hacked wireless

[sr71000]

Basically I have a wireless network encrypted with wpa personal with an 11 character password (will be changing so i don't care about giving out lengths). I found some unknown person had leased an ip address and i removed them. They reconnected immediately and i removed them again. After they reconnected again i started recording with wireshark. Their hostname was ifyoucanreadthis and i found a bunch of network messages labeled "imfucked" Of course my laptop froze being the unstable pos it is so i don't have the logs so i started back up and started recording again. there was no traffic so I restarted my router and deleted their ip from my dhcp tables so they'd have to ask for a new one when they reconnected. So far no traffic but I'll leave it to keep listening and monitor it for a while. If I catch them reconnecting is there any software I can use to track down the direction of their wireless signal. I'm willing to build myself a cantenna and hook it up to my wireless card so I can track the strength of the signal based on where I'm pointing, but I don't know of any software (linux or windows based) to track the strength of the signal coming from a wireless card. I can spoof my wireless router with my laptop forcing this client to connect to me (maybe this makes it easier to track?). I understand if people don't know but if anyone can recommend a security or wireless based forum that would be able to really help me out here I'd really appreciate it. I don't like people meddling in my shit and would really like to track this person down and let em know they've been caught.

-Kevin

[GroundZero3]

Tracking a signal down will be virtually impossible.

If the user connects again and surfs myspace/facebook/forums or some type of service that would be easy to identify him, if he doesnt you wont really be able to determine who it is

[Nude_Lewd_Man]

What you can do is to set up MAC filtering, and only allow it to accept the MAC addresses of the wireless clients you want to be able to connect up...

The exact settings will vary dependant on the make/model of the router/WAP you use, but it should be something like Wireless/Security. Set it to allow, and put the MACs in that you want to allow.


To get the MAC address (on a Windows computer):

Start --> Run --> 'cmd' --> 'ipconfig/all'

You should see a line that looks like this:

Physical Address. . . . . . . . . : 00-3D-F0-5A-9C-15
(This is in "Hex", so will only use 0-9 and A-F)

[GroundZero3]

MAC Address filtering isn't going to do anything if this person hacked WPA.

That isn't even what mac address filter was used for, and some how people start associating it with security.

Dont waste your time with it

[Nude_Lewd_Man]

MAC Address filtering isn't going to do anything if this person hacked WPA.

That isn't even what mac address filter was used for, and some how people start associating it with security.

Dont waste your time with it

Hmm, okay... What other options does the OP have...?

WPA-PSK..? WPA-TKIP..? <Whatever else I've got to choose from that I can't remember off the top of my head>..??

[nickslick74]

Basically I have a wireless network encrypted with wpa personal with an 11 character password (will be changing so i don't care about giving out lengths). I found some unknown person had leased an ip address and i removed them. They reconnected immediately and i removed them again. After they reconnected again i started recording with wireshark. Their hostname was ifyoucanreadthis and i found a bunch of network messages labeled "imfucked" Of course my laptop froze being the unstable pos it is so i don't have the logs so i started back up and started recording again. there was no traffic so I restarted my router and deleted their ip from my dhcp tables so they'd have to ask for a new one when they reconnected. So far no traffic but I'll leave it to keep listening and monitor it for a while. If I catch them reconnecting is there any software I can use to track down the direction of their wireless signal. I'm willing to build myself a cantenna and hook it up to my wireless card so I can track the strength of the signal based on where I'm pointing, but I don't know of any software (linux or windows based) to track the strength of the signal coming from a wireless card. I can spoof my wireless router with my laptop forcing this client to connect to me (maybe this makes it easier to track?). I understand if people don't know but if anyone can recommend a security or wireless based forum that would be able to really help me out here I'd really appreciate it. I don't like people meddling in my shit and would really like to track this person down and let em know they've been caught.

-Kevin

This might be a silly question, but you did change the basic login info for the router, right?

[GroundZero3]

Hmm, okay... What other options does the OP have...?

WPA-PSK..? WPA-TKIP..? <Whatever else I've got to choose from that I can't remember off the top of my head>..??

