flat assembler
Message board for the users of flat assembler.

Index > Heap > WiFi Insecurity

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
Enko



Joined: 03 Apr 2007
Posts: 678
Location: Mar del Plata
Enko
My brother in his home network has neighbors stealing his wifi.

On "My network" he can view the others pc conected illegaly no the network.


I recomeded him:
Hide SSID broadcast and chand SSID.
Set WPA/SPK 60 characters password
Enable MAC filtering.


He did all that, and they still connecting. The router says that the HDCP pool list is only 2 pc (both his)
But in the network place, apeared again 3 pc more. And they even share the C Drive....


Any idea of what could be happening?

The OS is Win7, and the router is tp-link with wan/lan/wifi interface.
Post 26 Aug 2011, 13:55
View user's profile Send private message Reply with quote
Picnic



Joined: 05 May 2007
Posts: 1288
Location: behind the arc
Picnic
Maybe they have added to the permitted list their own MAC address.
Post 26 Aug 2011, 14:18
View user's profile Send private message Reply with quote
Enko



Joined: 03 Apr 2007
Posts: 678
Location: Mar del Plata
Enko
Picnic wrote:
Maybe they have added to the permitted list their own MAC address.

In the router there are only 2 enabled macs
Post 26 Aug 2011, 14:44
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
- Upgrade the router's firmware
- Review all router settings or reset to factory and reconfigure
- Disable UPnP
- If the router has wired connections and wireless is not indispensable, disable the radio (simple eh?)
- Check the OS
Post 26 Aug 2011, 14:53
View user's profile Send private message Reply with quote
Enko



Joined: 03 Apr 2007
Posts: 678
Location: Mar del Plata
Enko
Check the OS?
What do you mean?


He use the wifi on the notebook, so he need the radio to be on.
Post 26 Aug 2011, 14:57
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
#$%^$%* crap! The one time I don't copy a message before posting, the board kicks me out and I lose everything Mad Mad Mad

Okay, to summarize:
- A trojan or rootkit may have been used to gain access. Formatting the system partition is the only way to be sure it's gone. Antiviruses cannot be trusted to do the right thing.
- Disable any useless services like the remote management/registry access.
- Install SP1 and use Windows Update to get the latest security patches. It can be quite a few GBs so be prepared.
- Cheap home consumer routers come with relatively weak generic firewalls. If a hardware or computer firewall is too expensive or too much of a hassle, at least install a decent software firewall on every machine that connects to the LAN.

EDIT: Oh yes, before I forget: make sure no remote management is enabled in the modem or router.
Post 26 Aug 2011, 18:15
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
Reset the router and manually assign IPs. delete all the devices from the router. Change to WPA/2 scan his notebook for trojans/rootkits(download COMODO Firewall to view all incoming/outgoing net activities).

Lastly beat the shit out of the neighbors for stealing his Wireless Fidelity !
Post 26 Aug 2011, 18:45
View user's profile Send private message Reply with quote
Enko



Joined: 03 Apr 2007
Posts: 678
Location: Mar del Plata
Enko
Quote:
Lastly beat the shit out of the neighbors for stealing his Wireless Fidelity !

It's 3 illigal pc. Yesterday he changed all the settings (deleted many files from C drive that was shared form one of them)
Today, all 3 where connected again.

I know, you put in Google, "still wifi from neighbor" and theres hundred of results... shit.
Post 26 Aug 2011, 19:51
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
There are millions of zombie systems out there. That machine is being used to share files as you've discovered. What else could it be doing that you haven't discovered yet? DDoS? Spam mailing? What about if they start sharing pedopornographic material with the entire world? It's not going to change until you DO SOMETHING!

If you kick intruders out of your house and put "Keep Out, Ugly People!" signs but keep your doors wide open they'll be coming back sooner or later, you know? More likely sooner.
Post 27 Aug 2011, 06:27
View user's profile Send private message Reply with quote
Enko



Joined: 03 Apr 2007
Posts: 678
Location: Mar del Plata
Enko
You sugest to take a gun and shoot every neighbor in the wifi signal radio?

I like that one, I even have no need to know assembly for solving this problem. No man will steal my virtual property.

^^

The os is freashly installed win7 like 1 week.


