FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Need help securing wireless network





snakeyes37
Hi,

I've Recently had a nosy neighbor snooping on my wireless connection, changing my passwords, deleting my email, signing onto my IM accounts, etc. I recently secured the network afterwards with WPA-TSIK and made a pretty strong password, also reset my SBC modem to get a new IP. Then he still got through, so I set it so that the DHCP only assigns IPs to 3 pc's(that's all the pc's in my house) and then I turned on Wireless MAC filtering and he still got through. Then I changed the name completely of the SSID and turned off the broadcasting, and he still got through. I've resorted to just shutting off the router and using just the modem and dial-up because I am at a loss.

Any ideas?

Thanks in advance.

PS. I have a Wireless Linksys 802.11G WRT54G with my Firewall enabled. I apologize for double posting, everything time I try submitting my post, nothing ever happens.
Quake
Wow dude! Seems like u got a real Cracker problem on ur hands. I deal with older wireless networks mostly, and have not played around that much with the new emerging standards, but I can say i will look around and try to help, for now though, i will recomend a book to read its called 'Wi Foo' by Andrew Vladimirov I got mine from Amazon.com for twenty bucks couple months ago - It is the one single book that has EVERYTHING about wireless networks. Check it out.


As for accesing ur stuff, he must be real handy with wireless stuff in order to tap into ur wireless - I have seen it done before, heck I have even done stuff like that before. The best solution for you right now wiuld be to get a highly directional antenna and point it only twords your comps, make sure that the signal is as far away from ur neighbor as possible, that would make it harder, but then again if he knows what he is doing and using a high-gain antenna on his wireless card, you will probably be skrewed anyway...
orno
well in that case i would say u have a trojan on your computer and he probably has access to your main computer from where he can get access to whatever you mentoned there... coz otherwise i see no way he could hack all the wireless keys etc....

P.S u sure u have all default router and/or firewall passwords changed?
rvec
If he get's passed the mac filter the problem should be somewhere else than the router.
Animal
I think banning all MAC addresses except your own is the best way forward. If possible, enable WPA encryption - if not, WEP will have to do.

I would first double-check that you don't have a virus or worm - get AVG Free and run a scan. The fact your IM is being messed with suggests that it may be something other than a hacker.

This may seem like an extreme step, but if it definately is your neighbour and he gets through that again, get a copy of the connection log for your router - make sure it has a MAC address of the hacker on it and phone the Police. In most countries he'd get done for computer misuse and hacking. Like I said, it sounds extreme, but what he's doing is completely illegal.
Jamatu
I agree with rvec, getting past all those security measures would take time and effort why would your neighbour do that? Maybe the problem is elsewhere on your computer or another computer on your network maybe?

How do you know he has been accessing the router btw?
foggy
I agree with the person that said there is probably a Trojan/keylogger on your computer or the person is sneaking into your house and gaining physical access to your computer because there is no way that any normal person can crack WPA with a good password in a reasonable amount of time (give or take a few decades)

Like other people, I recommend scanning your computer and turning on WPA-PSK again with a ridiculous password (https://www.grc.com/password.htm)
snakeyes37
Alright, I can try turning it on again, right now I turned the wireless broadcast off, I'm only using the hard wired LAN on my router to access the internet. I dont think my neighbor is gaining physical access to my house. Shocked
longjack
This is a tough case.

If you are comfortable working with computers, I would try buildng a hardware router such as Smoothwall or IPCop using an old computer.

I'm not sure if the SBC device you have is a modem only, or modem/router, but if it a modem only all you have to do is put the firewall you just built behind the modem.

Set up the new firewall you built to use an (uncommon for residences) IP address such as 10.10.23.0, etc., which is harder to guess than a 192.168 address. So, make the LAN IP address of the new hardware router something like 10.10.23.114 (or anything other than 10.10.23.1 or 10.10.23.254)

Turn OFF the DHCP function in the WIRELESS router. Change the standard LAN address on it (192.168.0.1 for linksys?) to something else. It doesn't have to be in the same range as the new LAN (10.10.23.0).

Remember IT though, because you will have to access the wireless router at the new IP, and it's also a little harder because, now, when you want to access the WIRELESS device setup, you have to manually assign the IP address on any computer you use to access it an IP address in the same range as the WIRELESS LAN IP you just made.

Hardwire the two together and you will be able to work on the WIRELESS device IF you have to. For example, if you make the WIRELESS IP LAN Address 192.168.157.23, you would have to set the IP address on a laptop, say, to maybe 192.168.157.20, then hardwire that to the wireless router.


Turn off SSID broadcast and use a strong password on the wireless device.

Either use the new hardware firewall to give out IPs, or shut off DHCP on that as well and assign all IPs statically. The LAN IP address of the hardware firewall will be the LAN gateway.

On your workstations, install a firewall like the Kerio 2.15 firewall that will alert you about any outgoing connection and watch for suspicious ones. I agree with the other comments that there is a backdoor into your local machines, so that has to be resolved so the hacker can't see what you're doing from the inside.

