Slashdot Mirror
Ask Slashdot: Dealing With an Advanced Wi-Fi Leech?
An anonymous reader writes "Recently, I had found out (through my log files) that my wireless router was subject to a Wi-Fi Protected Setup (WPS) brute force PIN attack. After looking on the Internet and discovering that there are indeed many vulnerabilities to WPS, I disabled it. After a few days, I noticed that I kept intermittently getting disconnected at around the same time every day (indicative of a WPA deauthentication handshake capture attempt). I also noticed that an evil twin has been set up in an effort to get me to connect to it. Through Wi-Fi monitoring software, I have noticed that certain MAC addresses are connected to multiple WEP and WPA2 access points in my neighborhood. I believe that I (and my neighbors) may be dealing with an advanced Wi-Fi leech. What can I do in this situation? Should I bother purchasing a directional antenna, figuring out exactly where the clients are situated, and knocking on their door? Is this something the local police can help me with?"
very simple but i think it works. i limit mine to 5-10 IP's. usually a few more than the number of devices i have because iOS devices can be a bit flaky with going to sleep and keeping the IP while another device grabs it as well
And punch him in the nose.
Use a VPN, and firewall off all access except the VPN connection.
WPS works by giving out your WPA keys, so if they've gotten in once through WPS, they will continue to have access.
You can try turning that on with Radius authentication or any authentication. That can keep the leech from your network. An evil twin setup could be a dangerous thing. Instead of buying a directional antenna yourself, you can call authorities and let them use one of their own!
UTP
Yes, I'm left. You have a problem with that?
Setup squid and redirect all web traffic through it. Replace all images on machines that are not yours with goatse.
You can give them satellite images of the house of the person that stole your identity, and they won't drive over for that.
So for something involving log files and such? Not a chance.
You should redirect all network traffic to goatse for a week, and just use a 3G hotspot while your normal one kills the thief's eyes.
My mom says I'm cool.
You may be able to find the direction of a WiFi signal by just standing with your laptop held out in front of you and turning slowly until the signal strength drops as your body blocks the signal. Do multiple turns to rule out random signal drops.
...I think that means he's consenting to letting you administrate his system. I suggest you do so.
Log in to the Evil Twin network. Start a bunch of illegal torrents and "accidentally" alert the appropriate parties by IP address. Some appropriate in-theater movies and the MPAA would be a good start.
//TODO: Think of witty sig statement
assuming, of course, that you neglected to get permission to research the other access points. You should not admit to connecting to or monitoring any network to which you have not been granted access.
This weakens your case, as it takes away the evidence for massive wrongdoing.
My advice is to keep your efforts under your hat until you have solid proof that doesn't require your own unauthorized access of remote networks.
Get your neighbors together, form a lynch mob.
Backtrace him and report him to the cyber police.
dan.
Woohoo, first post! Honestly, if someone is screwed up enough to waste their time to do this, do not confront them in person. At the very least they will just weasel and carry on, but you may be opening yourself up to harassment or worse, by identifying yourself to them.
You can download utilities to show the strength of signals on your laptop or other portable device. Simply walking around the neighborhood with the laptop will give you a darn good idea where it originates. A box of matches is the only other tool you will need.
The first thing would obviously be MAC whitelisting on the router, though if he is smart enough, he would just spoof his MAC to one of the ones on your network, so its unlikely it would stop him. Depending on where you need your wireless router, have you considered turning down the radio strength and putting the router in an area where it covers where you want to use it without the WiFi signal going too far outside the bounds of your house?
Lets hope this article is just a marketing scheme. Anyway, in case it is genuine: Somebody has been freeloading, so what? You have got two options: 1) upgrade your security. double up encryption with MAC authorization. Hide your SSID. Maybe even going to digital certificates.Use only encrypted communications protocols. Many other options. Many time invested. 2) Setup a honeypot. Something open or better yet with poor security. Let him break, monitor the activity, eventually you will get a his personal data. Then decide on the course of action. Cheers
-Reduce transmit power
-Move or buy a directional antenna
Have time on your hands?
http://www.ex-parrot.com/~pete/upside-down-ternet.html
If they're going to go through the trouble of setting up a honeypot, you might was well give up and just shut the radio off and run 100% wired.
Or, go rogue yourself and capture all his traffic. Bonus points if you rate-limit the wireless to effectively have no bandwidth.
The local cops? If your local police department is anything like mine, they don't even send out officers to investigate real property crimes like theft anymore. They'll just laugh at your little WiFi problem.
You could try leaving the access point open and partitioning it with an ipsec segment. Deny any other connection attempts to the interface. Otherwise just hardwire it and be done with it. Wireless will never be secure. You'll just end up fighting a war of attrition, and that 16yo hax0r has much more free time than you do.
That is why I use MAC Authentication in addition to encryption. It's a pain to manually add each address for every new gadget but it give me great and easy transparency for who is using my stuff.
You're giving him cancer, he's using some of your wifi. Just segregate your personal network from the wifi network and see if you have QoS options to limit how much you share. Can't we all just get along? ;)
On my Android phone, it will detect the closest Wifi signals and you may be able to pinpoint where exactly this evil twin is. A directional antenna may help, but without knowing exactly where to direct it to, you may be aiding the leech. You can try disabling SSID broadcast and reducing transmit power.
No one will trouble themselves this much just to avoid paying a monthly fee and just by the fact they're knowledgable in these means they've spent a lot of time online already. My guess is that this individual is conducting illegal activities through yours and your neighbor's connections, so you or your neighbors may get a visit from law enforcement pretty soon.
If computers were people, I'd be a misanthrope.
...but only if it comes with a cool pings-like-the-motion-detectors-in-Aliens handset, as where's the fun in not having that?
I wish I had a kryptonite cross, because then you could keep Dracula and Superman away.
Set up a firewall that all your data is routed through. Then sniff passwords from it.
There's always upside-down ternet.
Do i really have to say it? WPA2, 63 characters pwd.
Wouldn't a leech just look for an open access point? One with a fast connection would be a bonus.
Your interloper would seem to be doing something more nefarious. Why does a simple leech need an evil twin?
Is your local constabulary at all competent in this sort of matters, or are they the kind that go around wardriving for open access points? Because it's gonna suck to try to explain the problem if they don't have a clue, but something's up, and to me it sounds like something leaning toward the criminal.
I think I'd get the directional antenna. Maybe you're dealing with the neighbor's 12 year old, so just alerting the parents could do the trick. If it's your local psycho, that's another story.
I am not a crackpot.
To FBI surveillance van.
set up a MAC address filter
i would, lock everything down. starting with wpa2 with a really long random string, I would even change the wireless network SSID to a random string.
(part of the crypto use the ssid in the hash)
I would add, mac address auth, change all my DHCP settings. and even hide my network.
just to start, off the top of my head....
-Nex6
If you find him, give him props and buy him a beer and ask him to share how he's doing what he's doing with you. Sounds like some pretty cool shit.
-1 Uncomfortable Truth
start knocking on doors and asking your neighbors if they would mind terribly if you spoke with their 15 year old son for a few minutes, because you've determined he's been hacking your wifi. Eventually, you'll hit the right house. For the wrong houses, act confused and say you must have miscalculated by a house or two, and that you're sorry. Bring cookies to show you're not an ass, though.
I like to limit the devices that are allowed to connect to my router to only the MAC addresses that I have selected. It's a little extra work to setup but does provide some additional security (unless of course the culprit decides to spoof one of your MAC address as well).
Lock incoming connections down by MAC address and disable your SSID. This will probably make them go away. Also, run WPA2+AES and pick a longish WIFI key.
If you have an ASUS Dark Knight router you can setup multiple SSIDs (guest networks) that disconnect every 60 seconds and name them "StopStealingMyWifi". This way you real SSID is hidden and your multiple guest networks are visible, but are unusable. You can also set hours of operations for your radios on the ASUS and turn off your radios at night and when you are not home. Lastly, if you are running dual band, turn off the 2.4 Ghz and run on the 5Ghz band. The 5Ghz signal travels poorly outside your home. WIFI is tough to secure with all of the WIFI hacking tools, but get a good router and rotate shield frequencies and should go away.
Lastly, here is an article on the subject.... this article disagrees with me on disabling your SSID and I am sure others will have an opinion....
http://www.wikihow.com/Secure-Your-Wireless-Home-Network
I use a MAC filter whitelist. You can too :)
Let the Wi-Fi network only provide access to your VPN server -- no direct Internet access. This way, getting into the Wi-Fi has not (yet) led to any useful connectivity. Use strong passwords and encryption to prevent the VPN layer from being broken as well.
