Jump to content

How To Scare Off An Annoying Skiddy?


Guest Deleted_Account
 Share

Recommended Posts

Guest Deleted_Account

So at my house I have two routers one for normal private use (WPA2-AES) and an old one for some other stuff (WEP ONLY). Now this older one is basically there because of my really old set-top box that only supports WEP (Thanks shaw). Basically this skiddy or at best some one that doesn't really know what they are doing keeps cracking my my old router and trying to use metasploit and wireshark. He has been rather unsuccessful and I have been changing the WEP key every day now but he seems to be doing it at around 3 am so I am not really wanting to hunt him :P Right now I have Mac filtering in place and it seems to have slow him down for the moment but my question is what would be the Leagality of setting up a Karmetasploit AP with the same WEP key and all? I mean technically he is hacking my AP and has no right to be there so it is not my responsibility if he gets "hacked".

This would be easy and because I already have one setup for testing I could just changed the SSID and leave it up for a day or two. Provided I do this and the exploits work I would only leave a TXT file telling him to F*** off (nicely of course). Any ideas? Legal or no? I have asked around and my Lawyer friends says that it should be perfectly legal as he has A) no right to expect privacy on my network B) No right to be on it C) No right to expect it to be safe.

Thanks any comments are appreciated.

X942

P.S before anyone says I should buy a new set top box I know... But Shaw Cable keeps wanting to charge $399 or so for it and Cutting cable wont do because here in Canada we don't have OTA anymore :(

Link to comment
Share on other sites

1. Changing the wep key is not going to make much difference, its only a matter of capturing enough packets to crack the key.

2. Mac address filtering may slow him down, but its not near as effective for preventing someone access to the AP.

3. Have you checked for firmware update for your router? If your router is supported, you may even be able to flush its firmware with DD-WRT or tomato. That should allow you to enable WPA instead of WEP.

Edit: I've been doing a bit of thinking, and if you had a Karmetasploit AP set up, you could do a bit of research on this guy, find out what he is trying to do, perhaps by sniffing his traffic and then recording all his activities for proof, if you plan on taking him to a court.

Edited by Infiltrator
Link to comment
Share on other sites

Guest Deleted_Account

Legality depends on jurisdiction. Most states (US), I suspect, would consider retaliatory hacking (Karmetasploit included) illegal.

I live in Canada so I am going to assume it will be close to the same which is kind of stupid because if you hack into a computer and get infected the owner doesn't get arrested but the person who hacked in does... so shouldn't it be the same? He has no right to be there and as such no right to expect to not be hit with something on a foreign network. Ah well I will go the legal route then. As for The other reply when i mean old i mean OLD this thing is running some odd chipset that doesn't seem to exist any more and checking for alternate FW yields no results sadly. Any other options? Maybe set-up some kind of Deauth so only my Set-top box can connect to that AP but that would be just as good as mac filtering... I have captured allot of packets and it seems all he does is browse facebook and upadate metasploit before more IDS goes crazy detecting attacks. For now I put it behind a switch in hopes that he can't access anything of value. I also setup a Shell script to change the WEP Key randomly at random times using the website front end. It then emails me the new key. Hopefully this will confuse him for now. I am considering turning my smart phone into a hotspot when ever I want to use internet on the set-top box that way it is only good for about 50 ft or so...

Anyone have experience hacking cable box's? I read somewhere (will post link) that Shaw "locks down" WPA functionality of the wifi card through software means. Everywhere I find is out-of-date and wont work for me sadly.

Link to comment
Share on other sites

yeah dude wep is ooooooooold now .... upgrade it wont cost u much

id setup a 'fake' server with loads of rubbish on it all infected with malware, virus's and some reverse tcp fun :)

hack the hacker rules are there to be boring ... have some fun ;)

you never know hack the hacker n u might get a job with the fbi or what ever u have in canada :D

Link to comment
Share on other sites

The most defense you can do:

Limit range of single

Limit direction of signals (between the two devices)

Turn off SSID broadcasting

Use mac address filtering

Turn off your client device when you aren't using it (no client, nothing he can do)

All this requires no new any things.

With new stuff you could do some thing like detect when the network is been flooded with ARP requests then turn off wireless on the router. This could be done with a snort rule or similar. Of course, then it's basically a DoS on your self, so perhaps not the best solution.

The ultimate solution: Get some thing you can install DDWRT on, use it as a bridge between WPA2 wireless and wired ethernet. I assume your box thing has a ethernet port.

Link to comment
Share on other sites

Or find out where he lives, and then mail him a nice letter, saying I know its you, who is hacking my wireless, if you don't stop I will call the cops.