He would need to post the exact security setup he had before I could make a suggestion

MAC address filtering can be bypassed just by collect over the air packets and looking at what that mac address is, he can then clone his mac address on his computer to use the same one. Its not hard.

[cksboy15]

and people wonder why I don't like wireless that much.

have you attempted to change the encryption from wpa to wpe? that could get him off for a little while.

[GroundZero3]

what is WPE?


If you meant WEP, then that is the original wireless encryption and that can be cracked in less than 2 minutes easily

There are plenty of ways to secure wireless so that people cant get on.

[RainbowSix]

My recommendations:
Disable dhcp (and use static ip addresses)
change your password (obviously)
Don't broadcast SSID
Change encryption to WPA2

I don't know how much the above will solve but it's worth trying.

[Sarah L]

what is WPE?


If you meant WEP, then that is the original wireless encryption and that can be cracked in less than 2 minutes easily

There are plenty of ways to secure wireless so that people cant get on.

Our people have been using Backtrack 3 to test security. They blow through WEP like it was not even there. But as I understand it that linux program they use is free and a very good tool to test security. One of them told me that WEP was never meant to be a security device in the first place.

[GroundZero3]

Dont broadcast SSID isnt going to do anything, its simple to find those SSID

WPA2 support is a hit and a miss depending on how old his equipment is

[Nude_Lewd_Man]

My recommendations:
Disable dhcp (and use static ip addresses)
change your password (obviously)
Don't broadcast SSID
Change encryption to WPA2

I don't know how much the above will solve but it's worth trying.

Disable DHCP - is fine as long as they don't have very many devices, and they will need to keep a record of what IPs are in use.

Change password - abso-f'in-lutely, this will need to be done on all devices that use the wireless, but better than being hacked.

Disable SSID - doesn't really matter, especially as they'll already have the details of it anyway... Also, if they've been able to hack in, they'll be able to get past that...

WPA2 - isn't an option on all wireless devices, so might not be a feasible solution.

(The last two are in agreement with GZ3)

[GroundZero3]

I'm not a fan of disabling DHCP, it just seems its more of a hassle than anything.


If you really want some security, look into implementing 802.1x

[Nude_Lewd_Man]

I'm not a fan of disabling DHCP, it just seems its more of a hassle than anything.

Yes, unless you only have one or two devices - in which case it is relatively painless...

[GroundZero3]

Yeah it is, but it seems like one of those things that would bite you in the ass when you have a friend/family member come over and try to connect, and you forget about the DHCP issue.

And even if you do enable this, if someone breaks in, they came see what ip address your clients are talking on so its a moot point

[sr71000]

I never thought to log the sites they access and try to get a username/password. I set up a second wireless router with the old ssid & security setup and then set up a new secured wireless network with wpa2. I haven't seen them back on my network again though.

My old setup involved a dictionary password which may have been my issue. It was a wpa-tkip wireless bgn setup running the dd-wrt firmware on linksys hardware.

New setup is similar except running wpa w/ aes. not all my laptops like wpa2. I also have a much more complex password. My next step will be dumping all the connections through samba to log files on a server i set up. Then I can track down whoever screws with my stuff.

-Kevin

[GroundZero3]

lol dictionary password!!!

I would suggest using capital letters and lower case, numbers, and symbols. I also suggest people to make their PSK a sentence. Not just a word and replace letters with numbers

So my password for my wireless is something like ilikecakeandkitties 1l1k3c@k3@ndk1tt1es be creative and you wont have a problem for a long time

[Nude_Lewd_Man]

lol dictionary password!!!

I would suggest using capital letters and lower case, numbers, and symbols. I also suggest people to make their PSK a sentence. Not just a word and replace letters with numbers

So my password for my wireless is something like ilikecakeandkitties 1l1k3c@k3@ndk1tt1es be creative and you wont have a problem for a long time

LOL... Reminds me of an old password I used to have...

I replaced several instances of the letter "e" with "é", "o" with "õ", "W" with "\/\/" and "B" with "|3".... Worked great, until I had to ask someone to log in as me to do something....

[GroundZero3]

Yeah I tell people my passcodes and they look at me like im odd

Meh never had a problem with someone breaking in!