It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
One of the better forms of protection you can use is to replace you 360 degree omni directional aerial is a directional antenna. Then place your AP hard against a wall or corner of a room and point it into your house. You can then adjust the strength of the signal so it only goes to the other side of your house.
You can check the strength of the signal at the furthest point from your AP in your house using a wifi audit tool. There many free ones to choose from.
This is the system many clued up businesses use. If its done right then no one can read or mess with your wifi at all.
edit on 29-11-2013 by PhoenixOD because: (no reason given)
Don't rely on MAC filtering alone, however. Please, just don't. It's a bad idea. People seem to think "Oh, well, sure a determined attacker can get past it, but not anyone else." It doesn't take much determination at all to spoof a MAC address. In fact, I'll tell you how:
1 - "Listen" in on network traffic. Pick out the MAC address. This can be done with a plethora of freely available security tools, including Nmap.
2- Change your MAC address.
You can spoof a MAC address when using Nmap with nothing more than a --spoof-mac command line option for Nmap itself to hide the true source of Nmap probes. If you give it a MAC address argument of "0", it will even generate a random MAC address for you.
Now, as far as MITM yes, they exist, and what they specifically try to make vunerable is the stupidity of people. If you ever randomly disconnect, or your router restarts, windows (or what ever host OS your using) auto reconnects, and it never asks you for a password unless you removed it from the saved history.
here are some netgear support links for you:
If you have a price conscious option for a new router that is harder to hack, I'd love to hear it.
edit on 6-12-2013 by UnifiedSerenity because: (no reason given)edit on 6-12-2013 by UnifiedSerenity because: (no reason given)
reply to post by UnifiedSerenity
Are you sure you are actually being hacked?
Have you seen them on your network?
Check with a Packet inspector (wireshark) connected to your network via ethernet(cable)
If you have a sufficiently long password (64 characters is the longest you can have on wpa2 iirc) then it should 'technically' be impossible for them to crack your password.. that is unless they are rocking a pc with like 20 graphic cards to process huge rainbow tables. Even mitm attacks mentioned earlier only get you the password hash, which they need to convert to a real passphase, iirc only wep allowed inputting hash directly.
Ive had times when my wifi was really slow and i thought i had been hacked and someone was hogging all my bandwidth, but further investigaton i realize i was just on a crowded channel or something, shuffling the channels around and my wifi was back to normaledit on 6/12/13 by Kr0nZ because: (no reason given)
You can't secure a device with bad software. If there is a backdoor, it doesn't matter how strong a password you use, they will get in.
Here is an article on a user agent backdoor:
dlink back door
Who knows what back door they have in Netgear routers. Like the article says, run DDWRT. There is still a possibility it can be hacked, but at least there are no backdoors.
Running wireshark isn't a no brainer. A PC has all sorts of network garbage running. Windows phones home so Microsoft can keep track if you are legal. Adobe, Nvidia,they phone home. You have to analyze the traffic. It would probably be less work just to install zone alarm, then examine the network requests.
Most of the modern version of windows have a firewall, but I suppose a hacker could have set up a rule to allow it to phone out.
Some of these user agent hacks in the past have been over wifi. If you think the wifi I'd hacked, junk the router and run DDWRT. Besides, the only suitable place for a Netgear router is in the garbage dump. Wait no, take it to recycling.
If you have ONE PC on the network, it will still have a lot of legitimate chatter. Well if you call Adobe phoning home legit. While I agree Wireshark will see everything, for a person that never ran it, the task will probably be difficult. The only reason I suggested Zonealarm is Wireshark has already been suggested, but still hasn't been used yet.
(!(ip_ == 192.168.1.111)) && !(ip.dst == 192.168.1.111)