1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Urgent help needed

Discussion in 'Networking & Security' started by silkstone, May 13, 2014.

  1. silkstone

    silkstone

    Joined:
    Nov 1, 2008
    Messages:
    2,890 (1.32/day)
    Thanks Received:
    501
    Hi guys,

    I'm in a bit of a pickle. I went into a friends office to help him sort out a couple of slow computers today and I just got a text that his whole network is down.

    His office is a department in a hotel which has a central network system. And I have no idea how it's set up and no experience past SoHo networking.

    I initially unplugged a network cable from a desktop and put it into my laptop so I could access the internet. Everything worked fine. However, when I put it back into the desktop, the card only intermittently picked up a signal, though it kept working when I re-plugged it back in to my laptop.

    Anyway, I figure his problem is his on an old core 2 solo proc with 1gb of ram and go about upgrading that computer. His laptop is ok, but Skype is slow as he's on shared WiFi which is really slow. So, i figure I can hook him up with WiFi through the office by setting up a cheap DD-WRT repeater. I try to hook the cable up to the computer first, no signal, then laptop, no signal, router no signal.

    So I give up on that and continue upgrading the old core solo (to a E7600). I also try pulling a cable from another socket into the router/repeater, but there's no signal from that either.

    I tell the girls in the office that they need to contact the IT department to get the network sorted, assuming it's just those 2 connections. (I checked the cables and hardware and all is fine on that end).

    Before I leave, one other computer is also not connected to the network, one that I didn't touch, but figured that the IT dept can sort that too.

    I just got a message that all the computers are now not able to connect to the network!
    I'm wondering if I caused this. Is there any security that would cause a whole office to go down when someone tries to plug in unrecognized/unauthorized devices?

    Everything I used is virus free and clean, so my computers would not have been trying to attack the network. I figured that the worst that could happen would be that a device is just denied access. Not causing the whole office to go down!
     
    Last edited: May 13, 2014
  2. remixedcat

    remixedcat

    Joined:
    May 13, 2010
    Messages:
    2,928 (1.80/day)
    Thanks Received:
    645
    Could you please tell us the mfr of the network hardware?
     
  3. Arjai

    Arjai

    Joined:
    Apr 3, 2012
    Messages:
    2,130 (2.28/day)
    Thanks Received:
    3,498
    Location:
    St. Paul, MN
    OOPS! Now you done it!! :D
     
    Crunching for Team TPU
  4. theoneandonlymrk

    theoneandonlymrk

    Joined:
    Mar 10, 2010
    Messages:
    3,411 (2.02/day)
    Thanks Received:
    572
    Location:
    Manchester uk
    Scarcely anything is virus free these days but it does all seam odd , , sounds more like a ip config mass cockup to me but unfortunately I am no network expert if you had touched all the computers that might tell us something.
     
    95Viper says thanks.
    More than 25k PPD
  5. remixedcat

    remixedcat

    Joined:
    May 13, 2010
    Messages:
    2,928 (1.80/day)
    Thanks Received:
    645
    The DDWRT router could have triggered as a "Rogue AP" and the APs freaked out. That's why knowing the manufacturer of the networking hardware is important for us to determine how they are supposed to react to this event happening.
     
    silkstone says thanks.
  6. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,417 (2.01/day)
    Thanks Received:
    1,616
    Location:
    στο άλφα έως ωμέγα
    ^This^
    You may have a virus/Trojan/anything that does not affect your system(OS) for some reason and it can blow another system(OS) all to heck.
    Plus, why were you un-plugging/plugging-in data cables that you know not what they were for.

    Tell 'em to reset the router...

    You might need a little more information, before the forum members can give you anything but guesses.

    Goodluck
     
  7. R-T-B

    R-T-B

    Joined:
    Aug 20, 2007
    Messages:
    530 (0.20/day)
    Thanks Received:
    110
    I can certify that I am virus free, don't know where this idea that pretty much everything is infected in some form came from... Cookies your antimalware software wants to erase aren't malware, gentlemen.
     
  8. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,417 (2.01/day)
    Thanks Received:
    1,616
    Location:
    στο άλφα έως ωμέγα
    That's great you are Virus free... Was it your laptop that was plugged into the hotel network?

    Nobody said it was cookies. And, nobody said everything is infected.
    And, there are viruses/malware out there and they can be tweaked to target certain systems, software, devices, etc.
     
