A neighbor keeps hijacking my Router

T

tony67

100 W
Joined
May 26, 2011
Messages
124
Well its actually my brothers router but he keeps bringing it over to me so its starting to feel like mine.

It started a few weeks back with his ISP-provided wireless router, he would lose signal then when he searched again his connection was unsecured and renamed, initially the SSID was generic i.e. "wireless router" or "Vodafone" we reset it and went ahead with creating new secure network keys and admin passwords but this person is still able to reset the router and unsecure the network and now the attacker has taken to leaving messages as the SSID. At first the messages were words like "bike" "honda" my brother has a honda motorbike. Now the the little f****r start leaving messages like "haha you'll never keep me out" and has used my brothers name in one.

At this point I told him to get a new router thinking there was a vulnerability with the original. He picked up a TP link adsl router. To rule out brute force attacks I set it up with a 20 character randomly generated network key (upper/lower case and numbers) and 10 character randomly generated admin username and password. I gave it back and told him to power it up but not to connect any wireless device to it and don't connect the phone line. I was going to do it in stages over several days to pinpoint any weak links. Within 90 minutes the network was open and renamed "TPlink". I am at a total loss as to how this is happening. There is no way the network key was cracked Ive seen how WPA2 cracks are done with dictionary attacks and brute forcing also WPS was disabled because I've seen that is a weakness.

This latest episode did confirmed one thing. The attack is coming in directly on the WLAN and is not hijacking an already connected device because nothing was connected including the WAN.

Does anyone know of a method of attack this person is using. I've read up on quite a bit recently to try counter this and have realised how vulnerable some networks are. Is it possible to bombard a router over WLAN in a type of DDoS attack in order to force a reset to factory defaults?

This post is as much a vent as a request for advice but any help anyone can offer would be greatly appreciated.
 
Turn on Mac filtering and only allow your MAC address
1. Start menu > run > type 'cmd'
2. In command prompt type 'ipconfig'
3. Write down your WLAN MAC address

Maybe also look up 'honey pots'

Sounds like he's using a denial of service attack causing your router to lock and/or reset. You could also add a second wired router in series to block him out of everything.
 
Sounds like an attention-seeker. Assuming your next move is unsuccessful you and your brother could try ignoring him as best you can.

Generally when these types are ignored they get bored.

Or if you find out who is doing it there is the option to kick the shit out of them. :mrgreen: Once again assuming they aren't 12. :lol: If you do catch them phone the police.
 
If the skills and determination of the person are adequate, there is nothing that can prevent anyone from interfacing at any level with any network.

Keep in mind, middle-school children hack FBI and Pentagon databases and things. Even if you had no network connection, someone can just wait until nobody is home and physically take the device and clone the HD or whatever they please is sufficiently motivated.


I always just leave my networks unsecured so anyone can connect without needing to waste 5mins to an hour. Imagine how nice the world would be for browsing the internet while traveling if everyone just left there networks un-"secured".

It's the internet, there is no reason to attempt to keep someone off it, and using encryption just makes you a fun target to exploit rather than freely sharing.
 
It is possible to reset the router using certain tools and then the hacker can change the name and password. You can search on YouTube for tutorials.

As well, if the hacker has access to your router, he also has access to any other computer on the network. He can view all computers connected to the router by using a linux terminal, then just select the computer and he's connected. From there he can install a remote access tool RAT to steal your keystrokes.
 
iamsofunny said:
It is possible to reset the router using certain tools and then the hacker can change the name and password. You can search on YouTube for tutorials.

As well, if the hacker has access to your router, he also has access to any other computer on the network. He can view all computers connected to the router by using a linux terminal, then just select the computer and he's connected. From there he can install a remote access tool RAT to steal your keystrokes.
Click to expand...


Of course. If the guy has the appropriate skills, he can watch your screen and every keystroke laughing as you set new passwords and things, and could be anywhere in the world. That's why it's kinda silly to bother with the illusion of "securing" your network/puter at all.

Why make yourself a target IMHO. Share your connection freely with anyone who may wish to use it, and the incentive/fun in messing up your network kinda vanishes.

