Wireless Internet Hacking!

Techy_1

Hello

My Wireless network is being attacked on a regular basis I have extreemly tight security on it. I had good security on it and a hacker got access to it, I now have the equivilant of a vault door on it and so far so good. The hacker has now moved on to knocking over the network. Meaning I have to spend about 20 minutes getting it working again.

The person is located somewhere in charlesland wood or grove
(as per the maximum range of the router)

I have a log running of all attempted connections and I will happily post any detail I find.

Just woundering if anyone else is having a similar issue.

Thank Techy_1

bryaner

I'm pretty sure the crowd across the road from me are at it, I just change my password every few days..

Trevor451

what type of encryption are you using? WEP is not safe and can easily be hacked. You should be using WPA2.

GarIT

Did they get through wpa2?

Solair

That's weird. Are you using WPA?

Perhaps you should hide your network or set it to only allow a specific list of MAC addresses into the network

Trevor451

Solair wrote: »

That's weird. Are you using WPA?

Perhaps you should hide your network or set it to only allow a specific list of MAC addresses into the network

Mac addresses are easy to spoof. Best thing for the OP to do is use WPA2 encryption with a randomly generated password

GarIT

Solair wrote: »

That's weird. Are you using WPA?

Perhaps you should hide your network or set it to only allow a specific list of MAC addresses into the network

Hiding it decreases the security as all the devices have to sent out the password and ssid in a file every now and again and that can be picked up on if they know what there doing. The mac addresses is a good idea though.

amen

if you really think you are being hacked why not report it to the gardai?

GarIT

Trevor451 wrote: »

Mac addresses are easy to spoof.

How you gonna do that if you don't know the mac address in the first place.

Trevor451

read http://www.techrepublic.com/blog/security/how-to-spoof-a-mac-address/395

GarIT

Trevor451 wrote: »

read http://www.techrepublic.com/blog/security/how-to-spoof-a-mac-address/395

I never knew it was that easy

I find it highly unlikely that a WPA2 encrypted connection could be easily hacked unless the key was terribly insecure.

Make sure you're not still on WEP and just changing the key, WEP is only slightly better than having no encryption at all - it really only keeps out casual users, if someone wants to get in then they will.

If your router supports it you could also try reducing the transmitter power to reduce it's range just to the area you need.

Techy_1

Hi All

WPA 2 Encryption
Mac address access list
and SSID is hidden.

Router logs show sites visited that I have not been to but I am the only IP listed on the network

Techy_1

With all browsers closed I noted that there was still traffic coming through via the log. I refreshed again and traffic seems to be going to a chineese website called bb.sky.com

If anyone has any logs or details please send them to me so we can all find these people

GarIT

Techy_1 wrote: »

called bb.sky.com

I could have sworn that that was the name of a virus I removed from a clients computer the other day.

BTW unhide your wireless, it makes even WPA2 easy to hack, all someone has to do is pretend to be your router and request the password and your laptop will gladly tell it.

Techy_1

send details please.

sky.com is the domain for Sky Television, do you have an Xbox 360 or similar device running Sky Player? Or a Sky+HD box connected via Ethernet?

The strange thing is that bb.sky.com is not resolving to a valid DNS for me though.

Techy_1

I have an Xbox that runs on xbox live but its not on at the moment.

bb.sky.com drop it directly into the address bar and not as a search through google

Update:

Its now no longer resolving to the chineese site, perhaps the hacker is following this thread.

AVG reports no active components, will address that issue first and get back to this later

keep the info coming as my wifes laptops is also kicked off the network on occasion

Kynareth

I don't understand, how do you know someone is attacking your network.
Just explain everything in detail and I'll try and understand exactly what you're getting at, as at the moment it seems very unlikely from your security settings that someone is hacking you.

GarIT

Techy_1 wrote: »

send details please.

I've no idea, it just looks familiar possibly dejavu, I've cleaned viruses off at least 10 pcs today alone, i cant remember all of them.

Trevor451

As Karsini said, do you have a sky box?

Amalgam

Techy_1 wrote: »

Hi All

WPA 2 Encryption
Mac address access list
and SSID is hidden.

Router logs show sites visited that I have not been to but I am the only IP listed on the network

Both bypassed with ease.

Mac address access list
and SSID is hidden.

Your list should read like this.

WPA 2 Encryption

The main thing is not to use short plain text keys.

Your key should, ideally, be something like this.

