Is that Public Network really Safe?

I just got back from being away for a few days and noticed something alarming! I got to the hotel that had open wireless internet access and connected my netbook to the network. Almost immediately my firewall software started to kick off alerts! There were all kinds of port scans to my netbook. Port scans are used by hackers to see what ports may be open on your pc. Once they know of open ports then the start to attack you from there. My virus/firewall program (eEye Blink Professional edition www.eeye.com) did what it was meant to do and stopped it from reaching. Being a Network Engineer I started to look at some of the information in the logs. I noticed the same ip address was hitting the firewall and kept hitting it. Doing a bit more digging I found the name of the computer and had a hunch what I was looking at. At that point I disconnected from the network.

Well it was then time to go try out the Hotels 2 shared business computers. I walked into the room that they were in and noticed both were Windows Xp Professional Boxes. Went to shut down to see what user was logged in and saw administrator! Yes shared computers that had administrator rights. The second item I looked into was what they were named and Ip address of them. Strange one of them just happened to have the same ip and address that kept attacking my PC. Next I looked for Antivirus software and found none (kind of figured that) and looked at the patch level and found service pack 1. (Note should have been service pack 3). I knew what I was going to find. I tried to go out to several online virus scanning services to scan the pc and was blocked. Tried to go to several sites to down load Antivirus and was blocked by that. Tried to download spyware detection software and same thing. Got my Jump drive out that I carry the current free version of AVG antivirus with current virus definitions (free.avg.com) and installed it to the pc. Did a scan to find over 60 Virus. Cleaned them up and rebooted the pc. Next I installed Malwarebytes and current signatures (www.malwarebytes.org/mbam.php) and started the scan to find over 400 hits from that program. Cleaned everything up and rebooted the pc. Now the system was at clean but still missing many patches. Connected my netbook to the network and did not get all the firewall hits so at least that is now clean.

I went to go find the Manager to talk with him but only got the Assistant Manager to let him know what I found. I found out they allowed the Administrator access on both machines as too many people complained they could not download or run programs they wanted to but did not realize they were putting themselves and everyone that used the pc’s and networks in danger. Had I more time I would have cleaned the other machine and patched them both but the hotel was getting their IT people in to repair and secure the PC’s. Maybe next time I’m out that way I’ll swing in and check to see if they really are secure. If not, time for me to get out my Business Card and see if I can get some billable business out of the deal.

The Hotel name and location will stay with me as not to destroy and reputations.