If someone had an extension cord plugged into my outside outlet and it ran to their house to steal power, I would walk over, knock on the door, and ask them to stop it. And yes, I would also unplug it.
If you have the means to determine where they are it's worth asking them to stop. That alone might change their attitude toward poking at networks.
Use any scanning utility on your laptop and walk around the neighborhood until you find him.
I noticed that I kept intermittently getting disconnected at around the same time every day (indicative of a WPA deauthentication handshake capture attempt).
No, that is only indicative of perfectly normal behaviour in most of the world, since your connection is reset (and your IP changed) every 24 hours.
you can defeat almost every trick like mac filtering or limiting dhcp scope
your best bet is to go back to wired and not send your data over radio waves
1) Drop the power on the AP so the signal can't reach the neighbor. 2) Turn off wifi security, route all traffic to a vpn server, require all connections to route through a vpn server. 3) Use ethernet.
Transparently redirect everything to goatse.
* Use enterprise auth to a RADIUS server with an LDAP backend?
* Lower the transmit power to something that just works within your place?
* Use just A or just B or just N? Maybe they're on older tech?
* Configure your router not to well, route. Use it as just an AP and you have to manually set the IP info on your machines, and the router is not *.*.*.1 on the network.
* Do the above, but use an external VPN for all of your traffic. A static route in the router gets you onto the VPN.
* Change your SSID to something threatening to indicate that you're onto them and that you asked Slashdot how to make them stop?
Colin Dean Go a year without DRM
Change your WAP to WPA2 with a long preshared key. :)
If you can, also convert to IPv6, that oughta throw him for a loop
Use UTP where you can and turn off your wifi when not in use.
Change your SSID to "Do_not_steal_my_WiFi". It's the enlightened approach -- the same approach that the "Gun Free Zone" and "Drug Free Zone" people use. Only backward, ignorant people would disagree.
Rename your SSID to "if you don't stop trying to hack in, I will call the police" (or whatever will fit). That should be enough of a hint.
They won't be able to leach.
It's obvious that the local police would be useless, but what about the FCC or the FBI if this character's actions are so extensive?
Disable SSID broadcast.
Brute force attacks take time, lots of time. Just start changing your key every week and he will probably go away. Having your computer run 96 hours to get a password that then changes 72 hours later just isn't worth it, even for a criminal. If he keeps at it then someone just enjoys the challenge, and you should hunt them down just for the mystery.
Why ask us this? Why not ask them?
Quattuor res in hoc mundo sanctae sunt: libri, liberi, libertas et liberalitas.
http://xkcd.com/341/
well depending on the level of control you have, I'd grant them access and then just blackhole the traffic. The lecher will eventual self discriminate.
Good leaders run toward problems, bad leaders hide from them.
Honestly unless you want to start getting really in depth with your tracking skills its time to move to WPA with certificates.. I'm not sure if any of the home routers have firmware's that you can load up that will allow for WPS with certificates. Youll have to setup a CA and the like but hey your on slashdot so I'm sure you've got the basic knowledge of how to search for a solution.
As for enforcement this particular individual is committing a felony (if you live in the US) and the local law enforcement may be interested if you can get to their cyber crime department.
on a side note you could just play games with him setup a honeypot or maybe the classic squid upside down web pages.
Not the answer you want but I'd ditch the wireless thing altogether.
You got savvy hostiles. Is it really worth the fight and uncertainty?
Some neighbor comes in good faith and opens his digital life to you, so you can MITM him and this is how you react? That is rude man. I think that guy deserves an apology sent from one of his social networks accounts.
Put the leech on the Upside-Down-Ternet.
I don't have any neighbors in WiFi range.
And people wonder why I ran cat6 all over my house and don't bother with wi-fi except for sporadic guests.
What is wrong with WPA2 with long passphrase?
XML is like violence. If it doesn't solve the problem, use more.
Place $10,000 in a cedar box with an Eisenhower Silver dollar. Include a photo of the person in question. Mail to General Delivery Attention: Teddy New York, NY 10001 No bodies, no witnesses, no questions. We're offering 2 for 1 on contract this week, just include an additional photo.
Why not set up a proxy and make all webpage requests go to something like Goatse?
Don't do anything which might give this guy a case to counter your actions. Set up a new WiFi router and move your equipment to this new system. Use a super long key. Something that will take him a long time to crack. See what happening on the 5Ghz side of things, and maybe move operations there.
Then set up a little monitoring software and see what you can find out. Maybe you can discover who this person is, and send him a cease and desist letter. It's shocking and unexpected. Log everything with date/time stamps in case the leech attempts a confrontation, but that's unlikely to happen.
Only the dead have seen the end of War. - Plato
I have an IPCop server and the blue interface is connected to my wi-fi router. left the router with WAP and IPCop manage the mac address list.
So yes, I've dealt with it. The easy solution is go wired for a while, setup a honeypot and track them down. Once you know where they are let them know you are less than pleased and if they don't stop there will be a call to the FCC and local authorities as well as a civil suit for harassment. If you can't go wired Lower your ACK timing and transmit power so they can't get a good signal without standing on your doorstep. switch to a certificate based system instead of a password based system with a new ssid. On the new system setup a proxy that requires additional authentication to reach the internet. Assign static macs to your own devices and block all other local IPs via iptables to prevent them from self-assigning one. As for deauthentication attacks, the best bet is to find them and ans send over a nastygram.
Get a web developer
He found me.
If I were you, I would try implementing MAC Address filtering (basically you white list MAC Addresses that should be allowed to connect). This can be a pain when connecting new devices, but worth it from a security standpoint.
I would also change your SSID and disable broadcast. Reducing transmit power may also help. If you don't have enough coverage with the reduced power, you could also go with power line adapter and setup another AP in the weak area.
Oh and you can also try reducing your key regen time too. If you leave at the default 3600 seconds, then you're also giving him a longer time to try to breakin if he spoofs your mac.
Finally, you can always go with static IP's or if your router is capable, setup DHCP to assign specific IP's to specific MAC Addresses.
Hope this helps!
Basically, there's nothing you can do if you keep using WPA.
One option is to lower your wi-fi antenna power to exclude the area where the attacks are coming from. This can be hard to do if you need good coverage for a whole house or some such.
Your best bet would be to use either 802.1x or EAP-PEAP. That's highly dependent on what router you're using, usually only high-end routers support these options, although some home routers certainly do (I remember the good old WAP54G supporting it). If you're going 802.1x, just setup a radius server, configure your devices and you're pretty much set. If you go the PEAP route, you'll need some certificates, and possibly a radius server unless you use client certificates for authentication.
Both options will foil your wannabe hacker. Plus, you'll likely have the only advanced Wi-Fi setup around, gaining you geek creds ;)
Religion is the best example of mass psychosis
Isn't there FreeBSD or Linux disk image that'll solve this?
<WIFI> <=> [Router] < routes only to > [IP address of solution]
Where the solution does something like the standard coffeeshop login +
* Special account gets unlimited time & bandwidth
* Non-special account needs to sign up every hour & gets diminishing bandwidth (if you want to allow visitors)
Something like http://dev.wifidog.org/, but under active development?
Here's a novel concept - secure your network, then politely butt the fuck out of everyone else's business. It is not your job, duty, or right to administer the networks of other people, nor to hunt and/or harass an alleged leecher.
IF, and only if, this person compromises your network (which would be your own fault, BTW), then you're welcome to redirect all traffic to goatse, or whatever.
Seriously, whatever happened to the good ol' Amer'can spirit of, "Don't fuck with me, I won't fuck with you?"
An enigma, wrapped in a riddle, shrouded in bacon and cheese
There are two ways of dealing with this: getting this person off [i]your[/i] network, and getting this person off [i]everyone's[/i] network.
Personally, I think if you can get everyone to squeeze him off their networks then that will probably be the nicest kind of vengeance.
Consider writing up a simple letter (starting with: Just a note from a neighbor), detail that someone in the area has been breaking into wireless networks and may be pirating stuff/doing illegal things which could lead to difficulties for the actual owner of the OP. Then, provide a basic summary of what to do to avoid it (e.g. disable WPS, etc etc) and maybe even provide URLs for the major router manufacturers.
With [i]some[/i] luck, [i]some[/i] people will pay attention and lock down their network.
If you know who it is doing it (using handy phone apps to detect signal strength, or a directional antenna) then you could do a 'special' letterbox drop for that one person with a 'how to buy an internet connection'.
