Wireless Internet Hacking!

Techy_1

Hello

My Wireless network is being attacked on a regular basis I have extreemly tight security on it. I had good security on it and a hacker got access to it, I now have the equivilant of a vault door on it and so far so good. The hacker has now moved on to knocking over the network. Meaning I have to spend about 20 minutes getting it working again.

The person is located somewhere in charlesland wood or grove
(as per the maximum range of the router)

I have a log running of all attempted connections and I will happily post any detail I find.

Just woundering if anyone else is having a similar issue.

Thank Techy_1

bryaner

I'm pretty sure the crowd across the road from me are at it, I just change my password every few days..

Trevor451

what type of encryption are you using? WEP is not safe and can easily be hacked. You should be using WPA2.

GarIT

Did they get through wpa2?

Solair

That's weird. Are you using WPA?

Perhaps you should hide your network or set it to only allow a specific list of MAC addresses into the network

Trevor451

Solair wrote: »

That's weird. Are you using WPA?

Perhaps you should hide your network or set it to only allow a specific list of MAC addresses into the network

Mac addresses are easy to spoof. Best thing for the OP to do is use WPA2 encryption with a randomly generated password

GarIT

Solair wrote: »

That's weird. Are you using WPA?

Perhaps you should hide your network or set it to only allow a specific list of MAC addresses into the network

Hiding it decreases the security as all the devices have to sent out the password and ssid in a file every now and again and that can be picked up on if they know what there doing. The mac addresses is a good idea though.

amen

if you really think you are being hacked why not report it to the gardai?

GarIT

Trevor451 wrote: »

Mac addresses are easy to spoof.

How you gonna do that if you don't know the mac address in the first place.

Trevor451

read http://www.techrepublic.com/blog/security/how-to-spoof-a-mac-address/395

GarIT

Trevor451 wrote: »

read http://www.techrepublic.com/blog/security/how-to-spoof-a-mac-address/395

I never knew it was that easy

I find it highly unlikely that a WPA2 encrypted connection could be easily hacked unless the key was terribly insecure.

Make sure you're not still on WEP and just changing the key, WEP is only slightly better than having no encryption at all - it really only keeps out casual users, if someone wants to get in then they will.

If your router supports it you could also try reducing the transmitter power to reduce it's range just to the area you need.

Techy_1

Hi All

WPA 2 Encryption
Mac address access list
and SSID is hidden.

Router logs show sites visited that I have not been to but I am the only IP listed on the network

Techy_1

With all browsers closed I noted that there was still traffic coming through via the log. I refreshed again and traffic seems to be going to a chineese website called bb.sky.com

If anyone has any logs or details please send them to me so we can all find these people

GarIT

Techy_1 wrote: »

called bb.sky.com

I could have sworn that that was the name of a virus I removed from a clients computer the other day.

BTW unhide your wireless, it makes even WPA2 easy to hack, all someone has to do is pretend to be your router and request the password and your laptop will gladly tell it.

Techy_1

send details please.

sky.com is the domain for Sky Television, do you have an Xbox 360 or similar device running Sky Player? Or a Sky+HD box connected via Ethernet?

The strange thing is that bb.sky.com is not resolving to a valid DNS for me though.

Techy_1

I have an Xbox that runs on xbox live but its not on at the moment.

bb.sky.com drop it directly into the address bar and not as a search through google

Update:

Its now no longer resolving to the chineese site, perhaps the hacker is following this thread.

AVG reports no active components, will address that issue first and get back to this later

keep the info coming as my wifes laptops is also kicked off the network on occasion

Kynareth

I don't understand, how do you know someone is attacking your network.
Just explain everything in detail and I'll try and understand exactly what you're getting at, as at the moment it seems very unlikely from your security settings that someone is hacking you.

GarIT

Techy_1 wrote: »

send details please.

I've no idea, it just looks familiar possibly dejavu, I've cleaned viruses off at least 10 pcs today alone, i cant remember all of them.

Trevor451

As Karsini said, do you have a sky box?

Amalgam

Techy_1 wrote: »

Hi All

WPA 2 Encryption
Mac address access list
and SSID is hidden.