Last edited by Enko on 27 Aug 2011, 14:27; edited 1 time in total
Post 27 Aug 2011, 13:34
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
World news headlines wrote:
Fourteen people were killed and another thirty people were injured by a lone gunman in Mar del Plata today. The gunman stated "The posters on flatassembler board said I should do it to ensure no one steals my WiFi".
Post 27 Aug 2011, 13:49
View user's profile Send private message Visit poster's website Reply with quote
Enko



Joined: 03 Apr 2007
Posts: 678
Location: Mar del Plata
Enko
Before I shoot someone I need a catch phrase, like 'hasta la vista baby' or 'say hello to my little friend', etc... You know, to make it look cool ^^

sugestions? I was thinking:

Sayonara wifi stealler.
Turn off the radio
You got wifi busted in the A
Post 27 Aug 2011, 14:36
View user's profile Send private message Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4238
Location: 2018
edfed
maybe the 3 pcs connected are just one PC, maybe it is the PC of your brother, and maybe wifi is so dumb that it can make like if 1 pc appear to be 3 pc, because i see sometimes that there are a lot of wifi networks in my neighbouroud, with signal at 100%, and networks names as strange as gTREZEIGFhfjhuip'"é"'tv-'"é, ETREZhngffbnjklfakop or RHKLMSdgf*tù^*er

maybe the wifi norm is not so cool, because it can be interfered with any radio device emiting on the same band, like microwave hoven, computer clocks, police talkie walkies...
Post 27 Aug 2011, 15:11
View user's profile Send private message Visit poster's website Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
Enko wrote:
You sugest to take a gun and shoot every neighbor in the wifi signal radio?

I'd suggest you first try every single advice given in this thread. I may be tempted to say the network will be secure by then.
Then, if all else fails, you could consider other non-IT-related means. Use your imagination.

Enko wrote:
The os is freashly installed win7 like 1 week.

One week is what, too long you think? With the right tools you could compromize a vulnerable online Windows system within minutes.
If it's not up to date, there could be hundreds of vulnerabilities. Windows 7 has been out for almost 2 years now. Even SP1 is 6 months old.
There could be trojans or rootkits in any of the applications he uses. Or he could've got one or more by downloading crap from mail attachments, or P2P networks, or cracks/keygens, etc.


--8<--


edfed wrote:
because i see sometimes that there are a lot of wifi networks in my neighbouroud, with signal at 100%, and networks names as strange as gTREZEIGFhfjhuip'"é"'tv-'"é, ETREZhngffbnjklfakop or RHKLMSdgf*tù^*er

Maybe they're using their key as SSID haha! Embarassed

edfed wrote:
maybe the wifi norm is not so cool, because it can be interfered with any radio device emiting on the same band

Yes it isn't so cool and yes it can and has been breached before. Many encryption protocols have been broken in the past and it's only a matter of time before the ones currently in use are broken too.
Shielded wires FTW!
Post 27 Aug 2011, 16:40
View user's profile Send private message Reply with quote
Enko



Joined: 03 Apr 2007
Posts: 678
Location: Mar del Plata
Enko
ManOfSteel, the sugestion of upgrading the firmware is being performed somehow by my brother (he is in other city, so I cant help him physically).

When he finish it, I will comment of the result.

I don't think he has like super hacker/cracker neighbors, they are using some common tool from the web.

I didn't know that someone could scan your network even if the ssid broadcast is desabled, I fill now unsafe and naked.

bye the way, thank you very much for the advises.
Post 27 Aug 2011, 17:25
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
Enko wrote:
I don't think he has like super hacker/cracker neighbors, they are using some common tool from the web.

Most probably yes, which makes the possibility of a compromised system (your brother's computer) all the more likely.

Enko wrote:
I didn't know that someone could scan your network even if the ssid broadcast is desabled

You don't even need to break the router's protections if the systems within the LAN are compromised.
Routers usually have stateful packet filters. Although these firewalls are very powerful when properly fine-tuned to the system/network and services it's running, the basic ones that come embedded in the routers leave small room for any customization.
If you have some malware running on the system as a "normal-looking" server*, then there's nothing a basic firewall can do to stop it from establishing and maintaining a connection with the outside.
* Not uncommon or particularly noticeable since nowadays even browsers may need to make listening connections
Post 27 Aug 2011, 19:33
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
Quote:

Before I shoot someone I need a catch phrase, like 'hasta la vista baby' or 'say hello to my little friend', etc... You know, to make it look cool ^^


Yippie-Ki-Yay MotherFucker!
Some sources:
http://www.youtube.com/watch?v=A_b2kp-8IFQ

http://www.urbandictionary.com/define.php?term=Yippee%20ki-yay%2C%20motherfucker!
Post 27 Aug 2011, 21:40
View user's profile Send private message Reply with quote
Enko



Joined: 03 Apr 2007
Posts: 678
Location: Mar del Plata
Enko
Well, my borther updated the firmware to the latest version. He reviewed on the web if his particular router has some problems with this and nothing.
UPnP disabled

all key changed. all windows firewall exception deleted.


tomorow I will post results.
Post 27 Aug 2011, 23:59
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
Did he tell his neighbors to stop stealing his Wi-Fi though ?
Post 28 Aug 2011, 04:34
View user's profile Send private message Reply with quote
ronware



Joined: 08 Jan 2004
Posts: 179
Location: Israel
ronware
Hola -

If you're feeling energetic, you can take a laptop and a directional wifi antenna (google how to make one) and look until you find someone with the offending MAC addresses. *Then* use your imagination...
Post 28 Aug 2011, 07:11
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.