Page 1 of 3 123 LastLast
Results 1 to 10 of 28

Thread: How can I stop someone hacking into my AP?

  1. #1
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    7

    Default How can I stop someone hacking into my AP?

    Hi everyone,

    I'm fairly new to pen testing and need some help please. Even though this is my 1st post I've been lurking and learning here in the forums for awhile. From what I've seen no wireless network is secure.

    I'd been using a linksys wireless router that finally died on me. Kills my whole network wired and wireless anytime I turn it on. Got a new Dlink dir-655 and noticed someone else is accessing my network.

    Fired up BackTrack on the laptop and noticed several AP's nearby. I was kinda surprised since I'm in a really small town (we don't even have a stop light in the whole county) Guess ya never know who's watching.

    Any way I found 1 kinda suspicious listing using Kismet. There seems to be 1 BSSID that keep changing names/SSID's every so often and under "type" it says Probe request (searching client)

    I've disabled my wireless until I can find out more about what's going on. This may not be the place to ask but, there seems to be several knowledgeable posters here and I was hoping maybe someone could point me in the right direction as to how I should proceed from here. Where/who it's coming from, what need to do.

    Any ideas/suggestions would be appreciated.
    Thanks....

  2. #2
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default

    Quote Originally Posted by gristle View Post
    Hi everyone,

    I'm fairly new to pen testing and need some help please. Even though this is my 1st post I've been lurking and learning here in the forums for awhile. From what I've seen no wireless network is secure.

    I'd been using a linksys wireless router that finally died on me. Kills my whole network wired and wireless anytime I turn it on. Got a new Dlink dir-655 and noticed someone else is accessing my network.

    Fired up BackTrack on the laptop and noticed several AP's nearby. I was kinda surprised since I'm in a really small town (we don't even have a stop light in the whole county) Guess ya never know who's watching.

    Any way I found 1 kinda suspicious listing using Kismet. There seems to be 1 BSSID that keep changing names/SSID's every so often and under "type" it says Probe request (searching client)

    I've disabled my wireless until I can find out more about what's going on. This may not be the place to ask but, there seems to be several knowledgeable posters here and I was hoping maybe someone could point me in the right direction as to how I should proceed from here. Where/who it's coming from, what need to do.

    Any ideas/suggestions would be appreciated.
    Thanks....

    You see this probe request in airodump as well ?

    Sure this is not simply a laptop with wireless scanning for available networks ?

    If you dont turn off the wireless on the average windows laptop then it will keep searching for a connection.

    I would fire up airodump and see if it is looking for a certain BSSID or just probing for networks.

    And of course.. if it is able to connect to your AP without having to do anything.. it would seem
    your security on your AP needs some beefing up

  3. #3
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by gristle View Post
    [SIZE="2"]Fired up BackTrack on the laptop and noticed several AP's nearby. I was kinda surprised since I'm in a really small town (we don't even have a stop light in the whole county) Guess ya never know who's watching.
    An AP is an Access point, not someone else utilizing or monitoring your connection. How have you determined that someone actually is gaining unauthorized access to your AP?

    Quote Originally Posted by gristle View Post
    [SIZE="2"]Any way I found 1 kinda suspicious listing using Kismet. There seems to be 1 BSSID that keep changing names/SSID's every so often and under "type" it says Probe request (searching client)
    As =TAPE= hints, this is simply a computer searching for known access points. It will therefore keep sending out probing requests using different ESSIDs until disabled or connected to an AP. In other words this is no reason for concern.

    Quote Originally Posted by gristle View Post
    I've disabled my wireless until I can find out more about what's going on. This may not be the place to ask but, there seems to be several knowledgeable posters here and I was hoping maybe someone could point me in the right direction as to how I should proceed from here. Where/who it's coming from, what need to do.

    Any ideas/suggestions would be appreciated.
    Thanks....
    Use WPA encryption with a strong and long passphrase to stop unwanted visitors from accessing your wireless AP.
    -Monkeys are like nature's humans.

  4. #4
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    [QUOTE==Tron=;104086

    Use WPA encryption with a strong and long passphrase to stop unwanted visitors from accessing your wireless AP.[/QUOTE]

    This is a strong passphrase.
    Code:
    F@\d4u\cLXd+sCuWzl|vQZ%;y+I@:dI9MwL"\_AmoJKpj]A,*k8~PZJy%Oy?Pq@

    This is not.
    Code:
    P@ssword
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  5. #5
    Junior Member T1ckT0ck's Avatar
    Join Date
    Mar 2008
    Posts
    41

    Default

    [QUOTE=Barry;104089]This is a strong passphrase.
    Code:
    F@\d4u\cLXd+sCuWzl|vQZ%;y+I@:dI9MwL"\_AmoJKpj]A,*k8~PZJy%Oy?Pq@
    Statement of the obvious... Do not use that one.
    I have indirectly been told to play nice...yay.

  6. #6
    Senior Member Talkie Toaster's Avatar
    Join Date
    Jun 2008
    Location
    Scotland
    Posts
    131

    Default

    Yea just updated my WPA list with it now
    Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

  7. #7
    Junior Member T1ckT0ck's Avatar
    Join Date
    Mar 2008
    Posts
    41

    Default

    Quote Originally Posted by Talkie Toaster View Post
    Yea just updated my WPA list with it now
    Glad I'm not the only one...
    I have indirectly been told to play nice...yay.

  8. #8
    Senior Member Talkie Toaster's Avatar
    Join Date
    Jun 2008
    Location
    Scotland
    Posts
    131

    Wink

    Well now that the words 'strong passphrase' and 'F@\d4u\cLXd+sCuWzl|vQZ%;y+I@:dI9MwL"\_AmoJKpj]A,*k8~PZJy%Oy?Pq@' have appeared 3 times (including this) on a public forum there is a fair chance that if someone,stuck for inspiration, types 'strong passphrase' and some other random term into google that this might pop up and they will copy/paste it and use it, so keeping this in your wordlists isn't maybe as sad/anal as you think.....

    Fair enough the chances that you'd come accross it again are tiny, but still a statistically better chance than guessing a 63 character password first go!

    TT
    Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

  9. #9
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    7

    Default

    I'd already looked at airodump and saw the same BSSID but, can't really pin anything down as a probe request. I get that AP is an access point like my router. On the setup screen for the new D-Link it has all sorts of options and logs. Under "info" it shows all connected machines both wired and wireless. There was defiantly another machine connected that was not supposed to be there.

    What really threw me was the way the name/SSID kept changing. Was at least 1/2 dozen different names...Hotel, GoldenTree, Butner School, Linksys, NetGear and some junk #'s. Sorta seemed like some kinda program trying to find networks to attack.

    It's not that I have any sensitive material on the wireless network. I was more concerned with what the person may be doing with the connection. Say some sort of illegal activity. Then it would show up as coming from me when actually I had nothing to do with it.

    Think I'll start with beefing up my password as suggested and maybe look at MAC filtering.

    Thanks for the replies/help folks

  10. #10
    Senior Member Talkie Toaster's Avatar
    Join Date
    Jun 2008
    Location
    Scotland
    Posts
    131

    Question

    Sounds like karmetasploit replaying probes its picked up......

    Does 'Free wifi' come up as one of the network names by any chance?

    TT
    Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •