Re: My Wifi has been hacked :(
Oh, here's a pretty good method for keeping people off your network EVEN IF they manage to get your wifi password, turn off dhcp, set up a custom netmask (anything non-standard or just move a little away from the defaults*) and just set up your ip addresses and dns servers manually. They'll have a lot of fun trying to figure out your setup if they figure out why it's not working automatically ;)
*instead of 192.168.0.1 / 255.255.255.0
you could just use a different subnet.. e.g. 192.168.12.1 or something along those lines..
If you're technically inclined, set up a custom mask entirely.
Re: My Wifi has been hacked :(
mac address filtering is almost pointless, it\'s just a pain for you and doesn\'t offer much protection
use a really long obscure password
PS3 works fine with WPA2
Re: My Wifi has been hacked :(
Quote:
Originally Posted by
bledd
mac address filtering is almost pointless, it's just a pain for you and doesn't offer much protection
Agreed. If someone has got as far as bypassing the wireless key then sniffing some fo the frames flying about in the air and getting an allowed MAC address from it is trivial.
Re: My Wifi has been hacked :(
Condensation of what's been said really, but changing or hiding the SSID is near pointless*, it's easy to detect the MFR of an AP even with SSID broadcast disabled, and it just makes it harder for you to connect stuff. The same goes for MAC filtering, after an intruder has broken through the vault door, a sign saying employees only isn't likely to make an difference, and again just makes it harder for you to add stuff. Try again with WPA2 (not mixed), WPA is broken quite badly, and use a properly long random key from here for example (the full ASCII one). If there's no way to copy text on the consoles, I imagine typing it would be quite hard and prone to errors so just be sure to use I'd say at least 14 characters, no script kiddie is going to bruteforce that - just copy a section from that password generator ideally.
Oh and as for investigation, you could enter the MAC address into here to see who the device (or the NIC at least) is made by: http://www.coffer.com/mac_find/
*WPA uses the SSID to create the session keys from the PSK. Rainbow tables have been created for common SSID names which would make a bruteforce against APs with those names easier. Depending on the technical knowledge of the attacker this may be a problem. So I'm going to contradict myself and say DO change the SSID to something uncommon, and stick a few symbols in there for good measure.
Edit: Oh and here's a list of common SSIDs, ideally make sure yours isn't on there: http://www.wigle.net/gps/gps//Stat
Re: My Wifi has been hacked :(
I am not sure why people are so down on mac filtering, it means that someone must imposter an exisiting machine on the network, so its very noticable when the machine stops working. If you also roll your own dhcp server and hand out the same IP to the same mac every time, its very easy to spot a "bonus" machines, I caught one last night one of my machines "forgot" its mac address and set it to FE:FF:FF:FF:FF:FF !?!?! quickly spotted a new machine on my dynamic range and that its normal ip could not be accessed. (This was on wired BTW)
The suggestion to go to a non common network settings isn't going to help much, as an attacker will just snoop the network for the IPs around, finding another mac on the network is easy, (that of the access point) they can then use arp, to get it to give away its IP. You don't need to know the subnet mask virtually no one is subnetted at home, all you need to do is to scan for the gateway 256 addresses either side of the working one will probably do it. You need a big address space like a /16 for the search to take any time at all.
Hard wired and filtering the wireless traffic is the right way to go, you could create a proxy that requires authenication with name and password before granting access.
Re: My Wifi has been hacked :(
I thought WPA was OK with AES but not TKIP?
Re: My Wifi has been hacked :(
WPA-AES is considered safe, but I find it a much less common option than WPA2. However, some devices list WPA2 as WPA-AES, just to confuse things.
Re: My Wifi has been hacked :(
Sounds to me like somone has downloaded backtrack!
Use WPA2 or the like, takes an age to break it. turn off your router when you are out, change your key regularly.. if the little sod wants to torrent porn and games on your connection he will soon get fed up when he can only use it for an hour or so a day and has to keep re-cracking to get in.
Re: My Wifi has been hacked :(
WPA2-AES with a proper key will not be broken.
Re: My Wifi has been hacked :(
Quote:
Originally Posted by
Zadock
Sounds to me like somone has downloaded backtrack!
What is backtrack?
Re: My Wifi has been hacked :(
Quote:
Originally Posted by
oolon
What is backtrack?
http://www.backtrack-linux.org/
I guess?
Re: My Wifi has been hacked :(
Ok as expected blocking his mac address just kept him out for a couple of days. Oddly once he had a connection again he didn't go anywhere, just googled a couple of pages, I assume to test connection.
So now I've changed to WPA2-AES with a some rediculous key that was a right pain in the ass to key into PS3 and Wii, and was a right faff with the number of devices I've got that can connect.
On the plus side I know its not the neighbours now as they were away this weekend when the hacker reconnected.
Wait to see how good this hacker is now with a stronger encryption and key. Cheers all for your advice.
Re: My Wifi has been hacked :(
if it were me I'd change it back. Track the blighter's MAC address, intercept his googlemail log-ins, facebook log ins and the like, clarify his identity and then take your evidence gathered over a month or two and report him to the cops. You may want to send him a cease-and-desist letter (if that's allowable in this country) then I'd also get a lawyer friend to send him a letter threatening court action to recover your losses for a service you paid for and which he has partially deprived you of. Also report him to your ISP who can blacklist him should he apply to them in future, and generally make life as difficult for the pikey freeloader as possible. You'd do everyone in your area a favour cos if he can't get you anymore he'll just target someone else.
(And are you sure your neighbours also took their kid away with them when they went on holiday?)
Re: My Wifi has been hacked :(
Quote:
Originally Posted by
camalbitboy
So next i put the unknown mac address in a blocked list, saw it dissapear from the network list, and voila, 10mb speeds again (well 9200kbps, so close enough). Turned PS3 Wii and phones back on and they all work fine.
My concern is that from my understanding mac address spoofing is pretty easy and so the hacker will be back in again soon I expect.
So, you're using a MAC address black list. What you want is a MAC address white list, where only your known equipment is allowed to connect. Spoofing isn't going to get them very far then, or at least, you'll notice much quicker.
Then obviously change passwords/keys, etc, and don't use WEP encryption because it's a bad joke.
Re: My Wifi has been hacked :(
This really sucks, what you want to do is learn how to use backtrack...im sure using that you would be able to intercept him/her in some way :)
Re: My Wifi has been hacked :(
Still pointless, while better than a blacklist, you can just sniff MAC addresses on the network and spoof one of them when it's offline, or worse when it's online and cause problems on the network. For someone who it seems knows his way around wireless networks I really don't think it's worth the effort.
As ik9000 said, I would go to length to track the sod down. I can't recommend it obviously as I don't know how allowable it is, but I'd set up a linux firewall and log IM, session cookies, etc. Then it's just a matter of using an appropriate session cookie to log into his favourite website and find out his name and possibly address. You're allowed to log what you want on your own network, it's not your fault if some idiot keeps breaking in and happens to get logged.
I think it was on this forum a while ago, someone had a similar problem to you and a member recommended again a linux firewall to mess around with the content they access, or redirect them to a nasty website. Found the link: http://www.ex-parrot.com/pete/upside-down-ternet.html