- My Linksys Wireless Link has been Hacked/Wardriven
- Posted by David C. Barber on July 20th, 2003
My Linksys wireless 802.11b link has been broken into despite my best
efforts to keep everyone out. I figured it out when there was wireless
access going on when I knew all the wireless computers were shutdown.
I'd taken all the reasonable precautions:
Changed default station name and password
128-bit WEP
Mac address filtering
Disable broadcast of SSID
Disable DHCP
and it was hacked anyway. Yes I know this is possible, but felt up until
now that I was a hard enough target that any intruder would rather have
broken in on someone else.
Anyway, my immediate problem is not the obvious one of securing my network
even further (though that would be nice) or tracking down the intruder (that
would also be nice, though I've heard that with a yagi antenna they could be
a good distance away), but instead of proving that the network was hackable
in the first place despite taking all reasonable precautions.
I've heard of, though never downloaded or run, programs like AirSnort that
can crack even encrypted traffic in a relatively short time (what idiots
designed this encryption system anyway?). While I'm not looking for links
to those programs themselves (which I could probably find myself with a
simple Google search), I am hoping people might have some good links to
articles explaining that 802.11b wireless systems themselves are inherently
crackable, and that it is not unreasonable that any such network can be
broken into by a determined opponent.
Anyone have good links for these, and especially the legal ramifications
involved with deployment of such networks?
- Posted by Jim Orfanakos on July 20th, 2003
I do all the exact things. Out of curiosity - how do you know you were
hacked? What was the indicator?
Another to do is to change your ip addressing scheme internally.
"David C. Barber" <david@NOSPAMdbarber.com> wrote in message
news:3hDSa.2070$jD5.88374@dca1-nnrp1.news.algx.net...
- Posted by Gary Seven on July 21st, 2003
On Sun, 20 Jul 2003 20:51:11 GMT, "David C. Barber"
<david@NOSPAMdbarber.com> wrote:
When I use my 2 Ghz cordless phone neat the Wireless access point it
will look like somebody is transferring data. Also, disconnect the
internet connection. See if there's still a data transfer going on.
If there is even after the internet connection is cut, maybe something
else is on the same frequency in your area. Like a cordless phone.
- Posted by David C. Barber on July 22nd, 2003
"Gary Seven" <garyluckynospam@nospa.yahoocom> wrote in message
news:imonhvsv66se0g0qenu4k0nfem818daa29@4ax.com...
Don't have any wireless phones.
Activity almost stops when I pull the plug from the cable modem, and resumes
when I plug it back in again.
Changed the frequency (from 6 to 1) and am waiting to see if it returns.
- Posted by news.verizon.net on July 23rd, 2003
Now that is why I don't get wifi.
- Posted by Gary Seven on July 24th, 2003
On Tue, 22 Jul 2003 20:18:19 GMT, "David C. Barber"
<david@NOSPAMdbarber.com> wrote:
Ok, you might not have one of those phones, but somebody with in a few
blocks might, thus getting activity. Does your router support SNMP
logging? If so you can get a freeware SNMP logger utility and set
your router to send all logging into to the ip address of the maching
running the log utility. The last one I used was called WallWatcher.
I caught so many port scans, it was very surprising.
Does your Wireless router connect directly to the internet? If so,
thats why you're getting the activity. People constantly run scans,
ping everything in sight. Evne my cable modem data light blinks when
all the PCs are off.
