Just a note ahead of time, I am a total newbie at this, but I really have a passion to learn.
So, i was pulling out my new psp to play online. It doesn't support WPA2 8-(
So, i hopped on the router and noticed there was someone in the DHCP table which didn't belong.
I had my SSID set to not broadcast, and I had my security on WPA2 Personal with TKIP.
When I noticed this "intruder" I immediately shut down the wireless.
Now, either they are lucky, or they know what they are doing. I will be the first to admit that I had a relatively easy SSID and password. SSID would be my street address, eg. 1234 (this is not my actual address of course) and my password was 1234security, where we would replace the 1234 with the numbers from my address.
Anyways, this has raised my alert level, and I want my network locked down like fort Knox, though I would also like to be able to access it with my psp.
Should I set up a mac filter to only allow specified mac addresses? That way I can broadcast my SSID and have no security?
The PSP supports WEP and WPA, so I can have security.
Also, are there any options to receive alerts when someone connects to the router?
Any advice would be great.
EDIT: I am running DD-WRT on an Asus RT-N12
[This message has been edited by Shill (edited 07-17-2011).]
IP: Logged
12:43 AM
PFF
System Bot
IMSA GT Member
Posts: 10678 From: California Registered: Aug 2007
Either way, mac filter, i'm assuming won't even let you access the router. so WEP would just be a waste. I'd still probably use WEP, just curious if it is necessary.
IP: Logged
12:56 AM
Shill Member
Posts: 2166 From: Spokane, WA Registered: Apr 2009
Changed the SSID kept it non broadcast, changed it to WPA with a longer password. Enabled the Mac filter to only allow the few devices I own. Also, Lengthened the lease time, because I don't know how else to catch those bandits when they get on. Previous lease time was 24hr...
EDIT: Also disabled GUI access from wireless.
[This message has been edited by Shill (edited 07-17-2011).]
It sounds like you already know enough to handle things. That's good. Changing your SSID is probably pointless. If you have WPA, use that instead of WEP (which sucks so bad) and use the longest key you can. CCMP uses AES encryption and is stronger than TKIP, if all of your connecting devices support it.
+1 on MAC filtering - that's your best bet. Although it's still going to be easy to crack if you use a lot of bandwidth, that will be a big deterrent. It's like anything in the world of security - the point isn't to stop someone from picking the lock - just make sure it takes more effort than its worth.
I'd also change the SSID to something interesting like "I'm Watching You Now or "Triangulating Your Position", lol!
[This message has been edited by FieroGT42 (edited 07-17-2011).]
IP: Logged
01:20 AM
Formula88 Member
Posts: 53788 From: Raleigh NC Registered: Jan 2001
More Setup Tips This one suggests leaving SSID Broadcast on, but I turn mine off.
Also use a long password that's difficult to guess. Something like, "th!spassw0rd!sre@llyl0ngs0itsre@llyh@rdt0guess31415927" That would be easy to remember but would take a very long time to crack with a brute force crack.
IP: Logged
01:22 AM
Shill Member
Posts: 2166 From: Spokane, WA Registered: Apr 2009
Using MAC filter w/o encrypted header is a waste of time.... WPA2 totally encrypts connections. I'm told WEP, and maybe WPA, only encrypts payload not IP headers and MAC. I'm to tired and on vacation to check.
Some says MAC filter is a waste anyway, even with WPA2/AES... If anyone has hours monitors then client PC can leak MAC when PC is looking for router it can connect to.
Yes... Disable WiFi Admin access if possible. (Some routers can't disable on WiFi.) Using strong passphrase for admin too...
------------------ Dr. Ian Malcolm: Yeah, but your scientists were so preoccupied with whether or not they could, they didn't stop to think if they should. (Jurassic Park)
Depend on router and firmware involved.... DDwrt allows/disable (but not both) on MAC list so watch settings... You allow MAC list to access then all others gets block.
Most routers have MAC filters. MAC filters is some protection with nubes and script "kids."
Found the clients full mac address, 7C:4F:B5:15:6D:80 How do I block it?
If they know what they are doing, it wont matter. I can change mine in about 20 seconds to something else.
And i disagree with the above about not hiding your SSID, while its not the end all to be all of course, its just one more thing to do. And like mentioned above, use longest password you can, forget about WEP, and change it often.
Suggestion, depending on your layout perhaps you can restrict coverage.. keep it inside your apartment only.
Oh, and disable it when you aren't home. No need to give them more chances to try to get in.
[This message has been edited by User00013170 (edited 07-17-2011).]
IP: Logged
08:25 AM
PFF
System Bot
hookdonspeed Member
Posts: 7980 From: baltimore, md Registered: May 2008
if you had WPA on, and now WEP, and they still cracked it, theres prettymuch nothing u can do to stop them short of going wired, or maybe full radius security... someone with the skills and tools to crack WPA are going to get threw anything you put up, last i checked WPA was still only crackable by using key files.. ill look tonight to see if they have made something new..
it only takes 1 handshake packet to crack wpa, but it takes hours and a large key file, and crossing of the fingers to hope a key matches... wep, well, thats crackable in seconds.
if you had WPA on, and now WEP, and they still cracked it, theres prettymuch nothing u can do to stop them short of going wired, or maybe full radius security... someone with the skills and tools to crack WPA are going to get threw anything you put up, last i checked WPA was still only crackable by using key files.. ill look tonight to see if they have made something new..
it only takes 1 handshake packet to crack wpa, but it takes hours and a large key file, and crossing of the fingers to hope a key matches... wep, well, thats crackable in seconds.
