanks for that! Looks like it is perhaps soon to be difficult to find.Strike while the iron is hot.

Off topic but does your switch have support port mirroring? Because if it does you can mirror the ports connected to your router (stick the switch in between the modem and router on an isolated vlan or something) and run wireshark on the mirrored port. That way you can get real time monitoring without doing anything to the router.

3 Likes

I can start it if you want lol.

Wouldn’t it be more helpful initially on the exsting Linux channel. The setup, initial detail, what to look for that is important, what is fluff (std i/o) that can be skimmed eventually, triggers to be set, and then all the really good bits :wink: like the sweetness that @Dexter_Kane just dropped. (nice one - seriously)

That is what our OP is looking for … yeah?

2 Likes

I see I need to clarify some of my statement. Ok I don’t have a L3 switch, at least not yet, it’s on my to do list along with wireing the house for Ethnet. What I have right now is what I referred to as a combo device which is acting like a L3 switch if I understand correctly how a L3 switch works, a modum, and WIFI device,which is how most of my family connects to the network.

please excuse the few misspelled words I am trying g this message out on my tablet, so I don’t wake up the whole house by using my computer. I swish you could attach a full size keyboard to a tablet it sure would make typing so much easyer.

While you are correct at least in the United States, what is napping to @sumidor063 is a crime if commited by any one other then the owner of the building network or owner of the building the only thing the Police can do is take incident report, unless you can prove who is doing this to you. Then maybe you can have charged filed against them. As it has already been pointed out by this community it probably is a kid fooling around, but the little brat should be taught a hard lesson for his own good. I hope you catch the little snot.I

Any managed switch with port mirroring would do, or you could set up a pc with a bridge in whatever port you want to look at, but a switch with port mirroring makes it a lot easier/cheaper/flexible.

Should be able to, Bluetooth will definitely work, otherwise usb would probably work with an adapter.

1 Like

Does anyone know of a checklist containing best practices for security?

Things like,

  • never log in from a shared computer
  • never use the same password for different things
  • never run software from sources you don’t trust
  • never run or open unexpected email attachment
  • enable always show extension
  • encrypt your drives and phones so you can take them to repair safely
  • don’t tell others your passwords
  • don’t enable file sharing over internet
  • run periodic malware scans using reputable software
  • don’t use flash drives

… that sort of thing checklist.

Something that’s widely applicable and doesn’t require a full time admin to maintain an IDS with a CA and so on.

3 Likes

If it was me and I was interested in following it further. I would boot a live linux and dd and image of your boot drive to test and monitor within a VM.

Format and reinstall asap and change passwords as stated above. It all good info on this thread.

1 Like

There are a number of us here.

1 Like

There are A few things I would add, which to me are more like common sense.

  • Disable cookies
  • Never Let your Web browser’s save your password
  • Disable the AutoFill feature in web browser’s
  • Never share personal Information on the Internet
  • Never visit websites that encourage criminal activity
  • Never visit porn sites

That is the only thing else I can think of off the top of my head, if anyone else can think of more please share. I think the rest of us would be interested.

2 Likes

I included some of those in the link below. Let me know what you guys think! @Eden @ropestretcher @Linuxephus @risk

1 Like