HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Comcast Sent 625K Copyright Alerts To Pirating Customers
- Thread starter HardOCP News
- Start date
dgingeri
2[H]4U
- Joined
- Dec 5, 2004
- Messages
- 2,830
A couple months ago, I had someone begin hacking into my wireless network and leaching my bandwidth. I'd notice from my DHCP lease list. (I'm a systems admin, and I practice and learn by frequently rebuilding my server that serves out DHCP and DNS. I often will switch between OSes, Windows 2008, 2012, Ubuntu, RedHat, FreeBSD, in order to learn how to do things with each. I know my devices quite well, and I know when someone else is on my network because of all this.) I couldn't locate specifically which other apartment it might be coming from, but I was able to get him to quit by having my network frequently down. I now only turn on my wireless network when I need to connect my tablet to the internet, which isn't all that frequent now. About 2 months after it started and about a week before I encouraged him to quit hacking my wireless, I got one of these notices from Comcast. It's just not fair that I had to get this because some other a--hole was hacking my wireless.
Admiral Equinox
Gawd
- Joined
- Jan 18, 2007
- Messages
- 654
A system admin allowing said leecher to sit on your network and use it for piracy? And you cry that it isn't fair you got slapped with a piracy notice?
Change your fucking wireless security and password. I don't feel bad at all for you, infact, you fucking deserve it.
dgingeri
2[H]4U
- Joined
- Dec 5, 2004
- Messages
- 2,830
I was using WPA2-PSK only. I even turn off WAP. I had a passkey that is 20 characters long, with caps and lower case, but no numbers or special characters. I figured at 20 characters it would be hard to hack. I then changed it to something with 25 characters, caps and lower case, and numbers, but no special characters. My router wouldn't let me put a period in it. The mystery device got on the next day. I'm guessing he must be capturing it from sniffing packets between my tablet and my wireless access point.
I name all my systems after Star Trek ships, so I know when mystery devices appear. My android phone doesn't ever have 802.11n wireless or bluetooth turned on. It drains the battery too quickly. My work phone is the same. My tablet is a WinRT tablet named Yellowstone, so I know when it connects. The only other devices are my main machine and my servers, all with very recognizable names. My main system is Excelsior. My server is SFC. My storage server is DS9. My VM host is UtopiaPlanitia. My HTPC is Voyager. (Yes, no Enterprise. I did that intentionally.) Also, at the time my DHCP server was Windows 2008r2, and I got a very clear list of all DHCP leases and device names. So, when something like BROCK43A (not the right device name, but it's something similar, it had a name and numbers in it, but I can't remember precisely what) appears on my network, I know my wireless has been hacked.
On top of all that, I do not share out any software, movies, or music. The only BitTorrent type traffic that happens from my machines would be from the Blizzard WoW updater. I do plenty of watching shows from Hulu, Amazon, and Netflix, but I doubt they'd be mistaking that traffic for file sharing.
I name all my systems after Star Trek ships, so I know when mystery devices appear. My android phone doesn't ever have 802.11n wireless or bluetooth turned on. It drains the battery too quickly. My work phone is the same. My tablet is a WinRT tablet named Yellowstone, so I know when it connects. The only other devices are my main machine and my servers, all with very recognizable names. My main system is Excelsior. My server is SFC. My storage server is DS9. My VM host is UtopiaPlanitia. My HTPC is Voyager. (Yes, no Enterprise. I did that intentionally.) Also, at the time my DHCP server was Windows 2008r2, and I got a very clear list of all DHCP leases and device names. So, when something like BROCK43A (not the right device name, but it's something similar, it had a name and numbers in it, but I can't remember precisely what) appears on my network, I know my wireless has been hacked.
On top of all that, I do not share out any software, movies, or music. The only BitTorrent type traffic that happens from my machines would be from the Blizzard WoW updater. I do plenty of watching shows from Hulu, Amazon, and Netflix, but I doubt they'd be mistaking that traffic for file sharing.
If his wireless router has WPS, it doesn't matter if his WPA2 passphrase is a paragraph long. It's been well documented that even disabling WPS doesn't stop the exploit. I can crack WPS on a weak signal in less than a day on an old amd x2 machine. Anything less than a router physically without WPS and/or one that uses custom firmware to truly disable it is insecure.
dgingeri
2[H]4U
- Joined
- Dec 5, 2004
- Messages
- 2,830
I did change that, repeatedly. He'd get back on within a day. That was with the best security available for a home wireless router, WPA2-PSK. My passkey was 20 characters at first, and just grew from there. After the fourth time he hacked in, I gave up on changing my passwkey and just went back to the original. (My second passkey was "Wireless80211gAccess" which was defeated between Saturday afternoon and Sunday morning one weekend. My third was "Resist4nce1sFut1le" which could have been hacked anytime between that Sunday and Saturday two weeks later. Do you think those would have been easy to guess or even get through using a brute force method?) This hacker must have been using automated tools for this access, with as quickly as he was adapting to my changes.
