How did all of your neighbors know it was your internet that they were siphoning? Did they triangulate the signal (highly unlikely) or did they have a meeting without you and figured it out through process of elimination?
You could really screw with you. Turn off the security for 10 minutes at a time. Just long enough for them to start streaming, browsing and playing, then cut it off. Repeat as many times as you like until you get tired of laughing like a maniac.
It was initially listed under our daughters name. Maybe dumb but we just needed a name at the moment. We mistakenly werent thinking about securing our network at the time we installed it. Our mistake and I will own up to it.
Now off to lock my **** up! Thank you all!
IP: Logged
04:36 PM
hookdonspeed Member
Posts: 7980 From: baltimore, md Registered: May 2008
WTH is wrong with these people and thier feelings of self entitlement? How about they pay for internet and we steal it from them? When I see any of them I will suggest this idea...
Any chance your neighbors are actually Wisconsin teachers?
WTH is wrong with these people and thier feelings of self entitlement? How about they pay for internet and we steal it from them? When I see any of them I will suggest this idea...
Since you were not encrypted they weren't stealing. No they shouldn't feel entitled and be upset now that you want to restrict it.. Its your connection, your choice.
To avoid hassles with obviously unstable neighbors ( i can picture car keying, etc ) i would just say that you cant afford it either and had to drop it. Then change the SSID and deny anything if they discover it. Or even better, hide the SSID and they wont even know it was changed, as far as they know its just 'gone'..
[This message has been edited by User00013170 (edited 06-24-2011).]
If router and/or cards can't support WPA2... (Router or card speaks 802.11b only? Need new one ASAP.)
Cards: (Cards speak 802.11b/g or 802.11a/b/g) 1. See if card have update drivers. 1a Card build in and laptop maker doesn't have driver? Check card at Intel, Broadcom, etc.... Many Intel cards have update driver at Intel's Web Site. 2. Buy a new card. Card go on sale all the time. 2a. Most laptop Build-in can be upgrade. Older laptop use Mini PCI cards. Try Newegg etc. Example: http://www.newegg.com/Produ...Item=N82E16833704061
Router: (Router speak 802.11b/g or 802.11a/b/g) 1. Check updated firmware 2. Check DDwrt etc open source firmware support you router. 3. Buy a new router. Routers go on sale all the time.
------------------ Dr. Ian Malcolm: Yeah, but your scientists were so preoccupied with whether or not they could, they didn't stop to think if they should. (Jurassic Park)
Two of my neighbors had un-secured networks for a couple of years. I discovered that when we set up our network. Regardless, one of them would frequently have the same car come by and park near their homes many evenings, we noticed this car and eventually informed them, they called the sheriff. Turns out, it was another neighbor's kid who was using his laptop and their wireless network to go places his parents would not let him go on their home network.
------------------ Ron
IP: Logged
07:24 AM
James Bond 007 Member
Posts: 8868 From: California.U.S.A. Registered: Dec 2002
I havent read the whole thread yet,but was wondering why all of a sudden you decided to go with a WEP key?
I can't say of poster, in general: 1. Many say WEP for any security setup. 2. Really means WEP and doesn't know that WEP is useless. WPA is not much better.
Best security setup is: (for consumer use and most firmware.) WPA2-PSK with AES encryption Give access to MAC list Change SSID Disable SSID Broadcast Use Strong WiFi and Admin Passphrases. WiFi should be long... 15-20 or more characters. If possible Shut off WiFi, and especially Remote, Router's Admin Tools. (Remote mean you can use Admin web interface from Internet. Many routers have Remote Admin tool turn on by Default.)
That should stop most from getting access to your router.
[This message has been edited by theogre (edited 06-25-2011).]
I can't say of poster, in general: 1. Many say WEP for any security setup. 2. Really means WEP and doesn't know that WEP is useless. WPA is not much better.
Best security setup is: (for consumer use and most firmware.) WPA2-PSK with AES encryption Give access to MAC list Change SSID Disable SSID Broadcast Use Strong WiFi and Admin Passphrases. WiFi should be long... 15-20 or more characters. If possible Shut off WiFi, and especially Remote, Router's Admin Tools. (Remote mean you can use Admin web interface from Internet. Many routers have Remote Admin tool turn on by Default.)
That should stop most from getting access to your router.
Changing your key every so often doesn't hurt either.