Mind you, if this person is using an 'evil twin' they may be doing more than just stealing Wifi. If their MAC address is stable (i.e. they are not modifying it) you may want to capture some sample traffic with that included. If things do go awry you can use that to provide evidence it was that person's computer, possibly.
Information wants to be free! Uh, where do you live?
rewriting history since 2109
Why do you try so hard to keep "your" net just for you, it's not like you are going to "run out" of it? I mean if it's really a big dent in your monthly budget just go to the guy and suggest to share its cost, if it's not, then just let him leech it, what the big problem with it?
Just set up an alternate network with a different name, unprotected or with the password in it's name and a QoS that prioritizes the network you use for yourself all the time, and let the other people use what's left... you aren't loosing anything.
P.S. Wasting the police time with this is just ridiculous... but perhaps that's cultural thing for me.
Change your wireless router not to broadcast SSID, change the SSID to something completely random, lock down DHCP to some odd subnet, only route the addresses handed out by DHCP, MAC filtering, set the SSID password to a long string, done. Only so much you can do. You can buy the best steel reinforced door to protect your house, but a rock through the window pretty well bypasses that.
Make a little shield with a bit of foil and a coathanger. While tracking the incoming attempts, shield your WAP from various directions until it stops. Gives you a direction, and you can bend the coathanger into a little stand to hold the shield in place next to your WAP. It's likely to be in the direction of a near wall, isn't it?
Amazing stuff, tinfoil.
Do not mock my vision of impractical footwear
I had this problem, moved wifi router to the basement near the floor limiting the radius the wifi will travel around my house. I tested to see how far it worked prior to doing this then tested afterwards. I can barely get wifi in my garage now but works fine inside.
802.1x
A PSK and any mixture of MAC filtering, hidden SSID's, incantations to Cthulhu, VPNs etc will not keep your internal hosts nor your internet connection safe.
As soon as he sees dot11 "Enterprise" hes gonna have to read a man page to many to break it. It takes you as long as configuring a RADIUS server (And for your purposes this isnt a clustered FreeRADIUS setup...)
to "Police_Have_Been_Contacted" or something like that, and see if it stops.
You can build a wok-tenna, but I just use one of those little steel TV dishes. There's one in the Cherry Island recycling bin right now, they're easy to find in trash bins. I have two in my shed; you just replace the original transceiver with a cheap USB wifi stick connected by cable to a laptop or PC running kismet or whatever and voila! you've got a directional antenna.
Find his point source, and as long as it's not incredibly close to your house you can just shield your AP with a cookie sheet or something. If he's coming in from multiple directions, though, you might consider calling los federales.
Change your SSID to something like FBI Surveillance RTR or YouAreBeingLogged--you get the idea. Along the lines of the "WeCanHearYouHavingSex" SSID. Let him know you are on to him and the wise hacker will find a new mark.
And anyway your entire screed is like pointing out if someone REALLY wants you dead, you're dead.
Likewise, if he REALLY wants to use your WiFi, you can't stop them except by turning it off.
All you can do is make it harder so they'll go on to an easier target.
Most of the wifi security standards suck. So don't use them. Leave the wifi layer as is, let the guy connect to it, but only use it as a transport layer for a vpn connection and firewall everything else.
Too much hassle? Run cables everywhere instead.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
I had a problem like this once. ;) and sending I nicely worded letter to his home address.
To solve it I setup a second access point with throttled bandwidth then captured all of its data, not only was I able to capture his logins/passwords but was able to identify him and his address. Then it was a mater of using firesheep to take control of his Facebook page
First use signal strength to identify which house it is... Then rent a black van, and park it in that area for a few days. I bet it stops. If not, start noting all the activity and logging it, and submit it to the ic3. Thats about the only people I can think of that would even have the expertise to know what they are looking at. Then they would surely have to come investigate it themselves... but id also pretty much HAND them the case by videoing the pieces and doing the explanations... its a pretty weak possibility, but if they hand that off to local law enforcement, they cant ignore it.
You could try and detect just who it is and have a talk with them. Whether it's actually actionable is another thing entirely, but you have to ask yourself whether you'd want to get a kid in trouble with the law. If it is a kid, which isn't unlikely, then making clear, also to the parents, that you'd rather not have them try and force access to your wireless setup is going to be the most effective way.
You are throwing packets in the air on a free-for-all band, after all. You could ask yourself whether you really need to have wifi, for it gives rise to this sort of problem. It's one of the reasons why I prefer wires whenever I can get them, and only turn on the wifi when really needed. But for baseline security, turning WPS off (it's a bad idea done badly), switching to WPA2, regularly swapping out the key, carefully positioning the AP, filtering on MAC, and tricks like that might help too.
Another suggestion: It's easy to turn a simple AP's external antenna into a directional antenna. I've built several and works wonderfully for increasing that signal across the street. Yes, I've mooched off more or less open APs when I didn't have my own network connection available, but never so aggressively as you're describing. Directing the signal away from the street also works reasonably well, though not perfectly. To do it perfectly you'd have to turn the house into a Faraday cage. Turning the AP off is simpler and cheaper and the only definite answer.
Anyway, stack a bunch of those on top of each other and you can make it harder, or even a lot harder, for strangers to try and invite themselves to your wireless network.
Disable WPS or if your router doesn't allow you to do that, buy one that does.
Change to WPA2 and use a long, random key (a non-sense sentence will work too). Yes, it's a pain to have to set your devices up again, but it's the only way to take away their access.
Hiding your SSID, MAC filtering, etc. will do nothing if the script they are using is somewhat intelligent or if they have a more than a passing knowledge of what they are doing.
And if you don't want to just foist this issue off on someone else, help your neighbors to do the same.
Post anonymously - For when your opinion embarrasses even you!
The evil twin makes finding the culprit a cakewalk. Download inSSIDer and walk around. When the evil twin's signal is strongest, you're outside his door.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
It's rare on home devices, but if it's an option it could slow him down more.
I am not aware of what attacks are out there for it though, I may have to look into that later.
So you think brute forcing a 63 character password would be effective?
Only the State obtains its revenue by coercion. - Murray Rothbard
If this person is in it for the game, putting up technical barriers is just going to encourage them. You want them to decide to leech off someone else.
Make a corner reflector using aluminum foil and cardboard -- figure out where in general the leech is, and keep the signal away from them.
If you have a spare box, don't do the Upside-Down-Ternet, let them connect and throttle the *&!# out of their connection -- encourage them to go away.
And yeah, going to PSK-2 with long keys changed every few days will be a pain to you, but more of a pain to someone else.
Parable #1: Never wrestle with a pig. You'll get dirty, and the pig will love it.
Parable #2: Two guys out camping. One asks the other, "What would you do if a bear came into the camp?" "Run like hell!" "But you can't outrun a bear!" "I don't have to outrun the bear..."
1.) set up a script to screen capture every page they retrieve
2.) redirect output to a printer
3.) hang them up randomly on poles throughout your area
WPS on the routers I've seen requires pushing a button on the router, then connecting and entering the PIN within ~2-3 mins. So, attempting to brute-force WPS will get you nowhere on the routers I've used, except during the extremely rare instances when I'm using WPS to connect a new device.
And, if it is a neighbor trying to get free access, you could set up a guest network (either using your router if it supports a guest network, or have him/her provide a router that you connect to your network), if you're willing to share your bandwidth.
make imaginary.friends COUNT=100 VISIBLE=false
I think you need to stop trying for a technical solution. Ultimately, if you keep putting up roadblocks (and it sounds like you've tried) all you're going to do is make your network more attractive because it will be a challenge.
If you can figure out the house where the person is doing it, you should confront them, in person. Be polite, but be firm - tell them to stop using your connection. If they continue, then file a complaint with the police, but don't expect them to do anything about it. At that point, you're just making sure that if someone does come to your door accusing you of piracy, you can say "it isn't me, and I told the police about the problem."
Alternately, you could take a neighborhood watch approach. Distribute flyers indicating the someone in the neighborhood is borrowing wifi, and that you and your neighbors need to be vigilant. It may shame your borrower into cleaning up his act.
Setup a radius server and use that for authentication.
I know a lot of the 3rd party firmware supports the setup (dd-wrt, openwrt, etc) if that's an option. This way, sure they can still connect but they won't be going anywhere without the correct authentication so using your wifi would be pointless
The other option you can do with what people mentioned above (Mac filtering etc) is change your ssid and don't broadcast your ssid. While this is like Mac filtering as in its not going to stop a determined person, it may when combine with Mac filtering and what not be enough to make it not worth the hassle
turn your router off, reconfigure it or replace it, go into paranoid mode, if the router does port forwarding take all port 80 and 443 attempts and direct them to your proxys:
http://tips.fbi.gov/
and
https://tips.fbi.gov/
set up a linux host, plugged in wired and an exception for the above rule, set up authenticated squid...
or just turn your router off for a while and go wired....
