help! Someone is hacking into my router!

Like the title says, someone is hacking into my router. I’ve caught the jerk in there twice, and its bothering the heck out of me. What can i do about this? So far, I’m just changing the password when I see him in there, but its a pain because I have to change my own wireless setups every time I do. I’m also curious as to what he’s doing with my connection, as I expect its nothing nice. Is there a way I can find out which house he’s hacking from? Is there something I can do to mess him up? I’m not a hacker of any sorts, but I am a programmer, so I can handle some technical stuff. If its just some kid doing a little surfing and checking his email, then I don’t really mind too much, but if its some jerk using my connection for illegal stuff, as I expect, then I’d like to ruin his life, or rather, his computer, or even just make it so he can’t hack my wireless anymore. How the heck is doing that anyhow? I thought Wireless was supposed to be secure? Any advice or suggestions would be greatly appreciated.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We need a bit more information. First, to slow him down, do a few
things. Start by setting your WAP to NOT broadcast the SSID. Once that
is done change it to something different. When that is done enable WPA
2 (if possible) for your encryption… this should slow them down a
fair bit for now. Finally, enable MAC address filtering and only allow
machines of yours (by wireless card MAC address) on your network.

If you want to get really clever Google for ‘ettercap’. With it and a
little practice you can do all kinds of fun things like make all their
images appear upside down, or have all of their requests for any website
get redirected somewhere less-than-fun. You could also just watch for
anybody online with a new IP address and then just send a few tons of
traffic their way (may affect your own performance) with ping if nothing
else.

Good luck.

PenguinMigrations wrote:
> Like the title says, someone is hacking into my router. I’ve caught the
> jerk in there twice, and its bothering the heck out of me. What can i do
> about this? So far, I’m just changing the password when I see him in
> there, but its a pain because I have to change my own wireless setups
> every time I do. I’m also curious as to what he’s doing with my
> connection, as I expect its nothing nice. Is there a way I can find out
> which house he’s hacking from? Is there something I can do to mess him
> up? I’m not a hacker of any sorts, but I am a programmer, so I can
> handle some technical stuff. If its just some kid doing a little surfing
> and checking his email, then I don’t really mind too much, but if its
> some jerk using my connection for illegal stuff, as I expect, then I’d
> like to ruin his life, or rather, his computer, or even just make it so
> he can’t hack my wireless anymore. How the heck is doing that anyhow? I
> thought Wireless was supposed to be secure? Any advice or suggestions
> would be greatly appreciated.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJJpgZGAAoJEFl00+q2r0YpzVQQAJ3eGPO5cvk5cKxpGnPJZnEl
dXeiNMLU6D6IJxQYzQSRUpDpnoJydGS7wOm6sRLFUhmo1Wft+oEncIMEDjTwfKu9
tjZE2051/aZN+udgF4koXM2wvU/agFt+oQxWWSvVtLndSkjDojvoPOjep4EKMFNe
rgW9+ZxGMJUDikpzFT/Wk+aO2xdJLHOQ/qM+sVi5LunevK+w4k94TfkEYPzQJrza
0HDG5f2/Po/GcHRsLwFiTuFuBUM3afCaYeDmncDa8Re9B0j1MGAHoUhJnTvkJhXq
1Wq7hl3Yuk8TNkVLAvu6WJDSgoMtoR7Q2Vdj2q+6zqoGAVgM8tj1FJ0JlT0Rki5X
z2oaLzmja0KXXzBnfLiZUnfzGiDoHHN/ELnMvtc2QBwVWbJFVwvoB+VF0rZYK09i
ovNvCcVOSwO5BQGvhddq7UuWoPTecZ4iDcaesHslDSdqWMLIcu0nqYrSJ1gccwnh
P0+Mz9gvj6hQvv6ynRHBOS7g/f8Vun9l4LFiLTueDOnF6ktcZE3f439oNPVcUEic
GQlhVM/1IAoO8YK4Nt/4eSsbNSKbtKmibNOJFueNORRLlrtaYbQa2S43vASB+DEh
V6CeVrnD6ex5JQ/D2gYisibKF3RNFQkd5DCv9XSNoOvqqdYOFC6RnUIy2y544Pwx
GqH0eQWwQF2nGihfk//V
=+JNz
-----END PGP SIGNATURE-----

In addition to what ab@novell said (by the way, I like that “ettercap” thing – hadn’t heard of that one. ) …

If you’re using an older wireless router that doesn’t support strong encryption, buy a new one. They’re not that expensive nowadays. Linksys makes some good ones for under $100. The problem with older types of encryption, such as “WEP,” is that they can easily be cracked. You can download cracking software online that will typically break it in a few minutes at most.

