Slashdot Mirror
Ask Slashdot: Dealing With an Advanced Wi-Fi Leech?
An anonymous reader writes "Recently, I had found out (through my log files) that my wireless router was subject to a Wi-Fi Protected Setup (WPS) brute force PIN attack. After looking on the Internet and discovering that there are indeed many vulnerabilities to WPS, I disabled it. After a few days, I noticed that I kept intermittently getting disconnected at around the same time every day (indicative of a WPA deauthentication handshake capture attempt). I also noticed that an evil twin has been set up in an effort to get me to connect to it. Through Wi-Fi monitoring software, I have noticed that certain MAC addresses are connected to multiple WEP and WPA2 access points in my neighborhood. I believe that I (and my neighbors) may be dealing with an advanced Wi-Fi leech. What can I do in this situation? Should I bother purchasing a directional antenna, figuring out exactly where the clients are situated, and knocking on their door? Is this something the local police can help me with?"
And punch him in the nose.
WPS works by giving out your WPA keys, so if they've gotten in once through WPS, they will continue to have access.
UTP
Yes, I'm left. You have a problem with that?
Setup squid and redirect all web traffic through it. Replace all images on machines that are not yours with goatse.
You can give them satellite images of the house of the person that stole your identity, and they won't drive over for that.
So for something involving log files and such? Not a chance.
You should redirect all network traffic to goatse for a week, and just use a 3G hotspot while your normal one kills the thief's eyes.
My mom says I'm cool.
Why even do that? Simply set up a list of accepted MAC addresses and give them assigned IPs. Don't provide any service to a MAC address not matching known. Unfortunately, that only stops your router/AP from handing out IPs. They can still eavesdrop and work on listening in on traffic.
...I think that means he's consenting to letting you administrate his system. I suggest you do so.
Log in to the Evil Twin network. Start a bunch of illegal torrents and "accidentally" alert the appropriate parties by IP address. Some appropriate in-theater movies and the MPAA would be a good start.
//TODO: Think of witty sig statement
So then he sets his MAC address to one on the allowed list. Not exactly a tough thing to do.
The first thing would obviously be MAC whitelisting on the router, though if he is smart enough, he would just spoof his MAC to one of the ones on your network, so its unlikely it would stop him. Depending on where you need your wireless router, have you considered turning down the radio strength and putting the router in an area where it covers where you want to use it without the WiFi signal going too far outside the bounds of your house?
Doubt that would work. The leecher has already demonstrated a knowledge of layer-2 attacks against 802.11, I doubt limiting your DHCP scope is going to stop them. They'll just null handshake one of your devices off the WLAN.
Lets hope this article is just a marketing scheme. Anyway, in case it is genuine: Somebody has been freeloading, so what? You have got two options: 1) upgrade your security. double up encryption with MAC authorization. Hide your SSID. Maybe even going to digital certificates.Use only encrypted communications protocols. Many other options. Many time invested. 2) Setup a honeypot. Something open or better yet with poor security. Let him break, monitor the activity, eventually you will get a his personal data. Then decide on the course of action. Cheers
-Reduce transmit power
-Move or buy a directional antenna
Have time on your hands?
http://www.ex-parrot.com/~pete/upside-down-ternet.html
If they're going to go through the trouble of setting up a honeypot, you might was well give up and just shut the radio off and run 100% wired.
Or, go rogue yourself and capture all his traffic. Bonus points if you rate-limit the wireless to effectively have no bandwidth.
The local cops? If your local police department is anything like mine, they don't even send out officers to investigate real property crimes like theft anymore. They'll just laugh at your little WiFi problem.
At least it slows him down. He has to find and grab an accepted MAC, and you'll know he's trying to connect as soon as you have a collision on the DHCP.
You could try leaving the access point open and partitioning it with an ipsec segment. Deny any other connection attempts to the interface. Otherwise just hardwire it and be done with it. Wireless will never be secure. You'll just end up fighting a war of attrition, and that 16yo hax0r has much more free time than you do.
You're giving him cancer, he's using some of your wifi. Just segregate your personal network from the wifi network and see if you have QoS options to limit how much you share. Can't we all just get along? ;)
Doubt it would even slow him down. Some of the semi-automated leecher tools do this automatically already.
