wifi Fhackers

korrupt2011 · 31 Mar 2011 at 18:19

ok cut a long story short. my neighbours think its funny to keep knocking me offline.

it all started a few months ago when i noticed my lights flashing like mad & nothing was connected.

i then reset all settings & setup wpa2, set bssid to non-broadcast etc.

since then i have tried everything to stop them.

mac filtering/ channel roaming/ allsorts. even confronted them with evidence & they deny it obviously.

after coming across there mac address in my logs many times again. saying an STA is rejected due to access control
& me being stuck on limited access even when i get it to connect it drops back to no internet access a few minuites later.

what should i do ?

ring police

report to isp

or kick in there back door & smash up their computer.

after looking around how to stop it. i think i need a 5ghz dualband router & dongle ?

does any know if this will stop them cause their quite expensive.

a router & two dongles for 150-200

any help or advice appreciated

thanks

mjones1 · 31 Mar 2011 at 18:35

Homeplugs would be pretty good

DELETED_83755 · 31 Mar 2011 at 18:38

The cheapest but most invasive plan would be to have no wireless broadcasting and using an ethernet cable. There may also be an option for ip address filtering on the routers home page as well as as MAC, have you tried both?

These guys must be quite persistent and determined!

fini · 31 Mar 2011 at 18:41

How do you know it's one particular neighbour?

tntcoder · 31 Mar 2011 at 18:59

korrupt2011 said:
what should i do ?

Secure it correctly.

WiFi with WPA2 + strong password = non crackable, maybe they broke into your house and modified the router

J.B · 31 Mar 2011 at 19:12

if you truly have set up wpa2 then you must have chosen a waek password.

how do you know its them? How do you know it's their MAC address and what do the logs say its doing?

I suspect in actual fact you might just have a faulty router?

manbearpig · 31 Mar 2011 at 19:19

Kick "his" back door in

d_brennen · 31 Mar 2011 at 19:24

With a non broadcast ssid and a ten digit wpa2 key it would take some cracking, I'd like to meet your neighbors!

WEP on the otherhand is childs play

Detroit_Waves · 31 Mar 2011 at 19:31

I'd like to know just what you have done to annoy your neighbours this much lol??

RubinRemus · 31 Mar 2011 at 19:35

Getting some 5ghz equipment *might* stop them, but purely on the basis that they don't have any 5ghz equipment themselves.
This may not be the case. Quite a few laptops come with "a/b/g" adapters built in.
If they are "into" wifi "hacking" then they may well have "a" or "a/b/g" plugin (pcmcia or Cardbus, etc) adapters anyway.

You mention being kicked off - this is probably being done via disassociation frames.
There is very little you can do to prevent disassociation frames from being spoofed and injected into your AP/WLAN

MAC address filtering won't help, as the frames mimic, or spoof, whatever MAC addresses they need to - your AP or PC(s) - which are clearly available to a sniffer. So the attacker doesn't need to be on your "trusted" list of MAC addresses, as they are actually using *your* MAC address anyway!
They may be silly enough, once access is made, to use their own MAC.
Keeps the logs from the router.

SSID "cloaking" (non-broadcast SSID) is hardly worth the trouble either, as again, it's always clearly visible to a sniffer, cloaked or not - a total waste of time

WPA2 is worth using, of course, as it is still, at the moment, very difficult to obtain the key.
This is changing rapidly, with FPGA cards becoming relatively inexpensive and also, perhaps more importantly, "super computing" power becoming much more readily and very cheaply available too, in the form of Amazons EC2 service and the like.
But for now, for most people, it's secure enough

Are you saying that you (re)setup WPA(2) and they *still* got access?
If so, perhaps they've set your router to accept admin level access from outside the LAN.
If they have your external (ISP issued) IP address and can access and control your router over the WAN link, then again your WPA(2) will be useless, as they can simply access the router remotely, read the key and use it

If you can keep logs in the router (which, btw, you must change logins for, in case they've been in there too, you can contact your ISP and the relavant authorities. The Police should at least log it for a while to show consistent attacks.
Also, try the whatever the UK version of the FCC is. They should help too.
It is illegal behaviour.

As for comments like "use WPA/WPA2" - disassoc frames are cleartext. Encryption won't stop it.
How do you think a WPA 4-way handshake is captured for password analysis in the first place!?

If they have gained the WPA2 pass, change it anyway.
They shouldn't be able to get it very easily, without physical access to the routers configs.
But again, it won't stop disassoc attacks.

If they are on the network already and you feel like having some fun with them, look into setting up an "upside-down-ternet" (Google it - not sure if I'm allowed to post external links??)
This will basically, whilst you are allowing them free internet access, turn all web pages upside down.
You can do a variation whereby all pages are blurred out and cannot be read.
Just add your own MAC addresses to a whitelist and hope they don't spoof your own MAC's.
Or, you could use something like Ettercap and filter specific words and have them substituted for different words of your choice.
Just a way of having some fun with them, instead

korrupt2011 · 31 Mar 2011 at 20:20

after reading peoples comments on here. they dont have access anymore with wpa2 set.
but they keep trying to knock me off.then i find them tryin to log in & the router gives
a mac address in the logs part of the wifi menu which isnt mine. like this

