hacked wireless

[sr71000]

Basically I have a wireless network encrypted with wpa personal with an 11 character password (will be changing so i don't care about giving out lengths). I found some unknown person had leased an ip address and i removed them. They reconnected immediately and i removed them again. After they reconnected again i started recording with wireshark. Their hostname was ifyoucanreadthis and i found a bunch of network messages labeled "imfucked" Of course my laptop froze being the unstable pos it is so i don't have the logs so i started back up and started recording again. there was no traffic so I restarted my router and deleted their ip from my dhcp tables so they'd have to ask for a new one when they reconnected. So far no traffic but I'll leave it to keep listening and monitor it for a while. If I catch them reconnecting is there any software I can use to track down the direction of their wireless signal. I'm willing to build myself a cantenna and hook it up to my wireless card so I can track the strength of the signal based on where I'm pointing, but I don't know of any software (linux or windows based) to track the strength of the signal coming from a wireless card. I can spoof my wireless router with my laptop forcing this client to connect to me (maybe this makes it easier to track?). I understand if people don't know but if anyone can recommend a security or wireless based forum that would be able to really help me out here I'd really appreciate it. I don't like people meddling in my shit and would really like to track this person down and let em know they've been caught.

-Kevin

[GroundZero3]

Tracking a signal down will be virtually impossible.

If the user connects again and surfs myspace/facebook/forums or some type of service that would be easy to identify him, if he doesnt you wont really be able to determine who it is

[Nude_Lewd_Man]

What you can do is to set up MAC filtering, and only allow it to accept the MAC addresses of the wireless clients you want to be able to connect up...

The exact settings will vary dependant on the make/model of the router/WAP you use, but it should be something like Wireless/Security. Set it to allow, and put the MACs in that you want to allow.


To get the MAC address (on a Windows computer):

Start --> Run --> 'cmd' --> 'ipconfig/all'

You should see a line that looks like this:

Physical Address. . . . . . . . . : 00-3D-F0-5A-9C-15
(This is in "Hex", so will only use 0-9 and A-F)

[GroundZero3]

MAC Address filtering isn't going to do anything if this person hacked WPA.

That isn't even what mac address filter was used for, and some how people start associating it with security.

Dont waste your time with it

[Nude_Lewd_Man]

Quote:

Originally Posted by GroundZero3

MAC Address filtering isn't going to do anything if this person hacked WPA.

That isn't even what mac address filter was used for, and some how people start associating it with security.

Dont waste your time with it

Hmm, okay... What other options does the OP have...?

WPA-PSK..? WPA-TKIP..? <Whatever else I've got to choose from that I can't remember off the top of my head>..??

[nickslick74]

Quote:

Originally Posted by sr71000

Basically I have a wireless network encrypted with wpa personal with an 11 character password (will be changing so i don't care about giving out lengths). I found some unknown person had leased an ip address and i removed them. They reconnected immediately and i removed them again. After they reconnected again i started recording with wireshark. Their hostname was ifyoucanreadthis and i found a bunch of network messages labeled "imfucked" Of course my laptop froze being the unstable pos it is so i don't have the logs so i started back up and started recording again. there was no traffic so I restarted my router and deleted their ip from my dhcp tables so they'd have to ask for a new one when they reconnected. So far no traffic but I'll leave it to keep listening and monitor it for a while. If I catch them reconnecting is there any software I can use to track down the direction of their wireless signal. I'm willing to build myself a cantenna and hook it up to my wireless card so I can track the strength of the signal based on where I'm pointing, but I don't know of any software (linux or windows based) to track the strength of the signal coming from a wireless card. I can spoof my wireless router with my laptop forcing this client to connect to me (maybe this makes it easier to track?). I understand if people don't know but if anyone can recommend a security or wireless based forum that would be able to really help me out here I'd really appreciate it. I don't like people meddling in my shit and would really like to track this person down and let em know they've been caught.

-Kevin

This might be a silly question, but you did change the basic login info for the router, right?

[GroundZero3]

Quote:

Originally Posted by Nude_Lewd_Man

Hmm, okay... What other options does the OP have...?

WPA-PSK..? WPA-TKIP..? <Whatever else I've got to choose from that I can't remember off the top of my head>..??

He would need to post the exact security setup he had before I could make a suggestion

MAC address filtering can be bypassed just by collect over the air packets and looking at what that mac address is, he can then clone his mac address on his computer to use the same one. Its not hard.

[cksboy15]

and people wonder why I don't like wireless that much.

have you attempted to change the encryption from wpa to wpe? that could get him off for a little while.

[GroundZero3]

what is WPE?


If you meant WEP, then that is the original wireless encryption and that can be cracked in less than 2 minutes easily

There are plenty of ways to secure wireless so that people cant get on.

[RainbowSix]

My recommendations:
Disable dhcp (and use static ip addresses)
change your password (obviously)
Don't broadcast SSID
Change encryption to WPA2

I don't know how much the above will solve but it's worth trying.