At our radio stations in a less-than-perfect neighborhood, we constantly have to guard against wireless thieves, while still providing reliable access for in-studio guests. In addition to the stuff that ab@novell suggested (which are all highly recommended), don’t overlook the physical aspect. If you’re not radiating a signal toward the thief, he can’t steal bandwidth. It’s really that simple.

(To give you an idea, it’d be a drastic step, it’d look weird and people might laugh at you, but you could actually cover a wall with aluminum foil or screen wire, if you had to. That stops the signal COLD.)

Walk around your building. Look for natural obstacles that you can exploit. A metal roof, or even a floor with steel supports, makes an excellent barrier to the signal. Try to position the router so that these barriers are between it and potential thieves.

For example, before we moved our radio stations to the current facility, we were in the first floor of a building that was cut into a hill. I put the wireless access point at the back of the building, “inside” the hill, essentially broadcasting from inside of a “cave.” Made it a LOT more difficult for anyone to steal a signal.

Another idea, if the router supports this (another reason to get a new one if it doesn’t!), is to reduce power just to the point that you can get a good signal where you need it, but not outside. If you don’t have a wireless “sniffer,” take (borrow, if need be) a laptop outside and walk around, checking for signal.

If it’s a wardriver, he’s probably sitting in a car. Keep the access point away from the parking lot. If you’re in a building with several other tenants, that complicates matters, but you can dramatically reduce the problem with the steps outlined here.

Sorry for the delay. My HD crashed and I had to get a new one and reinstall my OS. Anyhow, Great advice. I especially like that bit about ettercap. That sounds very interesting. I also hadn’t thought about about pinging the hell out of him. What would a bash script for that look like? I’m not sure how to go about setting up MAC filtering, but I think I can probably figure it out. I’m not going to change anything yet however. I really want to know who it is. I heard the word sniffer mentioned. Is that what I need to watch what he’s doing? Like I said, I don’t really mind if hes not doing anything bad, especially since I’ve stolen Internet access before. (I never did anything bad with it, just email, surfing, and online chess, courtesy of AOL It could just be a kid whose parents wont get him Internet. If I could see what websites he was visiting, then I could probably tell if its just a kid, or if its some prick who should get his own access point. If it is a kid whose just surfing, gaming, and emailing, then I’ll just add his MAC address to the router too, once I figure that out. If its some Jerk, then I’d like to mess with his mind with pings and upside down images and redirects to Internet Siberia. I’m going to go google ettercap now. Tomorrow, I’m going to take my laptop for a walk to see how far my signal goes. Maybe I can figure out which house its coming from, or at least, limit the choices. I’m residential, so there aren’t that many houses that it could be. Thanks for the info and advice. Ohh… BTW, I’m already using WPA,(not sure if its 1 or 2) and my password has letters and numbers. I am broadcasting my SSID though. I’ll change it later. I want him to hack me at least one more time. I’d really like to know who it is first, and do a little retaliating if warranted. Thanks again.

Sorry to hear about your hard drive. Sounds like you’ve been having fun!

If you weren’t worried enough before, have a look at this video.

https://www.youtube.com/watch?v=hqeXaBEdOGg

Misleading video, imho. It shows a common dictionary bruteforce attack, which is no different than any attacking any other password system that you can get a hash for. They did a packet capture to see the transaction, then ran a bruteforce attack against their dictionary. Obviously the WPA password was near the front of the dictionary they were using since it found it immediately. For all we know, the dictionary file had only a single password in it, the correct one.

As with any password-based method, the security is only as strong as the password. If the WPA password in had been strong and not vulnerable to a common dictionary attack it they wouldn’t have found it at all, much less quickly.

This isn’t a weakness of WPA, just a weak password. Use strong passwords and you won’t be vulnerable to this type of attack.

Ooooh wireless I dont like it at all,Im in cable with hub and it is more secure then wireless.I will tell you about wireless to days tech. they can hack into your Laptop/desktop very easy,with cable it takes little longer for the hackers to get into your computer.There is a machine you can get to scan outside the building only park beside close by,scan there you get number and so on.
2 years or 3 years ago in Calgary Alberta they investigate how to hack into the computer wireless,with that tech. is very easy like 1,2,3,but I have laptop with wireless or cable I use cable.
I use the computer for over 13 years never never one hacker hack into my computer no one.
I know how to.

Don`t use wireless and it is up to you.

