I think my Wireless network has been hacked

CraigyBoy86

CraigyBoy86

Suspended / Banned
Messages
422
Name
Craig
Edit My Images
Yes
Well following my problems in this thread, it appears my flatmate may not be the cause of my slow internet speeds at times.

Last night, after returning home I found my wireless was no longer working properly. Couldn't connect to the internet, but was still able to connect to the network. So I logged into the Wireless Router admin page itself (via IP address), and whilst checking settings I noticed there was a 'third' computer connected to the wireless (only flatmate and I have the WPA2 access code).

Thankfully I got the MAC Address he was using and setup a MAC filter for the wireless. Only now after talking to Virgin Customer Support this morning have I been able reconnect, after resetting modem, router, PCs etc. :shake:

Does this definately sound like someone hacking my wireless? Is a MAC filter enough to stop someone hacking into it again? Also is there anyway of finding out who it is? How does someone else hacking into the wireless stop my own from working? If I found out who, some not too nice things might happen... :whistling:
 
WPA2 is easily hacked, I would definitely stick his MAC on the exclusion list. Or setup a permit only list for you and your flat mate.

Recommend using a strong key, change the SID and make sure it's stealthed. Presuming this is a Netgear router if it's VM?
 
Also change the password to acces the router.
 
Is there any better encryption types than WPA2? At the moment I use WPA2-Personal AES with 18 character key. I have setup a MAC allow rule as you have said neil, just need to get flatmates MAC Address off him to add it. Password has changed.

How do you hide the SID? Will that option be in the Wireless Router Admin Page?

I have the bog standard (basic) cable modem from VM then a seperate Wireless Router plugged into that (Buffalo WHR-G125). My USB Wireless adapter for my PC is also Buffalo (cant remember specific model, but its a G+ one).

Edit - nope, flatmate doesn't use Iphone/blackberry. The unwanted guest's hostname was Hugh (flatmate's name is David).
 
Sophotogenic said:
Do you or your flatmate have a Iphone or Blackberry which automatically connects to your wireless router when you are in its vicinity?
Click to expand...

Yep, reason being WPA2 is easier to hack if there are clients connected to the access point and traffic going between them.
 
There will be a tick box in the router adin area to "Broadcast SSID" untick that when you are both connected

As others have said, add both of the trusted MAC addresses into the router and allow only those to connect (you should be able to name them to so you know who is who)
 
PsiFox said:
Also change the password to acces the router.
Click to expand...

And to clarify by that I mean the password to acces the router control panel.
 
Dont want to put the dampners on things but if you have been hacked blocking his mac wont work. If there clever enough to hack it then im sure they will just change there NIC MAC and will have access again.

Phil
 
Change your SSID, passwords and keys and check your manuals for the user authorisations and set it up for the two of you to use and no-one else.

Wi-Fi is hackable as you're sending packets through the air that anyone can pick up with the right tech - just make you're harder to hack than the neighbours.
 
philipfirth1983 said:
Dont want to put the dampners on things but if you have been hacked blocking his mac wont work. If there clever enough to hack it then im sure they will just change there NIC MAC and will have access again.

Phil
Click to expand...

andrewc said:
I can set my router to either include or exclude set MAC addresses, so I set it to exclude all but my phone, wifes phone, two desktops and three laptops.
Click to expand...

Yup, on my router, I can set it to only accept MAC Addresses I register with it. So if he changes it, it wont matter.

I've also changed the password to access the router as well.

Thanks guys.
 
scruffy said:
WPA2 is easily hacked, I would definitely stick his MAC on the exclusion list. Or setup a permit only list for you and your flat mate.

Recommend using a strong key, change the SID and make sure it's stealthed. Presuming this is a Netgear router if it's VM?
Click to expand...

scruffy said:
Yep, reason being WPA2 is easier to hack if there are clients connected to the access point and traffic going between them.
Click to expand...

What a complete load of tosh...

WPA2 is not easy to crack at all, as long as you use a minimum 26 character key using numbers, letters and symbols (preferably 63 char).