If you are running a webserver or FTP server, they should be outside your workstation LAN. A hardware firewall handles that easily by using a third NIC. If you use Remote Desktop Conncetion, or other remote control software, they have to be changed to use non-default ports.

I'm sorry you have to deal with such issues to make measures such as these necessary. I'm sure it sounds confusing, however, taken step by step, it can be done with a minimum of fuss.

HTH

longjack
snakeyes37
longjack wrote:
This is a tough case.

If you are comfortable working with computers, I would try buildng a hardware router such as Smoothwall or IPCop using an old computer.

I'm not sure if the SBC device you have is a modem only, or modem/router, but if it a modem only all you have to do is put the firewall you just built behind the modem.

Set up the new firewall you built to use an (uncommon for residences) IP address such as 10.10.23.0, etc., which is harder to guess than a 192.168 address. So, make the LAN IP address of the new hardware router something like 10.10.23.114 (or anything other than 10.10.23.1 or 10.10.23.254)

Turn OFF the DHCP function in the WIRELESS router. Change the standard LAN address on it (192.168.0.1 for linksys?) to something else. It doesn't have to be in the same range as the new LAN (10.10.23.0).

Remember IT though, because you will have to access the wireless router at the new IP, and it's also a little harder because, now, when you want to access the WIRELESS device setup, you have to manually assign the IP address on any computer you use to access it an IP address in the same range as the WIRELESS LAN IP you just made.

Hardwire the two together and you will be able to work on the WIRELESS device IF you have to. For example, if you make the WIRELESS IP LAN Address 192.168.157.23, you would have to set the IP address on a laptop, say, to maybe 192.168.157.20, then hardwire that to the wireless router.


Turn off SSID broadcast and use a strong password on the wireless device.

Either use the new hardware firewall to give out IPs, or shut off DHCP on that as well and assign all IPs statically. The LAN IP address of the hardware firewall will be the LAN gateway.

On your workstations, install a firewall like the Kerio 2.15 firewall that will alert you about any outgoing connection and watch for suspicious ones. I agree with the other comments that there is a backdoor into your local machines, so that has to be resolved so the hacker can't see what you're doing from the inside.

If you are running a webserver or FTP server, they should be outside your workstation LAN. A hardware firewall handles that easily by using a third NIC. If you use Remote Desktop Conncetion, or other remote control software, they have to be changed to use non-default ports.

I'm sorry you have to deal with such issues to make measures such as these necessary. I'm sure it sounds confusing, however, taken step by step, it can be done with a minimum of fuss.

HTH
longjack





Sounds like a good idea, but theres one problem, I dont know squat about building modems unfourtnately. Sad
longjack
From the way you described your problem, and from how you have determined a neighbor is getting access, it seems to me you are more than capable of building the firewall. Otherwise, I wouldn't have mentioned it.

Use IPCop to start. Go to http://www.ipcop.org/ to download the iso and for an overview. Then go to http://www.ipcops.com/modules.php?op=modload&name=PNphpBB2&file=index for the installation guide and other instructions. Here's another IPCop support forum for more advanced questions: http://www.ipcops.com/modules.php?op=modload&name=PNphpBB2&file=index

IPCop may be slightly easier for a beginner to install, and IPCop also has many easy to install addon tools that will further help you block out your neighbor. Smoothwall (http://www.smoothwall.org) is good as well. I tend to use Smoothwall, but I have had great success with IPCop also.

All you need to start is an older computer, say pentium II or III, a cd rom drive, a 2 or 3 GB hard drive and 2 network cards. You can remove the cd drive when your finished with the install. You only need a monitor for the install as well.

You shouldn't need to touch your SBC 'modem', BTW.

I think your problem now comes from having your linksys wireless device also act as a router and DHCP server for your entire network. I think it is better to use the linksys only to broadcast the signal and let the IPCOP firewall handle the other stuff.

You're in an extreme situation because of the neighbor who is going way beyond what I consider acceptable. When you're finished setting this up, you should have multiple ways to block him.

Once you start I'm sure you'll be up and flying in no time. Any questions, just ask.

longjack
snakeyes37
Alright, I'll look into it. I manually configure all computers with an IP address, I stopped using DHCP a long time ago due to always getting disconnected, its still enabled though I believe.




Thanks.
xorcist
I have an idea you go over to his house and beat him up and then you smash his computer. I would have done that if I see someone doing that to my stuff. If you dont feel like doing that then just go and scan your computer for keyloggers or trojans. Try getting a firewall or something like that. But really what's hes doing is going into your privacy you need to do something else about it instead of trying to keep changing your things up.
longjack
snakeyes37 wrote:
Alright, I'll look into it. I manually configure all computers with an IP address, I stopped using DHCP a long time ago due to always getting disconnected, its still enabled though I believe.




Thanks.


You know a lot already, so I'm sure you'll get everything running just fine.

I agree with the poster above that this guy is definitely a jerk. It's too bad you have to deal with that BS.


longjack
darknesscloud
right now there is no way to secure wireless networking and intermet btw its someone in ur local area get zonealarm its the best best of all its a firewall and an antvi virus both for 20$us
Animal
longjack wrote:
This is a tough case.