There was a point living in a large apartment building in Seattle that my unsecured network had over 50 users on it. Never had a single issue. Comically, other folks with "secured" networks would occasionally bitch about getting there network "hacked", I suggested they use mine. :)
 
http://www.computerworld.com/s/article/9246392/There_s_now_an_exploit_for_TheMoon_worm_targeting_Linksys_routers

http://www.pcworld.com/article/2097903/asus-linksys-router-exploits-tell-us-home-networking-is-the-vulnerability-story-of-2014.html

if you can give a model type of the wifi-router and it's something malicious it should be pretty easy to figure out.

In the majority of these turning on remote web access to the router lets them do the exploit.
 
Basic math:

  • Live with the fact that the World is out to get you and your worth.
  • Turn off wireless and use hard-wired connections.
  • Work-pcs do not use wireless at home. That's a potential for a security breach.
  • Use only hardwired-connections, and moving beyond copper to fiber is the best you can hope for without resorting to encryption.
Challenged as well. KF
 
Ypedal said:
yeah.. mac filtering is the way to go.

also turn off SSID broadcast ..

if you really want to take it one step further, change the default 192.168.x.x to anything else 215.xxx.xxx.xxx along with the 2 above.. i can't imagine how he'd get around it.
Click to expand...

mac filtering is totally useless. never heard of mac address spoofing? he listen for the network traffic. then changes his pc's mac adress to the one the allowed user uses. easy.
disabling ssid broadcast is useless as well. it only keeps grandpas out of your network ;) ssid sniffing is as easy as mac sniffing.
still this is no help to the thread starter.
if you have a new router and install something like ddwrt or openwrt on it, configure it on a different known secure network, then install it to your desired network, then it should be very hard to hijack this router.
for me it looks this so-called hacker has some keylogger or something installed that gives him the admin user/pwd. did you check for that?
if you install this newly installed router and connect let's say with a for-sure uncompromised device, and then bring those two devices to the new location and he still get's in, then i'm out of knowledge.
i guess you used approprite security?
and NO. i don't think you should let your network open for everyone. if you do this you may be held responsible for anything bad done from this access. and it's surely not fun to tell the officials why some child p*** was downloaded from your ip address.
do anything you can to make it secure. if you can't - take it down :(
 
izeman said:
i don't think you should let your network open for everyone. if you do this you may be held responsible for anything bad done from this access. and it's surely not fun to tell the officials why some child p*** was downloaded from your ip address.
do anything you can to make it secure. if you can't - take it down :(
Click to expand...

There is no secure. Dropping wifi for copper doesn't buy you a thing. If the guy knows your devices MAC addresses (which he obviously does), then he can deliver through a hundred different methods software to run on his devices and do anything he pleases. Even if be buys all new routers and hardware he could send this guy an email that appears to be sent from his ISP that say's, "router security breach issue reported" or "PM from ES member" or spoof it to look like it was sent from someone he normally emails with, and get his backdoor installed that way, or the drop-a-flash-drive near his house trick, or so many other options, and it won't make a lick of difference if you're on WiFi or fiber or copper, they are driving your computer already, and obviously have more skills with it than it's owner.

If you run an open public network, it doesn't matter what someone else downloaded, it will be from your connection which could mean someone could talk to you about it, and you tell them you've got an open public network (like a coffee shop etc).

I think you're at the most risk for getting busted for something if your network IS secured, because it will be more difficult to say it wasn't you (to some moron investigator), but really no additional difficulty for anyone with skills and desire to do whatever they please in the first place.

Once again, there is no such thing as secure if someone has adequate skills and desire. You think the FBI and CIA and DOD and shit don't jump through every laughable hoop and follow recommended network security procedures and things? Middle school kids with the right skills pillage that shit at will for a recreational activity. All that stuff buys you is a warm-fuzzy-feeling inside if you're a moron.
 
lfp most of what you say is true. still i didn't say he should move from wifi to copper. but copper IS more secure.
and mac address spoofing has nothing to do with mail address spoofing. and sending mails does NOT open any security breaches. opening stupid attachment possibly does.
still securing a network is necessary. i don't know about the laws of you guys, but here it's like leaving your car/house unlocked. police will fine YOU as well as it can be seen as an invitation to crime. strange, but that's how it goes.
and securing your wifi with at least basic security is required to not be held responsible.
i'm an IT network guy, working in the sector for almost 25 years now. sales for the last couple of years, but still quite deep technically minded. i know what backdoors there are for gov orgs ... and hackers know some of them as well.
if you think providing free, open wifi to everyone i'm fine with that. that's your decision and it's always nice to find some open wifi when abroad. :)
still doing nothing is not a strategy i will support. i sitll wear a helmet and protective gear even if i will be dead for sure when a 40ton truck hits me and rolls over me.
 