On my Android phone, it will detect the closest Wifi signals and you may be able to pinpoint where exactly this evil twin is. A directional antenna may help, but without knowing exactly where to direct it to, you may be aiding the leech. You can try disabling SSID broadcast and reducing transmit power.
No one will trouble themselves this much just to avoid paying a monthly fee and just by the fact they're knowledgable in these means they've spent a lot of time online already. My guess is that this individual is conducting illegal activities through yours and your neighbor's connections, so you or your neighbors may get a visit from law enforcement pretty soon.
If computers were people, I'd be a misanthrope.
...but only if it comes with a cool pings-like-the-motion-detectors-in-Aliens handset, as where's the fun in not having that?
I wish I had a kryptonite cross, because then you could keep Dracula and Superman away.
Do i really have to say it? WPA2, 63 characters pwd.
Wouldn't a leech just look for an open access point? One with a fast connection would be a bonus.
Your interloper would seem to be doing something more nefarious. Why does a simple leech need an evil twin?
Is your local constabulary at all competent in this sort of matters, or are they the kind that go around wardriving for open access points? Because it's gonna suck to try to explain the problem if they don't have a clue, but something's up, and to me it sounds like something leaning toward the criminal.
I think I'd get the directional antenna. Maybe you're dealing with the neighbor's 12 year old, so just alerting the parents could do the trick. If it's your local psycho, that's another story.
I am not a crackpot.
To FBI surveillance van.
If you find him, give him props and buy him a beer and ask him to share how he's doing what he's doing with you. Sounds like some pretty cool shit.
-1 Uncomfortable Truth
start knocking on doors and asking your neighbors if they would mind terribly if you spoke with their 15 year old son for a few minutes, because you've determined he's been hacking your wifi. Eventually, you'll hit the right house. For the wrong houses, act confused and say you must have miscalculated by a house or two, and that you're sorry. Bring cookies to show you're not an ass, though.
Lock incoming connections down by MAC address and disable your SSID. This will probably make them go away. Also, run WPA2+AES and pick a longish WIFI key.
If you have an ASUS Dark Knight router you can setup multiple SSIDs (guest networks) that disconnect every 60 seconds and name them "StopStealingMyWifi". This way you real SSID is hidden and your multiple guest networks are visible, but are unusable. You can also set hours of operations for your radios on the ASUS and turn off your radios at night and when you are not home. Lastly, if you are running dual band, turn off the 2.4 Ghz and run on the 5Ghz band. The 5Ghz signal travels poorly outside your home. WIFI is tough to secure with all of the WIFI hacking tools, but get a good router and rotate shield frequencies and should go away.
Lastly, here is an article on the subject.... this article disagrees with me on disabling your SSID and I am sure others will have an opinion....
http://www.wikihow.com/Secure-Your-Wireless-Home-Network
If someone had an extension cord plugged into my outside outlet and it ran to their house to steal power, I would walk over, knock on the door, and ask them to stop it. And yes, I would also unplug it.
If you have the means to determine where they are it's worth asking them to stop. That alone might change their attitude toward poking at networks.
you can defeat almost every trick like mac filtering or limiting dhcp scope
your best bet is to go back to wired and not send your data over radio waves
Transparently redirect everything to goatse.
* Use enterprise auth to a RADIUS server with an LDAP backend?
* Lower the transmit power to something that just works within your place?
* Use just A or just B or just N? Maybe they're on older tech?
* Configure your router not to well, route. Use it as just an AP and you have to manually set the IP info on your machines, and the router is not *.*.*.1 on the network.
* Do the above, but use an external VPN for all of your traffic. A static route in the router gets you onto the VPN.
* Change your SSID to something threatening to indicate that you're onto them and that you asked Slashdot how to make them stop?
Colin Dean Go a year without DRM
Change your SSID to "Do_not_steal_my_WiFi". It's the enlightened approach -- the same approach that the "Gun Free Zone" and "Drug Free Zone" people use. Only backward, ignorant people would disagree.
if i have a device not work for some reason and i see an IP conflict then i'll know right away
Unless you're setting your subnet mask to only be 10 or so addresses, I'd just pick an address outside of your DHCP scope and I'd never conflict. You're treating DHCP as a security measure when it's a convenience measure.
captcha: gateway. How fitting.
Why even do that? Simply set up a list of accepted MAC addresses and give them assigned IPs. Don't provide any service to a MAC address not matching known. Unfortunately, that only stops your router/AP from handing out IPs. They can still eavesdrop and work on listening in on traffic.
I use reserved MAC addresses and a non-trivial WPA2 password. The router won't connect any unknown MAC addresses.
That seems to work for me.
If they crack that, they aren't leeches. They are crooks. Call the FBI.
"For every complex problem there is an answer that is clear, simple, and wrong."
-H. L. Mencken
Brute force attacks take time, lots of time. Just start changing your key every week and he will probably go away. Having your computer run 96 hours to get a password that then changes 72 hours later just isn't worth it, even for a criminal. If he keeps at it then someone just enjoys the challenge, and you should hunt them down just for the mystery.
well depending on the level of control you have, I'd grant them access and then just blackhole the traffic. The lecher will eventual self discriminate.
Good leaders run toward problems, bad leaders hide from them.
Some neighbor comes in good faith and opens his digital life to you, so you can MITM him and this is how you react? That is rude man. I think that guy deserves an apology sent from one of his social networks accounts.
They probably are the FBI...
NO NO NO
Create a GUI in Visual Basic and track his IP.
Place $10,000 in a cedar box with an Eisenhower Silver dollar. Include a photo of the person in question. Mail to General Delivery Attention: Teddy New York, NY 10001 No bodies, no witnesses, no questions. We're offering 2 for 1 on contract this week, just include an additional photo.
Don't do anything which might give this guy a case to counter your actions. Set up a new WiFi router and move your equipment to this new system. Use a super long key. Something that will take him a long time to crack. See what happening on the 5Ghz side of things, and maybe move operations there.
Then set up a little monitoring software and see what you can find out. Maybe you can discover who this person is, and send him a cease and desist letter. It's shocking and unexpected. Log everything with date/time stamps in case the leech attempts a confrontation, but that's unlikely to happen.
Only the dead have seen the end of War. - Plato
Yeah, call the FBI. That will work. Chuckle.
As soon as these guys clone your mac address (which they can get easily with airsnort) then the only thing stopping them is WPA2.
And if you have a lot of machines connected, they will be able to sniff enough traffic to get your WPA2 password fairly quickly.
Sig Battery depleted. Reverting to safe mode.
So yes, I've dealt with it. The easy solution is go wired for a while, setup a honeypot and track them down. Once you know where they are let them know you are less than pleased and if they don't stop there will be a call to the FCC and local authorities as well as a civil suit for harassment. If you can't go wired Lower your ACK timing and transmit power so they can't get a good signal without standing on your doorstep. switch to a certificate based system instead of a password based system with a new ssid. On the new system setup a proxy that requires additional authentication to reach the internet. Assign static macs to your own devices and block all other local IPs via iptables to prevent them from self-assigning one. As for deauthentication attacks, the best bet is to find them and ans send over a nastygram.
Get a web developer
He found me.
Basically, there's nothing you can do if you keep using WPA.
One option is to lower your wi-fi antenna power to exclude the area where the attacks are coming from. This can be hard to do if you need good coverage for a whole house or some such.
Your best bet would be to use either 802.1x or EAP-PEAP. That's highly dependent on what router you're using, usually only high-end routers support these options, although some home routers certainly do (I remember the good old WAP54G supporting it). If you're going 802.1x, just setup a radius server, configure your devices and you're pretty much set. If you go the PEAP route, you'll need some certificates, and possibly a radius server unless you use client certificates for authentication.
Both options will foil your wannabe hacker. Plus, you'll likely have the only advanced Wi-Fi setup around, gaining you geek creds ;)
Religion is the best example of mass psychosis
Let's see...
As per OP set up MAC address filtering, if this guy is trying to set up evil twins & trying to do handshake captures on your network, MAC addresses are spoofable.
I also like to hide the SSID just to make things harder, but if he's passive listening, that may not help either... though at this point, a hidden SSID with WPA2 encryption does not make for an attractive target, esp. when the MAC needs to be spoofed (I wouldn't know this till i broke through the 1st 2).
However, the single most effective thing you can do is limit your antenna's radius... if your router's stock firmware can't do it, dd-wrt and friends can. Stand outside your house till you can't connect to your wifi at your fence anymore, adjusting the radius in increments.
Last, but not least, go buy a steel fish line and drywall saw at home depot and wire up your house w ethernet ports and disable your wifi. Tough luck on the phones though, unless you can find an adapter for them.
Isn't there FreeBSD or Linux disk image that'll solve this?
<WIFI> <=> [Router] < routes only to > [IP address of solution]
Where the solution does something like the standard coffeeshop login +
* Special account gets unlimited time & bandwidth
* Non-special account needs to sign up every hour & gets diminishing bandwidth (if you want to allow visitors)
Something like http://dev.wifidog.org/, but under active development?
The authorities will not care... But a usb mounted at the reflective center in a wok is a nice directional antenna to find the evil twin.
There are two ways of dealing with this: getting this person off [i]your[/i] network, and getting this person off [i]everyone's[/i] network.
Personally, I think if you can get everyone to squeeze him off their networks then that will probably be the nicest kind of vengeance.
Consider writing up a simple letter (starting with: Just a note from a neighbor), detail that someone in the area has been breaking into wireless networks and may be pirating stuff/doing illegal things which could lead to difficulties for the actual owner of the OP. Then, provide a basic summary of what to do to avoid it (e.g. disable WPS, etc etc) and maybe even provide URLs for the major router manufacturers.
With [i]some[/i] luck, [i]some[/i] people will pay attention and lock down their network.
If you know who it is doing it (using handy phone apps to detect signal strength, or a directional antenna) then you could do a 'special' letterbox drop for that one person with a 'how to buy an internet connection'.
Mind you, if this person is using an 'evil twin' they may be doing more than just stealing Wifi. If their MAC address is stable (i.e. they are not modifying it) you may want to capture some sample traffic with that included. If things do go awry you can use that to provide evidence it was that person's computer, possibly.
There is an app for that.
Sig Battery depleted. Reverting to safe mode.
Make a little shield with a bit of foil and a coathanger. While tracking the incoming attempts, shield your WAP from various directions until it stops. Gives you a direction, and you can bend the coathanger into a little stand to hold the shield in place next to your WAP. It's likely to be in the direction of a near wall, isn't it?
Amazing stuff, tinfoil.
Do not mock my vision of impractical footwear
if i have a device not work for some reason and i see an IP conflict then i'll know right away
Unless you're setting your subnet mask to only be 10 or so addresses, I'd just pick an address outside of your DHCP scope and I'd never conflict. You're treating DHCP as a security measure when it's a convenience measure.
captcha: gateway. How fitting.
I think that's the point; I set my subnet mask to /30 and assign a MAC to each IP. That way, any attackers have to sniff the MAC of an active connection and kick that connection in order to connect. This is very noticeable, and any leecher's going to have a really bad connection (as when my device gets kicked, it's going to attempt to reestablish, kicking them off). Doesn't stop passive surveillance, but it'll stop the leechers.
This is why I am flabbergasted that with all the problems people have with security with WEP and WPA that it never occurred to anyone to do a DHE key exchange before swapping anything that requires the preshared key and adding an artificial minimum to the time between authentication attempts of any kind, such as 15 seconds. That would instantly fix the current weakness with WPA2 and slow down all unknown attacks in the future.
Calling local ham radio enthusiasts would probably lead to some very entertaining results.
The most memorable story I've ever heard along those lines was that a couple of hams had access to a fairly large dish antenna and were setting up some sort of satellite communications (for work, not play). A guy nearby was running a horribly unshielded CB amplifier that was crapping all over their signal. They told him to knock it off. He refused. They pointed out that he was blowing way past FCC limits on transmission power. He ignored them. They pointed the dish straight at his shack and transmitted maximum power at it. Within a few minutes smoke was pouring out of it... bet you could fry a router pretty easily.
I don't know about the hiding portion - any hacker with any skills at all are going to find them. I for one would be far more interested in someone who hides their SSID than someone in a faceless mass of wifis. Makes me think that they are relying on being hidden, and thus have fewer layers of defense.
"As the intrepid kobold companion continues his journey, he begins to wonder... if priests raises dead, why anybody die?
Because it's not like the MAC addresses that are allowed get broadcast over the air when they are in use or anything.
I had a problem like this once. ;) and sending I nicely worded letter to his home address.
