I hate a thief... WiFI thief

[Squashy]

Am I just old and the term "Stealing Wifi" isn't really like "stealing" in the eyes of others?

 

Long story short, Have been fighting issues with Fusion 360 software. So much so I felt like I couldn't run the software on my 2020 Mac Book Pro and started building a PC. I finally get all my parts, assemble everything and get it up and running. Well I get to the point where it's time to download MS updates and it flies thru them! Next drivers,,, all of a sudden it says 2h42min to download AMD driver. After 3hrs it kicks off and says something went wrong! 

  I can't figure out why everything slowed down so I decided to look in my modem and there I see 1. WiFi extender 2. Roku 3. Google Home Mini & I have none of these!! This is suppose to be my broadband connection for my business only, my wife doesn't even use this service. We use the old DSL for surfing and watching tv!!

 

What really trips me out is that the box is in my home office and I haven't given anyone the Wifi access code. I'm guessing while they was in my house they purposely sought the box out..... Makes me mad, there I have lost a eye, been out of work, trying to figure out what I'm going to do, selling everything I can and feeling horrible about spending money on the service. Then some one else just thinks it's their right to my internet service.. I try so hard to help people and not get mad but then they do this BS.. 

 

I have turned off the WIFI but it won't let me kick off the WiFi extender. (It appears they keep connecting to the extender.) Every time I see a new device I block it and reboot the extender. I don't know how they got the extender attached, it's acting like it's paired to the modem/switch. So I have just pulled the power plug.

 

Looks like I will have to get AT&T out here to give me another box. I tried changing the WiFi password's but it won't accept and I can't get rid of that extender. When I have AT&T come out what should I tell them I need in order to lock this system down? It is a Fixed Wireless 

[Jurrunio]

Dont you have a password? Change that to something else.

[Squashy]

I tried changing the password. ( I was probably doing something wrong as I was PO'd )

It's acting like they are connecting to the extender which is bypassing the Wifi gateway. They must have set this up when we was gone one day. I believe the extender to be a AT&T box from how well it's buried into the system. 

 

If I had to guess, they took a picture of the box with all the access information, setup a extender while we was on vacation. The mother once bragged about having a friend that could get her onto my wifi no matter what I did. I'm so tired of people always taking what's not theirs and then laughing when you catch them.  

[Duski]

3 minutes ago, Squashy said:

The mother

Norman?!

[NineEyeRon]

I think some companies wised up to this.

 

My router details are in my safe, the unit itself has no info on it.

[Equinox69]

I realize this is a pay solution but if its a real problem you might consider buying Glasswire and just blocking devices on your network as you see them. Pretty sure this block the MAC address of the device so it may be quite effective after a while. 

https://store.steampowered.com/app/355000/GlassWire/

[SansVarnic]

@Squashy it is possible they set up a MAC specific address that allows them direct access to your router regardless of the password you change to, the MAC address allows a "work around to this" I would suggest you reset your MAC access or Full Factory reset your modem. Then go in and change the Username and Password for your router.

What is the Make, and Model of your router?

 

*edit

correction - Wireless MAC Authentication

[Squashy]

I have been using MAC filtering on my DSL to keep them off but I hadn't given this service out to anyone. The MAC filtering seems to work but I just can't kick off that extender. I can reboot the extender thru my AT&T Smart home app and then watch them log devices on to it. I block the devices thru my WIFI gateway but the way my service slows down I don't think it has kicked them off,

 

I'm going to try turning on MAC filtering and doing the reset to see if I can kick off that extender. 

 

Just ticks me off that I have to do all this. Especially them coming into my house and looking for the box.

[SansVarnic]

22 minutes ago, Squashy said:

I have been using MAC filtering on my DSL to keep them off but I hadn't given this service out to anyone. The MAC filtering seems to work but I just can't kick off that extender. I can reboot the extender thru my AT&T Smart home app and then watch them log devices on to it. I block the devices thru my WIFI gateway but the way my service slows down I don't think it has kicked them off,

 

I'm going to try turning on MAC filtering and doing the reset to see if I can kick off that extender. 

 

Just ticks me off that I have to do all this. Especially them coming into my house and looking for the box.

Honestly I would do a full factory reset.

The change the username and password.

Then set up your MAC Filtering again, using different setting.

Keep the info in a safe place (of course) so they cannot get back in.

