I got hacked!

[SallySue]

Hi looking for some help. I have a cable modem, netgear router and a tenant who is stealing my internet. I get logs from time to time from my netgear router and it proves he has hacked me. I am just wondering how he has done it and how I can stop it. I have tried all the security measures in Netgear, SSid, access control on, dhcp off and etc... I would like to know if

1) He has my mac address and is using that to break in my router

2) He is hard wired possibly and has his owner router and modem (inlaw apt)

Please help.

Thanks

[DingleBerries]

Please reword your question to make sense, however ill take a whack at it.

1. Check your local network on your router, instructions are probally on netgears website, and see it there is a rough mac connect... if so filter out all macs but your own and tighten security, better encryption and password.

2. why would he want to hack into your netgear router? It would be alot easier to do everything wirelessly.

[Deveant]

so your not able to configure WPA on your router? it wont matter if he has your mac, as long as your protect your router correctly.

Questions:

What is the model of the router?

and what do you mean he has hardwired? like he has direct access to your modem???

[SallySue]

I have my router secured with WPA Security and have some of his sites blocked. I log my router to my email and when he has the same ip as me 192.168.1.3 , I get his logs and I even have gotton a block from websites he has visited that I have blocked in my router setup. My netgear is WGR614v5. I am wondendering if my cable wires in the basement somehow are hooked up to the apartment and he has a modem router setup? If you need screen shots I can do that. I am trying to eliminate how he is hacking in whether it be through a modem that has the same mac address as me or through my router. Any suggestions would be helpful.

[SallySue]

What is a rough mac connect?

[gEEEk]

I am wondendering if my cable wires in the basement somehow are hooked up to the apartment and he has a modem router setup?

That does not sound realistic Sally..

I suppose he has cracked your WPA key. Any monkey with the right network card and a backtrack live CD can do the job.. And especially if you have an easy key (few characters).

First.. Run a network scan

lot of software out there..

If you're running Windows.. You could always try a classic:

net view /domain

net view /domain:(hacker's domain ((workgroup))

Check if he's running under the same hostname as you are :)

MITM attack this looser.. DNS spoof him to a random website.. and encrypt your traffic.. Change your security setup..

WPA2 preferably. And not just 7 characters.. Reboot the router.. Tada..

BTW, a mac adress can be changed ;)

Let me know how this goes..

[Sparda]

I think you are imagining things. The 'logging' feature on consumer routers is often only there so the router can say "LOOK AT ME I WAS DEFINITELY WORTH ALL THAT MONEY!!!".

[VaKo]

Change your WPA password on a monthly basis and use passwords like this:

7EpuphA+uqeVU5e-@Set5eyez=ray6xUzEgaGUxaQucHEKu4p7hehu2abrA6rud

Also, are you sure its not you browsing the midget and pony porn?

[Mat]

It's impossible to help more than to say "Change your password"

Changing a password is one of the first things you should do if you suspect unauthorised access to anything.

It's hard to offer any more advice because it's clear that you dont know enough about the equipment that you are using to be able to ask an informed question. I'm afraid the only thing you can really do is spend some time reading information on the web about the subject. Go to the webpage of the manufacturer of your modem and read everything you can find. Then read the wikipedia entried for wifi, and wep and wpa and wpa2 and dont stop until your eyes bleed (figuratively of course)

Once you understand the kit you are using, you will either discover the answer yourself, or you will be able to ask your question in a way that someone else will be able to understand and answer.

I'm not trying to be elitist here, just honest. It's not possible to answer an unasked question.

[SallySue]

Thanks you all are quite correct and I am hitting the web now to do some extensive reading.

[psydT0ne]

setup a honey pot...could be fun

[digip]

I assume you changed the defualt router password?? Even as people above have suggested.

Is the router even capable of WPA2? If so, think about going that route, as WPA alone is not that hard to crack any more.

Also, turn on MAC address filtering and if possible change your devices mac address as well as filter for only your custom mac address.

Set up the router so only the number of PC's you have on your network can connect to it. So if you have only 1 machine, make it so it only gives out 1 IP address! Ther eis no reason to hand out multiple addresses if you are th eonly one using it!

If you are close enough to use the ethernet on the router, then use that and turn off the wifi features all together(Unless that just isn't possible).

Make sure your router itself or the firmware was not hacked also, like he put on some custom firmware that lets him watch packets or changed all your DNS to re-route through one of his machines so he can watch all your network traffic. Upgrade the firmware just to be safe and then change the passwords for the router. Make sure the router can not be logged into via the web - usually these are turned off by default, but he may have turned this on without your knowledge, leaving you open to attack(ie:turn off remote administration - anyone via the web can log into the router without anything other than a guessed password so long as they know your ISP IP address.)

and make sure you have a good firewall on your machine itself. Just because you are behind a router does not mean someone can not get to your machine. If he can log onto the router while you are on, or does a MITM, your machine would be wide open to attack since he is already on the local network and makes it much easier to attack your machine. At least with a software firewall your chances are a bit better to protect your data further from attack on your own LAN. (And Im not talking about windows built in firewall)

[SallySue]

My password is not the default, I have PC Tools for extra security, I have 2 laptops, one XP, one Vista, I have used Vistumbler 8.1 and noticed his mac address is the same as mine when I do ipcofig/all and when I am on my netgear page that ip mac address shows up under my puter name under attached devices. Can he have the same mac address as my network Atheros card? I did receive tons of logs whether some tend to believe or not at first all the time now I seem to get them when the last number of the router ip is the same as one of my laptops. I can tell you his apartment has 2 rooms full of puters. My IT guy from work has helped me to learn about my router and the security and I use wpa-psk and have changed my network name and password often. I have only allowed 2 ip's .2 to .3 for DHCP Server. The router doesn't have wpa2. I am thinking about investing in another router and wondering if that will help and what kind would be the best for security. The big thing that confuses me most is occasionally getting his logs. As far as hard wired(sorry don't know the term for it) he might have some cable wires in his apartment but don't know if you could hookup a modem and router to them or if they are live wires. My cable company hasn't been very helpful at all.