To solve it I setup a second access point with throttled bandwidth then captured all of its data, not only was I able to capture his logins/passwords but was able to identify him and his address. Then it was a mater of using firesheep to take control of his Facebook page
First use signal strength to identify which house it is... Then rent a black van, and park it in that area for a few days. I bet it stops. If not, start noting all the activity and logging it, and submit it to the ic3. Thats about the only people I can think of that would even have the expertise to know what they are looking at. Then they would surely have to come investigate it themselves... but id also pretty much HAND them the case by videoing the pieces and doing the explanations... its a pretty weak possibility, but if they hand that off to local law enforcement, they cant ignore it.
Disable WPS or if your router doesn't allow you to do that, buy one that does.
Change to WPA2 and use a long, random key (a non-sense sentence will work too). Yes, it's a pain to have to set your devices up again, but it's the only way to take away their access.
Hiding your SSID, MAC filtering, etc. will do nothing if the script they are using is somewhat intelligent or if they have a more than a passing knowledge of what they are doing.
And if you don't want to just foist this issue off on someone else, help your neighbors to do the same.
Post anonymously - For when your opinion embarrasses even you!
The evil twin makes finding the culprit a cakewalk. Download inSSIDer and walk around. When the evil twin's signal is strongest, you're outside his door.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
So next you get a letter from the RIAA ask you to pay $300,000 for distribution of copyrighted files.
Or the FBI comes SWAT team wanting to know about that kiddie porn....
Why would he even send a DHCP request?
(Several posts here are talking as if DHCP is a vital stage in setting up a network connection.)
# cat
Damn, my RAM is full of llamas.
And somebody like me would completely own you for it:
1. I have the technical know how to set my SSID to hidden: red flag #1
2. What else do I have running if my SSID is hidden?
In my case, I log all my traffic, and honestly it might take me a second to notice, all it would take is a few hiccups of my bandwidth for me to take a quick look at the settings and at that point, I'd log your traffic for a while, see what I can gather, and go find a zero-day, break through, escalate privilege, send your pr0n to your mom via the facebook login I logged, and delete your registry before I'm done.
So in short, you never quite know what you're logging into when you go rogue on wifi :)
At least it slows him down. He has to find and grab an accepted MAC, and you'll know he's trying to connect as soon as you have a collision on the DHCP.
Yea, it'll take him another 30 seconds to spoof his MAC address. That will really slow him down. *nod*
turn your router off, reconfigure it or replace it, go into paranoid mode, if the router does port forwarding take all port 80 and 443 attempts and direct them to your proxys:
http://tips.fbi.gov/
and
https://tips.fbi.gov/
set up a linux host, plugged in wired and an exception for the above rule, set up authenticated squid...
or just turn your router off for a while and go wired....
Unix, an obscure operating system developed by bored researchers in an attempt to get a better game playing experience.
I believe in the scorched Earth policy:
Brick his doppelganger AP by doing a bad firmware update on it.
Go to dealextreme and buy a Wi-Fi jammer and use it whenever you're not home or asleep.
Change your AP's name to his address plus "..is a sex offender. Hide your kids"
Make sure you don't allow admin over wifi. Most routers have a setting so you can only administer it from a wired connection. This isn't an absolute or a fix for the base situation, it's just an extra hurdle for them if they get in and want to screw with you for fighting back.
Failing that, any ham who enjoys RDF would be happy to help, provided they have gear that can listen in on that high of a frequency. Chances are the ones that can are the ones you want helping you anyway :)
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
If the wifi is open, they are inviting people to share.
This one is NOT open, so yeah, they are crackers, and that's illegal, but your local cops probably won't do anything if you call, but it's worth a shot.
Those of you recommending a long randomly generated WPA2 password need to RTFA. He has been hacked via the WPS vulnerability. Once you have obtained the WPS pin you have permanent access into that router and have the ability to retrieve the WPA2 password in plaintext every time that he changes it. The pin cannot be changed. Depending on the router you may or may not be able to disable WPS. Next time buy a router that has the option to disable WPS and TURN IT OFF. Over 12 million routers are now exploitable via this hack and have been for quite some time. The exparrot option or sniffing his traffic are the best options.
Set your SSID to "UnauthorizedTrafficRoutedThroughPolice"
and/or
Set up a server between your ISP and wireless access point with a VPN. If you get caught by his evil twin access point, you will know because your VPN connection will fail. Even if it doesn't fail at least your traffic should be secure.
or
Set your SSID to "ConnectingHereConstitutesConsentToEnterAndSearchYourHouse" Maybe the opportunity for an easy search would get the cops interested.