If there is a sticker with the factory info on the back I would remove that and place it in a safe (or locked) place.

[Squashy]

Thanks, I'm gong to try all this.. 've just been to PO'd to think straight. Is it only me,, a thief will make you feel like an idiot and dumb as dirt once you find out they have been stealing from you? I just assume they physically take something rather than steal from me like this. Almost like they are bulling me.

[Squashy]

46 minutes ago, SansVarnic said:

Honestly I would do a full factory reset.

The change the username and password.

Then set up your MAC Filtering again, using different setting.

Keep the info in a safe place (of course) so they cannot get back in.

If there is a sticker with the factory info on the back I would remove that and place it in a safe (or locked) place.

I found what I believe was the MAC address for the extender and slapped it with the BAN stick when I turned on MAC filtering. (kinda makes you wonder why they have an "Approved" and "Blocked Devices") Hold on,,, says I need to disable WPS

[Squashy]

Ok, MAC filtering is up and running. I guess I'm good until they start spoofing MAC addresses.. 

[Donut417]

5 hours ago, Squashy said:

Am I just old and the term "Stealing Wifi" isn't really like "stealing" in the eyes of others?

I the US using WiFi without permission that isn’t yours is legally punishable under law. Though it’s rarely enforced. 

[beersykins]

MAC filtering is generally useless.

 

Disable WPS as it has vulnerabilities that can expose WPA keys.

 

What issues are you having setting a new password?  

[Lady Fitzgerald]

5 hours ago, Donut417 said:

I the US using WiFi without permission that isn’t yours is legally punishable under law. Though it’s rarely enforced. 

It depends where in the US whether piggybacking (stealing or sharing WiFi) is legal or not. It doesn't become a Federal crime until data theft is involved. It's up to each State to make the laws needed and enforce them. When such a law exists (not all States have them), it's not always clear which jurisdiction is responsible for enforcement, then there is the problem of proving who is stealing the WiFi (most local Law Enforcement Agencies do not even know how to determine a crime is being committed). Many LEAs feel piggybacking is a victimless crime (it isn't, by the way) so they consider enforcement of it to be a very low priority.

 

ISPs are more likely to enforce against piggybacking because it results in a loss of revenue so one may have better results reporting WiFi theft to their ISP.

[THEGURUOFNOTHING]

Would be nice to know the make and model of the gear so we could assist you better, but with that said...

There are a few things I would do. Connect to your modem with a WIRE... not wireless. Then first of all, if you do in fact have the stock password info for the modem/router, do a factory reset. Put it back to scratch. Any password that is on it now will cease to exist if it isn't stock. Then immediately go in and change the password. Being as a-holes like this are usually home all day doing nothing and sponging off of others, you need to be pretty quick about it as they will probably be in there right behind you once they realize that they no longer have wifi to steal. Once the password is changed, then turn off WPS and turn ON MAC address filtering and deny everything that isn't your system. That in itself should stop them from reconnecting the extender. Remove that sticker that has any login info, even if you have changed the password so if they do decide to break and enter again, they have squat to work with. And if you do catch them in your home unrequested, hit them with an end table. Sounds like the person doing this is some level of stupid that has access to sniffing software that is grabbing your authentication info. MAC address filtering will make it so even if they can get the password info from a packet, they can't get data connectivity without some brute force measures. At that point, it IS a confirmed crime, though would take some major forensics to prove their actions.

 

And again, if you are still having this issue after the changes you made, post your make and model so we can do research and help you fix it. People like this need to be stopped.

[beersykins]

2 hours ago, THEGURUOFNOTHING said:

MAC address filtering will make it so even if they can get the password info from a packet, they can't get data connectivity without some brute force measures

macchanger -a vi:ct:im:ma:cl:ol wlan0

Circumvented.

 

Association MACs are in clear text which you can just sniff out of the air.

[THEGURUOFNOTHING]

4 hours ago, beersykins said:

macchanger -a vi:ct:im:ma:cl:ol wlan0

Circumvented.

 

Association MACs are in clear text which you can just sniff out of the air.

Then the easiest way to kick them in the dick is to wire your network and disable wifi.

[beersykins]

6 hours ago, THEGURUOFNOTHING said:

Then the easiest way to kick them in the dick is to wire your network and disable wifi.

Or you can just do it correctly and not give up the convenience.

