Calguns.net  

Home My iTrader Join the NRA Donate to CGSSA Sponsors CGN Google Search
CA Semiauto Ban(AW)ID Flowchart CA Handgun Ban ID Flowchart CA Shotgun Ban ID Flowchart
Go Back   Calguns.net > GENERAL DISCUSSION > Technology and Internet
Register FAQ Members List Calendar Mark Forums Read

Technology and Internet Emerging and current tech related issues. Internet, DRM, IP, and other technology related discussions.

Reply
 
Thread Tools Display Modes
  #1  
Old 07-31-2019, 2:51 PM
peterabbits's Avatar
peterabbits peterabbits is offline
CGSSA Rimfire Coordinator
CGN Contributor
 
Join Date: Apr 2010
Location: Coarsegold, CA
Posts: 1,266
iTrader: 30 / 100%
Default wifi being "hacked" problem

my son is telling me one of his friend's keeps hacking our wifi and slowing his connection speed down while gaming, forcing him to constantly reset our wifi router - i barely know enough about wifi and computers in general to get myself into a lot of trouble lol. when i asked how he could be hacking our wifi, he says his friend is getting his IP address and then hacking it that way.

we live out in the country, on 2+ acres of land, and there's no way it's being done from a "skimmer" or something like that physically close enough to access.

i'm assuming it's possible to hack the wifi remotely, but if this is happening as our son is saying, exactly what access could he be getting? and how do i prevent this from occurring? i always thought that as long as you kept your SSID name private and your password strong, you were pretty safe.

i have a private SSID (you have to know the name and manually type it in), and my password was a 57 character randomly generated password, so i always thought i was pretty secure.

thank you in advance for the help!
Reply With Quote
  #2  
Old 07-31-2019, 2:53 PM
HUTCH 7.62's Avatar
HUTCH 7.62 HUTCH 7.62 is offline
In Memoriam
 
Join Date: Aug 2006
Location: San Josie
Posts: 11,298
iTrader: 2 / 100%
Default

So why is’nt your son hacking his buddies wifi?
__________________
Some say that he once mooned two prostitutes just for a round of drinks, but wasn't surprised by the reply......They call him, the Hutch
Some say that he rode a dirtbike 7k miles across the country and that he once applied Bengay to his own testicles for a mere $50............They call him, the Hutch -Top Gear

http://media.liveauctiongroup.net/i/...CCAB7CE8D70F60
Reply With Quote
  #3  
Old 07-31-2019, 2:59 PM
Fizz's Avatar
Fizz Fizz is offline
Senior Member
 
Join Date: Feb 2012
Location: San Diego
Posts: 1,473
iTrader: 18 / 100%
Default

Your son's speculation is baseless IMO.

If your password is strong, and son didn't leak it, it's secure.

It is possible to do a deauthentication attack without password, or jam, but really unlikely.

You may have internet, wifi, or other issues, but jumping to hacking is almost always jumping the gun.
Reply With Quote
  #4  
Old 07-31-2019, 3:16 PM
DoubleA DoubleA is offline
Member
 
Join Date: Nov 2012
Location: Sacramento
Posts: 438
iTrader: 9 / 100%
Default

Inside job? Could your son have accidentally leaked the SSID and password?


Sent from my iPad using Tapatalk Pro
Reply With Quote
  #5  
Old 07-31-2019, 3:24 PM
vino68's Avatar
vino68 vino68 is offline
Senior Member
 
Join Date: Jul 2016
Location: Los Angeles
Posts: 1,623
iTrader: 3 / 100%
Default

Make sure your router is up to date with its firmware and use WPA2 with AES.
And if you are compromised, it may not have anything to do with Wi-Fi. Check to make sure the router's username and password are complex and not open for remote login.
If rebooting the router clears it, may be a channel issue. Check which channels you are using for Wi-Fi and if any other devices in the home or area are on the same channels. The frequency used for Wi-Fi is free to use, so other devices use it as well.
I would also lock down Wi-fi access via MAC addresses or use certs. But I do not know if consumer devices allow it.
Reply With Quote
  #6  
Old 07-31-2019, 3:38 PM
bigbearbear bigbearbear is offline
Calguns Addict
 
Join Date: Jun 2011
Location: Auburn,WA
Posts: 5,378
iTrader: 0 / 0%
Default

His friend isn't "hacking" your wifi. What that "friend" of your son is doing, is that he is able to obtain what the IP address of your router (most likely because your son is playing on a server hosted by this idiot) and this fella is launching a Denial of Service attack on your IP address. Basically flooding and bombarding your router with tons of zombie attacks, causing it to slow down.

