Pennock's Fiero Forum
  Totally O/T - Archive
  I think the new neighbors may be hacking my router

T H I S   I S   A N   A R C H I V E D   T O P I C
  

Email This Page to Someone! | Printable Version


I think the new neighbors may be hacking my router by Shill
Started on: 07-17-2011 12:43 AM
Replies: 27
Last post by: spark1 on 07-18-2011 11:43 AM
Shill
Member
Posts: 2166
From: Spokane, WA
Registered: Apr 2009


Feedback score: N/A
Leave feedback

Rate this member

Report this Post07-17-2011 12:43 AM Click Here to See the Profile for ShillSend a Private Message to ShillDirect Link to This Post
Just a note ahead of time, I am a total newbie at this, but I really have a passion to learn.

So, i was pulling out my new psp to play online. It doesn't support WPA2 8-(

So, i hopped on the router and noticed there was someone in the DHCP table which didn't belong.

I had my SSID set to not broadcast, and I had my security on WPA2 Personal with TKIP.

When I noticed this "intruder" I immediately shut down the wireless.

Now, either they are lucky, or they know what they are doing. I will be the first to admit that I had a relatively easy SSID and password. SSID would be my street address, eg. 1234 (this is not my actual address of course) and my password was 1234security, where we would replace the 1234 with the numbers from my address.

Anyways, this has raised my alert level, and I want my network locked down like fort Knox, though I would also like to be able to access it with my psp.

Should I set up a mac filter to only allow specified mac addresses? That way I can broadcast my SSID and have no security?

The PSP supports WEP and WPA, so I can have security.

Also, are there any options to receive alerts when someone connects to the router?

Any advice would be great.

EDIT: I am running DD-WRT on an Asus RT-N12

[This message has been edited by Shill (edited 07-17-2011).]

IP: Logged
PFF
System Bot
IMSA GT
Member
Posts: 10678
From: California
Registered: Aug 2007


Feedback score:    (8)
Leave feedback





Total ratings: 253
Rate this member

Report this Post07-17-2011 12:45 AM Click Here to See the Profile for IMSA GTSend a Private Message to IMSA GTDirect Link to This Post
You can do MAC filter and WEP together if you like.
IP: Logged
Shill
Member
Posts: 2166
From: Spokane, WA
Registered: Apr 2009


Feedback score: N/A
Leave feedback

Rate this member

Report this Post07-17-2011 12:56 AM Click Here to See the Profile for ShillSend a Private Message to ShillDirect Link to This Post
Either way, mac filter, i'm assuming won't even let you access the router. so WEP would just be a waste. I'd still probably use WEP, just curious if it is necessary.
IP: Logged
Shill
Member
Posts: 2166
From: Spokane, WA
Registered: Apr 2009


Feedback score: N/A
Leave feedback

Rate this member

Report this Post07-17-2011 01:16 AM Click Here to See the Profile for ShillSend a Private Message to ShillDirect Link to This Post

Shill

2166 posts
Member since Apr 2009
Changed the SSID kept it non broadcast, changed it to WPA with a longer password. Enabled the Mac filter to only allow the few devices I own. Also, Lengthened the lease time, because I don't know how else to catch those bandits when they get on. Previous lease time was 24hr...

EDIT: Also disabled GUI access from wireless.

[This message has been edited by Shill (edited 07-17-2011).]

IP: Logged
FieroGT42
Member
Posts: 2992
From: Iowa
Registered: Jan 2005


Feedback score: (4)
Leave feedback





Total ratings: 67
Rate this member

Report this Post07-17-2011 01:20 AM Click Here to See the Profile for FieroGT42Send a Private Message to FieroGT42Direct Link to This Post
It sounds like you already know enough to handle things. That's good. Changing your SSID is probably pointless. If you have WPA, use that instead of WEP (which sucks so bad) and use the longest key you can. CCMP uses AES encryption and is stronger than TKIP, if all of your connecting devices support it.

+1 on MAC filtering - that's your best bet. Although it's still going to be easy to crack if you use a lot of bandwidth, that will be a big deterrent. It's like anything in the world of security - the point isn't to stop someone from picking the lock - just make sure it takes more effort than its worth.

I'd also change the SSID to something interesting like "I'm Watching You Now or "Triangulating Your Position", lol!

[This message has been edited by FieroGT42 (edited 07-17-2011).]

