Wi-fi WPA hacked three time this week and it only takes seconds to do

Over the past week my wifi-router has been hacked three time and uses the common WPA/2 ten digit password and the reason I know about the hacking is because I am a bit of a security expert and run my own DNS server on the LAN that blocks spyware sites by issuing false IP-Address for domain names like www.rover.ebay.com

Any request to the DNS server from a device in the house on the wrong internal IP-Address gets logged and blocked and I have also setup the routers DHCP server to isue IPs starting at X.X.X.10 and bind MAC address to each registered device and all these legit registered devices get IP-Address ending in "20" or above so anything that gets a IP-Address ending in less than "20" is not registered by me. (I could had used strict binding but didn't) and also get blocked in the routers firewall.

Most routers provided by ISP's free of charge do not allow the use of outbound rules so in most case you are at the mercy of anyone near your home who has looked up how easy it is to hack a free connection into your wi-fi and you can bet this backdoor is being used by the local police and NSA if school kids are able to follow simple tricks as shown on youtube.

In my case one of the devices used was able to fake the MAC address but the user only changed the first digits of the MAC and it seemed to be an I-Phone trying to run Skype but I can almost guarantee most of you are being hacked so watch out, use strict IP/MAC bindings if that is an option.
I run a program that keeps an eye on the routers sys-logs and will tweak the code to sound an alarm the next time this happens and will try to catch the person responsible just to say well done for teaching me a lesson.

a reply to: VirusGuard

and you can also disable wps and ssid to hide your wifi presence and white list access for your home networked devices.
what router and firmware are you running?

a reply to: VirusGuard

for an expert, you should really look into 128 bit wpa2-psk security. yes, it is very easy to dictionary attack your current setup, change your password to random numbers and letters. problem solved. or like i said above look into wpa2-psk. good luck.

a reply to: VirusGuard

Most routers (modern) have safeguards against WPS attacks by means of blocking the attacking parties MAC address, and whilst yes, they can spoof it, it would take a keen cracker to spoof enough times to finally be able to crack via WPS.

As far as bruteforcing goes, using newer softwares that allow the use of a powerful GPU to plough through whatever dictionary they be using like there is no tomorrow may work.....they are still reliant upon your key being available in the dictionary once the handshake has been captured.

All someone has to do is disable WPS and make sure they use a key with enough letters, numbers, symbols, case etc to make it unlikely that any dictionary would contain it....not exactly hard to do.

For the record I am a fully qualified engineer and network specialist with over 20 years experience.

test post (please ignore)

OK...I don't understand all this technology speak.....but I will say this.....for the past month, my wi-fi stops working on my laptop.....even though my BT box is still showing all three lights. I have to shut down my laptop and re-boot my box. The weird thing is I can set my watch by it because it happens between 4 and 4.30 pm almost every day.

Also my mobile....a really old Nokia, will switch itself off and re-boot itself. My friends who have the latest fandangled phones, when they are talking to me say I sound crackly....not all the time...just occasionally...I phone them back....clear as a bell for them.

Another one is when I call certain friends, when the call is going through and I'm waiting for them to reply, there is a small 'blip' noise.....the same blip I get if I happen to be on the phone and a txt message comes through......so what's all that about?

Rainbow
Jane

a reply to: VirusGuard

One of the best defense against anyone hacking your wifi is a directional antenna that points the signal into your room. You can then use a program to scan for signals from a laptop to see if anyone can access the signal from outside the building.

a reply to: angelchemuel

This will be DHCP[ lease times setting on the router, being set to 24 hours. You can set this to weeks or just leave it perm, just change the setting.

originally posted by: Biigs
a reply to: angelchemuel

This will be DHCP[ lease times setting on the router, being set to 24 hours. You can set this to weeks or just leave it perm, just change the setting.

English please? ...or welsh....I'm not fussy!

Rainbows
Jane

originally posted by: angelchemuel

originally posted by: Biigs
a reply to: angelchemuel

This will be DHCP[ lease times setting on the router, being set to 24 hours. You can set this to weeks or just leave it perm, just change the setting.

English please?

...or welsh....I'm not fussy!