If you son know who this person is, make a police report. And tell your son to stop playing games on other people's hosted server or visiting questionable web sites.
Reply With Quote
  #7  
Old 07-31-2019, 3:40 PM
vino68's Avatar
vino68 vino68 is offline
Senior Member
 
Join Date: Jul 2016
Location: Los Angeles
Posts: 1,623
iTrader: 3 / 100%
Default

Quote:
Originally Posted by bigbearbear View Post
His friend isn't "hacking" your wifi. What that "friend" of your son is doing, is that he is able to obtain what the IP address of your router (most likely because your son is playing on a server hosted by this idiot) and this fella is launching a Denial of Service attack on your IP address. Basically flooding and bombarding your router with tons of zombie attacks, causing it to slow down.

If you son know who this person is, make a police report. And tell your son to stop playing games on other people's hosted server or visiting questionable web sites.
That as well. Wow, DDOS...1999 called and wants its attack back.
Reply With Quote
  #8  
Old 07-31-2019, 3:59 PM
hermosabeach's Avatar
hermosabeach hermosabeach is offline
I need a LIFE!!
 
Join Date: Feb 2009
Location: South Bay of Los Angeles
Posts: 18,386
iTrader: 12 / 100%
Default

Watch 2-4 videos on your router on YouTube

Connect to your router
Set up a new admin password to the router

Install updates

Set up a new Wi-Fi name & password
Set up guest Wi-Fi name and password - guests cannot connect to other devices on network and more

Take son’s device from him
Go into another room. Enter the Wi-Fi & password for guest account into sons device. Return it to him.


Now he can use Wi-Fi and cannot give out the password.


Decide if you want to use parental controls on guest Wi-Fi network
What sites to block
Generate a report of all sites visited
Set a Time or use on the guest network. Sunday night - Thursday night - shut off Wi-Fi access at 10? 9? 11?

Post a list of sites visited on fridge from guest network

You will also learn to see what devices are on or have attached to your network.
__________________
Rule 1- ALL GUNS ARE ALWAYS LOADED

Rule 2 -NEVER LET THE MUZZLE COVER ANYTHING YOU ARE NOT PREPARED TO DESTROY (including your hands and legs)

Rule 3 -KEEP YOUR FINGER OFF THE TRIGGER UNTIL YOUR SIGHTS ARE ON THE TARGET

Rule 4 -BE SURE OF YOUR TARGET AND WHAT IS BEYOND IT
(thanks to Jeff Cooper)
Reply With Quote
  #9  
Old 07-31-2019, 4:24 PM
peterabbits's Avatar
peterabbits peterabbits is offline
CGSSA Rimfire Coordinator
CGN Contributor
 
Join Date: Apr 2010
Location: Coarsegold, CA
Posts: 1,266
iTrader: 30 / 100%
Default

Thanks everyone!
Reply With Quote
  #10  
Old 07-31-2019, 4:25 PM
Fizz's Avatar
Fizz Fizz is offline
Senior Member
 
Join Date: Feb 2012
Location: San Diego
Posts: 1,473
iTrader: 18 / 100%
Default

Quote:
Originally Posted by bigbearbear View Post
His friend isn't "hacking" your wifi. What that "friend" of your son is doing, is that he is able to obtain what the IP address of your router (most likely because your son is playing on a server hosted by this idiot) and this fella is launching a Denial of Service attack on your IP address. Basically flooding and bombarding your router with tons of zombie attacks, causing it to slow down.

If you son know who this person is, make a police report. And tell your son to stop playing games on other people's hosted server or visiting questionable web sites.
Unless there is a service open to the world (NAT/Port Forwarding), web based admin, etc. the router will block incoming unsolicited connections.

It's pretty difficult to (D)Dos as connection without an underlying service to attack.
Reply With Quote
  #11  
Old 07-31-2019, 5:18 PM
Robotron2k84's Avatar
Robotron2k84 Robotron2k84 is offline
Senior Member
 
Join Date: Sep 2017
Posts: 2,013
iTrader: 2 / 100%
Default

Untrue. A "loaded" TCP SYN packet is 40 bytes without any ACK or handshake, and with window and MSS sizing.