IP: Logged
Formula88
Member
Posts: 53788
From: Raleigh NC
Registered: Jan 2001


Feedback score: (3)
Leave feedback





Total ratings: 554
Rate this member

Report this Post07-17-2011 01:22 AM Click Here to See the Profile for Formula88Send a Private Message to Formula88Direct Link to This Post
How to Secure Your Home Wireless Router

More Setup Tips
This one suggests leaving SSID Broadcast on, but I turn mine off.

Also use a long password that's difficult to guess. Something like, "th!spassw0rd!sre@llyl0ngs0itsre@llyh@rdt0guess31415927"
That would be easy to remember but would take a very long time to crack with a brute force crack.
IP: Logged
Shill
Member
Posts: 2166
From: Spokane, WA
Registered: Apr 2009


Feedback score: N/A
Leave feedback

Rate this member

Report this Post07-17-2011 01:30 AM Click Here to See the Profile for ShillSend a Private Message to ShillDirect Link to This Post
 
quote
Originally posted by FieroGT42:

I'd also change the SSID to something interesting like "I'm Watching You Now or "Triangulating Your Position", lol!



Honestly, if I knew how, i'd rather go after the guy with his SSID set to that.

Also, i'd liek to note that I have the only wireless network on the block.

My password is now 20 character long.

[This message has been edited by Shill (edited 07-17-2011).]

IP: Logged
theogre
Member
Posts: 32520
From: USA
Registered: Mar 99


Feedback score: N/A
Leave feedback





Total ratings: 572
Rate this member

Report this Post07-17-2011 02:47 AM Click Here to See the Profile for theogreClick Here to visit theogre's HomePageSend a Private Message to theogreDirect Link to This Post
WEP is useless.

Using MAC filter w/o encrypted header is a waste of time....
WPA2 totally encrypts connections.
I'm told WEP, and maybe WPA, only encrypts payload not IP headers and MAC. I'm to tired and on vacation to check.

Some says MAC filter is a waste anyway, even with WPA2/AES... If anyone has hours monitors then client PC can leak MAC when PC is looking for router it can connect to.

Yes... Disable WiFi Admin access if possible. (Some routers can't disable on WiFi.)
Using strong passphrase for admin too...

------------------
Dr. Ian Malcolm: Yeah, but your scientists were so preoccupied with whether or not they could, they didn't stop to think if they should.
(Jurassic Park)


The Ogre's Fiero Cave (It's also at the top and bottom of every forum page...)

IP: Logged
Shill
Member
Posts: 2166
From: Spokane, WA
Registered: Apr 2009


Feedback score: N/A
Leave feedback

Rate this member

Report this Post07-17-2011 03:26 AM Click Here to See the Profile for ShillSend a Private Message to ShillDirect Link to This Post
Found the clients full mac address, 7C:4F:B5:15:6D:80 How do I block it?
IP: Logged
theogre
Member
Posts: 32520
From: USA
Registered: Mar 99


Feedback score: N/A
Leave feedback





Total ratings: 572
Rate this member

Report this Post07-17-2011 03:58 AM Click Here to See the Profile for theogreClick Here to visit theogre's HomePageSend a Private Message to theogreDirect Link to This Post
Depend on router and firmware involved.... DDwrt allows/disable (but not both) on MAC list so watch settings... You allow MAC list to access then all others gets block.

Most routers have MAC filters. MAC filters is some protection with nubes and script "kids."

See also http://www.nowiressecurity....pe_you_dont_know.htm from https://www.fiero.nl/forum/Forum6/HTML/086143.html

"Also, are there any options to receive alerts when someone connects to the router?"

Maybe... DDwrt has many feature.

[This message has been edited by theogre (edited 07-17-2011).]

IP: Logged
User00013170
Member
Posts: 33617
From:
Registered: May 2006


Feedback score: N/A
Leave feedback





Total ratings: 224
User on Probation

Report this Post07-17-2011 08:25 AM Click Here to See the Profile for User00013170Send a Private Message to User00013170Direct Link to This Post
 
quote
Originally posted by Shill:

Found the clients full mac address, 7C:4F:B5:15:6D:80 How do I block it?


If they know what they are doing, it wont matter. I can change mine in about 20 seconds to something else.

And i disagree with the above about not hiding your SSID, while its not the end all to be all of course, its just one more thing to do. And like mentioned above, use longest password you can, forget about WEP, and change it often.

Suggestion, depending on your layout perhaps you can restrict coverage.. keep it inside your apartment only.

Oh, and disable it when you aren't home. No need to give them more chances to try to get in.