Good luck

mike

Hi,

First of all hiding the SSID and limit the network to known MAC-addresses doesn’t really help since those informations are never encrypted. So the attacker just has to sniff the network for a while to know which SSID you are using and which MAC-addresses are valid. After that he spoofs his MAC-address and trys to connect again. That takes only some minutes.

SSID and MAC-addresses can’t be encrypted since they are needed to connect the stations to the access point. For more information go here:

Hacking Techniques in Wireless Networks

To detect what’s going on you can do the following:

1. Read the log files of your router. There you can normally see which stations have logged in when and how long.

2. If you want to know what the attacker does with your connection first get a HUB (not a switch!) and connect it inbetween the access point and the router or inbetween the router and the modem. Connect a computer to that HUB and start Wireshark. Let it sniff for a while for all packages and have a look to which addresses, web pages … the attacker connects.

3. Ask your provider to screen the connection.

To keep the attacker out:

1. Use strong encryption like WPA or WPA2.

2. Use the full length for the key (63 chars)

3. Use a strong key. Prefered is to create the key by your computer. For example you can create a random key by typing this line in your shell:

dd if=/dev/random count=1 bs=256 2>/dev/null |openssl base64 |tr -d '
' | cut -b-63

4. Power down the output capacity of your access point to a minimum. E.g. here in my home I get a good connection everywhere with only 40% output capacity. Doing so the distance from where you can reach your WLAN is much smaller.

5. Switch your WLAN off when you don’t need it. Most simple form to do so is to power off the access point.

6. Use cabled network.

hth

Bye

Erik

This is a good thread IMHO.

Any volunteers to take the information from this thread (and other sources) and create a new How To ?

The how-to could be pasted here:
Unreviewed How To and FAQ - openSUSE Forums
… and then updated as various users comment and provide suggestions.

Hi,

What kind of how-to? How to hack a WLAN? g How to set up a WLAN? How to detect hackers in a WLAN and what they do? All of the above?

Bye

Erik

lol! lol! … perhaps entitled: how to get forums.opensuse.org shut down by the local constabulary ? … rotfl!

Typically the person doing the work in the how-to dictates the thrust and direction, and then others comment by replying to it. After review, if the how-to is deemed sufficiently useful by the membership, it is copied by the forum mods/admins to the “reviewed” area.

My thinking was a How-To that covered how to setup a secure WAN would be useful. It could include minimal checks on how-to detect hackers, although I suspect that might be a separate how-to ? I’m no expert on this, so again I assume the person doing the work in creating the how-to should determine the best division of content.

A month ago, I saw a post of one guy that had similar problem, with his neighbour next door.
Instead of blocking his access, he decided to make fun.
He made some scripts and done something with iptables, making access by his computer(s) normal, while access from any other computer gave inverted text, inverted web pages, blured images etc.

So, guy thought that he got virus, reformated his HD few times, and eventually, gave up of using his wireless to steal internet.

Maybe it is better course of action then to stop bastards.
I am sure you can google this article out.

Hi guys, thanks for all the info, and I agree, their should be some HOWTO’s, probably for all the topics listed by erikro. Anyhow, an update.

I found my hacker! It turns out its just the neighbor kid. I just took my laptop for a walk, and there was only one house where I could get a signal, so I knocked his door, had a talk with his dad, then with him. In the end, I gave him the password for my network, and now he cleans up the dog poop in the back yard. Good deal, I think.

I do think there should be HOWTOs available on these topic, both from a hacking perspective and from a security perspective. It can’t be that hard. After all, the kid next door could do it!

Anyhow, thanks again people. If anyone does make any HOWTOs on any of these topics, be sure to post a link here. And could you also send me a message. I’d like to read it/them when it/they are done. I might also get the neighbor boy to show me a couple of things.

Cheers

And he was breaking WAP with a strong password? Heh.

In the end, I gave him the password for my network, and now he cleans up the dog poop in the back yard. Good deal, I think.

ROFL!!! rotfl!

I love it! Justice is served!!!

Apparently, I’ve been unfortunate enough to have made some enemies in the internet world, but actually it was someone in power who gave them the ability to hack into my life. I know absolutely nothing about computers but these *******s have been spying on me for three years. I know, I should have pressed charges earlier and I’m actually headed there. In the meantime though, these *******s keep kicking me off my wifi. Any help would be greatly appreciated…Thanks guys in advance!!!

They’ve blocked me off Twitter also. I can’t find any real people. They think it’s funny to trap me in isolation. These people are ****ing crazy. They’ve been hacking into my browser and editing pages. It wasn’t until I installed Norton Toolbar that I didn’t see their **** anymore but obviously that won’t solve 99percent of these problems. For six months I wasn’t even online. They blocked my Twitter page from being public.