If you can generate on the order of 1000-10000 packets per second you can overwhelm most home routers. It's not completely resource-free to drop a packet, it still takes a quantum of CPU and memory to dispatch it to the proper queue.
Reply With Quote
  #12  
Old 07-31-2019, 5:29 PM
IsaacMc's Avatar
IsaacMc IsaacMc is offline
CGN/CGSSA Contributor - Lifetime
CGN Contributor - Lifetime
 
Join Date: Aug 2018
Location: Bay Area California
Posts: 326
iTrader: 39 / 100%
Default

Look up MAC address filter and go that route
Reply With Quote
  #13  
Old 07-31-2019, 5:49 PM
Fizz's Avatar
Fizz Fizz is offline
Senior Member
 
Join Date: Feb 2012
Location: San Diego
Posts: 1,473
iTrader: 18 / 100%
Default

Quote:
Originally Posted by Robotron2k84 View Post
Untrue. A "loaded" TCP SYN packet is 40 bytes without any ACK or handshake, and with window and MSS sizing.

If you can generate on the order of 1000-10000 packets per second you can overwhelm most home routers. It's not completely resource-free to drop a packet, it still takes a quantum of CPU and memory to dispatch it to the proper queue.
I won't rule out poor software/hardware, but even most junk won't succumb to this, and even ISPs are hip to this form of attack. Though, I haven't played with this in a while. I'll have to see what I can pull off in a lab.
Reply With Quote
  #14  
Old 07-31-2019, 5:58 PM
Robotron2k84's Avatar
Robotron2k84 Robotron2k84 is offline
Senior Member
 
Join Date: Sep 2017
Posts: 2,013
iTrader: 2 / 100%
Default

A SYN flood works in three ways: if there is a listening service, ACKs/RSTs can consume upstream bandwidth. Secondly, if the device is NAT'ing, and packets are inspected at the FORWARD stage, the severity of the flood can outstrip the NAT table. Thirdly, even with both prior cases unavailable, the SYN flood can consume the incoming connection buffer or even cause spurious system interrupts on a non-ASIC PHY (software TCP, non offload) to peg the system CPU.

Even worse is a UDP flood on a home router that will send ICMP unreachable on return. That's a guarantee to flood the outbound pipe.

Last edited by Robotron2k84; 07-31-2019 at 6:06 PM..
Reply With Quote
  #15  
Old 07-31-2019, 6:14 PM
SkyHawk's Avatar
SkyHawk SkyHawk is offline
Front Toward Enemy
CGN Contributor
 
Join Date: Sep 2012
Location: Outside my Southern Comfort Zone
Posts: 23,178
iTrader: 223 / 100%
Default

I agree it is a denial of service attack, no one is hacking the router. All you can do is ask the ISP to block the DDOS traffic before it reaches you. And they probably won't help you but it doesn't hurt to ask. If they are willing, they can identify the type of traffic, the source, and then drop packets from that source upstream so it never hits your pipe.
__________________
.


Last edited by SkyHawk; 08-01-2019 at 8:31 AM..
Reply With Quote
  #16  
Old 08-02-2019, 3:12 AM
the86d's Avatar
the86d the86d is offline
Calguns Addict
 
Join Date: Jul 2011
Location: The FREE STATE of Texas
Posts: 9,541
iTrader: 5 / 100%
Default

A miles is 640 acres, and cantennas have a range of at least 1 mile+...

Agreed reset SSID and passphrase, then create a guest SSID (almost all modern consumer routers have this "guest" feature) for your son, and give him his passphrase to only his SSID, only to change it on a regular basis.
This also helps when my son does not do his chores, I can disable "HIS" SSID, and mine runs fine. My daughter has her own to so I can disable if abused, or caught late at night watching Youtube makeup videos, or whatever, independent of mine and his...
Additionally, if being disassociated, try changing this to a valid MAC (anything that starts with 00, and is A-F and 0-9 seems to work for me, as long as chars aren't repeated, it seems), until you get a different IP via "ipconfig /release", then "ipconfig /renew":

(000000000001 didn't work.)

This MAC change does not guarantee it won't be changed on an attacker's side to include the change, but he can't know what specific MAC your son is using at that moment, just that it is an active on your ESSID:

Quote:
Originally Posted by vino68 View Post
... I would also lock down Wi-fi access via MAC addresses...
Not my captures, but a screen-scrape I found real quick, and as you can see MAC filter's are of no use, in any way, shape, or form, they are all listed under BSSID, and the associated ESSID to the right. This can be done in a VM, or a natively running a FREE Linux distro, freely.
All one has to do is plug the BSSID as their own MAC in the 1st screen(scrape), and one bypassed MAC filtering, that easy, and natively supported in modern OS's (well drivers actually?), even the current 1903 build of Windows 10, OOTB!


