Thread: hacked wireless
March 3rd, 2009, 04:31 AM #1
- Join Date
- Jun 2004
Basically I have a wireless network encrypted with wpa personal with an 11 character password (will be changing so i don't care about giving out lengths). I found some unknown person had leased an ip address and i removed them. They reconnected immediately and i removed them again. After they reconnected again i started recording with wireshark. Their hostname was ifyoucanreadthis and i found a bunch of network messages labeled "imfucked" Of course my laptop froze being the unstable pos it is so i don't have the logs so i started back up and started recording again. there was no traffic so I restarted my router and deleted their ip from my dhcp tables so they'd have to ask for a new one when they reconnected. So far no traffic but I'll leave it to keep listening and monitor it for a while. If I catch them reconnecting is there any software I can use to track down the direction of their wireless signal. I'm willing to build myself a cantenna and hook it up to my wireless card so I can track the strength of the signal based on where I'm pointing, but I don't know of any software (linux or windows based) to track the strength of the signal coming from a wireless card. I can spoof my wireless router with my laptop forcing this client to connect to me (maybe this makes it easier to track?). I understand if people don't know but if anyone can recommend a security or wireless based forum that would be able to really help me out here I'd really appreciate it. I don't like people meddling in my shit and would really like to track this person down and let em know they've been caught.
March 3rd, 2009, 04:23 PM #2
Tracking a signal down will be virtually impossible.
If the user connects again and surfs myspace/facebook/forums or some type of service that would be easy to identify him, if he doesnt you wont really be able to determine who it is
March 3rd, 2009, 05:18 PM #3
What you can do is to set up MAC filtering, and only allow it to accept the MAC addresses of the wireless clients you want to be able to connect up...
The exact settings will vary dependant on the make/model of the router/WAP you use, but it should be something like Wireless/Security. Set it to allow, and put the MACs in that you want to allow.
To get the MAC address (on a Windows computer):
Start --> Run --> 'cmd' --> 'ipconfig/all'
You should see a line that looks like this:
Physical Address. . . . . . . . . : 00-3D-F0-5A-9C-15
(This is in "Hex", so will only use 0-9 and A-F)
March 3rd, 2009, 05:25 PM #4
MAC Address filtering isn't going to do anything if this person hacked WPA.
That isn't even what mac address filter was used for, and some how people start associating it with security.
Dont waste your time with it
March 3rd, 2009, 05:30 PM #5
March 3rd, 2009, 05:54 PM #6
March 4th, 2009, 08:30 AM #7
MAC address filtering can be bypassed just by collect over the air packets and looking at what that mac address is, he can then clone his mac address on his computer to use the same one. Its not hard.
March 4th, 2009, 09:51 PM #8
and people wonder why I don't like wireless that much.
have you attempted to change the encryption from wpa to wpe? that could get him off for a little while.
March 5th, 2009, 06:27 AM #9
what is WPE?
If you meant WEP, then that is the original wireless encryption and that can be cracked in less than 2 minutes easily
There are plenty of ways to secure wireless so that people cant get on.
March 8th, 2009, 10:07 PM #10
- Join Date
- Mar 2009
Disable dhcp (and use static ip addresses)
change your password (obviously)
Don't broadcast SSID
Change encryption to WPA2
I don't know how much the above will solve but it's worth trying.
March 9th, 2009, 01:49 AM #11
- Join Date
- May 2008
March 9th, 2009, 07:19 AM #12
Dont broadcast SSID isnt going to do anything, its simple to find those SSID
WPA2 support is a hit and a miss depending on how old his equipment is
March 9th, 2009, 10:25 AM #13
Change password - abso-f'in-lutely, this will need to be done on all devices that use the wireless, but better than being hacked.
Disable SSID - doesn't really matter, especially as they'll already have the details of it anyway... Also, if they've been able to hack in, they'll be able to get past that...
WPA2 - isn't an option on all wireless devices, so might not be a feasible solution.
(The last two are in agreement with GZ3)
March 9th, 2009, 10:29 AM #14
I'm not a fan of disabling DHCP, it just seems its more of a hassle than anything.
If you really want some security, look into implementing 802.1x
March 9th, 2009, 10:35 AM #15
March 9th, 2009, 10:37 AM #16
Yeah it is, but it seems like one of those things that would bite you in the ass when you have a friend/family member come over and try to connect, and you forget about the DHCP issue.
And even if you do enable this, if someone breaks in, they came see what ip address your clients are talking on so its a moot point
March 9th, 2009, 12:32 PM #17
- Join Date
- Jun 2004
I never thought to log the sites they access and try to get a username/password. I set up a second wireless router with the old ssid & security setup and then set up a new secured wireless network with wpa2. I haven't seen them back on my network again though.
My old setup involved a dictionary password which may have been my issue. It was a wpa-tkip wireless bgn setup running the dd-wrt firmware on linksys hardware.
New setup is similar except running wpa w/ aes. not all my laptops like wpa2. I also have a much more complex password. My next step will be dumping all the connections through samba to log files on a server i set up. Then I can track down whoever screws with my stuff.
March 9th, 2009, 12:46 PM #18
lol dictionary password!!!
I would suggest using capital letters and lower case, numbers, and symbols. I also suggest people to make their PSK a sentence. Not just a word and replace letters with numbers
So my password for my wireless is something like ilikecakeandkitties 1l1k3c@k3@ndk1tt1es be creative and you wont have a problem for a long time
March 9th, 2009, 06:46 PM #19
March 9th, 2009, 06:49 PM #20
Yeah I tell people my passcodes and they look at me like im odd
Meh never had a problem with someone breaking in!
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
By gigahertz205 in forum Networking and InternetReplies: 2Last Post: June 6th, 2006, 08:21 PM
By hollaback04 in forum General Tech DiscussionReplies: 42Last Post: December 6th, 2004, 02:44 AM
By danburt in forum Networking and InternetReplies: 4Last Post: November 25th, 2004, 12:28 AM
By Network67 in forum General Tech DiscussionReplies: 6Last Post: October 11th, 2004, 10:54 PM
By Stevepb in forum General Tech DiscussionReplies: 30Last Post: November 17th, 2002, 12:30 PM