My comparison is all the cost and effort put into USA subway train turnstiles. Why bother trying to "lockout" riders and make it practically impossible to mix-mode commute with a bike or handle luggage or other large items via mass transit?

European countries have figured it out - why bother with all that nonsense when you can simply audit a few riders every once in a while?

The "grassy knoll" truth is can you imagine how many people would drop overpriced and predatory cellphone plans if truly open wifi were to become available in every nook & cranny of the world?

All the big players - ATT, verizon, Sprint, etc., want us, the sheeple, to be afraid - be very afraid and lock out your friends, neighbors and other humans who simply wish to "buy something" and/or communicate about "buying something" via ISP.

Honey pot can be a useful tool to gather intel about those attempting to use compromise your ISP. Then perhaps create an SSID just for them using some of their personally indentifying info....

Tiered plans are a problem with open wifi though. We the sheeple have allowed big corp interests to go down this road - using OUR infrastructure for profit and to control how we access the Internet.
 
Ykick- You have a good grip on reality.

Folks pretending there is security, if it makes you feel better, more power to you, but it doesn't make anything secure.

Guy who started the thread, if this guy is skilled he can drive your box from his phone anywhere in the world and nothing you do that leaves you with an Internet connection will stop that unless he stops wanting to frock with you. That is your single functional path to stop being frocked with. Stopping being a desired target is your singular path to not being hacked by a skilled hacker. :)
 
If everyone was honourable and trustworthy, i would gladly leave my wifi open for everyone to use, unfortunately, some people are hateful idiots and want only to cause grief........ Yes, i'm well aware that a determined educated hacker can get into just about anything, the mass majority of the population will not get past a typical password block so minor measures are usually good enough.
 
Ypedal said:
If everyone was honourable and trustworthy, i would gladly leave my wifi open for everyone to use, unfortunately, some people are hateful idiots and want only to cause grief........ Yes, i'm well aware that a determined educated hacker can get into just about anything, the mass majority of the population will not get past a typical password block so minor measures are usually good enough.
Click to expand...


The only people you block are the honest folks who could have been convinced by web access availability.

The only reason to encourage "securing" networks is to ensure cell service providers and ISPs have as much revenues as possible, because they simply aren't needed, the web belongs to the people.

With nothing more than the right distributed hub-less ad-hoc software on the existing smart phones in peoples pockets you would never need to pay for a carrier, and have way better service everywhere there are people living with at least moderate population density.
 
This is all very defensive. Why not go on the attack? Where is your building, how far does your wifi extend, who is home at the time it happens, who lives on the internet (perhaps gaming) that don't have money for their own. What window sills have wifi antenna's you can see. Then also think who it can't be, not just who it can be. Wifi don't go very far.

Are you in a block meaning lots of flats nearby? Where is your electricity metered because if you flip they power they will likely disappear. You can't have that many people in range. This should be simple enough.

If your not really interested, just stop using wifi. They will have to buy their own or hack another. With such a small time window taken before, I reckon you might be there best or only source of internet and they need it.

Could it be someone visiting the area, such as working next door wanting to use there mobile device without the company screening their searches. Kids in the alley. Tramp in the basement.

Can you actually read there signal strength? Grounded metal is a good reflector of radio waves. You could walk round your router with your metal sheet and see which side you need to stand to block them. Standing the other side could also give a reduction in signal though through ghosting like interference. You would ideally triangulate. Move to different locations and see which direction they are then in.

Attack!
 
Kingfish said:
Basic math:

  • Live with the fact that the World is out to get you and your worth.
  • Turn off wireless and use hard-wired connections.
  • Work-pcs do not use wireless at home. That's a potential for a security breach.
  • Use only hardwired-connections, and moving beyond copper to fiber is the best you can hope for without resorting to encryption.
Challenged as well. KF
Click to expand...


