Ok guys, I had a little panic moment here and just want to make sure im not missing anything and that my home network is safe. I have two routers on my network, one facing the internet, doing wifi, dns, and all the normal router stuff, while the other one i use just as a switch and have a usb hdd connected which has samba and transmission. On the main network i also have a ptpp server in case i need to access something blocked at school or want to access any files from my phone. I also had port forwarded the transmission gui to the internet and stupidly forgot about it and left it not password protected. I havent downloaded any torrents in a while, but i noticed some 2 downloaded torrents in my torrents folder i did not download, (ytcrackers discography and some kind of porn?) Can i safely assume they only saw the open transmission gui and downloaded those torrents for shits and giggles and couldnt do much else? Anything else i can check for?
Also during the same month i had more uploads then normal. Im guessing this was the torrents seeding? They were not in the GUI so im guessing they only seeded for that month.
OP, it looks like your hackers came from Australia.
Jokes aside, the only reason I can think anyone would do this is to get you to act as a seedbox and earn them ratio. Check the tracker URLs and you may be able to steal their keys. If you've got their keys, upload the torrent to a public site and laugh as thousands of people use their quota.
For the future, you need to do some serious housekeeping.
Step one. PPTP goes. It's not secure, it goes. Replace it with OpenVPN, ideally using certificates. Your OpenVPN server should not be your firewall router; your firewall router should be as simple and unmodified as you can get it.
Step two: stop forwarding dumb ports. Get your firewall router speaking UPNP, and your services (transmission, games consoles, etc.) using it. This will eliminate the possibility of human error, and close ports when you're not using them.
Step three: Test. Get on your phone and portscan yourself. Make sure nothing is open that's not supposed to be.
It you need to get at, say, a web UI, go in through VPN, and then access as if you were at home.
Sounds reasonable, however they since they removed the torrents i have no way to see
Main router has upnp, just for some reason i had only that port manually forwarded, also i did try openvpn at one point but my phone did not play nice with it for some reason, i will look into it again though! Im using freedns btw. Heres what a port scan turned up now that i closed the transmission port. Im not sure why the photo wont rotate.
OpenVPN's mobile clients have got better since about a year ago.
The iOS one now integrates with the OS's VPN switch, so you can make it come up on demand, and it can now store its certificate in the keyvault, where even the NSA can't get it without hitting you until you enter your passcode.
It's still a bitch to set up though.
That's what I'd do. Forward a port to it from the firewall router.
This way, when packets get deencapsulated, they're already inside the firewall and you don't need to do anything clever.
Clever is the enemy of secure.