You should probably file a complaint with the police in case his illegal activity comes back to your IP address.
You may want to find out what kind of person you are dealing with before getting the police involved. Your strategy should probably be different if you are dealing with a local gang leader or homicide parollee rather than a high school nerd.
If the offender happens to be on probation it could give you extra leverage.
Keep in mind that if he lives next door he can listen in on your conversations with a sensitive directional microphone. He could also probably easily tap your phone, especially if it is cordless or cellular. So be carefull about speaking your passwords or other sensitive information out loud. Mail theft, burglary, vandalism, and other nasty attacks could become an issue.
Here's a solution - organize a neighborhood open wireless mesh network co-op.
It would be much more satisfying to make stone soup, than reinforce a stone wall.
"Flyin' in just a sweet place,
Never been known to fail..."
It is widely known by security professionals that hiding your SSID actually decreases security. For starters, it is easy enough to sniff a SSID out of the air. What is more concerning is that wireless clients configured to connect to a hidden network will constantly try to connect to any wireless network, essentially asking "Are you my network?" A malicious access point could say, "Yup, sure am!" At that point your wireless client will be more than happy to divulge your preshared key. There are even affordable retail products that accomplish this out of the box. Check out the Wi-Fi Pineapple.
Slowing him down is a good idea. Traffic-shape any non-whitelist MAC to a frustratingly slow but still believable bandwidth. He might just think your connection sucks and move on, without suspecting you've throttled him. It can't be impossibly slow, just pretty slow, like 28.8kbps modem slow.
Lots of problems as others point out.Another solution: QOS. Do MAC filtering. Those in the trusted list get full speed. Those not get a much slower speed. Play with it a bit you want it fast enough that the hacker things they own you and doesn't try to figure out your MAC address but slow enough you don't mind losing that much bandwidth and it is painful to the hacker so they go on to other networks. Say 2Mbps with a 64kbps upload. Fast enough to be reasonable for a bottom tier internet package slow enough that no sane leech would choose you as the preferred target. Then enable logging, reduce signal strength, etc other games.
Turn it on at the power button only when you need it. That will make a very poor quality connection for the attacker and they will move on, and it will also save you money on your electricity.
If you can't live without an always-on connection then you will have to get aggressive and really go after the attacker.
Actually you dont 'change' the MAC address, you merely mask it. The MAC is a hardwired chip on the network device. But I guess and idiot would try to change it.
Whenever a player quits EVE to go play WoW, the Average IQ of both games increase.
If someone is leeching your wifi, look up how to middle man attack. Steal all his info. Find out who you are dealing with. Be nasty. Be a dick back.
Fight fire with fire.
You get the picture I am making here? You have someone that keeps breaking into your wifi, so set a fucking trap.
For the record, police are stupid as all fuck, and they won't do anything for you.
Be seeing you...
Jesus Christ, do you read? Did you not see where I said to set the passkey to a long, random phrase (AKA WPA2 PSK)? And setting the DHCP subnet to something other than the idiotic 192.168.0.1 or .1.1 that comes out of the box will do a lot to prevent them from bypassing DHCP. Set it to any 32 addresses in the 10.x network and done.
Don't you have to crack the WPA2 before you can find one of the valid mac addresses?
Don't think so.
Stations brodcasts its mac address to the access point in clear text.
http://www.maxi-pedia.com/how+to+break+MAC+filtering
The stations may also send beacons, depending on how they are configured.
http://www.wi-fiplanet.com/tutorials/article.php/1492071
Sig Battery depleted. Reverting to safe mode.
Don't you have to crack the WPA2 before you can find one of the valid mac addresses?
No.
Have a nice time.
And I can also spoof MAC addresses. MAC filtering is about 1/100th of a secure wireless network.
re: For example, I regularly walk 6 miles to a farmer's market and 6 miles back to save a couple of dollars on the price of vegetables. That's three hours of walking to save a minute or two's income.
.
Bonus for you is that you got three hours of aerobic cardiovascular workout time! You'll be healthier, and (two or so dollars) wealthier, and wise! The strange this is that there are people who actually pay other people and companies money for the opportunity to exercise on a treadmill or a stationary bike. These people tend to gas up their SUV and drive the two miles over to their "gym" to do pretend walking and pay for that privilege. You, sir or madam, on the other hand have gamed the system and not fallen for the idiocracy. You get the benefits without the costs.