UW!ljrfW%TN\6re!x_G7"x?,h&1_N*\zUwR27[`^`if1tv@^g9K(j|ACSfJ'!Fv

Greg Gibson has some nice key generators at his site.

https://www.grc.com/passwords.htm

WPA2 is secure.

Remember to secure your Router password too, the longer, the better. Something you need have to cut and paste..

JanneG

bb.sky.com
Bb.sky.com is a domain controlled by two name servers at sky.com. Both are on the same IP network. The primary name server is ns0.isp.sky.com.
Skymovies.com, skybet.com, skybetmobile.com, skyiq.com, skybetcasino.com and at least 200 other hosts share name servers with this domain. 5ace0206.bb.sky.com, 5ac1c360.bb.sky.com, 5ace02cb.bb.sky.com, 5ac60ee1.bb.sky.com, 5ace022a.bb.sky.com and at least 200 other hosts are subdomains to this hostname.

Have you checked to make sure that a channel change on your router doesn't fix the dropped connections? Or updated drivers on the laptops?

Also, do you have any dect phones or baby monitors in the house? Things like that can definitely cause issues with your connection. I agree with the others though... Stick to WPA2 and a strong string and don't even think about any other factors. The more "open" traffic you create, the easier you make it for people to get in...

Henree

I was running AVG up until last week. My broadband speed was meant to be 7mb and I was only getting 300k. AVG was the problem, take it off and install Microsoft Security Essentials, found 2 trojans, hopping off my internet connection. If you get an error on uninstall, look for AVG uninstall tool.

I would bet a tenner that this is your problem, nobody is hacking in to your wireless

paddydriver

OP - you have a virus or something generating HTTP traffic on your network. Am sure your neighbours have better things to be doing than spending their time trying to get onto your network. Do a scan, likely far easier targets about your area. As has been suggested, set a strong WPA2 password and it won't be cracked. Make sure you don't have WEP open anywhere.

You only gotta run a netstat -an|more and it will quickly show the amount of open connections on your machine - you will be surprised! :eek:

Henree

paddydriver wrote: »

OP - you have a virus or something generating HTTP traffic on your network. Am sure your neighbours have better things to be doing than spending their time trying to get onto your network. Do a scan, likely far easier targets about your area.

You only gotta run a netstat -an|more and it will quickly show the amount of open connections on your machine - you will be surprised! :eek:

I ran netstat, thats when I got the shock, AVG is the issue , agree?

knuth

Some routers only show clients that have their addresses issued via dhcp ( 2247 / 660 )

Turn wifi OFF on the router, connect via Ethernet cable, check logs again and see if your still having the issue.

Solair

Sounds like a virus to me.
Is it possible that something is using the OPs computer as an IP tunnel to access the Sky Player from outside Ireland and the UK.

It's not your Sky digibox as sky does not have any video on demand services accessed over ethernet and the ethernet connection in the box is not enabled for anything at present.

Do you have any video software or anything odd that could be archiving video from the sky player installed?

At least whatever you have seems to be accessing very normal and legal content.

Run a good virus scanner on all pcs that have network access.

LEIN

Moved from Greystones and Charlesland.

Henree

Solair wrote: »

Sounds like a virus to me.
Is it possible that something is using the OPs computer as an IP tunnel to access the Sky Player from outside Ireland and the UK.

It's not your Sky digibox as sky does not have any video on demand services accessed over ethernet and the ethernet connection in the box is not enabled for anything at present.

Do you have any video software or anything odd that could be archiving video from the sky player installed?

At least whatever you have seems to be accessing very normal and legal content.

Run a good virus scanner on all pcs that have network access.

Proxy

Solair

Do you have any software installed to access BBC iPlayer skirting around geographical copyright protection?

It's possible that software like that may also use your connection to allow other users to do the same thing over your connection to access 4OD, Sky Player and RTE Player.

I would assume this is possibly how some of these programmes might function.

Techy_1

I found that AVG was not running and had not been updated in ages so I went to download the updates manualy.
As soon as I did this the connection dropped again and reconnected for a few minutes, when I tried to get the Anti-Virus updates from avg.com the connection dropped that second.

I was getting around 430kbs on wireless so I bypassed the router and went direct to the modem and got a stagering 1.3mbps. Connection was fine via modem over ethernet. Seems to be anti-virus related. I happens on my wife's laptop also so thats why I thought hacked network. We both have avg 9.0 so could be an out of date version.

Solair

It can't just be AVG. It's only a virus scanner / firewall.

You must be running *something* on both machines that is causing this.

