Just a note ahead of time, I am a total newbie at this, but I really have a passion to learn.

So, i was pulling out my new psp to play online. It doesn't support WPA2 8-(

So, i hopped on the router and noticed there was someone in the DHCP table which didn't belong.

I had my SSID set to not broadcast, and I had my security on WPA2 Personal with TKIP.

When I noticed this "intruder" I immediately shut down the wireless.

Now, either they are lucky, or they know what they are doing. I will be the first to admit that I had a relatively easy SSID and password. SSID would be my street address, eg. 1234 (this is not my actual address of course) and my password was 1234security, where we would replace the 1234 with the numbers from my address.

Anyways, this has raised my alert level, and I want my network locked down like fort Knox, though I would also like to be able to access it with my psp.

Should I set up a mac filter to only allow specified mac addresses? That way I can broadcast my SSID and have no security?

The PSP supports WEP and WPA, so I can have security.

Also, are there any options to receive alerts when someone connects to the router?

Any advice would be great.

EDIT: I am running DD-WRT on an Asus RT-N12

[This message has been edited by Shill (edited 07-17-2011).]

You can do MAC filter and WEP together if you like.

Either way, mac filter, i'm assuming won't even let you access the router. so WEP would just be a waste. I'd still probably use WEP, just curious if it is necessary.

It sounds like you already know enough to handle things. That's good. Changing your SSID is probably pointless. If you have WPA, use that instead of WEP (which sucks so bad) and use the longest key you can. CCMP uses AES encryption and is stronger than TKIP, if all of your connecting devices support it.

+1 on MAC filtering - that's your best bet. Although it's still going to be easy to crack if you use a lot of bandwidth, that will be a big deterrent. It's like anything in the world of security - the point isn't to stop someone from picking the lock - just make sure it takes more effort than its worth.

I'd also change the SSID to something interesting like "I'm Watching You Now or "Triangulating Your Position", lol!

[This message has been edited by FieroGT42 (edited 07-17-2011).]

How to Secure Your Home Wireless Router

More Setup Tips
This one suggests leaving SSID Broadcast on, but I turn mine off.

Also use a long password that's difficult to guess. Something like, "th!spassw0rd!sre@llyl0ngs0itsre@llyh@rdt0guess31415927"
That would be easy to remember but would take a very long time to crack with a brute force crack.

quote Originally posted by FieroGT42: I'd also change the SSID to something interesting like "I'm Watching You Now or "Triangulating Your Position", lol!

Honestly, if I knew how, i'd rather go after the guy with his SSID set to that.

Also, i'd liek to note that I have the only wireless network on the block.

My password is now 20 character long.

[This message has been edited by Shill (edited 07-17-2011).]

WEP is useless.

Using MAC filter w/o encrypted header is a waste of time....
WPA2 totally encrypts connections.
I'm told WEP, and maybe WPA, only encrypts payload not IP headers and MAC. I'm to tired and on vacation to check.

Some says MAC filter is a waste anyway, even with WPA2/AES... If anyone has hours monitors then client PC can leak MAC when PC is looking for router it can connect to.

Yes... Disable WiFi Admin access if possible. (Some routers can't disable on WiFi.)
Using strong passphrase for admin too...

------------------
Dr. Ian Malcolm: Yeah, but your scientists were so preoccupied with whether or not they could, they didn't stop to think if they should.
(Jurassic Park)

The Ogre's Fiero Cave (It's also at the top and bottom of every forum page...)

Found the clients full mac address, 7C:4F:B5:15:6D:80 How do I block it?

Depend on router and firmware involved.... DDwrt allows/disable (but not both) on MAC list so watch settings... You allow MAC list to access then all others gets block.

Most routers have MAC filters. MAC filters is some protection with nubes and script "kids."

See also http://www.nowiressecurity....pe_you_dont_know.htm from https://www.fiero.nl/forum/Forum6/HTML/086143.html

"Also, are there any options to receive alerts when someone connects to the router?"

Maybe... DDwrt has many feature.

[This message has been edited by theogre (edited 07-17-2011).]

quote Originally posted by Shill: Found the clients full mac address, 7C:4F:B5:15:6D:80 How do I block it?

If they know what they are doing, it wont matter. I can change mine in about 20 seconds to something else.

And i disagree with the above about not hiding your SSID, while its not the end all to be all of course, its just one more thing to do. And like mentioned above, use longest password you can, forget about WEP, and change it often.

Suggestion, depending on your layout perhaps you can restrict coverage.. keep it inside your apartment only.

Oh, and disable it when you aren't home. No need to give them more chances to try to get in.

[This message has been edited by User00013170 (edited 07-17-2011).]

if you had WPA on, and now WEP, and they still cracked it, theres prettymuch nothing u can do to stop them short of going wired, or maybe full radius security... someone with the skills and tools to crack WPA are going to get threw anything you put up, last i checked WPA was still only crackable by using key files.. ill look tonight to see if they have made something new..

it only takes 1 handshake packet to crack wpa, but it takes hours and a large key file, and crossing of the fingers to hope a key matches...
wep, well, thats crackable in seconds.

quote Originally posted by hookdonspeed: if you had WPA on, and now WEP, and they still cracked it, theres prettymuch nothing u can do to stop them short of going wired, or maybe full radius security... someone with the skills and tools to crack WPA are going to get threw anything you put up, last i checked WPA was still only crackable by using key files.. ill look tonight to see if they have made something new.. it only takes 1 handshake packet to crack wpa, but it takes hours and a large key file, and crossing of the fingers to hope a key matches... wep, well, thats crackable in seconds.