[Squashy]

17 hours ago, THEGURUOFNOTHING said:

Would be nice to know the make and model of the gear so we could assist you better, but with that said...

There are a few things I would do. Connect to your modem with a WIRE... not wireless. Then first of all, if you do in fact have the stock password info for the modem/router, do a factory reset. Put it back to scratch. Any password that is on it now will cease to exist if it isn't stock. Then immediately go in and change the password. Being as a-holes like this are usually home all day doing nothing and sponging off of others, you need to be pretty quick about it as they will probably be in there right behind you once they realize that they no longer have wifi to steal. Once the password is changed, then turn off WPS and turn ON MAC address filtering and deny everything that isn't your system. That in itself should stop them from reconnecting the extender. Remove that sticker that has any login info, even if you have changed the password so if they do decide to break and enter again, they have squat to work with. And if you do catch them in your home unrequested, hit them with an end table. Sounds like the person doing this is some level of stupid that has access to sniffing software that is grabbing your authentication info. MAC address filtering will make it so even if they can get the password info from a packet, they can't get data connectivity without some brute force measures. At that point, it IS a confirmed crime, though would take some major forensics to prove their actions.

 

And again, if you are still having this issue after the changes you made, post your make and model so we can do research and help you fix it. People like this need to be stopped.

Appologies for the delay.

 

Yes, they was right there as I was making changes. Once I kicked off the "extender" I stopped seeing new devices. (as I saw them I copied the MAC addresses to add to the "blocked" list)

 

With MAC filtering enabled it won't allow me to change the passwords (Technically it says cannot use WPA with MAC filtering enabled) I agree the easiest way to avoid all this is to use a wired connection and would actually prefer that. The Modem is a PACE 5268AC FXN

 

 There are people in all walks of life and professions that will do things for a fix.  

 

[jagdtigger]

9 hours ago, Squashy said:

With MAC filtering enabled it won't allow me to change the passwords (Technically it says cannot use WPA with MAC filtering enabled)

That doesnt sound right...  Never seen anything that does this.

[Squashy]

15 hours ago, jagdtigger said:

That doesnt sound right...  Never seen anything that does this.

It seemed odd that it has an Approved list and Blocked list. All of my previous modems only had an "Approved" list and If it wasn't in that list it wasn't allowed. 

 

First thing I tried was to change the Password before I did anything but it wouldn't allow me. I figured I must have to log everything off to change the password. After I reset I tried changing the password, hit save and it wouldn't accept the change. It kept going back to default without any error codes but it did allow me to change the name of the Gateway.

I figured I would gain some time by changing the Name by forcing them to re-enter the default password. That allowing me to turn on MAC filtering and typing in the small list of MAC addresses into the "blocked" section. ( I caught a couple of phones logging on when I was rebooting their wifi extender. I can only imagine what the Google Home was doing every time it lost and reconnected.) 

 

One more thing I did was disable 2.5ghz as the only two Items I wanted to use is running 5ghz. 

 

Needless to say, I am interested in learning more about networks as well as upgrading my home security system and maybe even a CCTV system. I stayed up last night studying monochrome surveillance cameras. Surprisingly not many B&W cameras on the market or they keep them hid from the general public. You want B&W because you can get a much sharper image with the same amount of Lux available. (Better in low light) 

[Alex Atkin UK]

On 2/23/2020 at 7:43 PM, Squashy said:

(Technically it says cannot use WPA with MAC filtering enabled) I agree the easiest way to avoid all this is to use a wired connection and would actually prefer that. The Modem is a PACE 5268AC FXN

 

Are you sure its not saying "cannot use WPS with MAC filtering enabled", as that would make more sense.

 

Did you disable WPS as recommended earlier and try again?

 

If the above error IS correct then its worrying as it suggests WPA is NOT enabled, this could explain how you were able to get hacked in the first place.  Ideally you want to be using WPA2 AES only, as its the only version that hasn't been compromised in some way.

[Squashy]

Yes I double checked. 

It wouldn't allow me to enable MAC Filtering until I disabled WPS. After it allowed me to enable MAC filtering I went back to try changing the password. It then gave me the error saying I couldn't change from the default to a custom WPA with MAC filtering enabled. 

 

Don't makes sense why it won't allow me to change from the default password. I am going to go try changing it again just to make sure I'm telling you right. 

[Kilrah]

You should take and post screenshots. Seems you're mixing some stuff up.