If you are comfortable working with computers, I would try buildng a hardware router such as Smoothwall or IPCop using an old computer.


You wouldn't have to build a new router. Almost all modern wireless routers allow you to change their IP address and the IP address range that it gives out - check out your manual, support web pages and advanced settings on your router's configuration and you just might be able to change it yourself.

Might be a dumb suggestion, but even if you switch off SSID broadcast, the guy might be able to guess your network's name. I'd suggest you change the name of the network and the password to something quite obscure. Try using special characters.
snakeyes37
Yeah, I've already changed the router's password with a 63 key character with a passphrase generator. I'm currently formatting two computers 12 times, then I'm going to use WPA2 with a 63 character passphrase. But theres one problem, my PSP doesn't seem to support WPA2. Mad
Animal
It's not just the password you should change though - try changing the network's name.

For instance, if the default network name is "Wireless" then you could change it to something like "1725BQR_92"

Something he's not likely to guess and therefore won't be able to find unless you broadcast the network's SSID.
longjack
Animal wrote:
You wouldn't have to build a new router.



I'm not sure if snakeyes' SBC modem is a router as well. The linksys wireless was giving out IP addresses, but maybe the modem/router was, too, and still is. If the bad guy has the same modem/router as snakeyes' then he already knows the IP range and gateway.

The wireless could be set with no SSID, etc, but if it has a hard-wired connection to the SBC device, and the SBC device is handing out IP's you could probably connect with an IP in the SBC's subnet. Again, if doofus has the same SBC device, he know's all the information he needs to surf on Snakeye's dime. Maybe, too, the SBC has external access on and is running a default admin password.

The best scenario would be make sure access to the SBC is closed to the outside, switch the SBC into bridge mode if it is now routing, and build a firewall doing DHCP in a rarely used IP range behind it. Once the firewall is in there are many more options defensively: DMZ, wireless zone, Squid / Dansguardian, etc.

It's a 20 minute job to build one with spare parts. They are just as easy to control as any wireless router with a web interface and infinitely more modifiable.

longjack
Animal
longjack wrote:
Maybe, too, the SBC has external access on and is running a default admin password.


Now that's something I should have thought of!!!

You'll have a remote admin setting, where if you type http://192.168.0.1 or something like that into your browser, it'll take you to the router's setup page. If you've not done so already, change the password and (if possible) the admin account name too. If he knows the default password, you can set a new WPA2 key as much as you like, he'll still be able to get in and mess with it and use your bandwidth.
longjack
Animal wrote:
, he'll still be able to get in and mess with it and use your bandwidth.


What I'm thinking is that maybe the SBC device is a modem/router. which means it's giving out IP addresses. I'm not sure what default addresses it gives out, but let's say it gives out addresses in a 10.0.0.0 subnet.

Following that, the most common gateway address would be 10.0.0.1.

You connect the linksys which is giving out IP's in the 192.168.0.0 subnet. However, it's connected to the SBC via a network cable, which means that it may be giving out 10.0.0.0 addresses as well.

While you're locking everything down on the linksys subnet, it may be that doofus, who has an SBC, too, and knows the specs, is simply typing in something like IP address 10.0.0.5; gateway 10.0.0.1, as a static address for his wireless card and is getting in on the SBC subnet.

This is just conjecture on my part.

If that is actually the case, then you could set up the SBC to not give out addresses, or set it to give out only address, which is also set as the DMZ and use the linksys in the DMZ to do the IP addresses, route, and do port forwarding. The linksys could be set in an uncommon IP range that's harder to guess, say, 10.10.10.0 with the LAN IP something other than 10.10.10.1, say 10.10.10.134, so it will be harder to guess the gateway.

I do a lot of Smoothwall /IPCop firewall installs, that's why I recommend them. Comparatively easy and very powerful. Either put the SBC in bridge mode, if you can, or have the SBC give out only one IP address, which is put in a DMZ, and send everything to the Smoothie or IPCop and let them handle your network.

What a PITA it is for snakeyes, though. Doofus definitely needs an attitude adjustment.

longjack
headlong
It is very easy to change virtual MAC address in Windows XP. So the best thing you can do is to get an router without wireless signal. Since you are using only three computers at the same time, it should be easy to plug all three to the router.

On the other hand, if someone has gotten you password before, it is very likely that he/she will leave a torjan horse or something like that. We never you change the password, he/she will get it. So I think you should start to protect your password not only for accessing your router. If he/she can get access internet in some other way, he/she can look into your stuff again.
Related topics
problem with wireless network
Laptop and Network problems.. help please
Wireless Network Adapter
Need help pickin a fone....... Fone techys help!
Slow wireless connection but excellent signal
Wireless Network Question
Help to set up wireless network
sharing a scanner on a (wireless) network
Setting up a wireless network
Network Problems
Intel Pro Set Wireless / Windows XP Wireless Network Issue
Wireless network setup. Unstable connection
Can't connect to home wireless network without ethernet
Transferring data through wireless routers(wireless network)
Reply to topic    Frihost Forum Index -> Computers -> Computer Problems and Support

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.