Slashdot Mirror
Ask Slashdot: Dealing With an Advanced Wi-Fi Leech?
An anonymous reader writes "Recently, I had found out (through my log files) that my wireless router was subject to a Wi-Fi Protected Setup (WPS) brute force PIN attack. After looking on the Internet and discovering that there are indeed many vulnerabilities to WPS, I disabled it. After a few days, I noticed that I kept intermittently getting disconnected at around the same time every day (indicative of a WPA deauthentication handshake capture attempt). I also noticed that an evil twin has been set up in an effort to get me to connect to it. Through Wi-Fi monitoring software, I have noticed that certain MAC addresses are connected to multiple WEP and WPA2 access points in my neighborhood. I believe that I (and my neighbors) may be dealing with an advanced Wi-Fi leech. What can I do in this situation? Should I bother purchasing a directional antenna, figuring out exactly where the clients are situated, and knocking on their door? Is this something the local police can help me with?"
WPS works by giving out your WPA keys, so if they've gotten in once through WPS, they will continue to have access.
Why even do that? Simply set up a list of accepted MAC addresses and give them assigned IPs. Don't provide any service to a MAC address not matching known. Unfortunately, that only stops your router/AP from handing out IPs. They can still eavesdrop and work on listening in on traffic.
I use reserved MAC addresses and a non-trivial WPA2 password. The router won't connect any unknown MAC addresses.
That seems to work for me.
If they crack that, they aren't leeches. They are crooks. Call the FBI.
"For every complex problem there is an answer that is clear, simple, and wrong."
-H. L. Mencken
This is news for nerds, jock solutions like that aren't welcome here!
Correct solution:
Pinpoint the attacker using a highly directional 2.4 GHz waveguide antenna. Once you're sure only the attacker is visible, attach a microwave magnetron to the antenna and watch him burn.
The evil twin makes finding the culprit a cakewalk. Download inSSIDer and walk around. When the evil twin's signal is strongest, you're outside his door.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
This should be modded Funny, not Insightful.
Re-read the law. Stand Your Ground "lets you shoot" only if fearing for your life or at risk of being badly wounded. Not if you're afraid of being punched.
Make sure you don't allow admin over wifi. Most routers have a setting so you can only administer it from a wired connection. This isn't an absolute or a fix for the base situation, it's just an extra hurdle for them if they get in and want to screw with you for fighting back.
It is widely known by security professionals that hiding your SSID actually decreases security. For starters, it is easy enough to sniff a SSID out of the air. What is more concerning is that wireless clients configured to connect to a hidden network will constantly try to connect to any wireless network, essentially asking "Are you my network?" A malicious access point could say, "Yup, sure am!" At that point your wireless client will be more than happy to divulge your preshared key. There are even affordable retail products that accomplish this out of the box. Check out the Wi-Fi Pineapple.
"My guess is that this individual is conducting illegal activities through yours and your neighbor's connections"
This is highly likely. The guy has invested much time and effort in this so they clearly have motives other than saving a few bucks. OP should make attempts to locate this guy and to shut him down. Use laptops or cell phones with wireless monitoring applications to locate the guy's AP. Nothing too fancy, just do a bit of sneaker-netting while watching the signal strength. You don't need to triangulate the location to within a foot, you just need to get a general idea of where this thing is. Once you get close you should be able to tell which building/car it is in. If this yields inconclusive results then contact the local HAM club. They may be able to assist you in locating a rogue AP or wifi leech in exchange for beer and pizza.
Also, OP needs to file a police report. Will the police do anything? No, of course not. However, it will help to shield OP from liability when the FBI comes knocking in regard to whatever illegal activities are being conducted through his internet connection. He'll be able to point to the police reports as evidence that someone else was on the network long before the authorities showed up.
-1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
First of all, just to be clear: this isn't leaching, this is someone doing something nefarious. If they just wanted free bandwidth, they would never set up an evil twin network. Most of the replies on this thread are bad advice assuming it's a leech. The person responsible might be nearby, but probably not; if you track down the computer that's responsible, you're likely to find that its owner doesn't know what's going on and it's been taken over by an anonymous attacker over the Internet. Or you'll find a PwnPlug.
The first thing you need to do is notify the police that you're being targeted by hacking. This is important; if your computer/network is taken over and used for something illegal, which is likely to happen, this will protect you. Second: you need to notify your employer, as well as anyone whose confidential data you're in possession of. And third: you need to harden your computer security, and figure out why you might have been targeted.