People breaking into my wireless network.....

[beaker15]

So just another inquiry, One morning getting ready for school I go on to my PC to watch Linus's latest video and when I go into my network directory to get a file of my media PC I notice 2 unknown smartphones. When I went to details it showed me the model numbers of the phones (unfortunately I was to stupid to take a pic or write it down) Neither me nor any of my fiends have those model phones. So I changed the wifi password and rebooted the router and it was gone. A month or so later I was checking to see what my current bandwidth usage was (because stupid bandwidth caps) and I saw a big spike on one day that I was not even home half the day. So now I change my wifi password every month. I thought my password was secure it was 15 characters with 2 numbers with WPA2 Personal. On another side not a friend of mine 1 street over (with the same linksys ea6900 router) checked his bandwidth usage and he had used a TB of data! Both of our caps are 300GB, so it had seemed his had been gotten into as well. So any ideas about passwords or other ways to secure a router?

[Guest acdcman200]

You might want to reset the firmware on it, try doing a factory reset. If there able to continuously get in contact your isp.

[Guest acdcman200]

4 minutes ago, beaker15 said:

So just another inquiry, One morning getting ready for school I go on to my PC to watch Linus's latest video and when I go into my network directory to get a file of my media PC I notice 2 unknown smartphones. When I went to details it showed me the model numbers of the phones (unfortunately I was to stupid to take a pic or write it down) Neither me nor any of my fiends have those model phones. So I changed the wifi password and rebooted the router and it was gone. A month or so later I was checking to see what my current bandwidth usage was (because stupid bandwidth caps) and I saw a big spike on one day that I was not even home half the day. So now I change my wifi password every month. I thought my password was secure it was 15 characters with 2 numbers with WPA2 Personal. On another side not a friend of mine 1 street over (with the same linksys ea6900 router) checked his bandwidth usage and he had used a TB of data! Both of our caps are 300GB, so it had seemed his had been gotten into as well. So any ideas about passwords or other ways to secure a router?

You might want to reset the firmware on it, try doing a factory reset. If there able to continuously get in contact your isp.

 

-forgot to quote you sorry-

[vanished]

As far as I know WPA2 is pretty safe, and you password sounds good enough so if people are repeatedly and seemingly easily getting in there must be some other issue with the security of that router.  Apply any updates if there are any, and consider searching for things like "<insert your model here> hacked" to see if it's a well known problem.

[SansVarnic]

Try setting your wifi to a hidden network.

Or buy a better router.

[rmac52]

You can try turning off the wps key option.  I know there was an exploit for wps keys.  Wpa2 is a very secure network protocol .  It is hackable but it's not easy.  It's possible you have a very dedicated neighbor with no Internet.

[vanished]

1 minute ago, Arokhantos said:

You can also just try whitelist mac id's of wifi devices that are yours and block anything else along with secure password.

I thought of that but had discounted the idea thinking it wouldn't work in this case for some reason.  Now that I think of it a bit more I can't imagine why that was since it seems like that would do it

[Donut417]

8 minutes ago, beaker15 said:

So just another inquiry, One morning getting ready for school I go on to my PC to watch Linus's latest video and when I go into my network directory to get a file of my media PC I notice 2 unknown smartphones. When I went to details it showed me the model numbers of the phones (unfortunately I was to stupid to take a pic or write it down) Neither me nor any of my fiends have those model phones. So I changed the wifi password and rebooted the router and it was gone. A month or so later I was checking to see what my current bandwidth usage was (because stupid bandwidth caps) and I saw a big spike on one day that I was not even home half the day. So now I change my wifi password every month. I thought my password was secure it was 15 characters with 2 numbers with WPA2 Personal. On another side not a friend of mine 1 street over (with the same linksys ea6900 router) checked his bandwidth usage and he had used a TB of data! Both of our caps are 300GB, so it had seemed his had been gotten into as well. So any ideas about passwords or other ways to secure a router?

If your using WPA2 with AES it would take a super computer 800 years or so to crack the wifi password. Make sure you have a good password for login on your router. If those to things are met, then no one should be able to get in. I do know over the past few years there have been issues with software in the routers that make them less secure to remote administration. So I would advise you to turn off anything that says remote administration on it. On top of that turn of WPS, because there have been security issues for in that as well. You could also try changing your SSID, maybe that will throw them off or as @SansVarnic states, set your SSID not to broadcast. Then they will need to know your SSID as well to connect to your network. 

[beaker15]

11 minutes ago, acdcman200 said:

You might want to reset the firmware on it, try doing a factory reset. If there able to continuously get in contact your isp.

Did do a factory reset and such but what would the ISP have to do with it? I provided both the router and modem I just pay them for the subscription. 

[SansVarnic]

What router, wifi capable device are you using? we maybe able to give you a more precise answer.

[beaker15]

31 minutes ago, SansVarnic said:

What router, wifi capable device are you using? we maybe able to give you a more precise answer.