I am still reading about all of this and want to thank everyone for their replies.

[DingleBerries]

OMG you have a h4x0r!!!!!1!!1!!!!!

*clears throat*

1. PC tools isnt going to hamper his attack, he is cracking your wifi not implanting his seed into your computer.

2. Maybe one of your laptops has had two different ip addresses and you router has logged that, but it may be possible that he did clone your mac.

3. Just because the guy has alot of computers doenst mean he is good at them ;)

4. If he is hardwired then it would come either before of after your router, see passive network tap. If that is what he is doing then he is monitoring you traffic and are stealing all your passwords. However with this method he probably would not be modifying traffic and thus you would not see it...

I think that you should change your pass to something really long to include letters and numbers then do not connect to the wireless router, plug in through Ethernet and write down the ip your assigned... then see if he connects... yeah youll be without wireless INTERNET, but you wont have this tin foil hat on anymore.

[sablefoxx]

He has my mac address and is using that to break in my router

Are you that crazy bitch who harassed me at work claiming that some hacker was using her MAC address to steal her embroidery designs?

If you are then i'll tell you again, the mac address will NOT help him 'hack' your router or steal your embroidery designs.

I'm not trying to be a dick, but if that sounds like you, you ARE imagining it... and you're crazy. If this doesnt sound like you then you need to do some more research.

[SallySue]

Thanks DingleBerries on am on ethernet now and will wait and see and of course for today keep reading :)

Sorry Sablefoxx don't know anything about your story..just trying to learn about my own.

[digip]

Change the mac address on yoru wireless devices and then set up static routing on each pc. You might have been seeing your own PC on the logs if DHCP was used, your pc would get assinged whatever IP address was available at the time. Manually set it under the network settings for each PC just to rule that out. Also, like other have saidm change the password to something longer. If WPA is the best you can do, you may still be hacked if someone knows what they are doing. There was a recent hack for WPA that makes it damn near simple to do, so WPA is not secure any more. http://www.pcpro.co.uk/news/235077/wep-cra...ing-at-wpa.html

[Seshan]

Find out if he's paying for internet or not...

[Blunderboy]

If your router supports this: of course change your passwords, disable anonymous ICMP echo requests, enable MAC filtering, once in a while set up a passive scanner or some etherape to monitor connection volume. I also would just flip the power on your wireless router when you know you aren't going to use it for hours if you get really paranoid. Also keep your router's firmware up to date to prevent some vulnerabilities from being exploited.

[snakey]

Snakeys Get that loser off your wireless system

1. find there location

2. beat the shit out of them (or if your weak find a bigger friend or if your a loser get a group of loser friends together)

3. enjoy your hastle free internet

have fun

[PLuNK]

Or just ask him?

Straight up just ask if he's piggy backing.

[Mat]

Sounds like this is progressing nicely :)

WPA2 is the way to go, if the router does not support it then throw it away. All modern wifi access points will support WPA2 and should be inexpensive, although I do understand that's a relative term. A no-name access point can be bought in the UK for around £30.

WPA-PSK has always been suseptible to a brute force attack but it's getting easier, it's still not 'broken' in the way that WEP is though, but it's definatly an end-of-life encryption method.

Now, MAC addresses.

The MAC address is a joke. MAC filtering on the router is damn near pointless. The MAC address of any network card can be changed to anything you like on any operating system. So the attacker just scans the air, finds the access point, finds a wireless print server or your laptop and sets their own mac address to be equal to it. It's that easy. I still recommend using MAC filtering on the AP though, but please understand that it offers an amount of protection equal to putting the lid back on an opened bottle of pop. People will still be able to drink from the bottle with very little extra effort.

I like the confrontation idea. Just ask the guy and see what happens.

With all that said, there's one last thing to do, and that's to turn off the wireless access point when you are not using it. Everyone leaves them on because it's convenient and most of the time there's no reason not to, but in your case, if you only turn it on when you need to use the net, then you greatly limit the access window for other people to use your connection. This may be enough to convince the attacher to buy their own internet.

[jrwcmj]

here what i did when somone go into mine

change to roters password , youre wep, wpa or what ever and enable mac filtering stoped mine dead in its tracks

[DingleBerries]

How to properly secure your wifi:

1. Dont use it.

2. Change default Admin user name and Password

3. Change the subnet it uses

4. Limit the amount of I.P.s it gives out to only include the amount of items you want networked

5. MAC address filtering

6. Enable WPA PSK

7. Use strong password, 10 randomly generated letters(UPPER & lowercase), numbers and symbols(*&^%$#@)

8. Enable the built in firewall

9. Limit only the ports you will be using, 80, 8080, what ever

10. When not using the internet disconnect from the AP so that there is no wild packets being sent back and forth, less data to sniff for the attacker

11. Dont give out your password'

And remember, like Sparda said, that "log" feature in Walmart routers is shit, it will usually erase itself after it has reached a certain point, or just lock your router up.

Hope that helps

[PLuNK]

Or just use your current password with a prefix/suffix or modified letter,

It's simple to remember and just as secure.. As long as your current password is some what hard.