WPA has only recently become vunerable but only when using TKIP rather than AES and also only when the key is not particularly strong.

MAC filtering adds about 30 seconds to the hacking procedure as you can very easily spoof an allowed MAC address. SSID broadcast disabled will also offer no protection to anyone with the right tools. Both those are completely pointless.

Just go back in, ensure you have WPA2 enabled (not WPA) and change your key to a 63 char hash. Your friend will not get back in.

If you're looking for retribution, however, then you may want to research the following:

- "Cain and Able" - monitoring software which could give you some interesting ammo to use against your new network friend
- Backtrack - Similar to the above
- SSLstrip - Man in the middle type tool
 
neo2810 said:
What a complete load of tosh...

WPA2 is not easy to crack at all, as long as you use a minimum 26 character key using numbers, letters and symbols (preferably 63 char).
Click to expand...

Said hacker has all the time in the world, sitting next door/downstairs in his warm comfy house sniffing traffic.

neo2810 said:
WPA has only recently become vunerable but only when using TKIP rather than AES and also only when the key is not particularly strong.
Click to expand...

TKIP was hacked back in 2008. Admittedly there are no known common exploits for AES, but the OP didn't mention that.

neo2810 said:
MAC filtering adds about 30 seconds to the hacking procedure as you can very easily spoof an allowed MAC address. SSID broadcast disabled will also offer no protection to anyone with the right tools. Both those are completely pointless.
Click to expand...

Pointless maybe, but you'd still want them enabled to stop the casual hacker having a pop wouldn't you?
 
scruffy said:
Said hacker has all the time in the world, sitting next door/downstairs in his warm comfy house sniffing traffic.
Click to expand...

He can sniff all he wants... He still won't be able to decrypt the AES encryption or read any of the payload.


scruffy said:
TKIP was hacked back in 2008. Admittedly there are no known common exploits for AES, but the OP didn't mention that.
Click to expand...

Yes, that's what I said... recently. And the OP didn't have to mention AES as WPA2 has AES encryption by default. That was kind of the point of it, to address an industry requisit.


scruffy said:
Pointless maybe, but you'd still want them enabled to stop the casual hacker having a pop wouldn't you?
Click to expand...

Anyone who has the tools and knowhow to hack WPA or WEP, will laugh at both of those. And as I said, WPA2 with a secure key will not be hacked so MAC filtering and SSID broadcast just serve to complicate administration.
 
If you were on TKIP that'll explain the hack then. ;) As per neo2810's posts, AES with a strong key will do you.
 
CraigyBoy86 said:
Sorry maybe I should have clarified... I was using WPA2 with TKIP (wasn't sure if flatmates wireless adapter supported AES), but now im using AES. So the best thing to do is just make the key as long and complicated as possible?
Click to expand...

You won't have been using TKIP with WPA2 as it only supports AES (unless you were using dual encryption, see below). You will have been using WPA with TKIP. If your router supports WPA2, use that, if not, set AES on WPA rather than TKIP and you shouldn't have any more issues.

EDIT: I should clarify. You may have been using WPA2 TKIP+AES. This is an option to allow devices which don't support AES to connect to a WPA2 protected WLAN. In this instance, you're still leaving yourself open to attack as the hacker will just connect using TKIP and exploit the vunerability.
Make sure you set to WPA2 AES and remove TKIP as an option completely.
 
I'd suggest logging into the router, disabling wireless and buying a reel of cat5, some connectors and a crimping tool.
 
scruffy said:
WPA2 is easily hacked?
Click to expand...

You sure?

WEP is easily hacked and even that requires more than basic IT knowledge

WPA2 uses AES and that cannot be hacked at the present time
If you can manage to 'sniff the traffic' the packets will be useless as they are encrypted with AES

The US government use AES for thier top secret documents, do you think they would do that if someone could hack the encryption?

There are weaknesses in TKIP but the average IT user is never going to be able to exploit them.

I think you are being a bit dramatic, there likely are a few people out there who 'may' be able to get into your wireless network if they wanted to but there are also people who could bypass a cars immobaliser....does that mean you chain your car to the ground 'Just Incase'?.