I'm using a Linksys ea9600 (still pretty new) 

[SansVarnic]

3 minutes ago, beaker15 said:

I'm using a Linksys ea9600 (still pretty new) 

Nice router.

I would say that all the suggestions made are valid for your case.

1) Start with factory resetting your router.

2) Update the firmware

3) Turn off the WPS.

4) Set up your router with the WPA2 standard with AES encryption.

5) Optional: Make your network hidden. (I do this with all my networks as it as a level of obvious security, what cant be seen....)

6) Optional: Setup a Whitelist MAC access. (Honestly if the previous doesn't work this wont help really)

6) If all this does not help you should look to replace your router. It is possible you have a lemon.

 

Hope that helps. Cheers.

[beaker15]

1 minute ago, SansVarnic said:

Nice router.

I would say that all the suggestions made are valid for your case.

1) Start with factory resetting your router.

2) Update the firmware

3) Turn off the WPS.

4) Set up your router with the WPA2 standard with AES encryption.

5) Optional: Make your network hidden. (I do this with all my networks as it as a level of obvious security, what cant be seen....)

6) Optional: Setup a Whitelist MAC access. (Honestly if the previous doesn't work this wont help really)

6) If all this does not help you should look to replace your router. It is possible you have a lemon.

 

Hope that helps. Cheers.

Ok thanks for the advice!

[iamdarkyoshi]

Buy a used enterprise grade AP and use that for wireless. Thats what I use. And a hidden SSID. Perhaps create a hidden SSID for a normal connection and repurpose your existing SSID to redirect evertything to meatspin. That should keep them away...

[Razor512]

Can the WPS pin be changed on your router. it it has been compromised then the attacker can keep using that to get back in. Some routers do not allow you to fully disable all aspects of WPS.

[SansVarnic]

12 minutes ago, Razor512 said:

Can the WPS pin be changed on your router. it it has been compromised then the attacker can keep using that to get back in. Some routers do not allow you to fully disable all aspects of WPS.

Yes the WPS pin can be changed. In the GUI access of your router there should be an option to either change and or disable the WPS function. If there is not then you need another router.

192.168.0.1

[beaker15]

3 hours ago, SansVarnic said:

Yes the WPS pin can be changed. In the GUI access of your router there should be an option to either change and or disable the WPS function. If there is not then you need another router.

192.168.0.1

Yup WPS was disabled by default. 

[.spider.]

23 hours ago, Arokhantos said:

You can also just try whitelist mac id's of wifi devices that are yours and block anything else along with secure password.

This won't stop someone who breaks WPA2

 

Reset your routers password

[.spider.]

19 minutes ago, Arokhantos said:

They have to pickup the mac id in order to get in, which means its gonna be lot harder to get in.

Spoofing a Mac is not a big deal

[Donut417]

47 minutes ago, .spider. said:

This won't stop someone who breaks WPA2

 

Reset your routers password

Thats why you use AES encryption. It takes toooooooo long to crack. 

[vanished]

13 minutes ago, .spider. said:

Spoofing a Mac is not a big deal

Don't you have to know what to spoof it to?  Unless they had the foresight to check the mac addressed of legitimately connected devices while they had the chance, I don't see how that could work.

 

edit, yup, confirmed above

Edited February 11, 2016 by Ryan_Vickers

[.spider.]

27 minutes ago, Arokhantos said:

 

You still need to get the mac id before you even can spoof it.

You don't know what you are talking about don't you?

[vanished]

Just now, .spider. said:

You don't know what you are talking about don't you?

My understanding of how this works is you can make your device pretend to have / broadcast any MAC you want.  Thus, you can make it look like one of the accepted MAC addresses on the list... if you know it (you still have to know one of the accepted/whitelisted ones to make use of this).

 

Is this wrong?  I'd like to know if it is

[.spider.]

10 minutes ago, Ryan_Vickers said:

My understanding of how this works is you can make your device pretend to have / broadcast any MAC you want.  Thus, you can make it look like one of the accepted MAC addresses on the list... if you know it (you still have to know one of the accepted/whitelisted ones to make use of this).

 

Is this wrong?  I'd like to know if it is

Exactly after breaking the encryption you can see the mac of almost all devices within the network if you capture the traffic for a few moments. 

You'll also see the IPs thus disabling the dhcp server is useless. 

 

As I said before someone who is capable of breaking WPA2 wont be stopped by a MAC filter and an absent dhcp server.

[vanished]

2 minutes ago, .spider. said:

Exactly after breaking the encryption you can see the mac of almost all devices within the network if you capture the traffic for a few moments. 

You'll also see the IPs thus disabling the dhcp server is useless. 

 

As I said before someone who is capable of breaking WPA2 wont be stopped by a MAC filter and an absent dhcp server.

But I thought breaking the encryption would supposedly take hundreds of years?  Thus, you'd be left with the option of connecting normally, and this would not be possible without the right MAC address.  Or am I missing something...?