Link to comment
Share on other sites

In Canada any computer counterattack is still illegal. The law is the law is the ... 2 wrongs don't make .... blah blah. Unfortunately you're gonna have to limit your range like you said or spend some bucks. Good luck.

That's the law in Canada, how about other countries, would that still be considered illegal.

I am not sure here in Australia though.

Link to comment
Share on other sites

I live in Canada so I am going to assume it will be close to the same which is kind of stupid because if you hack into a computer and get infected the owner doesn't get arrested but the person who hacked in does... so shouldn't it be the same? He has no right to be there and as such no right to expect to not be hit with something on a foreign network. Ah well I will go the legal route then. As for The other reply when i mean old i mean OLD this thing is running some odd chipset that doesn't seem to exist any more and checking for alternate FW yields no results sadly. Any other options? Maybe set-up some kind of Deauth so only my Set-top box can connect to that AP but that would be just as good as mac filtering... I have captured allot of packets and it seems all he does is browse facebook and upadate metasploit before more IDS goes crazy detecting attacks. For now I put it behind a switch in hopes that he can't access anything of value. I also setup a Shell script to change the WEP Key randomly at random times using the website front end. It then emails me the new key. Hopefully this will confuse him for now. I am considering turning my smart phone into a hotspot when ever I want to use internet on the set-top box that way it is only good for about 50 ft or so...

Anyone have experience hacking cable box's? I read somewhere (will post link) that Shaw "locks down" WPA functionality of the wifi card through software means. Everywhere I find is out-of-date and wont work for me sadly.

You say this guy is messing with his facebook so I'd have fun with that. I'd change his FB password everyday or two just to piss him off and make sure to change his status a few times putting up some kind of really ridiculous shit that don't make any sense. Eventually he might figure out what's going on and leave you alone. But of course none of what i said is legal and probably should not be done.

Link to comment
Share on other sites

Set up a honeypot with a fake highly secret government web site with all kinds of stuff to keep him busy for a while. Make a directional wifi antenna lock in on the offender. Even better, Find a friend with a plain black car, dress up in black suits, and go to the offending abode with your directional antenna and laptops to scare the crap out of them. If nothing else, it will make people aware something fishy is going on there.

Link to comment
Share on other sites

Guest Deleted_Account

In Canada any computer counterattack is still illegal. The law is the law is the ... 2 wrongs don't make .... blah blah. Unfortunately you're gonna have to limit your range like you said or spend some bucks. Good luck.

Well that sucks. (not saying your statements wrong but in general) I don't get why this is a "CounterAttack" he hacked into a deliberately compromised network and got compromised himself. I do get why it would be illegal however it just seems like this would quite easily get thrown out of court... that said I am not doing it now I know for sure it is illegal :P

yeah dude wep is ooooooooold now .... upgrade it wont cost u much

id setup a 'fake' server with loads of rubbish on it all infected with malware, virus's and some reverse tcp fun :)

hack the hacker rules are there to be boring ... have some fun ;)

you never know hack the hacker n u might get a job with the fbi or what ever u have in canada :D

That could be seriously entertaining and would be quite easy to deny if they tried pressing charges just say that you didn't know it was infected or its a test bed for pentesting. Landing a job with the RCMP (FBI) as a result would be awesome I've heard of this type of thing happening and being in school for computer forensics that would be awesome!

The most defense you can do:

Limit range of single

Limit direction of signals (between the two devices)

Turn off SSID broadcasting

Use mac address filtering

Turn off your client device when you aren't using it (no client, nothing he can do)

All this requires no new any things.

With new stuff you could do some thing like detect when the network is been flooded with ARP requests then turn off wireless on the router. This could be done with a snort rule or similar. Of course, then it's basically a DoS on your self, so perhaps not the best solution.

The ultimate solution: Get some thing you can install DDWRT on, use it as a bridge between WPA2 wireless and wired ethernet. I assume your box thing has a ethernet port.

I have now done the following: Range is limited down to (I think) 50ft or so, Mac filtering is on, Shell script that randomizes the password, and the last two you posted don't work on my router both cause it to freeze up and I have to reboot.. Ah well.

I am looking into getting a router for the DDWRT route but when I tried this on my debian laptop bridging did not work. Then again my only unused ethernet cable may be damaged so will try again with said router.

If he is cracking your WIFI that means he is close by your house, just go out there and kick his ass and tell him to stop fucking with your computer.

In my case yes he has to be close and I mean CLOSE my router on full barely extends to my drive way. So he would have to be one of my neighbors on either side. although that said I have personally hacked WEP from 2 blocks away from the AP so its not always the case.