[This message has been edited by User00013170 (edited 07-17-2011).]

IP: Logged
PFF
System Bot
hookdonspeed
Member
Posts: 7980
From: baltimore, md
Registered: May 2008


Feedback score:    (9)
Leave feedback





Total ratings: 131
Rate this member

Report this Post07-17-2011 08:38 AM Click Here to See the Profile for hookdonspeedClick Here to visit hookdonspeed's HomePageSend a Private Message to hookdonspeedDirect Link to This Post
if you had WPA on, and now WEP, and they still cracked it, theres prettymuch nothing u can do to stop them short of going wired, or maybe full radius security... someone with the skills and tools to crack WPA are going to get threw anything you put up, last i checked WPA was still only crackable by using key files.. ill look tonight to see if they have made something new..

it only takes 1 handshake packet to crack wpa, but it takes hours and a large key file, and crossing of the fingers to hope a key matches...
wep, well, thats crackable in seconds.
IP: Logged
User00013170
Member
Posts: 33617
From:
Registered: May 2006


Feedback score: N/A
Leave feedback





Total ratings: 224
User on Probation

Report this Post07-17-2011 08:52 AM Click Here to See the Profile for User00013170Send a Private Message to User00013170Direct Link to This Post
 
quote
Originally posted by hookdonspeed:

if you had WPA on, and now WEP, and they still cracked it, theres prettymuch nothing u can do to stop them short of going wired, or maybe full radius security... someone with the skills and tools to crack WPA are going to get threw anything you put up, last i checked WPA was still only crackable by using key files.. ill look tonight to see if they have made something new..

it only takes 1 handshake packet to crack wpa, but it takes hours and a large key file, and crossing of the fingers to hope a key matches...
wep, well, thats crackable in seconds.


You would think that if they are talented enough for WPA, they would have their own internet
IP: Logged
twofatguys
Member
Posts: 16465
From: Wheaton Mo. / Virginia Beach Va.
Registered: Jul 2004


Feedback score: (2)
Leave feedback





Total ratings: 227
Rate this member

Report this Post07-17-2011 09:05 AM Click Here to See the Profile for twofatguysSend a Private Message to twofatguysDirect Link to This Post
 
quote
Originally posted by User00013170:


You would think that if they are talented enough for WPA, they would have their own internet


They may, and just need a "little more"

I had a program I mentioned in the last thread regarding this that just may help you. It creates thousands of fake SSID's and makes your just disappear in the mess.

Brad
IP: Logged
MidEngineManiac
Member
Posts: 29566
From: Some unacceptable view
Registered: Feb 2007


Feedback score: N/A
Leave feedback





Total ratings: 297
User Banned

Report this Post07-17-2011 09:22 AM Click Here to See the Profile for MidEngineManiacSend a Private Message to MidEngineManiacDirect Link to This Post
 
quote
Originally posted by User00013170:


You would think that if they are talented enough for WPA, they would have their own internet


But it is soooo much less risky to download kiddie pr0n on yours......
IP: Logged
Old Lar
Member
Posts: 13798
From: Palm Bay, Florida
Registered: Nov 1999


Feedback score: N/A
Leave feedback





Total ratings: 214
Rate this member

Report this Post07-17-2011 09:58 AM Click Here to See the Profile for Old LarSend a Private Message to Old LarDirect Link to This Post
The wi-fi box I have is security enabled and to use the system you need to type in its security code (password) which is about 10 digit number/letter combination. When I have some out of town relatives come, I give them the security # and they can log onto my wi-fi network.

I'm computer illiterate and wouldn't know if some one else hacked on to my network.
IP: Logged
jetman
Member
Posts: 7803
From: Sterling Heights Mich
Registered: Dec 2002


Feedback score: (4)
Leave feedback





Total ratings: 273
Rate this member

Report this Post07-17-2011 10:00 AM Click Here to See the Profile for jetmanClick Here to visit jetman's HomePageSend a Private Message to jetmanDirect Link to This Post
 
quote
Originally posted by Shill:

Now, either they are lucky, or they know what they are doing. I will be the first to admit that I had a relatively easy SSID and password.

I'll agree that you should max out characters on your SSID and password and watch carefully but if this person hacks again, what do you do? Report the mac address you captured to your ISP or the police? Will your ISP help you build up security or is everyone on the planet on their own in this regard?
MEManiac made a good point, there's a reason they're using your internet instead of their own and most of those are illegal.

