Wireless intrusion - WPA and TKIP cracked with ease

Hi all,

I'm a noob to this forum, but I've been working in the IT industry for

10 years or so. I'm not particularly experienced with wireless, just using it at home, but I'm learning fast.

So, I have a problem with one of my neighbours hacking my wireless connestion and downloading massive amounts of data, using a spoofed MAC. I have a belkin modem-router which is using WPA and TKIP/AES, and the intruder just waltzes through the secutiry like it's not even there. I've hidden the SSID, changed all the settings, and he just gets straight back in. I've even disabled wireless client access on the router and he STILL got in :mad:

I'm less bothered about stopping him now, and more bothered about finding out who it is so that I can set the cops on him, because this is costing me money and a lot of time. I've reverted to a non-wireless router in the meantime since there is nothing more I can do with the wireless.

Does anyone know of any counter-intrusion tools that I could use to find out what he's doing, or even counter-hack his machine? I think it's fairly well firewalled.

Thanks for any help!

Mikki x

------------------------------------------------------------------------ View this thread:

formatting link

Reply to
MikkiJayne
Loading thread data ...

MikkiJayne hath wroth:

If you've survived that long, and are still sane, permit me to congratulate you.

High speed learning doesn't work. In order to understand something well, you need to tear it apart, make a huge mess disecting the contents, analyze the entrails, and put it back in working order. It's all part of "Learn By Destroying(tm)."

It takes more than just a spoofed MAC address. In addition, if they have borrowed the MAC address of one of your machines, there well be considerable packet corruption when BOTH machines try to connect.

Are you sure you work in IT? Belkin has more than one model, each with their own collection of bugs and problems. If you like generalized and theoretical discussions, I can do that, but if you want specific answers for your specific problem, kindly disclose the model number of ALL your wireless hardware. Extra credit for the firmware versions (don't say "the latest"). Then, you get to dig through the various security mailing lists to see if there are any unpatched security holes in your unspecified router and firmware.

Waste of time. All that does is have your neighbors land on the channel you're using because they can't see your access point. It also breaks a few client connection managers. It might slow down a hacker for about 30 seconds. Kismet and other utilities show hidden SSID's.

All of them or just some of them? Any particular settings that were changed from the default?

Yep. Now, convince yourself (and me) that you actually have WPA-PSK (or WPA-personal) setup correctly? That's not as easy as it sounds on some of the more moronic user interfaces. For example, one ancient version (I think it was Netgear's) had a nice list of encryption protocols to select, but on a different page, had an encryption on/off radio button. Users would select the correct protocol, and think they are protected.

My guess(tm), based upon your description, that you actually have a WEP key setup, which is easily cracked. Don't use WEP encryption.

Incidentally, WPA encryption is safe but only with long (20 char) non-dictionary pass phrases. My guess(tm) is that you'rs is fairly trivial and can therefore be cracked. See:

That's not what it's called. It's something like "wireless administration access" which controls whether a wireless client can get to the web configuration interface. There's also a "remote admin" setting that does the same thing for users coming in from the internet. You should probably leave both of these off, at least until the problem is identified.

Are you sure you work in IT? Do you read the trade journals? How many people have you seen busted for unlawful use of a computer via wi-fi? There are a few but in general, unless you can prove that the system was used to commit a more serious crime, the local D.A. doesn't have a clue what to do with the case and generally refuses to prosecute.

Also, please note that *YOU* are responsible for your own security. If you know that your security is defective, and have not done due dilligence (i.e. security scans) to verify your own security, you are at least partly responsible for consequential damages. This has not been tested in court and can be effectively argued by both sides. However, it does represent a reason why the D.A. does not want to prosecute.

If you really want to find the culprit, there are several things you can do. One is to capture some of their traffic and try to identify the culprit from the destinations or contents. The other is more technical and requires a 2.4GHz directional antenna, and plenty of understanding of RF propagation. If you know any of the local ham radio operators, they might be able to help. If that's too much, reduce your antenna size to that they need to have a strong signal to connect. Walk around with your laptop running Kismet (or some sniffer tha displays signal strength) until you find the general area.

Well, that's fine for now, but if you've given up, why ask for help?

Are you sure you work in IT? Counter-hacking is generally a bad idea because of the legal complications. It's one thing for the culprit to borrow your connection for whatever purpose. It's another for you to destroy his machine or data by remote control.

To find out what he's doing, you use a sniffer such as Ethereal or WireShark. Capture some traffic and look at it carefully. I also have tools that use the router statistics to log destinations and traffic, but I don't think they'll work on any Belkin hardware. You can best install a sniffer probe with a seperate computer and a hub. Install the hub (not a switch) between the modem and the router. Connect the computer to the hub and sniff away. There are also plenty of network traffic analyzers available.

Reply to
Jeff Liebermann

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.