Are you sure you didn't install some proxy software for watching BBC iPlayer or something like that?

Are you running any P2P file sharing software?

Something is using your connection via your PC.

Kynareth

Techy_1 wrote: »

I found that AVG was not running and had not been updated in ages so I went to download the updates manualy.
As soon as I did this the connection dropped again and reconnected for a few minutes, when I tried to get the Anti-Virus updates from avg.com the connection dropped that second.

I was getting around 430kbs on wireless so I bypassed the router and went direct to the modem and got a stagering 1.3mbps. Connection was fine via modem over ethernet. Seems to be anti-virus related. I happens on my wife's laptop also so thats why I thought hacked network. We both have avg 9.0 so could be an out of date version.

If you have AVG 9.0 update it, it is out of date to my knowledge.

And MORE THAN LIKELY. Your wireless adapters just arn't that great at picking up a signal, or your router isn't that strong (or is getting a LOT of interference) if your connection being slow is the reason you thought you were being 'hacked' then I'd suggest standing beside the router while using the laptop just to see if you get the same signal strength as you do when you are plugging it in directly.

Also if you get 1.3mb/s when you're plugged in directly I take it that is the speed you are paying for?

Razzuh

I'd agree it's very unlikely that anyone is even trying to hack your wifi regularly and so persistently, not if you have WPA2.

I had the same problem with my wifi connection constantly dropping recently. It turned out to be interference that was causing the router to drop connections. I changed the wifi channel from 6 to 13 and the problem went away.

I suggest you get a better anti-virus anyway in case it's a virus (Avira is a good free one at the moment, or Microsoft Security Essentials, get rid of AVG anyway).

Then try changing the channel on your router. You can download software such as inSSIDer to scan for wireless networks in your area and see a nice graph that will show you quickly what parts of the spectrum are most crowded. Pick a channel that is at least 6 away from what you're on now and with as few competitors as possible.

Razzuh

Razzuh wrote: »

I suggest you get a better anti-virus anyway in case it's a virus (Avira is a good free one at the moment, or Microsoft Security Essentials, get rid of AVG anyway).

Agreed. The last good version of AVG was 7.5, it's been muck since. Too bloated.

About the Sky boxes, the Ethernet port actually is in use now for Sky Anytime Plus but is only available to Sky Broadband subscribers in the UK. Nevertheless, if a cable is connected to the box it could still try to do something with it.

Henree

Techy_1 wrote: »

I found that AVG was not running and had not been updated in ages so I went to download the updates manualy.
As soon as I did this the connection dropped again and reconnected for a few minutes, when I tried to get the Anti-Virus updates from avg.com the connection dropped that second.

I was getting around 430kbs on wireless so I bypassed the router and went direct to the modem and got a stagering 1.3mbps. Connection was fine via modem over ethernet. Seems to be anti-virus related. I happens on my wife's laptop also so thats why I thought hacked network. We both have avg 9.0 so could be an out of date version.

I guarantee you that if you take off AVG (use an AVG uninstall tool if you get an error) and install and run a full scan of Microsoft Security Essentials (free anti virus and spyware) , your problems will be no more, 100%..........AVG is your problem............................

mach1982

Just to let you know that it doesn't matter what encryption WEP/WAP2 it can be cracked , and MAC filtering no good either , as you can just spoof the MAC address.

mach1982

mach1982 wrote: »

Just to let you know that it doesn't matter what encryption WEP/WAP2 it can be cracked , and MAC filtering no good either , as you can just spoof the MAC address.

I've never heard of any real world scenarios where WPA-TKIP has been hacked, though it has been done in lab conditions. WPA (and especially WPA2-AES) is very difficult to break if you use a random key consisting of mixed case letters, numbers and symbols.

dub45

mach1982 wrote: »

Just to let you know that it doesn't matter what encryption WEP/WAP2 it can be cracked , and MAC filtering no good either , as you can just spoof the MAC address.

If you are going to make sweeping claims like this which will cause concern to a lot of people will you please back them up with some authority for you claims?

Amalgam

mach1982 wrote: »

Just to let you know that it doesn't matter what encryption WEP/WAP2 it can be cracked , and MAC filtering no good either , as you can just spoof the MAC address.

What a load of cobblers.

WPA2 is secure.

WPA2 is vulnerable under very restricted scenarious, for instance, the use of extremely short plain text keys that are dictionary vulnerable, other than that, it is secure.

Some university work has been done on 'small packets', but that avenue, for use by the everyday script kiddy, is useless.