It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Wi-fi WPA hacked three time this week and it only takes seconds to do

page: 2
5
<< 1    3 >>

log in

join
share:

posted on Jul, 10 2014 @ 07:32 PM
link   
but still, if you close your backdoors, though i dont know why you would leave access like that, do you still think they could do it?




posted on Jul, 10 2014 @ 07:45 PM
link   

originally posted by: aesopsfables
I don't use WiFi...Ethernet cord hardwired. WiFi is dangerous in ways we don't understand yet


Yes if only but i-pads don't have rj45 sockets let alone mobile phones and today i have 14 devices on the LAN and the only way I can keep control is to run my own DNS server and proxy server and then block dvices from bypassing the proxy server as they try to do all the time.

Some devices like smasung spyware TVs won't allow you to add a proxyy server (too much spying) so I hijack the IP using the DNS server and force it to use the proxy server and then I tweak the MAC address thats embed in the HTTP request thats sent to Samsung.com

All network devices need a MAC address but it only gets used on the first hoop and the IP-Address is used end to end in most cases but that didn't stop Google using its street view cars from scanning everyones wifi-MAC address and Google also runs software on your machine so that it scan every MAC address within wifi range and uploads it back to Google.

Good routers allow people to spoof the MAC address but thats not the type you get free from your ISP and also note that most free routers have hidden open ports so that your ISP can (See the contract, it all legal) scan every device on your network.



posted on Jul, 10 2014 @ 08:00 PM
link   
a reply to: VirusGuard

Security expert? Why don't you use a MAC whitelist?

What firewall are you using?
edit on 10-7-2014 by AnonBelgium because: (no reason given)



posted on Jul, 10 2014 @ 08:06 PM
link   
The point I am trying to make here is not if I could stop these attacks but that 99.999% of the poulation does not understand what is going on and those that do will most likly not know how often these attacks happen.

My router has an option to block port scans, tick in the box but I can port scan my own machine even with the option turned on and most port scans these days come from your own LAN with software that scans your own public IP address and then uploads any open ports so who are you going to report ? SRWare Iron does this trick.



originally posted by: fixitwcw
but still, if you close your backdoors, though i dont know why you would leave access like that, do you still think they could do it?


On my NAT i allow some ports and then map all the others to an IP address X.X.X.99 that does not exsist and this allows me to log any attempted hacks using a program that reads sys-logs on port 514 and then a program sends a ping to anyone thats trying it on and something like the ping of death to anyone that goes too far.

" do you still think they could do it?"

Make no mistake these people can gain access to anyones machine running windows and I have seen little bits of information that says to me that they are popping in all the time but you won't see any windows process starting up and you can sniff the network using something like wireshark all you like because thats just asking windows to tell the truth about the OS and I happen to know windows API are lieing all the time on everything from locked files to processes.



posted on Jul, 10 2014 @ 08:23 PM
link   
Sorry I will not give out the name or model of my router but I can tell you that its not on any off the default IP's or port 80 because a kid can write ajax to scan 192.168.1.1 from the LAN and upload the results back to a server and yes I admit I often leave a browser open thats connectd to the firewall and being human after all.


originally posted by: AnonBelgium
a reply to: VirusGuard
Security expert? Why don't you use a MAC whitelist?


if you read what i said then i do have a whitelist in effect to stop devices getting out but i have better things to do than read a MAC address from the device, type it into the router and then assign an IP-Address and was i to do that then i would not be in a position to warn none experts like you as to how frequent these attacks are or how people can detect and block them if they dont have top of the range firewall/routers with all these options.

You cannot log whitelist vialations in most cases but you can log/block using firewall rules



posted on Jul, 10 2014 @ 09:39 PM
link   
use the soda can diretional antenna hack



posted on Jul, 10 2014 @ 10:46 PM
link   
a reply to: VirusGuard

Are you sure that it is your wireless signal that has been hacked? It would be odd for your DNS and DHCP servers to be running off of wireless. Maybe someone has hacked through your wired connection and is manipulating your wireless from the inside. Even if your wireless password is compromised, the MAC filtering/assignment should still render your signal useless to an outside party, unless that party has access to your wireless setup and can manipulate it, which makes me think that it is being done through your LAN connection. Are your servers physical or virtual machines? Do you have third party software managing your firewall? You may have a firewall management conflict if more than one firewall is attempting to manage and monitor traffic (i.e your computer's firewall conflicting with your wireless routers firewall, or even a firewall on the servers.)



posted on Jul, 11 2014 @ 05:30 AM
link   
a reply to: OptimusSubprime

"Are you sure that it is your wireless signal that has been hacked? It would be odd for your DNS and DHCP servers to be running off of wireless."