Also, you're not a leech, so you're also a good person. Plus you also eat vegetables: double-plus good person! (My mom has me convinced that stealing the carrot sticks from the fridge is bad, so I'm tempted more and do it more! It was just a year ago that I figured out that carrots were healthy! I've been conned into liking veggies!)
;>)
Bonus point of spelling pickiness: your response was to Re:I've used Wifi Analizer . Surely, the GP poster meant "Analyzer", unless the word "analizer" tells us more about the GP and his probings by alien species than we wanted to know....
On a modern network, it is.... at least at the consumer level where nobody knows how to configure a subnet manually, but if you're managing any kind of large scale network it becomes very difficult to work with static configurations on every workstation even when you know how.
That being said, for a small network you *could* simply assign a static configuration to everything and turn off DHCP. It wouldn't protect you because, as others have said, the MAC and IP address could be cloned anyway, but it would offer an added layer of annoyance for whoever's doing it, such that they'd probably go somewhere else.
The truth that nobody wants to really admit is that there's simply no way to keep a determined hacker out of a wireless network. It's, by its very nature, an open network. About the best you can do, short of going wired, is regularly rotate your wireless passwords (get a new one every day, for example), and also maybe set up a VPN on your local network, so that even if you're on the wifi you can't actually do anything with it without connecting to the VPN.
Clearly you do not have someone trying to leech your network, or you are not able to detect such a user. MAC addresses are broadcast in the clear. This is because otherwise every device on the network would have to decrypt every single packet in order to determine whether or not the device is the intended recipient of the packet. All the attacker has to do inspect a packet, find the MAC address, then spoof that MAC address.
WiFi Protected Setup (WPS) is broken, and on many routers it cannot be fixed without disabling WiFi completely. Even a 64-character, high entropy password on WPA2 AES will not work. This is the problem faced by the poster of the article.
In my mind, the best solution is high entropy, long password, WPA2-AES with a router that does not have WPS or is known to be able to safely disable WPS (such as latest versions of DD-WRT).
I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.
Under State law, I am required to stop the progress of a Felony by law, or be an accessory.
If I have a HCP, that means I'd be armed.
Castle doctrine does not protect criminals, by its definitions section, in FLA. Here the area extends to the property line at least, by case law.
Law is a great thing until you realize you're on the wrong side of the line, at the wrong moment in time. :)
Truth isn't Truth - Guliani
This story contains a hilarious amount of bullshit.
-1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
http://www.net-security.org/software.php?id=259
OP already said he disabled WPS.
Ghost Busters!
Sent from my ASR33 using ASCII
Insert a Javascript zero day into his HTTP traffic and take care of his computer. He'll never know what took him out.
I am becoming gerund, destroyer of verbs.
First of all, just to be clear: this isn't leaching, this is someone doing something nefarious. If they just wanted free bandwidth, they would never set up an evil twin network. Most of the replies on this thread are bad advice assuming it's a leech. The person responsible might be nearby, but probably not; if you track down the computer that's responsible, you're likely to find that its owner doesn't know what's going on and it's been taken over by an anonymous attacker over the Internet. Or you'll find a PwnPlug.
The first thing you need to do is notify the police that you're being targeted by hacking. This is important; if your computer/network is taken over and used for something illegal, which is likely to happen, this will protect you. Second: you need to notify your employer, as well as anyone whose confidential data you're in possession of. And third: you need to harden your computer security, and figure out why you might have been targeted.
On a modern network, it is.... at least at the consumer level where nobody knows how to configure a subnet manually, but if you're managing any kind of large scale network it becomes very difficult to work with static configurations on every workstation even when you know how.
My point is that it is *incredibly* trivial to connect to a wireless router that has DHCP enabled and just use an IP address of your choosing. It's a perfectly normal thing to do if you want to be able to predictably SSH a machine or something, and even MS Windows has a GUI way of doing it. Somebody who is sniffing network traffic and cracking encryption keys can easily determine which addresses are already in use, and in practice, if you take an address at the high end of the range (e.g. 192.168.1.250), you won't run in to any trouble with other clients.
# cat
Damn, my RAM is full of llamas.
Do a quick search online to get hold of some identity theft / credit card harvesting malware and modify it so it sends the capture to you.