I didn't have the resources I have at work, forcing user level authentication from Cisco based business access points. (I don't even maintain that part of the network, or any security. I manage the software test labs' infrastructure.) So, don't go thinking there's something better I could have done.
Granted, I wasn't checking my DHCP lease lists every day. It was mostly just on weekends. I never just let him sit on my network after finding him there. I also only got hints he was on the network from DHCP leases. If he used a static IP, I wouldn't have been able to notice unless I logged into the wireless router I use as an access point and looked at the device list, which is rather time consuming and annoying to do. I didn't do everything I could have to keep him off, but I did put a reasonable effort into it. Demanding more would have been too time consuming and annoying.
I'm not incompetent at my job. I've done a lot of good work here and many people have complimented my work, and I've survived 6 waves of layoffs and had my duties expand from being an off hours support tech for one remote lab to now being the admin for 4 labs, one of which is remote.
dgingeri
2[H]4U
- Joined
- Dec 5, 2004
- Messages
- 2,830
What is this WPS hack you're talking about? I haven't heard of it. I have a WD N900, which does have WPS, but I turned that off. If that is the vector he used to get it, I'd like to know more about it.
ashmelev75
[H]ard|Gawd
- Joined
- Nov 29, 2007
- Messages
- 1,815
Come on, a sysadmin who can't find a perp's MAC address and re-direct all his web to ?
HardUp4HardWare
Supreme [H]ardness
- Joined
- Aug 30, 2005
- Messages
- 4,274
So this is cool then. You can pirate your brains out until you get a notice and you are good to go!
Better than them just gathering evidence and then smacking you in the back of the head with it.
Better than them just gathering evidence and then smacking you in the back of the head with it.
Couldn't you have just setup filtering in your MAC addresses for the router? unless he had a way to spoof and use one of your MAC addresses, there's no way around that.
There are devices readily available now for a a couple hundred that can pretty easily hack pretty much any wireless connection, including cell signals and automobile remotes.
So yeah, wireless security is pretty much worthless now until they come up with something significantly different.
So yeah, wireless security is pretty much worthless now until they come up with something significantly different.
MAC spoofing is pretty easy to do. Quite a few motherboards even let you change the physical MAC address.
And if they person was connecting through the router, it is even easier since you can change the MAC to whatever you want.
Packet sniff, discover connected MAC, duplicate it, and you are in.
DarkStar02
2[H]4U
- Joined
- Mar 1, 2006
- Messages
- 2,144
Admiral Equinox
Gawd
- Joined
- Jan 18, 2007
- Messages
- 654
Pretty sure if someone is just a regular residential user with a "couple hundred" to spend on said device, they don't need to steal someone else's internet.
DarkStar02
2[H]4U
- Joined
- Mar 1, 2006
- Messages
- 2,144
airmon-ng to find their mac address then
Code:
# ip link set dev interface down
Code:
# ip link set dev interface address XX:XX:XX:XX:XX:XX
Code:
# ip link set dev interface updgingeri
2[H]4U
- Joined
- Dec 5, 2004
- Messages
- 2,830
Windows even has a MAC address setting for any NIC. It's really easy to spoof a MAC. I learned that way back in the 802.11b days. I tried MAC filtering on my first wireless router, until I heard how easy it was to circumvent. I quickly abandoned it for just using a server as a router and not using wireless. I'd be without it today if my tablet didn't need it. I hate wireless. It's so incredibly insecure.
dgingeri
2[H]4U
- Joined
- Dec 5, 2004
- Messages
- 2,830
Oh, they probably use someone else's "couple hundred." How do you think they get it? It's invest-steal-reinvest-profit.
MrGuvernment
Fully [H]
- Joined
- Aug 3, 2004
- Messages
- 21,795
mac address filter does nothing for someone who wants to get in, period (see airmon-ng)
or go download Kali linux, i could have your mac address in seconds and those of every device broadcasting a signal, ican also show you what mac is associate to what AP / Wireless device by running one command
airmon-ng mon0
done...
dgingeri
2[H]4U
- Joined
- Dec 5, 2004
- Messages
- 2,830
Good lord, those designers really dropped the ball with WPS. That's just incredibly stupid.
Well, off to shop for an access point that doesn't support WPS. I should probably just upgrade to 802.11ac since I'm at it.
Get a device that supports DD-WRT. Install a version of DD-WRT that does not include WPS support.