The router is duel band wifi and has a built in DHCP and the DNS servers are internal on the LAN with the primary on a wired 1gbit connection that I put in myself so i don't think the wires have been tapped

"Even if your wireless password is compromised, the MAC filtering/assignment should still render your signal useless to an outside party"

Yes agree and its not that i am asking for help its that I know 9999.99% of the people in the world would not have the skills to do white list MAC filtering or strict binding let alone a router that has these option, hence the post.

"unless that party has access to your wireless setup and can manipulate it, which makes me think that it is being done through your LAN connection."

Maybe it was done like I said and you can see for yourself on youtube or do a google on the subject but in my case they did get in to the LAN but they could not get out to the internet because low addresses leased out by the DHCP are all blocked in the firewall

"Are your servers physical or virtual machines?" Physical

"Do you have third party software managing your firewall?" Nope

"You may have a firewall management conflict if more than one firewall is attempting to manage and monitor traffic (i.e your computer's firewall conflicting with your wireless routers firewall, or even a firewall on the servers.)"

Mixing windows software firewall with a hardware firewall will often result in conflicts as most sys admin will know but the windows firewall cannot force the hardware firewall to allow/deny WAP connections and I would not be so daft as to turn UPNP on but no I only have one DHCP on the network and no other hubs on the system.

The router is not a netgear ( good bits of kit ) but was I to set it up to use strick MAC addreses then I don't get the option to log attacks, same with the NAT so I have ever TCP/UDP/ICMP port open and port map to an un used addresss and then block that address in the firewall where it has the option of logging.

if someone is peeking in my letterbox then I want to know about it and i could use admin email alerts to do this but instead I will edit some code to play an .mp3 file next time so that i can catch them.

on the subject microsoft virus ware now adds a shed load of inbound and outbound rules to the local firewall for Metro apps when you get updates, turning updates off does not work because MS turns it back on so you have to disable the service to stop this.

The windows firewall is program based but i have seen processes that cannot be resolved by-passing this firewall and you have to ask yourself what type of company can write an OS and then not be able to resolve all network activity back to a calling process ID ?

Running windows is now like haveing a remote terminal for microsoft, its not yours and many microsoft domain names cannot be blocked anymore using the etc/host file and no you are not going mad when microsoft changes your power options on your laptop without asking you.



posted on Jul, 11 2014 @ 06:43 AM
link   

originally posted by: VirusGuard
Sorry I will not give out the name or model of my router


Why not?
If it's that top of the range it's probably Watchguard, ZyXEL or Cisco. Or you've built one yourself with Monowall or pfSense.


originally posted by: VirusGuard
if they dont have top of the range firewall/routers with all these options.


My modem I got for FREE from my ISP has both MAC white and blacklisting.



posted on Jul, 11 2014 @ 08:56 AM
link   
a reply to: AnonBelgium

Yes them Watchguard look good but you have to pay a fortune to the provider to use them i think else you get cut off and this is why people sell them as cheap as chips on ebay.

The router i got from my ISP does not realy include anything that you could call a firewall and just a NAT for port forwarding and even that kept blowing up with some type of error about the file system on the device.

Filtering inboumd trafic is easy and adding a few outbound rules to allow TCP 80/443 for machine X and port 43/53 on machine Y is my last line of defence and I use a DNS server to block most of the common spyware servers and then pump as much as I can to a Proxy server to inspect the HTTP headers before sending anything out.

Now I hate Google and i could block all the IPs (Millions of them) or use Url/keyword filters in the firewall but its like traffic lights with just red and green but what you also need is amber that tweeks the HTTP request sent out to Google because many sites just wont work without Googles spy scripts.

Another example is a Samsung TV that addes it MAC address to the HTTP Request and if you block Samsung.com then the TV just wont work so in my case I tweek the request (Amber) in the proxy server and corrupt the MAC address before sending it on and this happens in the proxy server and the way i do this with a TV is to use the DNS server to hijack the DNS requests from the TV to force it to use the proxy server.

See my post on ISPs hijacking DNS lookups
www.abovetopsecret.com...

What i would love is the option in a firewall to port forward outbound request to a local proxy/port server because this hijack trick i use does not always work on things like an X-Box so please let me know if you know of any such devices.

My other option is to replace the router with a PC that has two network cards and then use Popppe to connect to the WAN which might be the best bet because I also decrypt SSL traffic using fake certificates (MIM) and strip out/corrupt stuff google is uploading.