IP: Logged
07:05 PM
jetman Member
Posts: 7788 From: Sterling Heights Mich Registered: Dec 2002
You gave me the impetus to change from WPA to WPA2, didn't know it was so simple to do so either, and I added several characters to my key also. I will upgrading the router firmware later on. Thanks again for a good thread.
When I drove a cab in New Orleans we used the Taxi Stands shop to do repairs on our cars. Mostly brake jobs. Consequently many of us had tool boxes stored in the shop. All of them were locked up with good padlocks except for one, this one had a little dinky dime store padlock that you would usually see on some kids jewelry box.
One day I asked him about it, "Why would you have such a dinky lock on tools that you rely on?" His reply stuck with me.
"BOY" he said, "Dem boxes can grow feet faster than you imagine, the locks only keep the honest people out."
Over the years I have learned that is true. Locks only keep honest people away, and buying a big complex, expensive lock only serves to make you feel more secure. At most it only slows down criminals.
IIRC All of the methods of wireless encryption have been broken at one time or another, there are even online services that advertise cracking wireless security for a fee. Most all programs to crack are free, as is the time to learn how to use them.
I'm not saying that locking the router down is bad, or that you shouldn't do it. I just don't see a reason for someone to have a false sense of security.
"BOY" he said, "Dem boxes can grow feet faster than you imagine, the locks only keep the honest people out."
I'm not saying that locking the router down is bad, or that you shouldn't do it. I just don't see a reason for someone to have a false sense of security.
Using Strong and Long Keys/Passphrases will stop most brute force and dictionary attacks. Picking a Passphrases.... Watch clients... Some can't take all symbols and Punctuation, like some WiFi printers, Wii, etc...
Using Strong and Long Keys/Passphrases will stop most brute force and dictionary attacks. Picking a Passphrases.... Watch clients... Some can't take all symbols and Punctuation, like some WiFi printers, Wii, etc...
In our lifetimes the majority of the people in the world will never be hacked, if they are it won't matter what protection they have.
I came up with a different solution for mine. I wanted to thank the people who allowed me to use their wifi when I was down, and protect myself at the same time.
I set up a router using dd-wrt, left it opened. I then set the QOS to limit the bandwidth allowed, and disallowed torrenting, gaming, streaming etc. I also set up a simple tracker to keep track of users, and where they go. Then I went by keyword, and shut off not only websites that allow access to pron etc (couldn't get them all), but I also blocked sites based on keywords.
I'm working on a way to redirect through a site, making them check a "terms" agreement, putting in an e-mail, and sending me daily updates of usage, and such. Right now I have to manually check, I want something to automatically block based on overuse.
Then I set up the router for me and my wife to use. Password protected. It was the only way I could see to keep people from getting access to my computer while allowing them access to the internet.
My goal is always to make it easier to break into the neighbors stuff than I.
Reminds me of a movie quote. Can't remember the movie, but it was about these guys camping in the woods. They came upon a bear, and one guy takes off his shoes. Guy 2 ask him why he took off his shoes? Guy 1 states, I run faster barefoot. Guy 2 says, you can't outrun a bear. Guy 1 states, I don't have to, I only have to outrun you.
Jim
IP: Logged
10:42 AM
doublec4 Member
Posts: 8289 From: Oakville, Ontario, Canada Registered: Jun 2003
I havent read the whole thread yet,but was wondering why all of a sudden you decided to go with a WEP key?
It was the quickest way I knew to secure our network yet still allow gaming console connectivity. Were not the most puter savvy, and are learning as we go. We have to consider our PS3 and Xbox360. Another thing to consider is our NAT type, its set at moderate now, which is in the middle of that spectrum. Open NAT would be ideal I think for online gaming with consoles. Further were looking into UPnP and its availability to us.
I understand were not setup in the most secure way now, but am working on it. Anyone know about NAT types or UPnP?
Edit; for a very important point, My idiot neighbors couldn't hack a wet paper bag. IMHO they couldn't hack a WEP key, let alone know what it even is.
[This message has been edited by weloveour86se (edited 06-26-2011).]
Seriously? They actually complained to you? wtf...
Sounds like you need new neighbours more than you need a password for your internet. Have you considered moving?
Were two blocks from the beach and have a 3 bedroom for $600 a month.... movings only happening when it's to our first house. Were working on that elusive 700+ credit score and we are very close. Maybe early next year we will start looking. Very good point tho.
Thanks for everyones tips and time, enjoy the rest of your weekend and stay safe!
IP: Logged
12:32 PM
PFF
System Bot
FriendGregory Member
Posts: 4833 From: Palo Alto, CA, USA Registered: Jan 2004
My goal is always to make it easier to break into the neighbors stuff than I.