Or find out where he lives, and then mail him a nice letter, saying I know its you, who is hacking my wireless, if you don't stop I will call the cops.

That is what I should do now that I know for sure my method would have been illegal. I should write up a cease and desist order and send it to him.

So wait...I could be legally held responsible if I setup a test environment on a wireless network that infects someone's computer that they used to hack into my network? psyduck.gif

Apparently yes. This is kind of sad and stupid but I am sure it depends on the circumstance. For example if you call the AP "TESTING" and set it up with WEP and it is running karmetasploit I am fairly certain no one in their right mind would prosecute you when someone else hacked in to it.

lol I should do this just to screw with him.

Wififofum on a mobile and find him/her and leave a polite f/u cease and desist or get pwned note on their door.

I only have an ipod touch and a Blackberry right now sadly my Droid X is in for repairs. Any apps can work on these devices?

Set up a honeypot with a fake highly secret government web site with all kinds of stuff to keep him busy for a while. Make a directional wifi antenna lock in on the offender. Even better, Find a friend with a plain black car, dress up in black suits, and go to the offending abode with your directional antenna and laptops to scare the crap out of them. If nothing else, it will make people aware something fishy is going on there.

Ha I could do this too I have a Black '92 BMW! just throw the ol'suit on and scare the crap out of this guy.

Link to comment
Share on other sites

Guest Deleted_Account

Hmm.. looks interesting.

A honeypot is a device placed on a computer network specifically designed to capture malicious network traffic. The logging capability of a honeypot is far greater than any other network security tool and captures raw packet level data even including the keystrokes and mistakes made by hackers. The captured information is highly valuable as it contains only malicious traffic with little to no false positives.

That could be useful information to have as evidence too. I have got to work setting one up. My question is how can I, if possible, triangulate the attacker? I mean some one mentioned some WiFi tools should I do something like set up an ad-hoc WEP network with the same name and use a directional antenna to figure out is approximate where abouts or is there a better way? I know he has to be within one or two houses.

Link to comment
Share on other sites

Guest Deleted_Account

Thanks for the tip! I used that with an Alpha along side with a WiSpy and a second laptop with my Directional antenna. I then discovered this page: CLICKY and went to work making my own Trilateration script for linux (Fedora 14 specifically). So far the tool is buggy at best but has worked somewhat giving me multiple Locations. (I have been tracking a Karmetasploit AP he is broadcasting on his laptop/computer after I matched the MAC of the two). My script is very alpha however and seeing as I get allot of "false data" (off by 5 meters +/-) I am trying to make it better. Anyone have any experience with this? Math is not my favorite and I am mostly using stuff I found online and wrapping it into my C++ script. The script basically takes the outputs (signal strength and SSID) from my gathering tool (a very simple wavemon like tool that just grabs signal strength and SSID and BSSID) and uses the strengh from two outputs (the two laptops) and tries to find the location through trilateration. Unlike the wispy ssm tool I posted a link too mine uses two laptops to find one AP instead of one laptop and multiple AP's. I could also, theoretically do the same with two cards but I found the location was off even more.

Thanks for all the help!

Edited by x942
Link to comment
Share on other sites

If this is done in the middle of the night, Just see whose light is on at that time of night and point the antenna towards it. One thing you have to consider is if that particular system was hacked remotely, then things get even more interesting.Worst case scenario is to file a complaint with the FCC. They have the equipment to find them.

Edited by inventoman
Link to comment
Share on other sites

Guest Deleted_Account

If this is done in the middle of the night, Just see whose light is on at that time of night and point the antenna towards it. One thing you have to consider is if that particular system was hacked remotely, then things get even more interesting.Worst case scenario is to file a complaint with the FCC. They have the equipment to find them.

True and another good idea. Some how I doubt the system was remotely hacked for several reasons:

1) OS Detection from NMAP says it's running linux. Further investigation shows he is running BT4 (R1?). I pulled this by setting up a captive portal with some javascript to grab his OS and other useful information.

2) Wouldn't you notice if your laptop suddenly was running karmetasploit? I mean assuming it is a laptop then batter drain would be crazy

If it is a hacked system this would be more interesting but I just can't see it happening like this. The victim would have had to already been running BT4, presumably on the hard drive because if it were a live disk a simple reboot would kill any malware, and the attacker would have to hack into his system which would probably be through a web page or trojan as, again presumably, he is behind a router and not directly plugged into a modem without any protection. The attacker would then have to run all tools in the background where the victim couldn't see it (the easiest part of the whole ordeal) and then they pulled off one great anonymous attack that's for sure!

EDIT: Is the FCC the same as the CRTC in Canada? Or what is our inequivalent of the FCC?

Edited by x942
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...