HTTPS is being used more and more to hide spyware activity and URL filters in hardware firewalls don't work because all they get to see is the HTTP CONNECT and don't get me started on microsofts back door Ipv6 Teledo tunnel that by passes both your windows and hardware firewall rules.

Microsoft talks big about security but to get anything working like "Play too" you need to open up just about every port on your LAN and MS is so good that when you add a new user to your machine then the old wifi password is kept from the previous account because you see MS wants to watch you and this is why using outbound firewall rules is so important

in effect the virus is already on your machine and it tries every trick in the book to call home and yet so few people seem to know or care about this.



My modem I got for FREE from my ISP has both MAC white and blacklisting.


You seem to know what you are talking about and i think you already know that many of these free routers have ports left open for your ISP to use and they even put this information in your service contract to make it all legal like for them to browse you LAN

ubuntuforums.org...




edit on 11-7-2014 by VirusGuard because: (no reason given)



posted on Jul, 11 2014 @ 11:23 AM
link   

originally posted by: VirusGuard

Yes them Watchguard look good but you have to pay a fortune to the provider to use them i think else you get cut off and this is why people sell them as cheap as chips on ebay.


True but you can buy one cheap and replace the TransFlash Card with a larger one and use pfSense, I've tested that on a Watchguard Firebox X1000 and it worked like a charm.
Also Citrix boxes should work with pfSense


originally posted by: VirusGuard
The router i got from my ISP does not realy include anything that you could call a firewall and just a NAT for port forwarding and even that kept blowing up with some type of error about the file system on the device.


Most ISP's mod the factory firmware to their needs and in the process cripple the device.


originally posted by: VirusGuard

Now I hate Google and i could block all the IPs (Millions of them) or use Url/keyword filters in the firewall but its like traffic lights with just red and green but what you also need is amber that tweeks the HTTP request sent out to Google because many sites just wont work without Googles spy scripts.


There are extensions or plugins for browsers wich can stop scripts like Google Analytics and such.


originally posted by: VirusGuard
Another example is a Samsung TV that addes it MAC address to the HTTP Request and if you block Samsung.com then the TV just wont work so in my case I tweek the request (Amber) in the proxy server and corrupt the MAC address before sending it on and this happens in the proxy server and the way i do this with a TV is to use the DNS server to hijack the DNS requests from the TV to force it to use the proxy server.

See my post on ISPs hijacking DNS lookups
www.abovetopsecret.com...

What i would love is the option in a firewall to port forward outbound request to a local proxy/port server because this hijack trick i use does not always work on things like an X-Box so please let me know if you know of any such devices.


Doesn't the Samsung TV connect to the proxy it receives via DHCP?


originally posted by: VirusGuard
My other option is to replace the router with a PC that has two network cards and then use Popppe to connect to the WAN which might be the best bet because I also decrypt SSL traffic using fake certificates (MIM) and strip out/corrupt stuff google is uploading.

HTTPS is being used more and more to hide spyware activity and URL filters in hardware firewalls don't work because all they get to see is the HTTP CONNECT and don't get me started on microsofts back door Ipv6 Teledo tunnel that by passes both your windows and hardware firewall rules.

Microsoft talks big about security but to get anything working like "Play too" you need to open up just about every port on your LAN and MS is so good that when you add a new user to your machine then the old wifi password is kept from the previous account because you see MS wants to watch you and this is why using outbound firewall rules is so important

in effect the virus is already on your machine and it tries every trick in the book to call home and yet so few people seem to know or care about this.


The thing is a lot of people know about it but the problem in my opinion is every time we find something to stop it they WILL find a way to get the information they want.
Teledo tunnel indeed screws you over unless the firewall supports IPv6 and luckly more and more ISP's are transfering to IPv6.


originally posted by: VirusGuard
You seem to know what you are talking about and i think you already know that many of these free routers have ports left open for your ISP to use and they even put this information in your service contract to make it all legal like for them to browse you LAN


I'm not sure if my ISP has built in any backdoor but I know that since the TR-098 got exploited and someone stole 285.000 logins thing have changed, the admin password is now no longer a standard password but the serial number of the modem.
The funny thing is the when WAN is disabled in configuration TR-098 IS STILL ENABLED!
But not so long ago the found what they think is spyware made by a government (because of the complexity) on my ISP's servers.
BICS infection



posted on Jul, 11 2014 @ 12:47 PM
link   
Stay on top of changing your password and monitoring who's on your modem. I checked my modem when I noticed that everything was slow and not acting right and come to find that my neighbor and their whole family was using my WI-FI(my daughter gave their daughter the password). I immediately deleted them from my modem, changed passwords and started monitoring it. Leeches, man, they are everywhere!!



posted on Jul, 12 2014 @ 05:06 AM
link   
a reply to: AnonBelgium



True but you can buy one cheap and replace the TransFlash Card with a larger one and use pfSense, I've tested that on a Watchguard Firebox X1000 and it worked like a charm.