You would think that if they are talented enough for WPA, they would have their own internet
You would think that if they are talented enough for WPA, they would have their own internet
They may, and just need a "little more"
I had a program I mentioned in the last thread regarding this that just may help you. It creates thousands of fake SSID's and makes your just disappear in the mess.
Brad
IP: Logged
09:05 AM
MidEngineManiac Member
Posts: 29566 From: Some unacceptable view Registered: Feb 2007
The wi-fi box I have is security enabled and to use the system you need to type in its security code (password) which is about 10 digit number/letter combination. When I have some out of town relatives come, I give them the security # and they can log onto my wi-fi network.
I'm computer illiterate and wouldn't know if some one else hacked on to my network.
IP: Logged
09:58 AM
jetman Member
Posts: 7803 From: Sterling Heights Mich Registered: Dec 2002
Now, either they are lucky, or they know what they are doing. I will be the first to admit that I had a relatively easy SSID and password.
I'll agree that you should max out characters on your SSID and password and watch carefully but if this person hacks again, what do you do? Report the mac address you captured to your ISP or the police? Will your ISP help you build up security or is everyone on the planet on their own in this regard? MEManiac made a good point, there's a reason they're using your internet instead of their own and most of those are illegal.
I'll agree that you should max out characters on your SSID and password and watch carefully but if this person hacks again, what do you do? Report the mac address you captured to your ISP or the police? Will your ISP help you build up security or is everyone on the planet on their own in this regard? MEManiac made a good point, there's a reason they're using your internet instead of their own and most of those are illegal.
Everyone is on their own Unless the feds want you of cousre.
IP: Logged
10:13 AM
Shill Member
Posts: 2166 From: Spokane, WA Registered: Apr 2009
Is there any way to find out who the IP belongs to? And then go over there and bust their mouth open?
Other than building some sort of portable wifi - triangulation device ( like the old fox hunts ham radio guys would do ) there would be no way to find them in an apartment building.
IP: Logged
12:43 PM
PFF
System Bot
hookdonspeed Member
Posts: 7980 From: baltimore, md Registered: May 2008
weird, i just had a very simular convo w/ my cousin.... im bout to goto her house w/ my laptop to do a nice ARP spoof and see what htis guys doing onher network, maybe some SET if hes goingot anywhere that requires a login
IP: Logged
08:30 PM
Jul 18th, 2011
HI-TECH Member
Posts: 1697 From: manteca, california Registered: Jul 2005
mac address can be spoofed.. took me all of 3-4 mins to get enough packets from a client to spoof the mac address, and that was with the AP running wpa2/aes. the best protection is just running a wired network and dropping the wifi. (i run 3 different AP's from my home so im the pot calling the kettle black LOL )
IP: Logged
01:55 AM
86GT3.4DOHC Member
Posts: 10007 From: Marion Ohio Registered: Apr 2004
MAC filters are completely useless. WEP is completely useless. Non broadcasting SSIDs are completely useless. Anyone or all three of those will only keep your average housewife from walking onto your network, nothing else. Anyone who wants anything more than free internet is going to breeze right in.
Security 'Score' x of 100
WEP 5 Mac filter 5 Non Broadcast SSID 5 WEP and MAC and N-BSSID 5.5 WPA 20 WPA2 95
Unless you have legacy \ antiquated hardware, there is never any reason to use WEP or WPA(1). WPA2 is the same exact setup procedure. N-BSSIDs and MAC filters just make things annoying for legitamate users and do nothing to keep anyone else out.
I really doubt someone cracked your WPA2 network, unless you live very close to some very smart guys. More likely thats an old entry or a device you're forgetting like a phone. From the MAC its "Company Arcadyan Technology Corporation" which I dont know, but could be about anything with a cheap wireless chipset in it. And blocking their MAC is pointless if they are cracking WPA2 they are probably already spoofing that MAC. For the most part, the only realistic way to crack a WPA2 network is a brute force attatck, so while your PSK is simplistic, I dont think its an 'easy' guess and I doubt it would appear in a dictionary attack still if you change it just spice it up a little.
If you really wanted to know whats up, turn everything back on and install wireshark on your computer and capture on the wireless interface filtering for that MAC. You will see every packet the device sends and you can pick through and find anything that isnt HTTPS or otherwise encrypted. Its not hard to get into their HTTPS traffic but you have to know how to setup a transparent proxy with certs and set your router to use it as the next hop, even then it will throw a cert error, but 95% of even smart people ignore the cert errors.
IP: Logged
08:21 AM
FieroSTETZ Member
Posts: 1742 From: Orange County, CA Registered: Aug 99
Changed the SSID kept it non broadcast, changed it to WPA with a longer password. Enabled the Mac filter to only allow the few devices I own. Also, Lengthened the lease time, because I don't know how else to catch those bandits when they get on. Previous lease time was 24hr...
EDIT: Also disabled GUI access from wireless.
Double check to make sure you dont need to set up a MAC rule to block access to unlisted Mac addresses. Most Mac filters have separate allow/deny lists. If you only set up the allow, it won't prohibit other clients.
Lots of words in here. Maybe you have a device that might be connecting, like a "all-in-one" printer?
...or maybe your neighbor has one?
Might NOT be evil intent behind this, might be dumb "auto discovery" or something...
Does the "invader" get an IP address? what do you get if you try \\192.168.1.101 (whatever the IP is)
or http:\\192.168.1.101
Agree. My Samsung wireless laser printer “phones home” once in a while and gets a new address from the router, different from the one already assigned. Comes up as "network device" on the network manager, no other name. I’ve found no way to stop it.