2day 00:19:01 (none) kern.warn klogd: wlan0: A wireless client was rejected due to access control - 00:26:43:43

2:81
2day 00:20:17 (none) syslog.info -- MARK --
2day 00:24:00 (none) kern.warn klogd: wlan0: A wireless client (00:26:43:43

2:81) was rejected due to access control for 5 times in 5 minutes
2day 00:29:00 (none) kern.warn klogd: wlan0: A wireless client (00:26:43:43

2:81) was rejected due to access control for 1 times in 5 minutes
2day 00:34:00 (none) kern.warn klogd: wlan0: A wireless client (00:26:43:43

2:81) was rejected due to access control for 2 times in 5 minutes
2day 00:40:17 (none) syslog.info -- MARK --

Also ive been monitoring with wireless network monitor 3.4 and this mac address logs in to their router.

i have proof anyway.

does anyone know a decent dualband router + dongles etc for about £150-200

MumboJumbo · 31 Mar 2011 at 20:39

Why are you ignoring everything everyone has said and persisting with spend so much money to stop something illiegal?

Further more do you have that little of a back bone that you would rather spend the money then get the authorities to give them a what for?

tntcoder · 31 Mar 2011 at 20:47

RubinRemus said:
WPA2 is worth using, of course, as it is still, at the moment, very difficult to obtain the key.
This is changing rapidly, with FPGA cards becoming relatively inexpensive and also, perhaps more importantly, "super computing" power becoming much more readily and very cheaply available too, in the form of Amazons EC2 service and the like.
But for now, for most people, it's secure enough

The whole FPGA/GPU/Cloud argument for fast brute forcing is mostly exaggeration IMO, sure it's well suited at cracking weak passwords like dictionary or lowercase < n letters long. If however you use a highly random 256-bit key or even 128-bit (quantum magic aside) it is not going to be cracked for a long time considering the probabilities involved and physical requirements of the amount of electricity needed to do so.

If it is just purely de-authentication frames being used then that's obviously not hacking as has been implied. It's no different to them blocking your driveway with their car all day, i.e go and have words with them or switch to Ethernet

LizardKing · 31 Mar 2011 at 20:52

Switch to Ethernet but leave a wireless hotspot on unplugged as a honeypot, let him waste his time thinking he is winning.

mmj_uk · 31 Mar 2011 at 20:55

Could it not just be some sort of conflict like both of you having the same SSID or something?

RubinRemus · 31 Mar 2011 at 21:00

korrupt2011 said:
after reading peoples comments on here. they dont have access anymore with wpa2 set.
but they keep trying to knock me off.then i find them tryin to log in & the router gives
a mac address in the logs part of the wifi menu which isnt mine. like this

2day 00:19:01 (none) kern.warn klogd: wlan0: A wireless client was rejected due to access control - 00:26:43:432:81
2day 00:20:17 (none) syslog.info -- MARK --
2day 00:24:00 (none) kern.warn klogd: wlan0: A wireless client (00:26:43:432:81) was rejected due to access control for 5 times in 5 minutes
2day 00:29:00 (none) kern.warn klogd: wlan0: A wireless client (00:26:43:432:81) was rejected due to access control for 1 times in 5 minutes
2day 00:34:00 (none) kern.warn klogd: wlan0: A wireless client (00:26:43:432:81) was rejected due to access control for 2 times in 5 minutes
2day 00:40:17 (none) syslog.info -- MARK --

Also ive been monitoring with wireless network monitor 3.4 and this mac address logs in to their router.

i have proof anyway.

does anyone know a decent dualband router + dongles etc for about £150-200

This is what I was trying to distinguish from "access" - The "knocking you off" part.
he logs show attempted access over wifi - "wlan0"

Also, if they still attempt to log in to the router, it may be coming over the WAN link too (internet side) - If so, they probably have your external IP address.

Look in the routers configs and see if you can disable anything that sounds like "Admin over WAN" or "WAN access" "login over WAN) etc, etc.
If you don't have a static IP address, your ISP may still use "Sticky" IP's - this is where you'll "probably" be issued the same IP each time the router logs into your ISP link, if each time is only minutes apart - i.e. a reboot, etc.
If so, try leaving your router off for an hour or so, then turn it back on. Then you will have a completely new IP address and they will not know it - hence they can't try to log into it over the internet any more.

Again, 802.11a kit could be a big waste of money, if they have an a/b/g adapter too.
It will make *no* difference to security whatsoever. It is exactly the same as b/g in setup/config/WEP/WPA terms. It's just operating on a different frequency - that's all (at least in the context of this post

)

KIA · 31 Mar 2011 at 21:49

Paranoid much?

Probably a buggy client trying to connect to your AP.

jonifen · 31 Mar 2011 at 21:59

Change the Wifi channel, change the SSID to something random (letters/numbers maybe - hide the SSID if you want) and set a strong WPA2 key. Then see what happens

Zarf · 31 Mar 2011 at 22:47

If as the logs indicate they are being rejected I don't see what the problem is. They aren't on your network and aren't using your bandwidth. Since you've now set a strong WPA2 key they won't be getting in. Any connectivity problems you have are probably a separate issue.

Also, how positive are you that it's those particular neighbours? With the use of some pretty simple antennas a range of hundreds of meters is easily possible. Last thing you want to do is falsely accuse anyone.