Yeppers. In my case I gave them an open door to what they think they are looking for. They can only see a really crummy connection, but it's a connection. They don't realize that their use is logged, or that the connection is "crapified". Most of my neighbors have their own internet though, and are older (less internet savvy, think heybjorn). It keeps them away from the connection where I have all my info.
Most use are people like the phone guy the other day, we got plenty of parking.
One I would like to see weloveour86se try, fake AP NWS HEARD THE F BOMB ONE TIME TOWARD THE END.
If one access point is good, 53,000 must be better.
Black Alchemy's Fake AP generates thousands of counterfeit 802.11b access points. Hide in plain sight amongst Fake AP's cacophony of beacon frames. As part of a honeypot or as an instrument of your site security plan, Fake AP confuses Wardrivers, NetStumblers, Script Kiddies, and other undesirables.
Fake AP is a proof of concept released under the GPL.
Fake AP runs on Linux (tested on RedHat 7.3). For *BSD versions, see the links below.
By Eric Geier (NoWiresSecurity Founder & CEO) - originally published on eSecurityPlanet
One of the best ways to defend yourself against a Wi-Fi hacker is to learn to think like one. As a hacker, you could simply be on a quest to find something as innocent as free Internet access, or you could be a serious criminal, hired by a cybercrime syndicate to get inside a corporate network to snoop, steal documents, or access credit card details. Either way, there are a few essential weaknesses you, the hacker, would seek out; knowing them can help you, the potential victim, mount a proper defense.
Finding potential targets
First, a hacker will want to see what wireless networks are out there. One way to find them is called war driving, which is easier than it sounds. All that’s needed is a free program called inSSIDer. This scans the airwaves and displays a list of nearby wireless access points (APs). As Figure 1 shows (below), some APs are displayed with an SSID (the network name) and some without.
Discovering so-called hidden networks
The APs missing their SSIDs have been intentionally set via their Web-based control panels to not broadcast their network name in the beacons. The home user or network administrator who manages these networks might believe that not broadcasting the SSID hides his or her WLAN and therefore considers this the first layer of defense against Wi-Fi hackers. However, you (or anyone with the desire) can usually find the concealed SSID quickly. This calls for another program, easily attained--a wireless network analyzer, such as CommView for Wi-Fi. Though it’s a commercial product, its free evaluation version will suffice.
Once a hacker opens CommView for Wi-Fi, she starts capturing on the channel of the “hidden network” she’s targeting. She may see only a blank SSID. However, as soon as someone on the network attempts to connect, the supposedly hidden network name will appear. The SSID is also in probe packets, which will likely be continuously broadcasted from the computers and APs on the target network, so the hacker won’t have to wait long for the big reveal.
See Figure 2 (below) for an example, which shows the same two hidden networks from Figure 1.
Both residential and business networks are equally vulnerable. A hacker can typically detect the names of “hidden networks” very quickly and easily, even if wireless encryption is used. While the name alone isn’t much of a prize, it brings the hacker one step closer to her goal.
Cracking the wireless encryption
The next layer of protection a hacker must often defeat is wireless encryption, such as WEP, WPA, or WPA2. When searching for targets, a hacker will see networks both with and without encryption. Those networks without encryption are very vulnerable. Almost anyone could probably connect in a few seconds. These are usually home connections broadcast by users who either don’t know about encryption or don’t care, but sometimes even businesses leave themselves wide open. Hackers can use these connections for free Internet access, either for casual browsing or as a means of launching Internet-based hacking attacks.
For those networks with WEP encryption, a good hacker can usually crack them within a reasonable amount of time, some within minutes. The ability and amount of time it takes to crack depends upon the WEP key length and complexity, how much the network is being used, and the cracking techniques employed. The newer PTW hacking technique is much faster than most older techniques.
A hacker might also take a stab at cracking networks protected with the simpler or personal form of WPA or WPA2 encryption using pre-shared keys (PSK). The success of these attacks is all up to the simplicity (or complexity) of the passphrase used.
To get started cracking WPA/WPA2-PSK, a hacker only has to capture one client association (someone successfully connecting to the network). Then she can use dictionary-based attacks, trying to guess the passphrase. If the passphrase is simple and is contained in her dictionary, she’ll eventually crack the encryption. Hackers use dictionaries with hundreds of millions of words. Though this would take forever on your own PC, hackers have the ability to use outsourced super computers, such as WPA Cracker.