IP: Logged
User00013170
Member
Posts: 33617
From:
Registered: May 2006


Feedback score: N/A
Leave feedback





Total ratings: 224
User on Probation

Report this Post07-17-2011 10:13 AM Click Here to See the Profile for User00013170Send a Private Message to User00013170Direct Link to This Post
 
quote
Originally posted by jetman:

I'll agree that you should max out characters on your SSID and password and watch carefully but if this person hacks again, what do you do? Report the mac address you captured to your ISP or the police? Will your ISP help you build up security or is everyone on the planet on their own in this regard?
MEManiac made a good point, there's a reason they're using your internet instead of their own and most of those are illegal.


Everyone is on their own Unless the feds want you of cousre.
IP: Logged
Shill
Member
Posts: 2166
From: Spokane, WA
Registered: Apr 2009


Feedback score: N/A
Leave feedback

Rate this member

Report this Post07-17-2011 11:03 AM Click Here to See the Profile for ShillSend a Private Message to ShillDirect Link to This Post
 
quote
Originally posted by theogre:
"Also, are there any options to receive alerts when someone connects to the router?"


Most of this is greek to me, well, i understand SMTP, but Do I need my own server to be able to do this?

Also, connection notifier and logs are usually off, I turned them on so I can show their options.

No clue what their settings should be at to be useful.


[This message has been edited by Shill (edited 07-17-2011).]

IP: Logged
tbone42
Member
Posts: 8482
From:
Registered: Apr 2010


Feedback score:    (23)
Leave feedback





Total ratings: 128
Rate this member

Report this Post07-17-2011 12:20 PM Click Here to See the Profile for tbone42Send a Private Message to tbone42Direct Link to This Post
Is there any way to find out who the IP belongs to? And then go over there and bust their mouth open?
IP: Logged
User00013170
Member
Posts: 33617
From:
Registered: May 2006


Feedback score: N/A
Leave feedback





Total ratings: 224
User on Probation

Report this Post07-17-2011 12:43 PM Click Here to See the Profile for User00013170Send a Private Message to User00013170Direct Link to This Post
 
quote
Originally posted by tbone42:

Is there any way to find out who the IP belongs to? And then go over there and bust their mouth open?


Other than building some sort of portable wifi - triangulation device ( like the old fox hunts ham radio guys would do ) there would be no way to find them in an apartment building.
IP: Logged
PFF
System Bot
hookdonspeed
Member
Posts: 7980
From: baltimore, md
Registered: May 2008


Feedback score:    (9)
Leave feedback





Total ratings: 131
Rate this member

Report this Post07-17-2011 05:25 PM Click Here to See the Profile for hookdonspeedClick Here to visit hookdonspeed's HomePageSend a Private Message to hookdonspeedDirect Link to This Post
let them connect, back hack their system :P findout who they are...
IP: Logged
hookdonspeed
Member
Posts: 7980
From: baltimore, md
Registered: May 2008


Feedback score:    (9)
Leave feedback





Total ratings: 131
Rate this member

Report this Post07-17-2011 08:30 PM Click Here to See the Profile for hookdonspeedClick Here to visit hookdonspeed's HomePageSend a Private Message to hookdonspeedDirect Link to This Post

hookdonspeed

7980 posts
Member since May 2008
weird, i just had a very simular convo w/ my cousin.... im bout to goto her house w/ my laptop to do a nice ARP spoof and see what htis guys doing onher network, maybe some SET if hes goingot anywhere that requires a login
IP: Logged
HI-TECH
Member
Posts: 1697
From: manteca, california
Registered: Jul 2005


Feedback score: N/A
Leave feedback





Total ratings: 123
Rate this member

Report this Post07-18-2011 01:55 AM Click Here to See the Profile for HI-TECHClick Here to visit HI-TECH's HomePageSend a Private Message to HI-TECHDirect Link to This Post
mac address can be spoofed.. took me all of 3-4 mins to get enough packets from a client to spoof the mac address, and that was with the AP running wpa2/aes. the best protection is just running a wired network and dropping the wifi. (i run 3 different AP's from my home so im the pot calling the kettle black LOL )
IP: Logged
86GT3.4DOHC
Member
Posts: 10007
From: Marion Ohio
Registered: Apr 2004


Feedback score: N/A
Leave feedback





Total ratings: 306
Rate this member

Report this Post07-18-2011 08:21 AM Click Here to See the Profile for 86GT3.4DOHCSend a Private Message to 86GT3.4DOHCDirect Link to This Post
MAC filters are completely useless. WEP is completely useless. Non broadcasting SSIDs are completely useless. Anyone or all three of those will only keep your average housewife from walking onto your network, nothing else. Anyone who wants anything more than free internet is going to breeze right in.