Unix, an obscure operating system developed by bored researchers in an attempt to get a better game playing experience.
I believe in the scorched Earth policy:
Brick his doppelganger AP by doing a bad firmware update on it.
Go to dealextreme and buy a Wi-Fi jammer and use it whenever you're not home or asleep.
Change your AP's name to his address plus "..is a sex offender. Hide your kids"
Those of you recommending a long randomly generated WPA2 password need to RTFA. He has been hacked via the WPS vulnerability. Once you have obtained the WPS pin you have permanent access into that router and have the ability to retrieve the WPA2 password in plaintext every time that he changes it. The pin cannot be changed. Depending on the router you may or may not be able to disable WPS. Next time buy a router that has the option to disable WPS and TURN IT OFF. Over 12 million routers are now exploitable via this hack and have been for quite some time. The exparrot option or sniffing his traffic are the best options.
WPA2 is secure, WPS is a piece of shit. Turn off WPS, reset your WPA2 key to 12 characters of random password, go around and reconfigure all your devices to have the new password. Stop worrying.
Set your SSID to "UnauthorizedTrafficRoutedThroughPolice"
and/or
Set up a server between your ISP and wireless access point with a VPN. If you get caught by his evil twin access point, you will know because your VPN connection will fail. Even if it doesn't fail at least your traffic should be secure.
or
Set your SSID to "ConnectingHereConstitutesConsentToEnterAndSearchYourHouse" Maybe the opportunity for an easy search would get the cops interested.
You should probably file a complaint with the police in case his illegal activity comes back to your IP address.
You may want to find out what kind of person you are dealing with before getting the police involved. Your strategy should probably be different if you are dealing with a local gang leader or homicide parollee rather than a high school nerd.
If the offender happens to be on probation it could give you extra leverage.
Keep in mind that if he lives next door he can listen in on your conversations with a sensitive directional microphone. He could also probably easily tap your phone, especially if it is cordless or cellular. So be carefull about speaking your passwords or other sensitive information out loud. Mail theft, burglary, vandalism, and other nasty attacks could become an issue.
Here's a solution - organize a neighborhood open wireless mesh network co-op.
It would be much more satisfying to make stone soup, than reinforce a stone wall.
"Flyin' in just a sweet place,
Never been known to fail..."
It is widely known by security professionals that hiding your SSID actually decreases security. For starters, it is easy enough to sniff a SSID out of the air. What is more concerning is that wireless clients configured to connect to a hidden network will constantly try to connect to any wireless network, essentially asking "Are you my network?" A malicious access point could say, "Yup, sure am!" At that point your wireless client will be more than happy to divulge your preshared key. There are even affordable retail products that accomplish this out of the box. Check out the Wi-Fi Pineapple.
Set up a honeypot fake access point using a desktop PC with Linux and PCI or PCI Express wireless card that supports hostmode (this is much, MUCH harder to do via USB... hard to the point where it's literally not worth burning a week of your life), install Mallory (a transparent man-in-the-middle proxy), log his non-SSL traffic for a few days to try and get an idea who it might be (if you try intercepting SSL traffic, he'll get a certificate error and know you're on to him), then for the grand finale, set it up to tamper with http responses and randomly return 302 redirects to lemonpary (or return html with embedded flash video that loudly proclaims that he's found the best gay porn on the internet).
Just test everything somewhere out of wifi range first, because your prank has to work on the first try.
Connect to the evil twin the passphrases like "I love cock".
Turn it on at the power button only when you need it. That will make a very poor quality connection for the attacker and they will move on, and it will also save you money on your electricity.
If you can't live without an always-on connection then you will have to get aggressive and really go after the attacker.
jam his wifi. http://www.jammerall.com/products/15W-WIFI-jammer-with-IR-Remote-Control-(IP68-Waterproof-Housing-Outdoor-design).html
Can't you deal with this at the DHCP level, is there something of authentication/access control you can bolt to DHCP (or has everything been hacked?)
Of course, buying that product will probably get you a visit from the fcc.
Don't try to invent a solution when there are lots of good ones out there already.
:-P
First, if you really care about figuring out who the guy is, why not just set up another open AP and monitor the traffic going through it. Given enough traffic, you'll probably be able to deduce his identity because there are still a lot of web services out there that don't encrypt everything, and there are even a lot that don't encrypt anything (including logins).
Next, if security is what you're concerned about, don't bother with MAC filtering or DHCP tricks. Both are very easily circumvented. The MAC addresses of allowed clients are easily sniffable, so he can duplicate those easily. And once he cracks your WPA2 he can see the traffic on the WLAN so he'll be able to deduce the IP info and assign an address to himself.
If you want good security, set up WPA2 enterprise. All you need is a radius server. Many APs these days support it (even most recent consumer models seem to). You can run the radius server on a tiny VM or an old PC. Then just set your keys to rotate often enough that it becomes impractical for him to crack them before they're expired.
Of course, if you did that to someone like me, i'd be inspired to go spin up a massive GPU cluster compute instance in EC2 so I could crack the password faster
If someone is leeching your wifi, look up how to middle man attack. Steal all his info. Find out who you are dealing with. Be nasty. Be a dick back.
Fight fire with fire.
You get the picture I am making here? You have someone that keeps breaking into your wifi, so set a fucking trap.
For the record, police are stupid as all fuck, and they won't do anything for you.
Be seeing you...
Rename the SSID to BT-Openzone he'll never connect again!
I provide wifi access to my neighborhood. Never had anybody try to "leach" my open wifi ;)
Captive portal screen asks that they click ok to agree that "I will not be a dick, but I realize this is an open network and others might not be so nice." Thats it. Works for me.
Everything shaped and policed so bandwidth is equitably shared. Some stuff blocked like unencrypted bittorrent-- no need to have some idiots from *AA ruining things. If folks e.g., tunnel bittorrent I couldn't care less.
re: For example, I regularly walk 6 miles to a farmer's market and 6 miles back to save a couple of dollars on the price of vegetables. That's three hours of walking to save a minute or two's income.
.
Bonus for you is that you got three hours of aerobic cardiovascular workout time! You'll be healthier, and (two or so dollars) wealthier, and wise! The strange this is that there are people who actually pay other people and companies money for the opportunity to exercise on a treadmill or a stationary bike. These people tend to gas up their SUV and drive the two miles over to their "gym" to do pretend walking and pay for that privilege. You, sir or madam, on the other hand have gamed the system and not fallen for the idiocracy. You get the benefits without the costs.
Also, you're not a leech, so you're also a good person. Plus you also eat vegetables: double-plus good person! (My mom has me convinced that stealing the carrot sticks from the fridge is bad, so I'm tempted more and do it more! It was just a year ago that I figured out that carrots were healthy! I've been conned into liking veggies!)
;>)
Bonus point of spelling pickiness: your response was to Re:I've used Wifi Analizer . Surely, the GP poster meant "Analyzer", unless the word "analizer" tells us more about the GP and his probings by alien species than we wanted to know....
What happened to Slashdot? This entire comment section is people suggesting MAC filtering and not broadcasting the SSID, or even calling the police. Are you kidding me?
If they're wanting to connect and they're being extraordinarily sneaky and clever at it, it may be easier to simply let them connect but limit the damage. Set up whitelists for a select few domains/IPs once they're connected so as to limit any liability concerns (child porn, illegal music/movies, etc.) Also set up heavy throttling so they're getting throughput much less than an average dialup account would get. This assumes, of course, you've separated your access point from your actual router. Just hopping onto the WiFi signal will get them on your LAN (and you ARE separating the wireless traffic from your wired traffic, yes?) Then you can use your router to shape traffic to certain devices. Whitelist your own equipment. Throttle and filter the heck out of anything else that might connect.
Yes, it would also help to install directional antennas and keep the signal strength to a minimum outside of your immediate usage area(s). But they, too, can get a directional antenna and still latch on.
A more elaborate solution involves setting up a full-fledged authentication server and implementing 802.1x. Authorized devices get on the private LAN. Everything else gets dumped to a separate VLAN which may or may not have any other kind of network access (it's up to you). It's been quite a while since I played around with any of that and, quite frankly, is overkill for even mid-sized businesses much less a home network.
Either way, they'll eventually get the hint and give up for easier prey. They win the battle (the challenge of connecting to your wireless anytime they want) but you win the war (keeping them from affecting your network in any meaningful way).