Router logs show sites visited that I have not been to but I am the only IP listed on the network

Both bypassed with ease.

Mac address access list
and SSID is hidden.

Your list should read like this.

WPA 2 Encryption

The main thing is not to use short plain text keys.

Your key should, ideally, be something like this.

UW!ljrfW%TN\6re!x_G7"x?,h&1_N*\zUwR27[`^`if1tv@^g9K(j|ACSfJ'!Fv

Greg Gibson has some nice key generators at his site.

https://www.grc.com/passwords.htm

WPA2 is secure.

Remember to secure your Router password too, the longer, the better. Something you need have to cut and paste..

JanneG

bb.sky.com
Bb.sky.com is a domain controlled by two name servers at sky.com. Both are on the same IP network. The primary name server is ns0.isp.sky.com.
Skymovies.com, skybet.com, skybetmobile.com, skyiq.com, skybetcasino.com and at least 200 other hosts share name servers with this domain. 5ace0206.bb.sky.com, 5ac1c360.bb.sky.com, 5ace02cb.bb.sky.com, 5ac60ee1.bb.sky.com, 5ace022a.bb.sky.com and at least 200 other hosts are subdomains to this hostname.

Have you checked to make sure that a channel change on your router doesn't fix the dropped connections? Or updated drivers on the laptops?

Also, do you have any dect phones or baby monitors in the house? Things like that can definitely cause issues with your connection. I agree with the others though... Stick to WPA2 and a strong string and don't even think about any other factors. The more "open" traffic you create, the easier you make it for people to get in...

Henree

I was running AVG up until last week. My broadband speed was meant to be 7mb and I was only getting 300k. AVG was the problem, take it off and install Microsoft Security Essentials, found 2 trojans, hopping off my internet connection. If you get an error on uninstall, look for AVG uninstall tool.

I would bet a tenner that this is your problem, nobody is hacking in to your wireless

paddydriver

OP - you have a virus or something generating HTTP traffic on your network. Am sure your neighbours have better things to be doing than spending their time trying to get onto your network. Do a scan, likely far easier targets about your area. As has been suggested, set a strong WPA2 password and it won't be cracked. Make sure you don't have WEP open anywhere.

You only gotta run a netstat -an|more and it will quickly show the amount of open connections on your machine - you will be surprised! :eek:

Henree

paddydriver wrote: »

OP - you have a virus or something generating HTTP traffic on your network. Am sure your neighbours have better things to be doing than spending their time trying to get onto your network. Do a scan, likely far easier targets about your area.

You only gotta run a netstat -an|more and it will quickly show the amount of open connections on your machine - you will be surprised! :eek:

I ran netstat, thats when I got the shock, AVG is the issue , agree?

knuth

Some routers only show clients that have their addresses issued via dhcp ( 2247 / 660 )

Turn wifi OFF on the router, connect via Ethernet cable, check logs again and see if your still having the issue.

Solair

Sounds like a virus to me.
Is it possible that something is using the OPs computer as an IP tunnel to access the Sky Player from outside Ireland and the UK.

It's not your Sky digibox as sky does not have any video on demand services accessed over ethernet and the ethernet connection in the box is not enabled for anything at present.

Do you have any video software or anything odd that could be archiving video from the sky player installed?

At least whatever you have seems to be accessing very normal and legal content.

Run a good virus scanner on all pcs that have network access.

LEIN

Moved from Greystones and Charlesland.

Henree

Solair wrote: »

Sounds like a virus to me.
Is it possible that something is using the OPs computer as an IP tunnel to access the Sky Player from outside Ireland and the UK.

It's not your Sky digibox as sky does not have any video on demand services accessed over ethernet and the ethernet connection in the box is not enabled for anything at present.

Do you have any video software or anything odd that could be archiving video from the sky player installed?

At least whatever you have seems to be accessing very normal and legal content.

Run a good virus scanner on all pcs that have network access.

Proxy

Solair

Do you have any software installed to access BBC iPlayer skirting around geographical copyright protection?

It's possible that software like that may also use your connection to allow other users to do the same thing over your connection to access 4OD, Sky Player and RTE Player.

I would assume this is possibly how some of these programmes might function.