hacking

[tommythefox]

Hi i was watching panorama last nite, it was about illegal down load's and it showed a tech chap hacking into someone else is wifi changing the password etc and down loading anything he wanted,and it would all be link to the ip address of the one he had hack into.my question is there any way of preventing this,and how can you tell if anyone is using your ip address.

 

[Synapse]

I'm going to assume they were demonstrating WEP cracking which is an incredibly weak encryption mechanism and you can usually crack a WEP protected access point in a matter of minutes. The tools are freely available to allow script kiddies to attempt this, look up the aircrack-ng suite if you're particularly interested.

The answer is simple, use WPA2 and a strong password containing uppercase and lowercase alphanumeric characters and symbols to prevent brute force attempts. As far as I'm aware WPA2 still hasn't been cracked successfully in small timeframes, and the research and tools aren't freely available yet to allow the general public to attempt it.

Another thing you can do (although this is security through obscurity) is to disable beacons on your wireless access point, it's pointless against anyone who has some knowledge on the subject and can easily be detected by something like aircrack but may keep the less technically aware at bay.

As for detecting whether someone else is on your network a lot of routers have diagnostic controls to allow you to see the clients currently connected via your router. Check your router control panel under diagnostics.

What should be more worrying is the potential for MITM (Man in the Middle Attacks) essentially allowing someone to ARP poison you and intercept all traffic between you and any other device on your network (i.e. your router). This would allow a third party to steal any sensitive data, for example bank details as you enter them. SSL certificates in this case can also be intercepted. You can easily leave tools running that will log all the interesting data and leave you none the wiser.

 

[tommythefox]

thanks synapse for your reply,i am a leyman regards computers so if i can ask you how to get wpa2 installed and what are ssl cert's and ARP poison.i have checked the diagnostics and there is another connection there but when i checked to see who is connected it just show's i am connected.how can i get rid of this other connection? i suppose there is nothing you can do about the MITM as you dont know they have got into your computer. hope you can make sense of this.

thanks tom.
P.S. i have vista and is WEP protected.

 

[timtheenchanter]

you will need to go into your routers setting to change the encryption type, if you let us know who your broadband supplier is, and what router you have we can give a more detailed desctiption of how to do this.

in your wireless manager, it will show all the wireless networks in range of your machine, dont worry about them, I have 12 from my lounge.

you can only see who is cponnected from your routers manager

 

[Synapse]

You're really only potentially open to MITM attacks over wireless when using open access points or weak encryption techniques like WEP. Keep that in mind the next time you're using your laptop on an open network.

You're well protected when using something like WPA2 and it's not as much of a concern. As timtheenchanter noted this must be set up via your routers configuration interface the details of which should be supplied by your ISP in most cases.

---

It's also worth noting to anyone else that happens to stumble upon this thread looking for a way to monitor clients on their network that NMap is a highly useful tool and can be used to scan ranges of IP addresses to alert you to suspicious behavior and will give you a greater level of detail than most routers diagnostic panels.

 

[tommythefox]

hi timtheenchanter, broadband supplier is B.T. the router is from B.T. an is wireless.

cheers tom.

 

[Synapse]

I'm not overly familiar with the BT Home Hub but your router settings should be accessible via http://192.168.1.1 in default setups (or http://192.168.1.254) and the username and password should have been provided to you by your ISP if you haven't already changed them. A while ago I know BT used to only allow access to the router settings once you entered the serial number from the bottom of your device. I don't know if this is still the case.

A quick Google shows that the settings for wireless encryption are in Advanced>Wireless>Security and should look something like this: http://i112.photobucket.com/albums/n200/Cloudedbrains/WPA.jpg

You'll want to use WPA-PSK Encryption with WPA2 (as long as all your devices support WPA2) and a sufficiently secure password as I mentioned in my first post. Then of course you'll need to reconnect your devices to the wireless network providing the key you have set when prompted.

It should be a fairly simple process, I advise you perform any settings changes to do with your wireless connection via a wired connection so you can easily revert back if something goes wrong.

 

[Monkeh]

The serial number should no longer be the case, as it can be acquired from the Hub remotely with great ease.

 

[tommythefox]

Hi synapse and everyone thanks for your help,i think i have the info i need ,but i will wait until my son is here next week he is more into computers than me just in case i cock things up,i can watch what he does.

cheers tom.