  9. remixedcat

    remixedcat

    Joined:
    May 13, 2010
    Messages:
    2,928 (1.80/day)
    Thanks Received:
    645
    Also adding that there could be a laptop with kali/backtrack on the network sending de-authentication attacks, thus disconnecting the connected clients.

    The APs (if they are stuff like Meraki/Aruba/etc) should have a log of activity. You would need to check this to get more info. Should be 'rogue AP status' or the like...
     
  10. silkstone

    silkstone

    Joined:
    Nov 1, 2008
    Messages:
    2,890 (1.32/day)
    Thanks Received:
    501
    I'm going in today to find out what's going on. The connections weren't working (when trying to connect the cables to the pcs) before i tried the AP.

    I know the laptop is clean as I use kaspersky + malware bytes. i run periodic rootkit tests and use kaspersky rescue disk to scan on a regular basis.
     
  11. remixedcat

    remixedcat

    Joined:
    May 13, 2010
    Messages:
    2,928 (1.80/day)
    Thanks Received:
    645
    I would scan for networks and possibly use tools like wireshark or commview for windows too see if there are any intruders in addition to the above mentioned.
     
    silkstone says thanks.
  12. shovenose

    shovenose

    Joined:
    Jan 11, 2013
    Messages:
    797 (1.22/day)
    Thanks Received:
    132
    Why did we all gravitate towards everything being hacked/infected? I don't see how that is a logical conclusion.

    What equipment is being used? If not stock firmware exactly which flavor of aftermarket firmware and versions? Is it a centralized WiFi system like a Cisco/Meraki or Ubiquiti UniFi?

    Have you tried new Ethernet cables on things you modified? What happens if you remove your DD-WRT device and reboot whatever is the router? Have you tried obvious steps like rebooting afftected computers?

    Do the computers even get IPs? cmd>ipconfig /release and then /renew what happens?
     
    Last edited: May 14, 2014
    silkstone says thanks.
  13. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,417 (2.01/day)
    Thanks Received:
    1,616
    Location:
    στο άλφα έως ωμέγα
    He did not give much to go on... Also, a few other things were mentioned.

    It could have been a coincidence, some one else in the office could have knocked it down, the line could have been cut in a construction incident, etc.
    Like I said earlier, he will need to give more info or get guesses.

    He stated, that, he will be there in the morn, so, maybe, we'll get more info then.

    Hard to put a puzzle together without the pieces.

    EDIT:

    @shovenose: I am not given you a attitude or the like... just saying, we don't know what or how large of a network the are using. Might have been a dedicated network (if it is some chain hotel) and the line he thought was nothing, could had been a dedicated link (he may see no data; however, some equipment there may have been linked securely, or synced up, to it and an admin in the IT dept. may need to re-establish it or it may need to be reset/re-synced. A lot of businesses, governments, etc. use these dedicated specials.
     
    Last edited: May 14, 2014
    silkstone says thanks.
  14. silkstone

    silkstone

    Joined:
    Nov 1, 2008
    Messages:
    2,890 (1.32/day)
    Thanks Received:
    501
    Update: I went back in, and it was only the one connection that was down. His office staff do not have good communication skills.
    I got the IT guys on it, and they had disconnected the port because I had plugged in my laptop without having my MAC address registered with them.
    Strange security procedure as I was able to connect fully for the first hour!
    I doubt that they have enabled the other connection, the one that needs to go into his laptop, I guess I'll find out next time I see him.

    He actually wants me to come back in and set up his new office and help purchase 4 new PCs. If I do it, I'll make it clear that I will only install the computers in the office and then communicate with the IT department to make sure they get them set up and ensure they are working.

    Yes, It's part of a much larger network, I'm not sure if it's outside the hotel, but they are very security concious for reasons I can't go into. I wish I had known this before going in, or people in the IT department would come down when asked. I went in and was alone there.
     
    Last edited: May 14, 2014
    95Viper says thanks.
  15. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,417 (2.01/day)
    Thanks Received:
    1,616
    Location:
    στο άλφα έως ωμέγα
    Glad you got it worked out.
     
    silkstone says thanks.
  16. silkstone

    silkstone

    Joined:
    Nov 1, 2008
    Messages:
    2,890 (1.32/day)
    Thanks Received:
    501
    I'm just glad I didn't break anything!
     
    remixedcat says thanks.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page