• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Omg i was hacked by a wifi-moocher

S

solariusx3

Member
Few days ago i experienced my wifi connection getting funky. D/C frequently and sometimes windows does not show connected status at the task bar even when connected.

Finally logged into my router to check. To my horror, i was logged out. On my router status page i saw an unknown pc name on my dhcp lease entry. I did a factory rest and changed password.

How is it possible for some to hack my wireless ? I consider myself quite carefull when it comes to IT security. Is there an exploit for dd-wrt ? I'm on a bufallo WHR-HP-G54 running dd-wrt v23 SP2. I use WPA-PSK on AES. I thought its relatively safe since to crack would take quite long. I also disabled broadcast SSID, left dhcp on for simplicity but limit to <5 leases. mac address filter was off. I know that most of these measures would be useless to a determined attacker, but would deter would-be moochers. How could he have done it.:shocked:

Could it be due to the password length or strength. I have previously a 14char alphanumeric only password. How feasible would it be to brute force WPA-AES? Since that guy managed to control my router, he would be able to map my internal network and hosts, possibably sniff my traffic on my LAN ? or just WLAN what else should i look out for?😕 How can i prevent future occurances? Pls help thanks.🙁
 
Ya know, i've been having some funky problems with my Buffalo WHR-HP-G54 running DD-WRT as well, frequent disconnects and random strange things going on. Sometimes it acts as if i'm disconnected for a few seconds here and there, yet its still technically connected.

I didn't notice any strange dhcp listings, but its been driving me nuts lately, to the point I'm about to go to another router.

Think it could just be some weird DD-WRT bugs with our router? It never used to be this flakey, but its been driving me nuts.
 
I would honestly say something else happened rather than someone on wireless getting in. A 14 character WPA AES password, I don't think anyone but, very skilled, determined hackers (Gov) can get into that. That is, unless your password was just a word that you can find in a dictionary and not a bunch of random characters. WPA is a system that changes the key every few minutes, so even if you were able to obtain the current encryption scheme, it would change after a few minutes anyway. Either you didn't have encryption really turned on, someone found out your password or what you saw wasn't really what happened and resetting the router fixed a glitch in it.
 
Then how would you guys explain why i was locked out of my admin account. I have been using the password for some time, I have not change and it cant be a typo. I tried rebooting the router but it still wont let me in till i did a hard reset. I just rebooted my router 1 week ago, it could not have been uptime for too long as people who have dd-wrt runing it for months. Flash memory is less likely to get corrupted as compared to regular Drams.

@aphex: As far as i have this model its been running fine 24/7 till this happens.

I'm more concerned about how some one could have gotten in. I initially had wanted to use WPA2 but some devices on my network dont support it so i had to use WPA-PSK the next best. My gut feeling is that there could be an expliot with the firmware or stability issues. I will continue to monitor to see if happens again.

Anyway I was totally shocked when i was not able to login to my router. Let say if someone somehow managed to get on WLAN will they be able to sniff traffic on my LAN as well? LAN uses static ips with a different range than WLAN.
Anyone with similar experiences with dd-wrt v23 SP2 or WPA ?
 
If ONLY the WiFi encryption was broken, then the router's main password couldn't have been changed. Once the encryption is broken, you STILL have to have a way to log onto the router itself. Cracking the WiFi encryption is not the same thing as cracking the router itself.

Consider that the external interface of the router (hardware connection) may have been breached. There are known exploits of several common routers that allow breaking into the router from the external interface. The most common ones, however, require that the router password (NOT the WiFi password) be on the default setting. I don't know what kind of exploits affect DD-WRT, however.
 
I do not know what happen but I would take the whole story with a grain of salt.

Encryption is encryption and whether it is one Router or another it does not really matter.

There are many enthusiasts running DD-WRT on the Buffalo and other Routers and that is the first I heard such a story.

My inclination is to think that this is an inside Job.
 
On the Buffalo with DD-WRT can you turn up the transmit power? Did you? That's one way to kill a router and it will start crapping out and doing weird things until it dies.
 
I'm going to have to agree with Jack, mabey it was a friend that you had over that you A. gave the key, or B. He plugged in.
Unless your key was your address like 123mystreet or whatever i doubt it was cracked.
And like RebateMonger said, even if they got in the wifi they would still have to crack the router password, unless it was the same thing as the wifi. Or it was a strange glitch in DD-wrt that like passed DHCP over wan to someone else on your isp, or something I don't know, I would doubt that your wifi was "hacked" a password guess is more like it.
add other stuff to the password like "*Th!s1SmYp@$sW0rD*"
or something even longer.
 
Originally posted by: CasioTech
I don't know lots of people who can guess a 14 letter pwd.
Click to expand...

Same here....for 3 years WPA-AES is a very good deterrent.

If you want to get his Mac Address....let him get in again to your WIFI System and get his MAC Address. Then do the following:

Just change the Wifi the network key/passphrase on your WPA-AES.

And then try to put his MAC Address on Block/Deny in the "Access/Restriction". Also change your user & password on the router.
 
Originally posted by: backroger
And then try to put his MAC Address on Block/Deny in the "Access/Restriction". Also change your user & password on the router.
Click to expand...
An "invader" can get the MAC addresses of the existing PCs on the network and then spoof THOSE IP addresses for his/her own PC. So MAC filtering definitely has limits.
 
Upgrade the firmware to V24. Way better than what V23 offered.

I use those password generator that I found on AT here, and my wireless password is so far so good. No one's been able to hack my router's password yet. The password generator generates over 50 characters.
 
Thanks for the replies. I doubt its was an inside job as the router is in my room. The transmit power is on default 28mW.
@NickOlsen8390 : though the password is 14chars it does contain dictionary words and is alphanumeric...but i've changed it now to a very strong 1 with special chars.

I do hope is just a glitch and that nothing was seriously compromised. But i cant deny that it happened....it still puzzles me how it did.
 
It really doesn't make sense for a "moocher" to change anything. They'd just use your Internet connection, read your network transmissions, and, maybe, try to access your data. There'd be no reason to change the router's password to do these things.
 
I am inclined to think its maybe malware the somehow snuck in past the users not robust enough security and installed. And then from inside the users PC, it either created a back door or broadcast the key to your moocher. Some of things spyware can and will do.

And if that is the case, changing passwords and keys will slow the moocher down, but until the malware is found and removed, it not only could happen again, the OP should also ask what other personal information was compromised.

Sadly, that spyware hypothesis seems to best fit the facts.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top