You would think that if they are talented enough for WPA, they would have their own internet

quote Originally posted by User00013170: You would think that if they are talented enough for WPA, they would have their own internet

They may, and just need a "little more"

I had a program I mentioned in the last thread regarding this that just may help you. It creates thousands of fake SSID's and makes your just disappear in the mess.

Brad

quote Originally posted by User00013170: You would think that if they are talented enough for WPA, they would have their own internet

But it is soooo much less risky to download kiddie pr0n on yours......

The wi-fi box I have is security enabled and to use the system you need to type in its security code (password) which is about 10 digit number/letter combination. When I have some out of town relatives come, I give them the security # and they can log onto my wi-fi network.

I'm computer illiterate and wouldn't know if some one else hacked on to my network.

quote Originally posted by Shill: Now, either they are lucky, or they know what they are doing. I will be the first to admit that I had a relatively easy SSID and password.

I'll agree that you should max out characters on your SSID and password and watch carefully but if this person hacks again, what do you do? Report the mac address you captured to your ISP or the police? Will your ISP help you build up security or is everyone on the planet on their own in this regard?
MEManiac made a good point, there's a reason they're using your internet instead of their own and most of those are illegal.

quote Originally posted by jetman: I'll agree that you should max out characters on your SSID and password and watch carefully but if this person hacks again, what do you do? Report the mac address you captured to your ISP or the police? Will your ISP help you build up security or is everyone on the planet on their own in this regard? MEManiac made a good point, there's a reason they're using your internet instead of their own and most of those are illegal.

Everyone is on their own Unless the feds want you of cousre.

quote Originally posted by theogre: "Also, are there any options to receive alerts when someone connects to the router?"

Most of this is greek to me, well, i understand SMTP, but Do I need my own server to be able to do this?

Also, connection notifier and logs are usually off, I turned them on so I can show their options.

No clue what their settings should be at to be useful.

[This message has been edited by Shill (edited 07-17-2011).]

Is there any way to find out who the IP belongs to? And then go over there and bust their mouth open?

quote Originally posted by tbone42: Is there any way to find out who the IP belongs to? And then go over there and bust their mouth open?

Other than building some sort of portable wifi - triangulation device ( like the old fox hunts ham radio guys would do ) there would be no way to find them in an apartment building.

let them connect, back hack their system :P findout who they are...

mac address can be spoofed.. took me all of 3-4 mins to get enough packets from a client to spoof the mac address, and that was with the AP running wpa2/aes. the best protection is just running a wired network and dropping the wifi. (i run 3 different AP's from my home so im the pot calling the kettle black LOL )

MAC filters are completely useless. WEP is completely useless. Non broadcasting SSIDs are completely useless. Anyone or all three of those will only keep your average housewife from walking onto your network, nothing else. Anyone who wants anything more than free internet is going to breeze right in.

Security 'Score' x of 100

WEP 5
Mac filter 5
Non Broadcast SSID 5
WEP and MAC and N-BSSID 5.5
WPA 20
WPA2 95

Unless you have legacy \ antiquated hardware, there is never any reason to use WEP or WPA(1). WPA2 is the same exact setup procedure. N-BSSIDs and MAC filters just make things annoying for legitamate users and do nothing to keep anyone else out.

I really doubt someone cracked your WPA2 network, unless you live very close to some very smart guys. More likely thats an old entry or a device you're forgetting like a phone. From the MAC its "Company Arcadyan Technology Corporation" which I dont know, but could be about anything with a cheap wireless chipset in it. And blocking their MAC is pointless if they are cracking WPA2 they are probably already spoofing that MAC. For the most part, the only realistic way to crack a WPA2 network is a brute force attatck, so while your PSK is simplistic, I dont think its an 'easy' guess and I doubt it would appear in a dictionary attack still if you change it just spice it up a little.

If you really wanted to know whats up, turn everything back on and install wireshark on your computer and capture on the wireless interface filtering for that MAC. You will see every packet the device sends and you can pick through and find anything that isnt HTTPS or otherwise encrypted. Its not hard to get into their HTTPS traffic but you have to know how to setup a transparent proxy with certs and set your router to use it as the next hop, even then it will throw a cert error, but 95% of even smart people ignore the cert errors.

quote Originally posted by Shill: Changed the SSID kept it non broadcast, changed it to WPA with a longer password. Enabled the Mac filter to only allow the few devices I own. Also, Lengthened the lease time, because I don't know how else to catch those bandits when they get on. Previous lease time was 24hr... EDIT: Also disabled GUI access from wireless.

Double check to make sure you dont need to set up a MAC rule to block access to unlisted Mac addresses. Most Mac filters have separate allow/deny lists. If you only set up the allow, it won't prohibit other clients.

Lots of words in here. Maybe you have a device that might be connecting, like a "all-in-one" printer?

...or maybe your neighbor has one?


Might NOT be evil intent behind this, might be dumb "auto discovery" or something...

Does the "invader" get an IP address? what do you get if you try \\192.168.1.101 (whatever the IP is)

or http:\\192.168.1.101

quote Originally posted by FieroRumor: Lots of words in here. Maybe you have a device that might be connecting, like a "all-in-one" printer? ...or maybe your neighbor has one? Might NOT be evil intent behind this, might be dumb "auto discovery" or something... Does the "invader" get an IP address? what do you get if you try \\192.168.1.101 (whatever the IP is) or http:\\192.168.1.101

Agree. My Samsung wireless laser printer “phones home” once in a while and gets a new address from the router, different from the one already assigned. Comes up as "network device" on the network manager, no other name. I’ve found no way to stop it.