Skripka
[H]F Junkie
- Joined
- Feb 5, 2012
- Messages
- 10,791
Problem being....DDWRT has not seen any dev love in 2 years+
dgingeri
2[H]4U
- Joined
- Dec 5, 2004
- Messages
- 2,830
Anyone know of a 802.11ac router without WPS? I've looked at 5 of them from Asus, TrendNet, Netgear, Buffalo, and Cisco, and they all have WPS.
Outamyhead
Supreme [H]ardness
- Joined
- Jan 3, 2008
- Messages
- 4,263
When your only other choice is a crappy 3Mbps AT&T DSL line, makes switching providers less of a choice.
You should just use the 5ghz for your wifi and turn off 2.4ghz if dude keeps hacking you. The range of 5ghz sucks and I really doubt any neighbors would be able to get a consistent speed unless they are directly next to you... Then you will know who the fk is stealing your internet if they keep doing it.
Skripka
[H]F Junkie
- Joined
- Feb 5, 2012
- Messages
- 10,791
Some router hardware, like the AC66U with Merlin's firmware, allow the user to control wifi antenna broadcast power
Good lord, full blown nerd rage. Chill out
Hrmm, couple hundred to be able to NOT pay for ISP vs pay for ISP at $30-$70+ per month.
Pays itself off pretty quickly now doesn't it?
MavericK
Zero Cool
- Joined
- Sep 2, 2004
- Messages
- 31,887
This is all pretty much nonsense, anyway. I'm on Comcast and I've gotten some of these "copyright infringement notices" before. None of them say anything about having to take any action, or that you are on "X out of 6 strikes" or whatever, so there is really no clear course of action for you or Comcast after receiving one. I am pretty sure Comcast just blindly sends them out just to appease the MPAA/RIAA or whatever, and then just does nothing.
Interestingly, I don't think I've ever actually received one for movies or music, only for TV shows and very rarely even at that.
Interestingly, I don't think I've ever actually received one for movies or music, only for TV shows and very rarely even at that.
MavericK
Zero Cool
- Joined
- Sep 2, 2004
- Messages
- 31,887
EDIT: And actually, if I go to my Comcast login page, there are no Copyright notices shown in thier system. So, again, nonsense.
Dreamerbydesign
Supreme [H]ardness
- Joined
- Feb 3, 2008
- Messages
- 6,211
Exactly.
I know more about wireless security and securing networks than this guy.
If you were my sys admin you'd be fired for incompetence.
Dreamerbydesign
Supreme [H]ardness
- Joined
- Feb 3, 2008
- Messages
- 6,211
Newsflash, ATT was one of the first companies to sign on voluntarily to the program and participate. Seriously.Another reason i don't miss Comcrap. But I know the day will come when AT&T (my only choice for Internet) will do the same. Just like they started capping Internet BW that Comcrap started.
dgingeri
2[H]4U
- Joined
- Dec 5, 2004
- Messages
- 2,830
For one, I'm not the wireless or security guy. I'm a server guy. you wouldn't get past my servers. Second, I'm stuck with a home router for a wireless access point, which apparently has a huge security hole that I didn't even know about until today.
Third, I have been through 6 waves of layoffs in my company without getting laid off. They're expanded my responsibilities to include what others were doing, so apparently I'm doing quite well. My responsibilities started at being the secondary guy there for off hours support for a remote test lab and have expanded to being responsible for 3 software test labs at my location and now one more remotely in California. I designed most of the network infrastructure in the test labs, which has specifically excluded wireless. If I was an admin at a place that requested wireless access, I would do my best to oppose it. Wireless sucks. It's massively insecure and unreliable.
Finally, how the heck would you route someone's MAC address to somewhere else? Maybe you have something in your magic bag of tricks, but there are no functions like that in Windows routing or Linux routing (iptables, blech, took way to long to learn what I do know about that crappy program) that I have ever seen. I've seen some functions in Windows routing for specific IP addresses, but it is clunky to work with, and just a change in IP address would get around it. Even if there were a way to redirect someone by MAC address, that's an easy thing to change, too. Morons.
The problem with that in the states is that typically, there are NO other options.
Exactly
Shotglass01
[H]ard|Gawd
- Joined
- Aug 26, 2005
- Messages
- 1,992
Forget the issue of if dgingeri is competent enough to secure his wireless. Comcast sent the notices assuming it was him doing the tor traffic. Seems to me, they'll send one of these 'infringement notices' out just soon as they'll fart in the wind.
And they are both relevant. You smelling a fart near me in a public space doesn't mean I let it go. But they treat these IP addresses as proof that it was my ass.
And they are both relevant. You smelling a fart near me in a public space doesn't mean I let it go. But they treat these IP addresses as proof that it was my ass.