Security 'Score' x of 100

WEP 5
Mac filter 5
Non Broadcast SSID 5
WEP and MAC and N-BSSID 5.5
WPA 20
WPA2 95

Unless you have legacy \ antiquated hardware, there is never any reason to use WEP or WPA(1). WPA2 is the same exact setup procedure. N-BSSIDs and MAC filters just make things annoying for legitamate users and do nothing to keep anyone else out.

I really doubt someone cracked your WPA2 network, unless you live very close to some very smart guys. More likely thats an old entry or a device you're forgetting like a phone. From the MAC its "Company Arcadyan Technology Corporation" which I dont know, but could be about anything with a cheap wireless chipset in it. And blocking their MAC is pointless if they are cracking WPA2 they are probably already spoofing that MAC. For the most part, the only realistic way to crack a WPA2 network is a brute force attatck, so while your PSK is simplistic, I dont think its an 'easy' guess and I doubt it would appear in a dictionary attack still if you change it just spice it up a little.

If you really wanted to know whats up, turn everything back on and install wireshark on your computer and capture on the wireless interface filtering for that MAC. You will see every packet the device sends and you can pick through and find anything that isnt HTTPS or otherwise encrypted. Its not hard to get into their HTTPS traffic but you have to know how to setup a transparent proxy with certs and set your router to use it as the next hop, even then it will throw a cert error, but 95% of even smart people ignore the cert errors.
IP: Logged
FieroSTETZ
Member
Posts: 1742
From: Orange County, CA
Registered: Aug 99


Feedback score: N/A
Leave feedback

Rate this member

Report this Post07-18-2011 10:21 AM Click Here to See the Profile for FieroSTETZClick Here to visit FieroSTETZ's HomePageSend a Private Message to FieroSTETZDirect Link to This Post
 
quote
Originally posted by Shill:

Changed the SSID kept it non broadcast, changed it to WPA with a longer password. Enabled the Mac filter to only allow the few devices I own. Also, Lengthened the lease time, because I don't know how else to catch those bandits when they get on. Previous lease time was 24hr...

EDIT: Also disabled GUI access from wireless.



Double check to make sure you dont need to set up a MAC rule to block access to unlisted Mac addresses. Most Mac filters have separate allow/deny lists. If you only set up the allow, it won't prohibit other clients.
IP: Logged
FieroRumor
Member
Posts: 35007
From: New York
Registered: Dec 2001


Feedback score: (2)
Leave feedback





Total ratings: 348
Rate this member

Report this Post07-18-2011 11:23 AM Click Here to See the Profile for FieroRumorClick Here to visit FieroRumor's HomePageSend a Private Message to FieroRumorDirect Link to This Post
Lots of words in here. Maybe you have a device that might be connecting, like a "all-in-one" printer?

...or maybe your neighbor has one?


Might NOT be evil intent behind this, might be dumb "auto discovery" or something...

Does the "invader" get an IP address? what do you get if you try \\192.168.1.101 (whatever the IP is)

or http:\\192.168.1.101


IP: Logged
spark1
Member
Posts: 11159
From: Benton County, OR
Registered: Dec 2002


Feedback score: (1)
Leave feedback





Total ratings: 175
Rate this member

Report this Post07-18-2011 11:43 AM Click Here to See the Profile for spark1Send a Private Message to spark1Direct Link to This Post
 
quote
Originally posted by FieroRumor:

Lots of words in here. Maybe you have a device that might be connecting, like a "all-in-one" printer?

...or maybe your neighbor has one?


Might NOT be evil intent behind this, might be dumb "auto discovery" or something...

Does the "invader" get an IP address? what do you get if you try \\192.168.1.101 (whatever the IP is)

or http:\\192.168.1.101


Agree. My Samsung wireless laser printer “phones home” once in a while and gets a new address from the router, different from the one already assigned. Comes up as "network device" on the network manager, no other name. I’ve found no way to stop it.
IP: Logged



All times are ET (US)

T H I S   I S   A N   A R C H I V E D   T O P I C
  

Contact Us | Back To Main Page

Advertizing on PFF | Fiero Parts Vendors
PFF Merchandise | Fiero Gallery
Real-Time Chat | Fiero Related Auctions on eBay



Copyright (c) 1999, C. Pennock