Then, setup a transparent linux proxy server that replaces any executable file downloaded with your malware, and put it between your internet connection and an open wireless network.
Let the little turd use your free wifi internet to his heart's content, and wait for him to install the malware when he's trying to install something legitimate. Then, wait for your malware to send you the details of who he is, what his credit card numbers are etc.
Finally, go to the local coffee shop that gives out free wifi with every coffee purchased, and drop all those details you collected on pastebin.
Problem solved.
Be very unreliable for them. Set up access limits and times. Many routers have a nanny mode to keep your kids off after they are supposed to be in bed.
My printers, etc are on the wired LAN, along with my VOIP adaptor. Set up the wireless to go down a few minutes into his hacking session everyday if he attacks at the same time everyday. Hard to hack dead air.
I set up the rule so wireless is blocked when I am in bed, or at work. Hackers may want a reliable connection. Don't provide one.
I have spare routers. Pick up a cheap one from Goodwill or other thrift store. Power it up not connected to anything. Let them connect to a no network network instead. Monitor the connectons to it.
The truth shall set you free!
It is a great story, though. And the guy telling it claimed to be one of the people who did it. You'll note that I never said it was true...
I don't quite get the problem here.
There's an individual outside of his home, who is accessing the wifi *in* his home.
Everyone is talking about potential countermeasures.
What about the obvious ones?
1) wire everything. That doesn't work so good for tablets, laptops in random places, etc.
2) Make it so he can't connect. Reduce the power (if possible). Pick a noisy channel, so he'll get too much interference. Shield the antenna from the direction the intruder is.
I've had to move so many access points, because people put them under desks, or with something in between Point A and B. Nope, RF doesn't pass very well through the refrigerator, filing cabinet, or the other numerous things they love to put in the way to complain. Detune it. Put the AP under the desk, so there's just enough power to reach the couch (or wherever).
Worst case, anti-wifi wallpaper, or even the always stylish wire screen or aluminum foil.
I vote for an all-out Faraday cage. Not only will it stop the wifi thief, but it'll keep the government mind control out... :)
Serious? Seriousness is well above my pay grade.
Why do they need wifi at your home. Aren't they there to talk to you instead of constantly updating their facebook status?
Maybe it's inconvenient, but security is always inconvenient. You can't have both.
Here you go AC, but next time do your own homework. Or at least have Google do it for you,
http://netsecurity.about.com/od/secureyourwifinetwork/a/WPA2-Crack.htm
http://www.aircrack-ng.org/doku.php?id=cracking_wpa
http://arstechnica.com/security/2012/08/wireless-password-easily-cracked/
Sig Battery depleted. Reverting to safe mode.
This problem of WiFi leeching is far greater than one guy losing some of his bits... rather now it is wide open that WiFi is not all that secure.
Copyright Infringement... How are the courts to assign guilt to anyone for violating copyright on the net if it can not be proven, with forum discussions like the one you are reading right now, that one is the perpetrator of internet mischief?
The ones that should be most concerned is the MAFIAA. All the lobbying of politicians to pass their carefully crafted laws is moot if it is shown in courts of law that the wifi routers themselves are compromisable. It will be hard, if not impossible, to place without-a-doubt liability on anyone for what went through their system.
I am sure this entire forum will be copied off and presented to the Judge as evidence that it cannot be proven beyond a shadow of a doubt that the copyright violator indeed did what the MAFIAA alleged he did.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
Comment removed based on user account deletion
Yes, but only if done right. Use EAP-PEAP with silly passwords or even something really stupid like LEAP, and you're not any more secure. Use something like EAP-TLS with proper certificates, and then you're set.
If a train station is a place where a train stops, what's a workstation?
Frankly we need to throw the whole damned thing out and start over, design something that low power devices like smartphones and tablets can use easily while at the same time having very tough to crack security. maybe placing a hardware crypto chip on the device?
Yeah, that was a great idea last time, until someone found a flaw in WEP and the chips weren't possible to upgrade and we had to live with virtually no security for 5 years.
c++;
Here here!
I am fortunate that my house siding is cement. With the AP strategically placed in the basement, there is no signal at the sidewalk or the fence in the back yard. The next door neighbors may be able to receive the signal from their upstairs, but it's questionable.
A basement makes an awesome 'funnel' for your wireless signal. :)
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers