How can I stop someone hacking into my AP?

[gristle]

Hi everyone,

I'm fairly new to pen testing and need some help please. Even though this is my 1st post I've been lurking and learning here in the forums for awhile. From what I've seen no wireless network is secure.

I'd been using a linksys wireless router that finally died on me. Kills my whole network wired and wireless anytime I turn it on. Got a new Dlink dir-655 and noticed someone else is accessing my network.

Fired up BackTrack on the laptop and noticed several AP's nearby. I was kinda surprised since I'm in a really small town (we don't even have a stop light in the whole county) Guess ya never know who's watching.

Any way I found 1 kinda suspicious listing using Kismet. There seems to be 1 BSSID that keep changing names/SSID's every so often and under "type" it says Probe request (searching client)

I've disabled my wireless until I can find out more about what's going on. This may not be the place to ask but, there seems to be several knowledgeable posters here and I was hoping maybe someone could point me in the right direction as to how I should proceed from here. Where/who it's coming from, what need to do.

Any ideas/suggestions would be appreciated.
Thanks....

[TAPE]

Hi everyone,

I'm fairly new to pen testing and need some help please. Even though this is my 1st post I've been lurking and learning here in the forums for awhile. From what I've seen no wireless network is secure.

I'd been using a linksys wireless router that finally died on me. Kills my whole network wired and wireless anytime I turn it on. Got a new Dlink dir-655 and noticed someone else is accessing my network.

Fired up BackTrack on the laptop and noticed several AP's nearby. I was kinda surprised since I'm in a really small town (we don't even have a stop light in the whole county) Guess ya never know who's watching.

Any way I found 1 kinda suspicious listing using Kismet. There seems to be 1 BSSID that keep changing names/SSID's every so often and under "type" it says Probe request (searching client)

I've disabled my wireless until I can find out more about what's going on. This may not be the place to ask but, there seems to be several knowledgeable posters here and I was hoping maybe someone could point me in the right direction as to how I should proceed from here. Where/who it's coming from, what need to do.

Any ideas/suggestions would be appreciated.
Thanks....

You see this probe request in airodump as well ?

Sure this is not simply a laptop with wireless scanning for available networks ?

If you dont turn off the wireless on the average windows laptop then it will keep searching for a connection.

I would fire up airodump and see if it is looking for a certain BSSID or just probing for networks.

And of course.. if it is able to connect to your AP without having to do anything.. it would seem
your security on your AP needs some beefing up

[imported_=Tron=]

[SIZE="2"]Fired up BackTrack on the laptop and noticed several AP's nearby. I was kinda surprised since I'm in a really small town (we don't even have a stop light in the whole county) Guess ya never know who's watching.

An AP is an Access point, not someone else utilizing or monitoring your connection. How have you determined that someone actually is gaining unauthorized access to your AP?

[SIZE="2"]Any way I found 1 kinda suspicious listing using Kismet. There seems to be 1 BSSID that keep changing names/SSID's every so often and under "type" it says Probe request (searching client)

As =TAPE= hints, this is simply a computer searching for known access points. It will therefore keep sending out probing requests using different ESSIDs until disabled or connected to an AP. In other words this is no reason for concern.

I've disabled my wireless until I can find out more about what's going on. This may not be the place to ask but, there seems to be several knowledgeable posters here and I was hoping maybe someone could point me in the right direction as to how I should proceed from here. Where/who it's coming from, what need to do.

Any ideas/suggestions would be appreciated.
Thanks....

Use WPA encryption with a strong and long passphrase to stop unwanted visitors from accessing your wireless AP.

[Barry]

[QUOTE==Tron=;104086

Use WPA encryption with a strong and long passphrase to stop unwanted visitors from accessing your wireless AP.[/QUOTE]

This is a strong passphrase.

Code:

F@\d4u\cLXd+sCuWzl|vQZ%;y+I@:dI9MwL"\_AmoJKpj]A,*k8~PZJy%Oy?Pq@

This is not.

Code:

P@ssword

[T1ckT0ck]

[QUOTE=Barry;104089]This is a strong passphrase.

Code:

F@\d4u\cLXd+sCuWzl|vQZ%;y+I@:dI9MwL"\_AmoJKpj]A,*k8~PZJy%Oy?Pq@

Statement of the obvious... Do not use that one.

[Talkie Toaster]

Yea just updated my WPA list with it now

[T1ckT0ck]

Yea just updated my WPA list with it now

Glad I'm not the only one...

[Talkie Toaster]

Well now that the words 'strong passphrase' and 'F@\d4u\cLXd+sCuWzl|vQZ%;y+I@:dI9MwL"\_AmoJKpj]A,*k8~PZJy%Oy?Pq@' have appeared 3 times (including this) on a public forum there is a fair chance that if someone,stuck for inspiration, types 'strong passphrase' and some other random term into google that this might pop up and they will copy/paste it and use it, so keeping this in your wordlists isn't maybe as sad/anal as you think.....

Fair enough the chances that you'd come accross it again are tiny, but still a statistically better chance than guessing a 63 character password first go!

TT

[gristle]

I'd already looked at airodump and saw the same BSSID but, can't really pin anything down as a probe request. I get that AP is an access point like my router. On the setup screen for the new D-Link it has all sorts of options and logs. Under "info" it shows all connected machines both wired and wireless. There was defiantly another machine connected that was not supposed to be there.

What really threw me was the way the name/SSID kept changing. Was at least 1/2 dozen different names...Hotel, GoldenTree, Butner School, Linksys, NetGear and some junk #'s. Sorta seemed like some kinda program trying to find networks to attack.

It's not that I have any sensitive material on the wireless network. I was more concerned with what the person may be doing with the connection. Say some sort of illegal activity. Then it would show up as coming from me when actually I had nothing to do with it.

Think I'll start with beefing up my password as suggested and maybe look at MAC filtering.

Thanks for the replies/help folks

[Talkie Toaster]

Sounds like karmetasploit replaying probes its picked up......

Does 'Free wifi' come up as one of the network names by any chance?

TT