Someone is hacking into my network


Recommended Posts

I use MAC filtering on my home network as well as standard WPA2 password and not broadcasting my SSID. Never seam to have a problem. :p

Link to comment
Share on other sites

change the password on your router, disable wan remote access, change the ssid and passkey, hide the ssid, enable mac filtration, change the lan ip address, disable dhcp,

these should make it a lot harder for them to access it :)

hide the ssid, enable mac filtration, change the lan ip address, disable dhcp...this only makes it hard for a kindergardner who can't read or follow tutorials very well.

Link to comment
Share on other sites

hide the ssid, enable mac filtration, change the lan ip address, disable dhcp...this only makes it hard for a kindergardner who can't read or follow tutorials very well.

i never said it would stop it, if you read the quote again i said it would make it HARDER!

Link to comment
Share on other sites

FAIL If he's on the guys network, he's going to have the same IP as this guy. derp. That, or what is he going to say, "hey the guys IP is 192.168.0.102"?

Turn DHCP off, MAC Address filtering, WPA2, SSID disable (do not broadcast) and make it a long password. Guaranteed to secure you from any but the most persistant hackers.

Yeah if you've got the rainbow tables and the horsepower to do it

You don't need any rainbow tables and horsepower. Any PC can do it in seconds as there is a exploit in WPA2.

Or, the hacker maybe exploiting the the well documented WPS bug in the router.

Link to comment
Share on other sites

no it really doesn't make it harder, if they already have the tools it doesn't make it any harder. it only makes it harder for someone who can't read or follow tutorials very well.

Link to comment
Share on other sites

no it really doesn't make it harder, if they already have the tools it doesn't make it any harder. it only makes it harder for someone who can't read or follow tutorials very well.

we dont know for sure they have the tools,

Link to comment
Share on other sites

we dont know for sure they have the tools,

Umm so how else would they have gotten in then in the first place? Using command prompt? LOL Anyone cracking any type of password already has tools to do it.

As for the OP, I haven't heard anyone cracking a WPA2+AES password. Kinda weird but I guess it's possible as others are saying. :ermm:

Link to comment
Share on other sites

Depending on where you are, screwing with the guy could be illegal, with some rather heavy penalties. His actions do not give you permission to seek revenge or to mess with his equipment or data.

In other words, just change your password, and make it harder to figure out.

Link to comment
Share on other sites

"Any PC can do it in seconds as there is a exploit in WPA2"

Just MORE FUD - there is no current exploit to WPA or WPA2 that allows access to the network.. Please do not spread FUD -- if you have a source that gives details of this exploit then by all means provide it. If not your just spreading FUD!!

Yes there are TKIP exploit that allows for packet injection - this does not provide access to the wireless network. It allows you to inject packets.

Are you talking about hole196 vulnerability - again not a hack to gain access to a network, it an issue with an insider attack.

If there was such a exploit to WPA/WPA2 that allowed access it would be a simple google away, and VERY VERY BIG news!! Like what happened with WEP. You can find clear instruction on breaking in wep in minutes that any 8 year old could follow. If what your saying is true the same for how to break WPA/WPA2 -- which there is not. Well let me rephrase that - there are guides on hacking WPA/WPA2 -- but they are all attacks against the PSK. If you have SECURE ONE, then there is no issue!

If you have a link to a whitepaper that disproves then please provide.. Until that time your spreading FUD!!

edit: Again Yes WPA/WPA2 can be breached if your password is JUNK -- but sorry your not hacking something like 6\QEI$fI=M#A2!2XONkK in minutes plain and simple.

Also WPS pin attack is not an attack against WPA - its an attack against WPS. And I completely agree this should not be enabled. It was junk from the get go anyway, why would you have it enabled?? Its a PITA to even use -- much easier to just create a SECURE PSK, that you can remember - and give this to the people you want to allow access. Here is actual info about the WPS PIN attack. http://www.kb.cert.org/vuls/id/723755

edit2: "i said it would make it HARDER"

I completely agree with this statement.. Those things will make it MUCH HARDER for the actual OWNER/USER of the wifi network to connect. As to someone breaking into your network - it would be a minor inconvenience at best. It would add like 2 minutes tops to the access time.

Link to comment
Share on other sites

Over 9,000...

By itself , it's not security. just like shutting your front door is not security, but combined with everything else, it slows people down THAT much more. It's just an extra layer.

You don't need any rainbow tables and horsepower. Any PC can do it in seconds as there is a exploit in WPA2.

Or, the hacker maybe exploiting the the well documented WPS bug in the router.

WPS, yes. WPA2 w/ AES. I'd like you to prove your source on that one. If the SSID is "linksys" and the password is "password" then yes, it's easy. If it's 32 digits long its gonna take you about a billion years.

WPA2 is NOT crackable. prove me wrong otherwise.

Link to comment
Share on other sites

By itself , it's not security. just like shutting your front door is not security, but combined with everything else, it slows people down THAT much more. It's just an extra layer.

Sure extra layer -- like when you lock your door with a deadbolt, and then for "extra" security you put some scotch tape across it.

Not going to stop anybody -- but it sure makes it a PITA everytime you want to open the door. Because you have to remove the scotch tape without messing up the paint ;)

But sure if that is what your trying to accomplish - more power too you. Seems everyone loves to make their lives more difficult.

What would you rather have

bruce: hey billy can I use your wireless.

billy: Sure see that billywpauniqueSSID - click on it and put in "6\QEI$fI=M#A2!2XONkK" -- here I have it written down on this card.

Or this?

bruce: hey billy can I use your wireless.

billy: Sure create a new connection and put in this SSID "billywpauniqueSSID", now make sure you allow it to connect to networks that do not broadcast their SSID. click the check box next to "Connect even if the network is not broadcasting"

billy: Also what is your mac address so I can allow it.

bruce: mac address?

billy: yeah what is the mac address of your wireless card so I can allow it to connect to my network.

bruce: wireless card?

billy: here let me look - ok let me write down. 00-1B-77-A2-18-E4

billy: ok wait while I go connect to my router and allow that - and find an IP for you to use.

billy: Ok here put in this static IP 192.168.1.142 netmask 255.255.255.0 gateway 192.168.1.1 dns 192.168.1.1

bruce: What? Where do I do that again?

billy: Here give me the machine - config, config, config - ok here you go.

bruce: Thanks - so now I forgot what I was going to do on the internet in the first place ;)

billy: And don't forget to uncheck that static IP stuff, or you won't work on the next wireless network you try and connect to.

bruce: So how do I do that?

billy: See here on your wireless card where I have this IP and set to use these dns. When you done using my network, make sure you set those back to dhcp or you won't work on your home network.

bruce: why do you make it so difficult to use your network??

billy: Because I like extra layers of security to slow down would be hackers!

bruce: Wouldn't your secure PSK "6\QEI$fI=M#A2!2XONkK" stop them?

billy: Yeah sure it would, but you can never have too many "extra" layers! Says right here in this guide titled 6 dumbest ways to secure my wireless, that I should turn on mac filtering #1, not broadcast my ssid #2and turn off dhcp #4. See right there in the 6 dumbest ways -- right on the internet so it much be the best thing to do. http://www.zdnet.com/blog/ou/the-six-dumbest-ways-to-secure-a-wireless-lan/43

bruce: But billy doesn't that say "dumbest" - doesn't that mean its not smart?

billy: DOH!!!!

1st option is Secure Network, option 2 is Secure network with scotch tape as "extra" protection!

Link to comment
Share on other sites

Don't screw with him. What if he accidentally connected to the wrong network? He also isn't doing anything malicious, just piggy backing on your Internet.

Just change your password.

Link to comment
Share on other sites

That wpa2 was fud as i expected, It would be already in the news as it was with WEP. hopefully my 13 characters long password and my open firmware will solve it for the moment, until a new encryption protocol is issued.

Link to comment
Share on other sites

By itself , it's not security. just like shutting your front door is not security, but combined with everything else, it slows people down THAT much more. It's just an extra layer.

...

Lets take SSID broadcasting as an example.

The first thing you have to remember, is that you can't not broadcast the SSID, it's a required part of the network. All checking that box does is set a flag saying "Don't show this in your UI", network scanning tools ignore this and will gladly show your network and your picked SSID. The SSID is used by WPA2 (as an example) as a salt combined with the passphrase, so any client has to know it before connecting.

Disabling DHCP won't do anything, MAC filtering won't do anything, etc. They won't do anything simply because the attacker would already have to break your encryption to get into your network.

Link to comment
Share on other sites

Actually.... disabling DHCP, setting some obscure IP address like 10.10.45.213 as the gateway, and disabling ping back on the gateway will make it a rather pain in the ass to communicate across the network and sniff packets as long as wireless isolation is turned on. If DHCP doesn't hand out an IP address once they've broken the encryption they won't get an IP address, won't be able to access the gateway unless they do a relentless IP scan for an IP answering a gateway route request, thus won't be able to access the internet, and due to wireless isolation won't be able to access any other computers on the network either.

If they still spend the time to get into your wireless, its not a simple war driver, they are after you directly and the only thing you can really do at that point is turn off your wireless.

Link to comment
Share on other sites

Or you could just properly configure the network so as to make it not so hard on you.

I broadcast my SSID, I don't do MAC filtering and my DHCP server is configured to give out an address to any device that asks for it, but nobody else can even get to the stage where they can talk to my network, since I use a strong key and method.

Link to comment
Share on other sites

"make it a rather pain in the ass to communicate across the network and sniff packets as long as wireless isolation is turned on"

You clearly don't understand how isolation works ;) Once they broke the encryption - they can sniff all the packets.. Do you think there is different encryption for each client? Once you can sniff the traffic its quite simple to see what the gateway and ip ranges are just by watching the traffic flow. There is no need to ping anything.

Isolation does not prevent you from sniffing the traffic - the router just doesn't forward your traffic to the other devices. But you can still sniff it, so you can see the IPs in use - so clearly you can tell which one is the gateway..

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.