Some networks, usually in larger businesses or organizations, use the enterprise mode of WPA or WPA2 encryption using the Extensible Authentication Protocol (EAP) and 802.1X. These won’t have passphrases or PSKs to crack, but these are susceptible to man-in-the-middle attacks.
To get started hacking WPA/WPA2-Enterprise, a hacker would set up a fake AP matching the SSID and security settings of the target network and would then run a modified RADIUS authentication server. She’d try to get users to connect to her fake setup and attempt authentication, which requires that the client EAP settings have been set insecurely and that the bogus network is cleverly disguised enough to convince users to connect to it.
If everything does go according to plan, our hacker will capture usernames right away. For the passwords, she’ll have to run a dictionary attack. If the password is relatively simple, she’ll have everything she needs to connect to the target network.
Spoofing your MAC address
Another security technique some people use is MAC address filtering. Each computer and device contains a unique MAC address, thus the network administrator can create a black and white list of addresses he or she wants to block or to allow onto the network. This can be used with or without wireless encryption or the hidden network technique.
If a hacker suspects a target network is using MAC address filtering, she’d just have to bring up a wireless surveying or analyzer program on her laptop; she could use CommView for Wi-Fi again. She would simply check out the list of stations (such as Figure 3 shows) or monitor the raw data packets to find a “good” MAC address that she could use.
Once a hacker has a MAC address she can emulate, in Windows, she would just bring up the network adapter’s properties dialog and type in the address, such as Figure 4 shows (below). In this way, the hacker won’t be stopped by the MAC address filter.
Let the fun begin
Once a hacker has found an open network or has successfully hacked one, she can try to access files and/or snoop on the network traffic, for example, to capture passwords used by users.
If she’s lucky, the users have placed files in the public shares. If she’s really hit pay dirt, she might find some sensitive documents containing goodies like banking info or other top secret stuff.
To capture e-mail, Website, and other passwords, a hacker can run a special sniffer. EffeTech HTTP Sniffer and Ace Password Sniffer are two commercial products that offer a free trial.
Lessons learned
Now that we’ve examined exactly what a hacker needs to get what she wants, it’s easier to see what every network administrator should know. Here are seven tips summarizing what you’ve learned and how it can help you better secure your Wi-Fi network:
1. Disabling SSID broadcasting doesn’t deter hackers, plus it can give you a big headache when configuring your network and causes an increase in network traffic (probes request and responses). 2. Don’t use WEP encryption, it’s useless. 3. WPA/WPA2-PSK encryption is still secure when using long complex mixed character passphrases. 4. WPA/WPA2-Enterprise encryption is even more secure if you properly set the client settings (validate the server, specify server address, don’t prompt for new servers, etc.) and assign complex passwords. 5. Try to use WPA2 (with AES/CCMP) encryption only. 6. MAC address filtering may help control the computers or devices brought in by users, but is not a realistic deterrent against hackers. 7. For additional control over end-user connectivity, consider implementing a Network Access Control (NAC) or Network Access Protection (NAP) solution.
Originally posted by weloveour86se: We have to consider our PS3 and Xbox360. Another thing to consider is our NAT type, its set at moderate now, which is in the middle of that spectrum.
I understand were not setup in the most secure way now, but am working on it. Anyone know about NAT types or UPnP?
Edit; for a very important point, My idiot neighbors couldn't hack a wet paper bag. IMHO they couldn't hack a WEP key, let alone know what it even is.
Current game box should support WPA2 etc. Biggest drop of frames is WAN (Internet side) and WiFi radio interference. (Try changing channels. Or use wired connections.)
I forget type of NAT. Most security guru and MS says UPnP should be turn off. Search at http://www.securityfocus.com/ etc for UPnP. Many Routers support UPnP, is a simple check box.
Neighbor you Know about maybe can't hack WEP... "Friend" of neighbor etc might can....
quote
Originally posted by User00013170: My goal is always to make it easier to break into the neighbors stuff than I.
quote
Originally posted by jimbolaya: Guy 1 states, I don't have to, I only have to outrun you.
Yes...Run faster than other guy... Neighbor can clean up the mess, not you.
IP: Logged
03:55 PM
HI-TECH Member
Posts: 1697 From: manteca, california Registered: Jul 2005
BTW, dont even bother with WEP. There is NO point, its the same exact steps to use WPA2, WEP can be cracked by an 8 year old with google and takes about 30 seconds - 5 minutes, I know, Ive done it. WPA2 requires common PSKs and a dictionary type attack and would still take a LONG time. (Unless there are newer vounerabilities I havent researched yet) WEP was insecure when it was implemented, WPA2 is 10 years or so its senior and still soild encryption.