Hats off you know your stuff. Will read up and see if it worth the change since my router is far from perfect and the logic you need to apply rules is just stupid. Do you know of a router that can redirect outbound traffic back to a proxy on the LAN ?

I want something like if destination = google then send to 192.168.1.20:80

Yes i know about browser plugins and trackikng protection lists but i went past that and built a browser around chromium but it crashes for no reason and i can not fix it to make it perfect

"Doesn't the Samsung TV connect to the proxy it receives via DHCP? "

I don't have this option and never seen it but i know you can do something in windows to set a proxy for the whole network but i don't think Samsung would use it. Even my mobile phone lets you add a proxy but not so with x-box or samsung TV because we give our rights away when we use these devices.



Teledo tunnel indeed screws you over unless the firewall supports IPv6 and luckly more and more ISP's are transfering to IPv6.


I turn IPv6 off and will resist the move to it as long as i can. We needed more that 4.2bn IPs but we didn't need to go as far as having an IP address for every milk bottle in the world that will ever be made. IPv6 does not work well along side IPv4 and is a desaster waiting to happen IMHO.

"But not so long ago the found what they think is spyware made by a government (because of the complexity) on my ISP's servers. "

I would say that you should buy something made in China but I hear that they are intercepting stuff and sending it off to be "Fixed" and the reason we all have 2-4gb vid cards is because they are taking screen grabs of encrypted documents/messages after you open them so who know how far it has all gone.

Even PC based games today are making you login to a server when all you want to do is play the computer because such is the need to spy and trade our details, its the new currency



posted on Jul, 12 2014 @ 05:22 AM
link   
a reply to: Fylgje

Yes good advise but it would not have saved me in my case but also change the MAC address on the router if it lets you spoof it now and again.

I would not like to guess how many times a day someones mobile phone tries to connect to my router as they walk by because these phones are programmed to scan for a connection if the default one at home is broken and the chances are that the MAC for each and every failed connection is stored in the device.

Windows does this and puts all the details in the registry.

Welcome to 1984



posted on Jul, 13 2014 @ 04:39 AM
link   

originally posted by: VirusGuard
Do you know of a router that can redirect outbound traffic back to a proxy on the LAN ?
I want something like if destination = google then send to 192.168.1.20:80


Why do you only want to sent certain sites through the proxy, why don't you just send all traffic through a proxy?
You could also try and ask on a firewall community forum, for example fpSense has a great and helpful community.


originally posted by: VirusGuard
I turn IPv6 off and will resist the move to it as long as i can. We needed more that 4.2bn IPs but we didn't need to go as far as having an IP address for every milk bottle in the world that will ever be made. IPv6 does not work well along side IPv4 and is a desaster waiting to happen IMHO.


True but as almoast every device today has to be a 'smart' device and connected to the internet we are running quickly out of IP addresses.
Many ISP's are 'recycling' IP addresses and mine is one of them, which results in me getting banned from sites I've never visited before.


originally posted by: VirusGuard
I would say that you should buy something made in China but I hear that they are intercepting stuff and sending it off to be "Fixed" and the reason we all have 2-4gb vid cards is because they are taking screen grabs of encrypted documents/messages after you open them so who know how far it has all gone.


Do you have a source? That would be interesting.
And about the 'fixed" thing, Snowden leaked a documents about NSA 'upgrade' factory's for Cisco hardware where they add altered firmware to routers, switches, ...
Link to artice



posted on Jul, 13 2014 @ 07:18 AM
link   
a reply to: AnonBelgium

I don't want all HTTP on port 80/443 to hit a proxy because streaming kills the CPU and I don't care about traffic going to spyware.com because that gets blocked by the DNS server and i also don't care about traffic on an unknown blog site but the reason i force microsoft / google / samsung traffic to the proxy is so that i can tweek whats being sent.

As i say Block/Allow does not work well in the real world and blocking all of googles evil scripts will stop a lot of sites working and blocking samsung.com means that the TV won't work, hence the need for "Amber" or what i call a protective mode.

I had forgot more than i knew on fpSense but took your lead and had another look and i must say it looks the biz !

fpSense would fit my bill since it has what they call an outbound NAT so that could forward traffic to my proxy down a 1gbit wire and i like it because it will host a squid and even a DNS server on the OpenBDS OS system that is not bloated to death like windows.

