Jump to content

Windows 10 Update - Man In The Middle Attack


Minerva_Origin

Recommended Posts

Hi dear managers,

Here there are many experts of security.

In many Anti Virus softwares force us to keep windows 10 update.

I am connecting to a wi-fi network and blocked all ip addresses in this network with regular windows 10 firewall and the only available ip address is : 192.168.1.1 = gateway + 192.168.1.102 = my own ip address

Some people from wi-fi security team told me we are working on hacking people with windows update here.

So some hours when i check windows update it hangs and some days later it is working.

It seems they are tampering something in the other side as Man In The Middle attack.

In anoher day i faced ARP poisoning from them.

Just clarify here can they hack people with windows update such that easy or not?

How can i prevant "Man In The Middle" attack and ARP poisoning?

 

Link to post
Share on other sites

Don't go overboard.

Any form of attack on a Local Area Network (LAN) is an Insider Threat.  That means one has gained ingress as they are in the enclave, your home network.  Safeguard your network.  Know every device that is attached to it.  If you can, avoid WiFi.  Connect all devices via Ethernet.  If all devices can not be wired, then limit access to the WiFi and know ALL devices that are connected to it and do not share it.

Hackers have not hacked into Windows Update and so far this has been a secure channel.  Malware has used the Background Intelligent Transfer Service (BITS) to download additional malware but that means the PC in question is already compromised.  When it comes to Man-in-the-Middle attacks when it is not a LAN issue but a software protocol issue on a PC, again it means the PC in question is already compromised.

A PC that is not updated can be exploited through non-patched vulnerabilities.  If this happens the PC can be compromised and any malicious software agents that get installed are now an Insider Threat.  They are no longer on the outside looking in, they are "in".  They are within the enclave.  It is like a locked house.  All the windows and doors are closed and locked but you leave a copy of the key in the flower box outside the front door.  That key is a vulnerability.  If exploited they can unlock the door and gain entry.  Now they are inside the house and are free to do what they like.

Forget about both ARP poisoning and  Man-in-the-Middle (MITM) attack situations.  Why concentrate on those only?  There are many types of attacks and vectors of compromise.  Look at a PC and the LAN in general in a holistic sense.  Do everything in your power to protect the network and protect the PC(s) and devices on that network.

  • Limit or disallow sharing the network.
  • Know what is connected to it.
  • Don't share passwords
  • Know the MAC address of all devices using WiFi and only allow devices to attach via WiFi if their MAC Address is in the Router's allowed list.

 

Suggestions for your Router:

  • Disable acceptance of ICMP Pings
  • Change the Default Router password using a Strong Password
  • Use a Strong WiFi password on WPA2 using AES encryption or Enable WPA3 if it is an option.
  • Disable Remote Management
  • Create separate WiFi networks for groups of devices with similar purposes to prevent an entire network of devices from being compromised if a malicious actor is able to gain unauthorized access to one device or network. Example: Keep IoT devices on one network and mobile devices on another.
  • Change the network name (SSID).  Do not use your; Name, Postal address or other personal information.  Make it unique or whimsical and known to your family/group.
  • Is the Router Firmware up-to-date ?  Updating the firmware mitigates exploitable vulnerabilities.
  • Specifically set Firewall rules to BLOCK;   TCP and UDP ports 135 ~ 139, 445, 1234, 3389, 5555 and 9034
  • Document passwords created and store them in a safe but accessible location.

 

 

Edited by David H. Lipman
Edited for content, clarity, spelling and/or grammar
  • Like 2
  • Thanks 1
Link to post
Share on other sites

First of all i should tell my modem is from china new brand with unfamiliar infected web site by infected certificate.

So these people are more crazy than what you think.

My eset some days ago grabbed arp poisoning from this network.

I faced many infected web sites through certificate hack.

But these things are not important and i am ready for these shits.

Just i want to know about windows update.

What is your mean it is on a secure channel?

Is it secure on windows 10 still or not?

I think it is easy to manipulate packets during update.

These damn people are connecting to all of my telegram accounts.

This means it is serious.

Every body on earth told telegram is secure - But it's not and that was a big lie.

We have an app like uber on android devices and i am certainly sure this app is a backdoor on more than 80M people's devices.

What are you talking about overboard?

These people are spying others and tell it was related to outside devil - not us.

I never saw such these damn people on earth.

Know you pigs from isp can earn wifi passwords like a charm and connect to it.

So this is my modem and this is so funny.

I closed all ip addresses on this network.

After that they attacked from many web sites.

Arp Poisoning plus certificate hacking plus other methods.

Now they are working on windows update.

Just clarify about windows update and let us know more about it's mechanism.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.