MAC filters are pointless, anyone who can crack WEP can spoof a MAC, and non-broadcasting SSIDs dont do a thing either, since if they're snooping the traffic they already know its there.
BINGO!!! wep broadcasts the password when a device connects to it and every so often it will send it again... all it takes is 3-10 mins or so with a packet sniffer watching your network for them to decipher the password or about 2 mins with a fragmentation attack.. doesn't matter if its 64bit or 128bit, wep will give the attacker your password. wpa-wpa2 is alot harder to do. the listening "station" would have to get ALOT of packets before there are even enough to start a password attack and even then if you use a complex password there not gonna get close.
if you have a nabor who gets huffy, tell them your gonna send them a bill for all the bandwidth they stole from you and that they can get up to 5 years in prison for intellectual property theft,
IP: Logged
05:17 PM
Cliff Pennock Administrator
Posts: 11633 From: Zandvoort, The Netherlands Registered: Jan 99
You could install dd-wrt and create a paid hotspot. Let them pay a few dollars per month for use of your internet connection.
Hmmm, I'll have to look into how that works LOL!
I know a neighbor awhile back asked if I could run a wire to their Townhouse so they could hook up to my internet. That was before we had a wireless router. I know our router has a password for it because I had to put it in when I set up the Roku for Netflix, but other then that I have no clue about the rest of the wireless security stuff. Luckily that neighbor has moved away.
IP: Logged
06:29 PM
blackrams Member
Posts: 31843 From: Hattiesburg, MS, USA Registered: Feb 2003
You could install dd-wrt and create a paid hotspot. Let them pay a few dollars per month for use of your internet connection.
Funny, while reading this i thought the same thing. That's how i have it setup here. So far no takers. only one of my neighbors is allowed on my network for nothing, but they are computer illiterate and too broke for internet. Decent people, just down on their luck.
IP: Logged
07:57 PM
Jun 27th, 2011
Cliff Pennock Administrator
Posts: 11633 From: Zandvoort, The Netherlands Registered: Jan 99
Funny, while reading this i thought the same thing. That's how i have it setup here. So far no takers.
No, but in weloveour86se's situation, he can at least tell his neighbors they still have the option to use his internet connection through his wireless network. They just have to pay upfront now.
You may also want to make sure your ISP doesn't get pissed that your sharing your home connection. I know our connection is meant to be used in our house, if I let the guy in next door I am breaking my usage contract. Now a business account would probably cover me but I don't want all the hassle of running an ISP out of my house so they can just get their own ISP and stay off my network.
You may also want to make sure your ISP doesn't get pissed that your sharing your home connection. I know our connection is meant to be used in our house, if I let the guy in next door I am breaking my usage contract. Now a business account would probably cover me but I don't want all the hassle of running an ISP out of my house so they can just get their own ISP and stay off my network.
Yes, Violates TOS with most ISP for "home" use. If/when ISP notice the hotspot, they can: Send nasty gram or email Kill your access Sue or worse, Call DA or State's AG. They can call home hotspot as a Theft of Service and Theft of Service is a crime in most/all US States.
IP: Logged
11:14 AM
Jul 20th, 2011
86GT3.4DOHC Member
Posts: 10007 From: Marion Ohio Registered: Apr 2004
Originally posted by 82-T/A [At Work]: The last thing you want though is to get arrested and then have the news say "A <insert county> county man was arrested yesterday on suspected charges of child pornography. Here is his picture, and his name is weloveour86se."
So, then obviously you don't show up to work on Monday, and then the next day when they release you because they find out it was your neighbor, you spend the next 10-20 years of your life telling friends, old friends, and new friends that NO, you do not look at child **** . Meanwhile your name comes up instantly on a search for the news article that shows you are a pedophile, but the story that was issued to recant the story has so few clicks, and was never even on the main page, that no one ever finds it.
Not a process I would want to go through... ugh...
Case and point... http://www.cnn.com/2011/TEC...wired/?iref=obinsite "repeatedly hacked into his next-door neighbors' Wi-Fi network in 2009, and used it to try and frame them for child pornography, sexual harassment, various kinds of professional misconduct and to send threatening e-mail to politicians"
Bad guy got caught, but how much hell did the people go through until then? Not to mention if he was actually good, he probably wouldnt have gotten caught,