Anyway back on topic....

There could be a genuine reason why you have an extra device connected to your network...as said above...Iphone, Blackberry, Work laptop, PDA....basically anything with a wireless card

Change the WPA passphrase, and use MAC filtering
Even MAC addresses can be spoofed so the only sure way of protecting your WIFI network is to use WPA2-AES with a strong key
 
noneforit said:
You sure?

WEP is easily hacked and even that requires more than basic IT knowledge

WPA2 uses AES and that cannot be hacked at the present time
If you can manage to 'sniff the traffic' the packets will be useless as they are encrypted with AES

The US government use AES for thier top secret documents, do you think they would do that if someone could hack the encryption?

There are weaknesses in TKIP but the average IT user is never going to be able to exploit them.

I think you are being a bit dramatic, there likely are a few people out there who 'may' be able to get into your wireless network if they wanted to but there are also people who could bypass a cars immobaliser....does that mean you chain your car to the ground 'Just Incase'?.

Anyway back on topic....

There could be a genuine reason why you have an extra device connected to your network...as said above...Iphone, Blackberry, Work laptop, PDA....basically anything with a wireless card

Change the WPA passphrase, and use MAC filtering
Even MAC addresses can be spoofed so the only sure way of protecting your WIFI network is to use WPA2-AES with a strong key
Click to expand...

Did you miss the part where neo2810 handed my ass to me over this one? OP already admitted he was using TKIP to start off with, and on further reading I think I got confused with WPA/2 hence the ass-handery.
 
Tinfoil hat? I've had one for ages...

tinfoilhat.jpg
 
Hide your SSID, there is no need to broadcast it as you already know it... Just means manually adding it on other machines when you want to connect to your network. Also use mac filtering to only allow those machines to connect.

Havent read all the replies so this might of already been mentioned.
 
BalSanghera said:
Havent read all the replies so this might of already been mentioned.
Click to expand...

This is a one page thread. If you can't be bothered reading it all then why bother posting? Hiding the SSID has been covered and also dismissed as the ineffectual tactic that it is. If you'd read the thread you'd know that and not be giving poor advice.
 
You can also cut the RF power down on the router until it's *just* enough for your own use, why shout when a whisper will do ?
 
mrgubby said:
You can also cut the RF power down on the router until it's *just* enough for your own use, why shout when a whisper will do ?
Click to expand...

you average home router generally doesnt have this option. "sky" (netgear) dont, orange livebox (yuk) and BT homehubs dont if my memory serves..

ive only come across this on intermec and cisco AP's to be honest but it wouldnt surprise me if newer higher end routers have this option.

note that lowering the RF power may effect its ability to transmit through materials such as partition walls :D
 
A Linksys WRT54G running Tomato definitely lets you drop the Tx power, and up it too.
 
LemmingLover said:
This is a one page thread. If you can't be bothered reading it all then why bother posting? Hiding the SSID has been covered and also dismissed as the ineffectual tactic that it is. If you'd read the thread you'd know that and not be giving poor advice.
Click to expand...

:dummy: jeez chill out, didnt have time to read the whole thread as I was at work. If you dont like my poor advice, dont read it and certainly dont comment on it... Swiftly move the **** on :nuts:
 
Thanks for help guys, problem seems to be solved... haven't had any unwanted 'visitors' to my network now since I added MAC filtering, changed to AES encryption, changed password for router and the access key aswell. Gonna leave the SSID on for now.

Edit- I do have the option to turn down RF power too, but I like it at 100% if I can. I need the best possible speed from it.
 
Out of interest, I've setup my router to log all activity on it now. However, I have noticed several Firewall notices (about 6 a day). For example:
Code: 
2010/03/17 09:46:00 	FIREWALL 	 ICMP connection denied from 88.250.12.129:n/a to 82.41.97.30:n/a (vlan1)

The last IP address is mine, but each time the first IP address is different. I looked them up, one was from Japan, one from Australia etc... could this be the hacker trying different methods to get back in? Or any other ideas? :shrug:
 
You must log in or register to reply here.
Back
Top