Network security hole

J

jbonetwo

n00b
Joined
May 19, 2012
Messages
5
I have an annoying neighbour who somehow keeps finding a way to connect his devices to my home network- android phone, ps3, several laptops and desktops.

I can't figure out where the security hole is, and the only security measure I can't implement is allowing only filtered mac addresses access to the network as I have numerous friends and family who like to connect to my home network when they come round.

Can anyone offer any insight as to how one would connect to a fully secured network?

I have a 3 router setup- 2 sitecom wl-309's broadcasting both 2.4 and 5Ghz wifi networks and a wrt54gl running ddwrt broadcasting on 2.4Ghz.

SSID broadcast has been turned off and the ssid itself has been changed several times.

Router IP's have been changed to a different subnet several times.

Wireless keys and router passwords have been changed several times.

i cant reduce the transmit power as i have enough trouble as it is with poor signals/dead spots.

mac filtering is set to deny access to his devices every time one pops up but there's a new device every few months or so. i really want to put an end to this tinkering!

any help appreciated!
 
yeah i would be more worried about how hes doing this? either hes one super 1337 hacker, or hes logging your keystrokes or something. if this guy can get into your network with all these precautions, he can and probably has seen your CC info, etc. i would confront him immediately and ask how he does it and if he gives you ANY resistance call the cops on him. for all you know this guy might have a keylogger on your computer or something.
 
If you are using WPA then he is probably using the wps hack which you may be able to prevent by turning wps off on the wireless. However many routers do not let you turn off wps in which case you are screwed unless you move to using VPN within your local network and only allow VPN traffic out.

If you are using WEP then u need to switch to wpa.
 
FYI. Turning off ssid broadcast only succeeds in causing you potential compatibity issues and nothing to increase security.
 
m1abram said:
Just noticed you are runni g ddwrt. Does that even support wps?
Click to expand...

It does not.

OP: Confront him about it. This is a serious matter and there are laws in place to protect you. If you're not sure who it is and you're using WEP, use WPA. If he's still getting in, he's probably got a virus on one of your PCs or has physical access to your network in some way. Both of these are pretty severe breaches of your privacy and I would get the law involved.
(Actually no, I'd build a honeypot and try to put a hook in the sonofabitch, but I'm not a very good role model. :p)
 
I'm using wpa2 aes.

Its impossible that he has a keylogger as I'm quite adept at detecting such hacks. Besides I did a format of all pc's quite recently. Unless he's using a keylogger on my ps3 or mobile phone or something, its not possible that he has a keylogger given the chain of events.

he simply does not have access to my house. There's ALWAYS someone home and i doubt he's had physical access to my lan at any point whatsoever.

I'd rather not call the cops without rock solid evidence to support my claim. Besides I'd never find out HOW he did it and learn from my mistakes.

WPS? Really? I'd never have guessed. Come to think of it...I was setting up a new router when I first noticed he was connected to my home network. I bought the third router 2 days ago and noticed he was connected. Its gotta be wps. But isnt that a brute force hack? Wouldnt that take days?

If he IS using wps crack, what kind of access would he gain over my router? I'm trying to figure out if he's 'unmasked' my wireless keys and the extent of the damage.
 
My keys have always been alpha-numeric and incredibly annoying to type out.

and dd-wrt is on just the wrt54gl router, NOT on the 2 sitecoms.

I've been using wiviz to scout out which pc's he uses to scan for networks (and thus get a mac to filter) but the range on the wrt is dreadful. any suggestions for scanning all active wireless devices in the vicinity? wl-309's not supported by dd-wrt :(

and i like bad role models. for all the trouble he's caused me. if i had the knowhow id have been in there n deleted his porn already. id love to see him call the cops n complain 'someone's deleted all my porn!!' xD
 
jbonetwo said:
...and dd-wrt is on just the wrt54gl router, NOT on the 2 sitecoms... wl-309's not supported by dd-wrt :(

and i like bad role models. for all the trouble he's caused me....
Click to expand...

Ah 10-4, I understand now. A quick Google shows me that the WL-309s do use WPS but it appears to be it can be disabled, at least from what I can see on page 16 and 17 of the user manual.

And honestly, given the circumstances I don't blame you for wanting to taste some sweet revenge!

If you can spare a WAP for the job, I was thinking of something like setting up an Upside-Down-Ternet, but encrypt it and leave WPS on for that router :D He should be rewarded for his hard work! Maybe a GayPornTernet (assuming he's not into that sort of thing!)
 
Last edited:
If this was mine, and some one was getting in, id setup a portal that forced them to it, then have that portal full of viruses LOL!!

Or id sandbox it and log EVERY bit of data..
 
well switching off wps didnt work

he's now spoofing a mac address to pretend he's a sitecom device with my pc's name.

he's also somehow recognised as a LAN connection by my router.

how's he doing this??!
 
Unlikely but maybe he hacked your router's firmware the first time he got access.. Reflash and see if that outs him
 
jbonetwo said:
well switching off wps didnt work

he's now spoofing a mac address to pretend he's a sitecom device with my pc's name.

he's also somehow recognised as a LAN connection by my router.

how's he doing this??!
Click to expand...

How are you sure this is him and not just your PC?
 
Burn his house down...that should keep him away for atleast a couple months.


Also, I stick to the KISS theory. You said there is always someone home right? Any chance he just asked or bribed them for your password?
 
P-UNIT said:
Burn his house down...that should keep him away for atleast a couple months.


Also, I stick to the KISS theory. You said there is always someone home right? Any chance he just asked or bribed them for your password?
Click to expand...

Lol that would be funny if thats the case.

OP take out the sitecom stuff as a test, just broadcast off your main ddwrt router. Do WPA2 AES with a random ass password. See how that goes :)
 
yeah, you gotta get down to the basics, just the dd-wrt router (and reflash that). New password and then see what happens.
 
You could argue that he was hackin in before you got the sitecom stuff so they "aren't" the cause but I have to agree with everyone else. Take it out. Grab an old pc and run pfsense and just use your router as an AP. See if you can start to log more traffic. See when he's most active on your network. If he's just using your connection for consoles and cell phones then he can't be chewin up much bandwidth. I don't know much about security though.

Or try to keep your main network secure but setup a second SSID with weak security and run snort or whatever to try and log everything he does on the less secure wireless network.

Lastly, are your monitors/keyboards positioned in such a way he could use binoculars to try and see what you type sometimes (dumb idea but hey, ya never know)?
 
adam30k said:
I think I am missing something.. how do you know he is connecting?
Click to expand...

That was my point, cause according the the OP. The user is spoofing everything about one of the users PCs which makes me wonder how the OP knows this is his neigbhor and not really his own PC?
 
You must log in or register to reply here.
Back
Top