My sources are unreliable, but their information is fascinating. -- Ashleigh Brilliant
Dear Slashdot,
I've been having trouble hacking my way into this guy's network, and have exhausted the limits of my own script kiddie abilities.
I would like to understand what methods this person is using to block me and how I could circumvent them - so please tell me how you'd block these sorts of attacks!
Thanks,
Cock Brockson
script kiddie
Dear reader,
this attack is far from advanced. It has been around for quite some time and pretty easy to run. If you consider this advanced, I wonder what you think about WPA Enterprise attacks.
I am not a lawyer but the quickest way to deal with it is to disable WPS and change your passphrase. It is called a passphrase because it can be up to 63 characters long, so make something pretty hard to guess and pretty easy for you to remember.
However, some access points, even though you disable WPS, it is still kinda enabled so the attack is still possible.
What you should do is learn how that attack works and try it on your own router (get a pentesting live CD and an alfa AWUS036H). If it still works after disabling WPS, I would recommend disabling wifi on your router and purchasing another access point that is not vulnerable when WPS is disabled.
Even if you buy a directional antenna, it will be pretty hard to find where the attacker is. Radio waves bounce on objects (and btw, 802.11n, 802.11ac and 802.11ad take advantage of it) so the attacker might not be where you think he is. My humble opinion is that you are not experienced enough to find the attacker (based on the fact that you think the attack is advanced and the following).
Another thing: Seeing mac addresses associated to access point doesn't mean they are surfing the web. An access point is not going to accept any data packet if you are not associated to it. What I'm saying is that those MAC might just be trying to attack those AP since association process doesn't need to provide any key to the AP.
Source: 7+ years experience with WiFi security.
Under State law, I am required to stop the progress of a Felony by law, or be an accessory.
If I have a HCP, that means I'd be armed.
Castle doctrine does not protect criminals, by its definitions section, in FLA. Here the area extends to the property line at least, by case law.
Law is a great thing until you realize you're on the wrong side of the line, at the wrong moment in time. :)
Truth isn't Truth - Guliani
If he's requesting DHCP, then set up DHCP to give one range and statically assign your stuff in a different range. Then traffic shape the DHCP range down to 300 baud. Fuck 'em.
Better yet, start live injecting Google Ads into his IP stream and collect revenues.
Learning HOW to think is more important than learning WHAT to think.
http://www.net-security.org/software.php?id=259
That would cost me a bomb being in England - cheaper to give my bandwidth away...
Lots of good advice, just like to add that if you have only x number of devices that connect to your wireless, you can set your dhcp to deliver only that number of addresses, like xxx.xxx.xxx.100 - xxx.xxx.xxx.102. Add mac filtering and they'll probably bug off to an easier score. It would be nice to make them pay, but if all you want is for them to lay off, it's like with bears, you just have to run a bit faster than the other guy.
Change your WiFi password to "pennyalreadyeatsourfoodshecanpayforherownwifi"
Slashdot mods have no fucking clue about WiFi security.
I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.
Insert a Javascript zero day into his HTTP traffic and take care of his computer. He'll never know what took him out.
I am becoming gerund, destroyer of verbs.
Partition your wifi into two networks, as described here, and have fun with the open side:
http://www.ex-parrot.com/pete/upside-down-ternet.html
Setup your own decoy and reel him in. It's not hard.
Organization? You must be joking..
And connect to the FBI website, the CIA site, Interpol, the municipal police website, then start googling for "How to stop someone from stealing your wireless", "laws regarding unauthorized network access", "lawyers specializing in internet crime", and so on, ending with "securing your wireless router". Then change your wireless password, hide your SSID, and implement some of the other suggestions here.
No sense in letting him go to all the trouble of setting up an evil twin without taking advantage of it.
Setup a man in the middle attack using SSLstrip. Get all his user names and passwords. Post them on his facebook page. See which of his "friends" are really his friends.....
I have an old linksys wireless router. It is plugged into an electrical outlet and sits on a shelf by my front door. It has no password on it at all. You want to connect to it? Feel free! Oh, I forgot to mention that is it not connected to my network. Yep, the only thing plugged into it is the power cable.
First of all, just to be clear: this isn't leaching, this is someone doing something nefarious. If they just wanted free bandwidth, they would never set up an evil twin network. Most of the replies on this thread are bad advice assuming it's a leech. The person responsible might be nearby, but probably not; if you track down the computer that's responsible, you're likely to find that its owner doesn't know what's going on and it's been taken over by an anonymous attacker over the Internet. Or you'll find a PwnPlug.
The first thing you need to do is notify the police that you're being targeted by hacking. This is important; if your computer/network is taken over and used for something illegal, which is likely to happen, this will protect you. Second: you need to notify your employer, as well as anyone whose confidential data you're in possession of. And third: you need to harden your computer security, and figure out why you might have been targeted.
The fundamental question here is really "do you want to stop him, or do you want revenge?". If you are satisfied with stopping him, seems there are plenty of simple things you can do. It's the revenge angle that's a lot more interesting, and may be your real motivation. I think all further comments should be directed at the revenge angle only.
You have the right to sniff your own traffic: put up a cheap box with 2 NICs in it, transparent bridge that between your modem and your wireless router then install linux.. Take pcap with tcpdump and analyze them later: find a profile they are using in the pcaps by looking thru the TCP streams of HTTP. HTTPS can also be sniffed if you're using something like sslstrip or just putting up a transparent proxy with its own cert (he'd ignore the SSL warning and never take you for a fellow hacker: use that to your advantage). Hack them back: insert the latest java exploit and RM his box. You have full control over the DNS server the attacker is resolving with if he's getting it via the routers DHCP configs... Also depending on the version of backtrack they're using (and yes I'm assuming they would be) there are remote exploits that would make the process of owning them much simpler (http://packetstormsecurity.com/files/111752/wicd-escalate.txt).. So many things you could do to fuck with them really: HTTP cache poisoning: hit their browsers with a fake cache containing a javascript callback to your own system to discover their IP after they disconnect and reconnect to their own network. Hell, you can even put in a BeEF hook and have yourself a time with their internal network. You are likely not the only victim and it the attacker would be hard pressed to figure out which person actually pwnt him, especially if you write a delay for your payloads.
Setup Chilispot or something similar such that connecting to the wireless network doesn't get you access to the internet. It will be an annoyance for you, but a second-level authentication will keep the freeloader from using the internet connection.
Do a quick search online to get hold of some identity theft / credit card harvesting malware and modify it so it sends the capture to you.
Then, setup a transparent linux proxy server that replaces any executable file downloaded with your malware, and put it between your internet connection and an open wireless network.
Let the little turd use your free wifi internet to his heart's content, and wait for him to install the malware when he's trying to install something legitimate. Then, wait for your malware to send you the details of who he is, what his credit card numbers are etc.
Finally, go to the local coffee shop that gives out free wifi with every coffee purchased, and drop all those details you collected on pastebin.
Problem solved.
Easily acessible answer is WPA2 enterprise with a reasonable passphrase and be done with it.
Regarding involving LEA I'm sure they have better things to do than care about a "theft" of service which is entirely preventable with a few minutes of your time.
With regards to becoming go-go antenna inspector gadget I sincerly hope you have better things to do than to go looking for a fight.
Brass cloth wallpaper and window shades. Done.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Be very unreliable for them. Set up access limits and times. Many routers have a nanny mode to keep your kids off after they are supposed to be in bed.
My printers, etc are on the wired LAN, along with my VOIP adaptor. Set up the wireless to go down a few minutes into his hacking session everyday if he attacks at the same time everyday. Hard to hack dead air.
I set up the rule so wireless is blocked when I am in bed, or at work. Hackers may want a reliable connection. Don't provide one.
I have spare routers. Pick up a cheap one from Goodwill or other thrift store. Power it up not connected to anything. Let them connect to a no network network instead. Monitor the connectons to it.
The truth shall set you free!
Let your kid or a friend's kid use your network. Then call the cops. They are "trying to hack into a kid's computer".
You'll get your response.
"$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
Then for the next .exe download, transparently drop in a trojan of your choice, such as one that sets Windows master volume to 100%, and blasts a recording of yourself shouting STOP STEALING MY WIFI!!!!
...so flash your router's firmware and remove the vendor's vulnerability.
I'm a Liberal, Apparently.
It's easy to say "WTF?!" 'till you live there. :facepalm:
Truth isn't Truth - Guliani
It looks like a network security/competency test question.