KF- Do you know how easy it would be to DOS attack just this thread's address on ES by renting time on a slave bot-net (ES would be incredibly easy and cheap to DOS) and simply by clicking the link to read this thread, you get an indistinguishable copy of this thread on your screen, but you're not on ES and simply by clicking the link to open this thread your computer unknowingly to you is now a slave on someones bot-net, every keystroke logged and reported home, full access to everything.

Don't think that a sand-boxed browser will help you either. Even Chrome (which I strongly recommend) can't be stronger than it's weakest 3rd party software, and if you're viewing PDF's or flash or any MS software, you know for certain there is an exploit and the right person can have full control of your box.

A mac won't save you either. In the Mac Book Pro hacking contest, a dude who didn't even start his exploit development until the 2nd day of the contest created a link that simply by visiting the link gave him full SU root access/control of the box in 3 minutes... Higher level computer access/control than the computers own owner user privileges. From one link clicked on a supposedly secure browser/OS, and that link could easily be what you clicked to be viewing this very thread if someone with the right skills had sufficient motivation to do so.

There is nothing you can do with your box to keep someone out of it if they are motivated and have skills. Even the best linux distro will still have vulnerabilities if the user just has basic browser plug-ins to view youtube or open a PDF or whatever, and it doesn't matter a bit what your network security is like, and it doesn't matter geographically where they are, and the level of control possible from the right user attacking could be greater than you've got when you're sitting at your own computer.

To believe otherwise is simply choosing not to accept reality.
 
friendly1uk said:
This is all very defensive. Why not go on the attack? Where is your building, how far does your wifi extend, who is home at the time it happens, who lives on the internet (perhaps gaming) that don't have money for their own. What window sills have wifi antenna's you can see. Then also think who it can't be, not just who it can be. Wifi don't go very far.

Are you in a block meaning lots of flats nearby? Where is your electricity metered because if you flip they power they will likely disappear. You can't have that many people in range. This should be simple enough.

If your not really interested, just stop using wifi. They will have to buy their own or hack another. With such a small time window taken before, I reckon you might be there best or only source of internet and they need it.

Could it be someone visiting the area, such as working next door wanting to use there mobile device without the company screening their searches. Kids in the alley. Tramp in the basement.

Can you actually read there signal strength? Grounded metal is a good reflector of radio waves. You could walk round your router with your metal sheet and see which side you need to stand to block them. Standing the other side could also give a reduction in signal though through ghosting like interference. You would ideally triangulate. Move to different locations and see which direction they are then in.

Attack!
Click to expand...


It could be anywhere in the world. (though it does seem likely it's local)

Why not just make the world a better place and share the connection freely? Least work for you, no reason to target you anymore. It's not like it isn't possible this person isn't already capable of controlling all your devices on your network better than you can even if you turned your WiFi off and went copper etc.
 
This is likely what he/she is doing: http://tech.slashdot.org/story/13/03/15/1234217/backdoor-found-in-tp-link-routers

Do as they recommend there and update your firmware with the open-WRT (didn't realize this works on other devices beyond linksys)
Open-WRT will allow you to completely customize everything and manage connections and passwords. I'm pretty sure you can even setup honeypots through the open-WRT (used to be able anyway) so he thinks he has access and just gets circle jerked around.

EDIT:
It could be something like this too: http://packetstormsecurity.com/files/117069/TP-LINK-TD-W8151N-Cross-Site-Request-Forgery.html

Your issue sounds very 'script-kiddy' and the attacker likely does not know the intricacies of what they're doing beyond copy and paste code.
 
My router has a option for a "guest user". I keep it open for anybody, however I do have a password for my stuff. My thinking is that by leaving it open for a guest they might not bother to hack my password (or worse). At least this way it keeps the regular joes away from my stuff.

The router also keeps track of the bandwidth used on the guest account so I can see if anybody is using it.
 
Honeypot ftw. If you have skills. Even better, Google upsidedownternet probably one of the single greatest hacks to pull on WiFi thieves but you need some skills to pull it off.

As stated there is little than can be done to stop a determined jerk, but I suspect your theif has dropped a trojan on a PC and is key logging to get past wpa2 random keys. You should scan all PCs on the network and make sure wireless and internet is off when you do this.
 
You must log in or register to reply here.
Back
Top