In any case i think i would install it on a PC witth two network cards with something like a I3 processor and not some junk old pentium processor that many of these routers use but then i start to ask myself why don't i just use the PC that hosts my custom DNS server and proxy server on the box because i know that can connect direct to the ISP using Popppe ?

So my question to you is has anyone wrote somethinng in like fpSense that runs on windows and does a good job or would i have to write something from scratch myself to relay between the two NCs

I don't think a bridge will work and give me what i want but you might know more than me.

Spent the past day trying to hack my own WPA with these click and go programs and they are all scams, none work and they just want to install download managers and maleware on your machines. CommView is good and lets you see MAC addresses and traffic from all over the place but then you need to export the logs from CommView after paying them some money as a WireShark file and then when you crank up Aircrack-ng you are asked for a word dictionary so it becomes a case of using brute force on the shared public key.

I was wrong and call BS on my own post and I also call BS on Aircrack-ng who run youtube videos with the passwords already in the word dictionary or they have so much luck like they won the lottery three times in a row.

Still not sure how i got hacked but its not your script kiddy next door I don't think and who ever it is must be better than me.




edit on 13-7-2014 by VirusGuard because: (no reason given)

edit on 13-7-2014 by VirusGuard because: (no reason given)



posted on Jul, 13 2014 @ 07:35 AM
link   
a reply to: AnonBelgium

"Many ISP's are 'recycling' IP addresses and mine is one of them"

Me has been dancing with the devil


I know my ISP is intercepting DNS request to google and i can understand why in many cases but what i don't get is why are they doing this to domain names no one has ever heard of and how the hell do they manage this on HTTPS/SSL without doing some type of man in the middle attack and sending out fake SSL certificates ?

See www.abovetopsecret.com...






edit on 13-7-2014 by VirusGuard because: (no reason given)



posted on Jul, 13 2014 @ 08:42 AM
link   
I'm going backwards through this thread but what do your ethernet and 802.11 traces show?
You may have said that already.



posted on Jul, 13 2014 @ 09:49 AM
link   

originally posted by: VirusGuard

I know my ISP is intercepting DNS request to google and i can understand why in many cases but what i don't get is why are they doing this to domain names no one has ever heard of and how the hell do they manage this on HTTPS/SSL without doing some type of man in the middle attack and sending out fake SSL certificates ?


Could it be something like this?



posted on Jul, 13 2014 @ 10:17 AM
link   

originally posted by: VirusGuard

I don't want all HTTP on port 80/443 to hit a proxy because streaming kills the CPU and I don't care about traffic going to spyware.com because that gets blocked by the DNS server and i also don't care about traffic on an unknown blog site but the reason i force microsoft / google / samsung traffic to the proxy is so that i can tweek whats being sent.



Streaming can indeed cause some stress on a cpu but a cheap computer (or server) with dual nic's would probably do fine


originally posted by: VirusGuard
In any case i think i would install it on a PC witth two network cards with something like a I3 processor and not some junk old pentium processor that many of these routers use but then i start to ask myself why don't i just use the PC that hosts my custom DNS server and proxy server on the box because i know that can connect direct to the ISP using Popppe ?


You could try it BUT keep in mind some ISP's don't let third party network equipment directly connect to their network over PPPE (again my ISP as example)


originally posted by: VirusGuard
So my question to you is has anyone wrote somethinng in like fpSense that runs on windows and does a good job or would i have to write something from scratch myself to relay between the two NCs


pfSense does support multiple nic's out of the box, at setup you can decide wich NIC is LAN, WAN or OPT.
When setting up pfSense for the first time make sure to have at least one lan port dedicated or you won't be able to access the web interface thus having to start over.


originally posted by: VirusGuard
Spent the past day trying to hack my own WPA with these click and go programs and they are all scams, none work and they just want to install download managers and maleware on your machines. CommView is good and lets you see MAC addresses and traffic from all over the place but then you need to export the logs from CommView after paying them some money as a WireShark file and then when you crank up Aircrack-ng you are asked for a word dictionary so it becomes a case of using brute force on the shared public key.

I was wrong and call BS on my own post and I also call BS on Aircrack-ng who run youtube videos with the passwords already in the word dictionary or they have so much luck like they won the lottery three times in a row.

Still not sure how i got hacked but its not your script kiddy next door I don't think and who ever it is must be better than me.


Cracking wireless keys is indeed not that easy but also not impossible some people have purpose built computers with multiple high end graphics cards wich generate billions of hashes per second.



new topics

top topics



 
5
<< 1    3 >>

log in

join