If you think "friend" is getting on your network, what I have done in the past, and currently for most of my used devices is to give them reserved IPs, so they always get a low number in the 4th octet (say 192.168.1.[2-200]), and DHCP gives out the higher IPs (say: 192.168.1.[201-254]), if you want to go this route... I am not sure it is much of a "security thing", but you will know what is pulling DHCP, separate from "your" regular-stuff as just another "layer" for manual filtering/weeding, and it might be more noticeable if something is pulling DHCP against your will... (but won't help if they spoof a MAC). Personally, I don't use 192.168.x.1 as my router's address, in case someone gets on, they can't get out to the Internet if they don't use DHCP, by default, so they have to pull DHCP to get out, if they crack into my WiFi, if not MAC spoofing. My TVs I run wired Ethernet (where possible, but the danged new Roku's don't have a wired port anymore, the bastages).

Last edited by the86d; 08-02-2019 at 4:32 AM..
Reply With Quote
  #17  
Old 08-02-2019, 10:24 AM
Librarian's Avatar
Librarian Librarian is offline
Administrator
CGN Contributor - Lifetime
 
Join Date: Oct 2005
Location: Cottage Grove, OR
Posts: 44,422
iTrader: 4 / 100%
Default

Quote:
Originally Posted by the86d View Post
If you think "friend" is getting on your network, what I have done in the past, and currently for most of my used devices is to give them reserved IPs, so they always get a low number in the 4th octet (say 192.168.1.[2-200]), and DHCP gives out the higher IPs (say: 192.168.1.[201-254]), if you want to go this route... I am not sure it is much of a "security thing", but you will know what is pulling DHCP, separate from "your" regular-stuff as just another "layer" for manual filtering/weeding, and it might be more noticeable if something is pulling DHCP against your will... (but won't help if they spoof a MAC). Personally, I don't use 192.168.x.1 as my router's address, in case someone gets on, they can't get out to the Internet if they don't use DHCP, by default, so they have to pull DHCP to get out, if they crack into my WiFi, if not MAC spoofing. My TVs I run wired Ethernet (where possible, but the danged new Roku's don't have a wired port anymore, the bastages).
Can you point me to a longer discussion of this? I understand the words and sentences, but I'm not getting the whole meaning.

Never was a network admin ...

Last edited by Librarian; 08-02-2019 at 9:38 PM..
Reply With Quote
  #18  
Old 08-02-2019, 11:45 AM
packnrat's Avatar
packnrat packnrat is offline
Veteran Member
 
Join Date: Feb 2007
Posts: 3,926
iTrader: 4 / 100%
Default

if he believes someone is using his wifi. easy fix.

just turn it off for a couple hrs.
gamer gets the bill for losing the game. and do to his failures no one will play with him.
__________________
big gun's...i love big gun's
Reply With Quote
  #19  
Old 08-02-2019, 12:02 PM
Robotron2k84's Avatar
Robotron2k84 Robotron2k84 is offline
Senior Member
 
Join Date: Sep 2017
Posts: 2,013
iTrader: 2 / 100%
Default

MAC filters work best as outbound filters in the firewall (if your router lets you do this). MAC filtering by DHCP gets you to an IP mapping, but either can be changed. Traditional MAC filtering works by denying a DHCP request, ignoring a MAC on the PHY, or by black-holeing it as an ARP table entry.

Once you whitelist ethers in your outbound firewall tables, only those devices can talk to the internet. Someone would have to know a legal device MAC to challenge this, which is much more difficult than just randomly changing their own MAC.
Reply With Quote
  #20  
Old 08-02-2019, 12:03 PM
Epaphroditus's Avatar
Epaphroditus Epaphroditus is offline
Veteran Member
 
Join Date: Sep 2013
Location: Where the McRib runs wild and free!
Posts: 4,876
iTrader: 4 / 100%
Default

Bad players blame everything under the sun except their own failings. Tell your boy to "git gud".

That's what the meanies tell me anyway.
Reply With Quote
  #21  
Old 08-02-2019, 12:09 PM
SonofWWIIDI's Avatar
SonofWWIIDI SonofWWIIDI is offline
I need a LIFE!!
 
Join Date: Nov 2011
Location: Santa Clara county
Posts: 21,541
iTrader: 8 / 100%
Default

Is the friend local? Or just an internet “friend”.
__________________
Sorry, not sorry.
🎺

Dear autocorrect, I'm really getting tired of your shirt!
Reply With Quote
  #22  
Old 08-05-2019, 3:36 AM
the86d's Avatar
the86d the86d is offline
Calguns Addict
 
Join Date: Jul 2011
Location: The FREE STATE of Texas
Posts: 9,541
iTrader: 5 / 100%
Default

Quote:
Originally Posted by Librarian View Post
Can you point me to a longer discussion of this? I understand the words and sentences, but I'm not getting the whole meaning...
Never was a network admin ...
Many network admins know little outside of job-function, w/blinders, these days anyways. Hell the Network Admin. at my job, when I came from another position didn't even know what a gateway was...
It was bad.
EDIT: ...and he now denies this fact...

Assuming you are not being facetious, and I have never read a discussion on this, just had conversations among people, what they have done on their home routers, things I ran into, and what some did/do at work:

DHCP only hands out 192.168.1.[201-254], once set like this.
Reservations let devices always get the same IP via DHCP (same a statically putting them in, but the router just always assigns the same ones for that MAC), 192.168.1.[1-200].

When "tinkering" back in the day... one could always assume the router's IP is the lowest number (192.168.1.1, or 192.168.0.1). If you were jumping on... "other network", if using an IP you plugged manually you would use something like (probably safe to assume "other network" has 50 devices MAX) 192.168.1.61, with a netmask of 255.255.255.0, the router would use is 192.168.1.1 (DNS, DHCP and gateway), as few people change it.

If someone tries this, and doesn't pull DHCP, they can't get out to the Internet, if your router isn't set to 192.168.1.1. Wrong DNS, wrong Gateway, only local traffic to that subnet. If MAC is still pulling DHCP, but "son's" MAC has already been changed, you can see it easily in the current leases, or filter for no internet traffic for this IP.

Last edited by the86d; 08-05-2019 at 4:27 AM..
Reply With Quote
  #23  
Old 08-05-2019, 5:05 AM
Marauder2003's Avatar
Marauder2003 Marauder2003 is offline
Waiting for Abs
CGN Contributor - Lifetime
 
Join Date: Aug 2010
Location: NV
Posts: 2,196
iTrader: 1 / 100%
Default

What works for me? My router is set to block any new connection. My phone, iPad and X10 controller are all known WiFi devices. TV, PCs and Logitech Duet are all wired.

A friend came by with their Portable to fix a few things. Gave it the router WiFi password but still could not get out. Then I remembered I block new connections. Unblock the new IP and we were fine.
__________________
#NotMyPresident
#ArrestFauci
Reply With Quote
  #24  
Old 08-05-2019, 11:24 AM
Librarian's Avatar
Librarian Librarian is offline
Administrator
CGN Contributor - Lifetime
 
Join Date: Oct 2005
Location: Cottage Grove, OR
Posts: 44,422
iTrader: 4 / 100%
Default

Quote:
Originally Posted by the86d View Post
Many network admins know little outside of job-function, w/blinders, these days anyways. Hell the Network Admin. at my job, when I came from another position didn't even know what a gateway was...
It was bad.
EDIT: ...and he now denies this fact...

Assuming you are not being facetious, and I have never read a discussion on this, just had conversations among people, what they have done on their home routers, things I ran into, and what some did/do at work:

DHCP only hands out 192.168.1.[201-254], once set like this.
Reservations let devices always get the same IP via DHCP (same a statically putting them in, but the router just always assigns the same ones for that MAC), 192.168.1.[1-200].

When "tinkering" back in the day... one could always assume the router's IP is the lowest number (192.168.1.1, or 192.168.0.1). If you were jumping on... "other network", if using an IP you plugged manually you would use something like (probably safe to assume "other network" has 50 devices MAX) 192.168.1.61, with a netmask of 255.255.255.0, the router would use is 192.168.1.1 (DNS, DHCP and gateway), as few people change it.

If someone tries this, and doesn't pull DHCP, they can't get out to the Internet, if your router isn't set to 192.168.1.1. Wrong DNS, wrong Gateway, only local traffic to that subnet. If MAC is still pulling DHCP, but "son's" MAC has already been changed, you can see it easily in the current leases, or filter for no internet traffic for this IP.
Not facetious at all - thanks, that helps.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -8. The time now is 6:07 AM.




Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
Proudly hosted by GeoVario the Premier 2A host.
Calguns.net, the 'Calguns' name and all associated variants and logos are ® Trademark and © Copyright 2002-2021, Calguns.net an Incorporated Company All Rights Reserved.
All opinions, statements and remarks made by Calguns.net on this web site and elsewhere are solely attributable to Calguns.net.



Seams2SewBySusy