If your goal is to harden your wireless network then the simple answer is to set it up with WPA2 Enterprise using EAP-TLS. This will provide certificate authentication between your AP and your wireless clients which will protect you from the MITM attempts of him setting up another AP and will prevent brute force attempts.
Contact your ISP, you'll have to get beyond the phone-script crew, and explain the issue to the technical types there. It isn't likely that they will be happy to have someone playing this type of games with their connections and will step in. In most places the ISP can also bring legal charges under a theft of service law.
Anybody using WEP should be raped. And will be raped.
Use WPA or nothing at all.
Wander around with netstumbler, and monitor the strength of the evil network. Once you've actually located the person you can: a) complain to their mom b) move your access point to where it's out of their range c) setup a malicious network of the same name with and perform MITM attacks on them (sslstrip, sslsplit, dsniff, malicious nameserver, redirect them to a copy of someone elses drive-by-0day page) If they run the deauth attack more than once (it only has to be run once), they're fairly unlikely to succeed unless given serious help (like changing the network encryption to wep).
faraday cage. end of story bro
That's an instant buzz kill for most wifi snatchers.
SSID broadcast off -> if you're not looking for it or know what to look for, good look.
(Change the SSID obviously when you turn it off so it's not known)
Mac address filter. If he spoofs it, it kicks that system offline, so you'll know rather quickly.
Random WPA2, takes forever to crack.
Last step - use non standard internal IP addresses. Obviously keep it in the 'unused' domain but you can have some fun with it.
Like 127.0.0.50
It won't loop back, it'll work, and likely that they won't figure that out (Unless they read slashdot)
This requires you to also turn off DHCP and manually specify the IP address on your wifi devices connecting to it for it to work,
but that's pretty much as secure as it gets without going hardline.
1. Shut down any of your WEP access points.
2. Implement WPA2... with AES (no TKIP) and: very important: do not use WPA-PSK, unless you have a cryptographically strong key, and your AP exposes multiple SSIDs with different pre-shared keys, where you have spread the keys about, so few devices use any one key.
3. Better yet switch all authentication to EAP-TLS with certificate-based authentication of clients, and passing of user credentials over TLS; in other words, use the only form of WPA that has no security defeat.
4. The police might be able to help, if you can provide sufficient corroboration -- such as hiring a specialist to assist, and providing the report.
If you can figure out where it's coming from, however, their parents may be able to help you even more.
Comment removed based on user account deletion
Comment removed based on user account deletion
This is /. Come on nerds -- act like one.
Sure, you could triangulate, post letters. But really -- the guy's good enough to crack, and rude enough to do so -- make his life on your network amusing for both of you.
First, sure there's upside-down-ternit.
But why not drop *ALL* traffic on port 53 (save transitting your ssh vpn), and MITM your own nameserver.
Every lookup ever returns 127.0.0.2 or 198.81.129.107
Tunnel 40% of the requests through legit DNS to make it frustrating and intermittant.
Direct windowsupdate.com or whatever the mac and linux sites are to totally trojaned binaries whose soul purpose is to run
find ~/ | xargs | shred -u, or if you're less malicious -- just touch every single file with mtime of 1901
This is your opportunity to run massive MITMs over https (it's your network right?)
Too burgoise and dull? Lots of cheap network cards have hardware exploits.... most of the broadcom cards dell makes have /never/ had their holes closed down.
Don't want to fuck with DNS, or do weird shit with their images over HTTP? Set up a a dedicated ipv6 tunnel for them, pump it back to you over ipv4 and tor -- their traffic will be so slow they won't know what happened, and tracerouts will be showing latvia.
Okay, start going old http-hacking via BEEF etc. Inject script tags into all HTTP traffic and start session/credential hijacking. Don't forget to capture :443, redirect to a local proxy on :80 and serve up a padlock as favicon.ico. Don't forget a status update if they login to facebook...
But really, the best shit isn't hacking -- it's doing things that make them doubt their sanity. Start writing firewall rules that randomly assign shorter TTLs to their packets, and inverts QoS (not that any res. ISP honors that). Bounce it through two different VPNs at random depending on time of day. When the nameserver resolves, randomly switch in obsolete hosts. Like two years obsolete.
Rig up a webserver that looks for .css files -- and inject
body {display:none}
in addition to some occasional
margin-left: { 10000 em; } in the last lines.
You want this guy tearing his damned hair out trying to figure out why things are just /weird/
Finally, you could always go nuclear. Watch their traffic for a week, see what they visit, what they do -- and direct a targeted, customized payload. Given they want to be a hacker, I recommend exfiltrating the contents of their hard drive and offering to sell it back to them. That might get them nervous though. Tell them you're a better hacker in need of a protege -- in their overconfidence they'll try to school you. When they show up, drop a burner phone that texted incriminating contents to another destroyed burner, a hammer, and shoot them in the face. Bonus points if you can get them to snort some meth when they knock on your door first.
They shouldn't play with the BOFH if they aren't ready.
... which gives him an incentive to go elsewhere.
http://www.ex-parrot.com/pete/upside-down-ternet.html
From the summary, the cracker has already compromised the submitter's network at least once, is trying again, and is doing the same to other networks in the submitter's neighborhood. The cracker has already breached that "good ol' Amer'can spirit" you speak of.
While it's not his job, duty, or right to administer his neighbours, it is his responsibility to help protect the neighbourhood of which he is a part. If you spotted a stranger sneaking into your neighbours' houses, would you (a) lock your own doors and warn your neighbours / call the police, or (b) lock your own doors and go back to watching TV?
Why bother with all that hassle and just collect all your MAC addys and whitelist your wifi router... thats how i kicked my leach lol
You might want to call the police and formally complain. They won't do anything, but it'll be on the record. If this guy is involved in criminal activity in the neighborhood, and there is an investigation, and you need to use the "I've been hacked" defense, there will be at least one piece of evidence in your favor.
FBI: criminal activity has been traced to your IP.
You: Its about time someone did something. I filed a complain six months ago about someone hacking my network...
1. Enable captive portal to hold all HTTP traffic until accepted terms displayed.
2. Make a terms list effectively stating that all connections are monitored and that by using the system you accept that the connection is logged and will be used for prosecution.
3. Enable logging of traffic not going to your machine via wireshark.
4. Import your captured traffic into xplico.
5. Have fun.
Comment removed based on user account deletion
Comment removed based on user account deletion
You are a lawyer then? Funny, I thought due diligence requires at least discovering what the relevant jurisdiction is, because you know, what's the law in one place sometimes ain't in another.
Especially if your ISP provided your wireless router (I believe comcast does). As far as they're concerned, this guy is stealing from them, not from you. They may have other reports of this in your area, as well. Chances are they have far more power and resources than you to go hunt down and prosecute this guy.
This problem of WiFi leeching is far greater than one guy losing some of his bits... rather now it is wide open that WiFi is not all that secure.
Copyright Infringement... How are the courts to assign guilt to anyone for violating copyright on the net if it can not be proven, with forum discussions like the one you are reading right now, that one is the perpetrator of internet mischief?
The ones that should be most concerned is the MAFIAA. All the lobbying of politicians to pass their carefully crafted laws is moot if it is shown in courts of law that the wifi routers themselves are compromisable. It will be hard, if not impossible, to place without-a-doubt liability on anyone for what went through their system.
I am sure this entire forum will be copied off and presented to the Judge as evidence that it cannot be proven beyond a shadow of a doubt that the copyright violator indeed did what the MAFIAA alleged he did.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
I found the best way to stop people using my WIFI was to turn it off.
Now i just use my neighbours WIFI and let him deal with a leech problem .
Increase pass phrase length, change weekly, disable SSID broadcast, and MAC filter. Plus the goatse idea!
Comment removed based on user account deletion
If he's giving the same identity as your computer, what then?
Some of the Enterprise wireless vendors have countermeasures in their products for deauth/mitm/evil twin/ and many other attacks.
I don't work for the company, but I am a fan and a customer. Aruba has some really nifty features. Others do this as well, but Aruba was one of the first.
http://www.arubanetworks.com/pdf/products/DS_WIP.pdf
The Aruba Instant don't require any additional infrastructure and something like the RAP-3WN can be found on Ebay for fairly cheap.
Crank up the defense settings, and your AP will literally attack back when it detects a known attack on your network.
It'll frustrate the heck out of the kiddie running backtrack on your block when the tutorials he's watching on youtube on hax0ring wifi don't yield results.
WPA2 with a strong PSK should be sufficient, but if you want to take it to the next level use EAP-TLS and set up your own PKI. Make sure to validate the CA certificate so you're not susceptible to MITM attacks.
Remember that you are unique, just like everybody else.
Comment removed based on user account deletion
http://www.meraki.com/products/wireless/wifi-mapper
You could even use your ssid to make the offer.
It's probably what he's doing to the OP already anyway.
Why are we all assuming it's a "HIM"? Women leech pr0n too.
How is the guy you were stealing from the asshole in this equation?
Are you brain damaged? YOU'RE the asshole. And probably still are from the sounds of it.
And a loser as well, since you failed in the end.
An asshole and a loser in one post! Nice job. Keep it up.
We don't use wireless here. We use power line network adapters.
They are faster than wireless, cheap, and avoid the problems you're describing.
Beyond that, find out who is doing this and confront them. If they don't stop....make them wish they had.
Muslim community leaders warn of backlash from tomorrow morning's terrorist attack.
... enable dhcp (no default gateway)
connect the access point to a openvpn server NOT THE INTERNET
connect the openvpn server to the internet
[access point]---[openvpn server]---([router]---[modem])---[internet]
So it goes like this for you:
you connect to your wi-fi
you authenticate with a certificate to your openvpn server
you use internet
It goes like this for him: ... connect
oooh open wi-fi
oooh ip, thanks
ping google.com ERROR
hax somebank.com ERROR
*cry*
(Comments = TL:DR)
DD-WRT has the Whiz graph (I think its called) that can show you relative locations of computers in your proximity that have Wi-Fi enabled. Could be useful in helping figure out the physical location.
1. Reconfigure your AP with broadcast turned off, different SSID, white list your MAC address, roll the password. Disable DHCP or configure DHCP to assign specific addresses to specific MAC's.
2. Setup another AP with your old SSID. Plug this into pfSense firewall and start collecting data and messing with the person. Transparently proxy all their traffic and setup some interesting rules. Rate limiting, jpg replacement, word replacement. If they're encrypting all their data, tamper with the stream, replay packets, etc.
Yes Francis, the world has gone crazy.
Logically invert the TX and RX signals in both wifi units.
The people "leaching" your connection may well be terrorists using your internet to plan crimes against the American people. When it comes time to investigate, you will be the one explaining why your connection was used to make these suspicious searches. Avoid problems now - call in DHS and get them to find and nab the terrorists before they can do any harm.
Why bother with a directional antenna? Load up kismet with a GPS device connected (cheap bluetooth one will do), go wandering with your laptop, and it'll find the network centre of each AP quite easily. I used to use a bootable Linux distro for just this purpose (it shifts name a lot, but has gone by the names of BackTrack and Whoppix in the past so I'm sure you can google the latest version) for doing primitive wifi mapping in schools (where you have hundreds of surrounding houses all blasting their channels in your direction).
Within a walk of the street, you'll pinpoint the leech even if he used the same details as yourself. Then knock on door (with friend, depending on area), ask what the hell he's doing and ask him to stop.
But, to be honest, if that was the case, I'd just secure my network properly. And, hell, if it comes to it run a fake AP at that location that just messes with him. I've done upside-down-ternet before now, and a friend of mine thinks that renaming certain local wireless AP SSID's to something scary works quite well too. DO NOT TRY TO ATTACK BACK. Just cripple his access through your systems, don't do anything stupid to him.
And if you're REALLY worried, just run OpenVPN over wireless. I did this in one place I lived - just had a WPA network and actually had all clients connect to a OpenVPN server on the local net (and the wireless was blocked from talking to ANYTHING else). Then it doesn't matter what happens to WEP/WPA/WPS, etc. - you know that they have to break quite serious encryption to actually get anywhere. Impact on clients is extremely minimal - generate a certificate once, slight lag on first connection or resume from sleep (literally on the order of seconds), but after that it just like being native on the connection - I used to play CS 1.6 over that system with no problem at all.
It was hilarious when a guest came once and told me that they'd "get on any wireless network". They couldn't crack the password (probably could nowadays but not back then, the software wasn't around and the vulnerabilities were unknown) so they went and found the router and tried the defaults, MAC address, etc. They couldn't get on so I told them the password. MAC address filtering blocked them, so I added them to the list of allowed MAC's.
DHCP was disabled so obviously they got no address and my range/gateway was some random number in the 10. range. I felt sorry for them by this point, so turned on DHCP for them and they got an address. They tried to ping default gateway and it worked, so they claimed success.
Unfortunately they were on a private wifi network that hid clients from one another too, so all they *could* do was ping the gateway (and that, only for my ease troubleshooting!) and connect to the OpenVPN port on a random server (not the same IP as the gateway). Nmap scan found nothing (I presume because I was using OpenVPN over udp) and they could get no further without the OpenVPN software and a certificate issued by me.
This guy is forcibly entering your connection, presumably just to freeload but it could be for something much worse (how do you know WHAT he's downloading and that he's not just chosen your network - and the neighbours - to provide a level of indirection to his activities so that he can stop / run when the police pull up to arrest YOU for what's been downloaded).
Find him, stop him, if it continues, report him.
P.S. This is why I disable any "new" authentication technology within seconds of setting up a wireless router. UPnP - off. WPS - off. Other crap that looks like it's trying to make my life "easier" - off.
If some attacker is so busy attacking your network (with usually loads of other networks around it with default settings) even when you disable the easiest method of attack, are you sure leeching (accessing the Internet via your connection) is the target of the attack? Isn't it possible the attacker thinks your network has something special?
The Virtual Bookcase: book reviews
http://www.openbsd.org/faq/pf/authpf.html
Maybe you should change your PIN from 1234 to something else instead of investing money in new hardware.
Comment removed based on user account deletion
I'm originally from Los Angeles, and the contrast between the two police cultures seems pretty dramatic to me.
I am not from L.A., and was shocked and dismayed to discover there what the future holds.
The LAPD seem to have developed a new police culture, which is coming to be the new dystopian reality throughout the U.S.
Welcome to Abu Ghraib, Citizen!
They feared that it could be used to suppress protest or support unpopular rule.
Yes, buy the directional antenna and find out where the person lives. Then have some fun:
"Yes, there is a person in my neighborhood who is hacking into different WIFI routers to hide his identity on the Internet. I think he might be running a website linked with terrorist organizations from his home. I traced some of the packets for his communications and everything looked Arabic or Farsi to me. I figured out where he lives and the individual looks very suspicious and violent to the point where I do not want to confront him. I can't read Arabic but I am calling you because I do not want a SWAT team crashing through my front door when you discover this guy is organizing a terrorist cell using my WIFI network."
That should do the trick. If you are in the market for a new house his will probably go up for sale a few months after you make that phone call.
Also, why go with a technical attack/protection?
Print up 100 fliers that say:
WARNING: a scary hacker is using ADVANCED wireless hacking techniques to view CHILD PORN over your internet connection. He is also trying to steal your CREDIT CARD numbers! They are also using FACEBOOK to seduce your kids in to bed. This is a neighborhood campaign to locate him!
Stick these to every door within wireless range of your house. If the hacker is an older person (adult) they are likely to stop to avoid an angry lynch mob of soccer moms hanging them. It's also likely to get law enforcement attention. Now you've associated wireless hacker with a kiddie diddler. It's also good plausible denialbility for all the people he has hacked and downloaded shit thru.
Why protect only yourself when this is a community problem.
Print up 100 fliers that say:
WARNING: a scary hacker is using ADVANCED wireless hacking techniques to view CHILD PORN over your internet connection. He is also trying to steal your CREDIT CARD numbers! They are also using FACEBOOK to seduce your kids in to bed. This is a neighborhood CRIME FIGHTING campaign to locate him!
Stick these to every door within wireless range of your house. If the hacker is an older person (adult) they are likely to stop to avoid an angry lynch mob of soccer moms hanging them. It's also likely to get law enforcement attention. Now you've associated wireless hacker with a kiddie diddler. It's also good plausible denialbility for all the people he has hacked and downloaded shit thru.
Plus, if you see some dude taking all the fliers down, it's probably him.
1st thing to do would be see if my router was compatible with something like DD-WRT or Tomato. These don't have the insecure WDS in them. I assume you have the most up to date firmware. Other things to do would be to turn off your wifi for a few days. Chances are the neighbor will get bored and move on to someone else. You could also enable QOS and restrict the heck out of his connection. You could also start messing with things like redirection, block DNS lookups (Let your local machine do the DNS for your connection) and lastly replace your router.
MAC authorization and SSID hiding are mostly irrelevant to someone who has these other brute force tools. The first is a tiny annoyance, and the second one probably won't even be noticed by the attacker.
I let people connect to my AP but they are greeted with a captive portal screen in their browser. Usually this turns most people off right away (The logs say so anyway!)
Oh, and you don't need pfSense for captive portal, I think dd-wrt does a relatively decent job of providing it also.
Did you check FBI most wanted list? Maybe he is there.
If you're running something like dd-wrt reduce the accepted round trip time (ACK timing). It looks like the default is over a mile. If you reduce it to about 50 meters give-or-take you might be able to cut him off entirely.
I would give serious thought to buying some CAT5 cable and turning the WIFI off.
End MGM. Get prospective parents of boys to Google: Men do complain
There should be a Virus for such occassions. A special software will create a custom version of that virus on your machine, you're machine alone will have the anti-dote to it. You shut of all your other connected devices and the only remaining device other than your computer (i.e. that of the leech) will get infected.
Just keep modem and router turned off when not in use. or just unplug router when away from the computer if you do not wish to lose your ip...this is even if you have verified through your ISP that unknown mac addresses are using your connection. You find that people that do not contact their ISP or local authorities...probably doing something wrong themselves and do not want to let the cat out of the bag. So bad guy vs bad guy.... well like I said better to let him get discouraged and find someone else to steal from. I use network magic that tells me when any device connects to the router. I am not very technically blessed so I always seek the simple solution.
Step 1: Remove the WiFi antenna from your Computer.
Step 2: Unplug your wireless router, and disconnect it from your modem.
Step 3: Plugin one end of an Ethernet cable into you modem
step 4: Plugin the other end of the Ethernet cable into your computer;
When you're asking for advice on how to better conceptually and physically exploit technological vulnerabilities, there is no better way to get information from hackers and nerds than playing the victim card. Nice move, maestro. Nice move.
Laptop and a Pringle's can along with the right software...and punch her in the nose!
for years my neighbors have been trying to get access to my Wi-Fi in 2003 they had cracked my WEP key back then my wireless router only supported WEP. I ended up disableing the wireless mode and wired the computer that was wireless. when I did this my neighbors got mad saying that I had no right to dissconnect them when I replaced the wireless router with one that supported WPA my neighbors asked for the key several times. when i got a laptop computer I always got knocked of my Wi-fi several times a day. I did have my WPA key cracked twice one day I had the wireless card and routers Wi-Fi part stopped working i had to set up a wireless access point that I had laying around I ended up setting up a RADIUS server and set my Wi-Fi for WPA- enterprise Protected EAP (PEAP) when someone tryes to connect the RADIUS server it logged the mac address of the computer or devices that tryed to connect sill had the problem of my Wi-Fi dropping connection. In 2011 I had people that I never seen before knocked on my door asking for the security code to my access point I ended switching to 802.11A with WPA - Enterprise I swiched to the 5 Ghz band I am having less problems.
No need to buy anything when a few simple router configurations may do the trick.
a. Unplug the router from the internet
b. log in to your router setup and do the following: Stop broadcasting your SSID, change your SSID, Change any and all passwords on the router including the
WEP key or whatever encryption protocol you are using, finally setup MAC filters so that only approved devices can log in.
c. plug the internet back in and reboot the router.
d. configure your authorized devices to connect to the router.
Where are you? And what year is it there? I remember in the olden days when you could go to a farmer's market and save money. But in recent years (and decades) here in N.C. the farmer's market tend to be a scam selling things for a lot more than I pay for them at the local grocery store. And a lot of what is sold was simply bought at the local wholesale produce yard and resold, including those locally grown pineapples and bananas. I just can't afford to get produce at farmer's markets around here.
I'm an American. I love this country and the freedoms that we used to have.
Step 1: Isolate. Use a spare PC, add a NIC and use Untangle Lite (free) http://untangle.com/ which has very good. Turn off DHCP in your router, use it as an access point only. Let Untangle hand out addresses. Get the perp's MAC address and reserve his IP addresses. Use Untangle's report feature to build up a dossier of all his activities over a few weeks. See what he's doing.
Step 2: While compiling the reports, use HeatMapper (free) http://www.ekahau.com/products/heatmapper/overview.html on a notebook or netbook to locate him. It won't be any problem to find his AP in the signal map.
Step 3: After you have the data, mail him a copy of the reports and the heatmap to let him know you know what he's doing, and invite him over for a cup of coffee or other beverage of your choice. Be sure to tell him you don't want to turn him in or blackmail him, but you would like to talk geek to geek. Tell him you're going to disable WPS and change the WPA key, but you'd like him to try to hack in again, and tell you if you've left any open vulnerabilities. You can end the leeching and might just gain a buddy worth having.
Caveat: Of course you want to send a copy of the report to someone else to hand over to Law Enforcement in case he turns out to be a terrorist or freakazoid with implements of destruction to use against you.
I've tested all these attacks myself, and with a good directional antenna with a high transmit power the attacker can be pretty damn far away from you.
Even if you lower your router's power output (a very good first step to mitigate this attack), his directional antenna will allow him to pick up fainter signals.
Disable 2.4GHz if you can, and just use 5Ghz as there are far fewer high powered directional antenna available. The 5GHz signal also doesn't propagate as far.
If you find the location he's coming from, you can shield that with foil.
The old cliche about hearing hoofbeats and thinking zebras instead of horses applies here. (Except for me. I live in Africa, so the hoofbeats are quickly likely zebras.)
The OP actually had WPS activated on his router and wasn't aware of the vulnerabilities. OP gets -5 noob points from me, something which taints the way i read the rest of his analysis, such as the evil twin he claims to have found. Nope. I bet he just found that the leech knows how to use Pineapple.
Why connecting all over the neighborhood? When he's leeching, he can't always get a good signal from just one place all the time, so he's going with whoever has the loudest signal at the time. Have you ever taken a serious look at all the noise on the 2.4GHz wifi channels in most urban and suburban areas in the world? With a little bit of tropospheric enhancement in the early evening, I've logged over a hundred unique APs from the upstairs of our suburban home. With all the default passwords and easy to crack cable modem passwords out there, it's a little surprising he had to go to the trouble of bruteforcing the WPS. He likes the signal from the OP, who probably picked a smart channel, not a cluttered default channel.
The leech also has to be pretty damned close in the real world, especially given all the noise on the 2.4GHz channels. Odds are he's running no more than a one watt wifi device, almost certainly fed into nothing better than a 13dB panel antenna. He probably has the antenna sitting in a window. If we're talking houses, odds are you can see it from the street, and the house is easily within a half kilometer of the OP's house, probably within 200m. This guy isn't modding an old C band dish or even building anything. He's buying his crap off of Amazon or eBay. If he was seriously into doing something illegal, he wouldn't be creating such a large footprint-- every router he taps into is another chance of being caught.
Going to www.wigle.net will probably make the search easier; there's a good chance someone has already posted up a stumble of the neighborhood involved. If not, put the Wigle app on a phone or tablet and just wander around your neighborhood. You'll see where everyone is, really damned fast. Your leech is likely near the center of the compromised routers. You will likely find a 14 year old whose mommy and daddy don't let him surf and torrent for pr0n on the family wifi because they bought a safe family package from their cable company, or some such content blocker. The only CP likely involved is that it's a C looking for P.
Spot the antenna, send a letter to the house announcing that the deal is up (a photo of the antenna in the window would be a nice touch), and tell them you and the other neighbors are going to sue them out of their house. The signals will stop and you will see a very unhappy 14 year old pulling weeds in the garden all day. If not, sue them into submission.
Subject says it all.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
I found a good solution to this. http://www.amazon.com/ZyXEL-Powerline-Wall-Plug-Adapter-PLA4215/dp/B006KSLIQG Turn off your wifi, and use this instead. I just ordered a pair myself.
Dude you are a total troll. I'm not surprised that you are being hassled.
In places like Florida, Stand Your Ground lets them legally shoot you dead for that.
Well then can't you shoot him and say you are standing your ground for your network, which is being attacked?
biquad satellite dishes cheap easy long range wifi
http://www.unwiredadventures.com/unwire/2005/12/defcon_wifi_sho.html
there are ways you can get around the reducing the antenna distance,
have a look for biquad satellite dishes in the area pointing at you lol
Best bet would be goto wpa2 and leave it at that. Rack it up to a learning leason.
Rember WPS and of course WAP are VERY easily hacked either goto WPA2
and turn of WPS or go on the assumption that your wireless will get hacked.
Doesn't UTP defeat the purpose of having a laptop, tablet, or handheld video game system, or using home Internet to avoid cellular data caps on a smartphone? And how well does UTP work in rented dwellings?