I got an email last night basically saying that my ISP has recieved numerous complaints about inappropriate and numerous postings to the USENET newsgroup. Neither I or my roomate even go to newsgroup servers. The letter also explained that someone may have been able to obtain our IP address in essence our account information, and is pretending to be us. I have since gone and changed my Cisco router and user password as suggested by the email. Has anyone else had this happen to them? If so, what did you do to prevent it from happening again? What should I do now? I really don't want to put up a firewall if I don't have to. Could simply disconnecting the power to the router solve this when we are not online?

-MrEd
http://www.sysopt.com/forum/smile.gif

Sorry to hear about this MrEd! http://www.sysopt.com/forum/frown.gif

I don't know anything about routers, but I can recommend an effective, inexpensive firewall for a stand-alone or home network - BlackICE Defender at www.networkice.com. (http://www.networkice.com.) I would definitely look into a firewall for your particular setup, and if you're able to, run through a proxy. Wish I could be more help.

I'm sure someone here has some hardware/software suggestions for security with routers.

Good luck, and I hope your ISP gets these miscreants!

What Cisco router do you use?

There are two sides to this. One is that somebody actually got into your router and stole your IP address. Of course if they connected to your ISP using your IP while your router is on it would cause bad things to happen. To emulate this try setting up a second PC on the network and give it the same IP address as the first. You'll see the problem immediately. If an IP address is not unique it causes problems.

The other side to this is that someboday was able to successfully pass your IP address while posting. I don't know how it is done but I remember seeing it in a lab someplace.

Pat

I have a Cisco 675 Router. I also found out that my router didn't have a password until I "changed" it last night. Maybe that will help. I'll also look at that page as soon as I have time Socalgal. Thanx.

-MrEd
http://www.sysopt.com/forum/frown.gif

I would think it would be pretty hard to break the 675. I have 3 776's at home that I've broken. They are pretty hard to break. I had to call a Cisco Eng to do it.

Did they steal your static IP or just your account information? I'm still trying to figure out how someone was able to use your IP address at the same time you were on.

Pat

The letter I got just said "there have been a number of complaints about excessive and inappropriate postings on the USENET newsgroup servers, originating from your account..." I imagine it was the static IP they got.

-MrEd
http://www.sysopt.com/forum/smile.gif

I would agree with socalgal, go with BlackICE, it's a great inexpensive solution to network security problems.

Hi again. Well, being totally 404 on Cisco, I found some links that may (or may not) help you some... http://www.cisco.com/warp/public/110/index.shtml . There's some stuff there about firewalls w/Cisco.

I would suggest BlackIce over Cisco firewall products just because of the cost factor and I don't think MrEd is running a corporation that needs anything that expensive.

MrEd e-mail your ISP and try to find out if they stole the IP or the account info. If it is the IP then I would be very interested because I'm still trying to figure out how they could use it while you were on. E-mail me if they did get your IP I want to try re-creating it in a lab.

Pat