Rainbows
Jane

Its to do with IP address's, people some time like to set this when theres alot of devices connecting. Theres no point getting technical really, simply log onto your router, find DHCP leases in the settings tab and change it to perm.

a reply to: suicideeddie

Yes i know and i can also see that you know what you are talking about too but we are just the top 0.001% and most people don't have a clue and thats who the warning was for.

a reply to: angelchemuel

I think he means to log into your router's page (usually 192.168.1.0 in a web browser, or 192.168.0.1, or 10.10.0.1 or something like that. Look at the owner's manual of your router to see how to get in. Once you are in the router's configuration page, you should be able to check a box in one of the pages that says something like "Renew Lease" or something like that. Various routers have different options. Type in the manufacturer's model number of the router + renew lease to find out if anyone ever got help on the internet with the same problem. There's a fix out there, it shouldn't be too tough. Good luck with that.


To the OP: I think that your best bet is to activate your devices by the mac address filtering options on your router. Good luck. Let us know what you figure out.

a reply to: VirusGuard

blocks spyware sites by issuing false IP-Address for domain names like www.rover.ebay.com

You know that a sub-domain has to belong to the parent domain, in this case ebay.com?
I don't think ebay.com is running any kind of malicious websites.

Anyway, what is this thread about? Are you trying to figure out how to geographically locate this guy?

I would start by checking the signal of the offending connection and proceed to strategically place signal-blocking material near the router (around a horizontal plane) until the dbs decrease. The cardinal direction of the shield when the signal is at its lowest should theoretically point a vector toward your thief. The unaltered signal strength can then be a reference for distance.

I've also heard of a piece of software called Moocherhunter that claims to accomplish this, but I've never used it.

I don't use WiFi...Ethernet cord hardwired. WiFi is dangerous in ways we don't understand yet

a reply to: angelchemuel
If it's a BT home hub, go to the config page via your internet browser (usually 192.168.1.254 on the BTHH).

Depending on the hub version you want "Settings > Advanced > Home Network > IP Addresses" or "Configuration > IP addresses ".

Somewhere in there you will see "lease time", change it to 7 or 14 days or more.

a reply to: fixitwcw

You are talking about brute force and that is not what they are doing to gain access to your network.

No one got past the firewall and just wanted a free ride but i do confess that any document on the LAN could had been copied because you need to leave far to many ports open to share files and use media streaming these days and thats by design from Bill Gates and the NSA.

I know my SSH from my port 21 better than most people do but I also like to leave a few door traps so that I know if anyone tries to hack me.

a reply to: VirusGuard

Hey, thanks for the reminder! Thanks to your thread I remembered I had updated my router firmware last week and forgot to check that WPS remained disabled. Checked and it was back on. Why do manufacturers force their products to the least secure state by default?

Anyway, thanks for the elbow nudge.

a reply to: woogleuk

For the record I am a fully qualified engineer and network specialist with over 20 years experience.

Well unless I am telling lies and the stuff on Youtube is wrong then I can tell you that what I say is true and yes i know my sliding windows and ACK too along with token ring.

I won't give out the name of the firewall I use but its $250 plus and has more tools than you can shake a stick at and i am telling you that they are getting in and I have told you how.

Now being silly my DHCP is set to 192.168.1.0/255 so as i understand it having a rule that block anything outside this range talking to the internet is silly becaue its not on my subnet right ?

Well silly as it is I have seen this in sys logs on port 514 so you might like to explain it or put a rule in yourself and yes Ipv6 is turned off in the router if its connected with Teledo or something like that and not its not bad packets as the same patern gets repeated several times and i cannot make heads or tails out of the destination address but the packets are always between 20-90k in size

a reply to: lemmin

You know that a sub-domain has to belong to the parent domain, in this case ebay.com?

ebay is in bed with google/nsa and the other 3 big names and here is what they do.

So you login to ebay and get a cookie and then you use an hotmail type of account and login so that the Url becomes something like

hxxp://www.MyEmail.com?UserID=123

Well any ebay adverts on the email page calls ebay and sends it something called the Referer in the HTTP request on port 80/443 and that includes the UserID so the deal is that when you delete all your cookies and then log back into the email account then ebay knows it is you even without the ebay cookie on your machine because they can see the UserID=123 and this helps ebay to send out spam only to active email accounts.

I won't even go into the etags rover.ebay.com embeds in images that call home when you view emails from ebay but understand that once ebay knows who you are then so does google/youtube & twitter.

Thnaks for the advise on sub-domains but most IPs going to ebay are hijacked by your ISP anyway to limit upstream bandwidth needed to show all them sales images but not so with ebays rover spyware.

a reply to: VirusGuard

ok man, so your an expert. what do you want from us? you know how to stop it. i done said it.