wifi net hacked!?

DragonWoLf

DragonWoLf

DragonWoLf

Associate
Joined
7 Nov 2004
Posts
1,755
Location
Southampton/Oxford
Right recently I've noticed that under the network tab on my computer window another PC name which I don't recognise has appeared, someone called Geoff anyways..so went to my Netgear router changed a few settings such as hiding the SSID broadcast, change the SSID and the passkey but yet that PC still appears on my network, what else can I do to stop or something tbh I have no clue, advice forumys?:confused:
 
Mac address filter so only known mac addresses you add manually can gain access, unless he spoofs your mac address.
Turn up the encryption AES TKIP
 
As has been said you might be using a weak encryption, hiding and changing your SSID is about as useful as a chocolate teapot.

What encryption standard are you using; WEP or WPA? Ideally you want to be using WPA2.

Also MAC address filtering is pretty useless in my mind as it's so easy to spoof a MAC address.

Just reread the OP. The computer may still be appearing as connected but that might mean it is just stored in the routers cache and not actually using the network. If it gives you and IP address for it Id try pingin Geoff to see if the computer is still there.
 
Last edited:
You could download and run "Ping Range" . . .
You define a range of IP addresses, and the program will ping each in turn. If any devices respond they are displayed in the results pane.
Click to expand...
Although I suspect that the offending IP address is stored somewhere in cache.

Incidentally, if "Geoff's" PC appears in your "My Computer" list, surely that means that at some stage, you must have connected to it :confused:
 
fluff said:
Show me a way to crack a WPA-TKIP passphrase in a reasonable amount of time. :)
Click to expand...

You don't need to crack the passphrase to attack the system though.

There are attacks for TKIP that can inject falsified ARP packets in ~ 1 minutes work. See this paper. That will lead to DoS only though.

This paper also provides an attack that can recover 596 bytes of the keystream, which allows DHCP packet decryption, and potential injection of falsified TCP SYN/ACK, DNS, DHCP, ICMP, ARP. All in under an hours work. NAT traversal and DNS spoofing are also possible (in a reasonable amount of time).

It might not be a full attack like WEP but you can still do a lot of potential damage on a TKIP network.
 
"Paper" & "Potential".

They don't warrant "AES or you may as well not bother tbh". :)

Sure it's best to use AES but it's a world away from the WEP attacks.
 
fluff said:
"Paper" & "Potential".

They don't warrant "AES or you may as well not bother tbh". :)

Sure it's best to use AES but it's a world away from the WEP attacks.
Click to expand...

A paper outlines the research behind it - the source code for the attacks is provided and implemented in the Aircrack-ng suite. It's a practical attack. It doesn't change the fact TKIP is broken and in many ways is just as dangerous as WEP depending on what an attacker wishes to achieve...
 
Backtrack does away with WEP in no time on a quick PC. TKIP is better but if someone wants to hack your network, for fun or for free internet, it isn't exactly hard.

Not looking into WIFI hacking for ages, think AES is safe enough
 
As usual when it comes to security tntcoder is right!

airdump-ng and aircrack-ng are all the tools you need to cause some serious disruption in network terms.

If this Geoff is slightly savvy and is annoyed that he can no longer get free internet why wouldnt he launch a DoS attack?

I guess it depends on your environment as to the level of severity with which you classify each risk. Personally I think they are both fairly substantial. I guess you have more too lose with a WEP key in terms of eavesdropping.

Anyway its not exactly hard to go AES over TKIP.

Edit - d brennen also makes good points. With an OS like Backtrack any old numpty can do some pretty damaging stuff
 
Last edited:
When i had my old BT HomeHub i had to unlock my Hub for my PSP and DS to connect. A few days later i had at least 6 different computers connected to my network. And they were probably getting better speeds than i was getting with it. So i did what had to be done and changed my Broadcast name to "NEO NAZI CLUB" why you ask because when they hover over or connect to my network it will appear as "Currently Connected to: NEO NAZI CLUB". After that only a few stopped using my connection but to this very day i wonder what there face was like when they saw the name?
 
You must log in or register to reply here.
Back
Top Bottom