How to avoid others hacking into my home wifi?

I had created a home wifi with EDITED BY MOD ,signal is very strong. I don't want my neighbor or others to hack into my wifi,how?Do you have any good tips?

 

Make sure you set a password, and make it something that includes letters, numbers, and my personal favourite - symbols.

For example, Alt + 2335 = ╗

No one will ever guess an uncommon symbol. And brute force password hacks typically don't run them either.

 

See if you can reduce the transmit power level if you don't need 100% , I use 25% in my house it`s enough for me.

John.

 

Also, make sure you use WPA2-AES encryption for your network. WEP is worthless in terms of security, WPA is better, but WPA2 really is the way to go.

 

I set up a shared file network that they automatically connect to and on this network I've got a whole bunch of horse-related pr0ns and other assorted "dark side" of 4chan stuff.

So when an unwanted person joins the network, I'm all, "Oh hai! Check out all mah pr0ns! 8D"

I am the only one on my network.

 

You may have that, but I have a NAS that has my movies, music and scanned documents (passport/CV etc) , and the network has been breached twice

Airport 5th and AC edition
On wpa2 aes
23 all digit code (putting in symbols is hard on the mobile devices)

Any idea how to stop this, rest assured the ppl in my complex( ind.units) aren't THAT network savvy



Sent from my iPad using Tapatalk HD

 

@paradigm
Does anyone else have physical access to your router?

BTW I really appreciate the amount that of spam we get from from makers of this software. Always mentioned in a good way- like in the OP.
This thread has lots of good info so it stays, the OP - not so much.

 

I was thinking the same thing.

WPA2-AES is secure enough to where only a brute force attack has a snowball's chance in hell of cracking your wifi password. But you state you've got a 23 character long password, made entirely of numbers. That comes out to 1 sextillion (100,000,000,000,000,000,000,000) possible combinations the attacking system needs to go thru before possibly guessing the password with brute force attack.

Only thing I can recommend is add a couple of symbols in there. And check your router settings to make sure you don't have a guest wifi network active or something.

 

Nope, no chance of a guest network being made available, but the thing that may have breached the network is when I enabled wifi on my billion 7800N modem, to give access to the wemo units on my network, as the wemo's can only do DHCP and the rest of the network was running on fixed addresses, I do confess at the moment I did have a simple 7 digit code as my pwd. but the unit was secured on wpa2.


Sent from my iPad using Tapatalk HD

 

How do you add symbols to your router password? It kept saying illegal ASCII. I am using 4 numbers and 8 letters and want to add ASCII.

Sent from my SM-N9005

 

You want something that's completely, 100% hack-proof? Don't use the Internet, get rid of your router, and be 100% local (and physically secure your computer).

Aside from that extreme, you can use pretty strong protection like AES-256 and WPA2. Just remember nothing's 100%, and people can still try to break into your network (though likely fail).

Doubt OP will come back to read this post since he's banned, but I figured I'd put in my two cents.

 

I do miss those days, haha.

 

I still use a lot of Ethernet cables. Lol. Anybody have answers to how and/or what ASCII can be added to password a lot? It won't accept the ones I use.

Sent from my SM-N9005

 

hide your wifi signal

and only allow selected macs to connect to your router

 

Hiding your SSID doesn't actually do anything (at least with anyone more confident than a script kiddie) and MAC addresses can be easily spoofed.

 

Pretty much, MAC address filtering and hidden SSID with no encryption and password is pretty much the same as running without any kind of protection. Now hiding your SSID and using MAC address filtering on top of WPA-2 AES may give you an extra bit of security, but honestly, I wouldn't even bother hiding the SSID. A utility like inSSIDer will be able to show any hidden SSID from the get go.

 

Well your hosting illegal material..animal is illegal. Just set a good password. That's really all you need to worry about on a home network. If you wanna be ultra safe add in Mac filtering.

MERICA

 

Not only that, but I can't imagine what Google employees were thinking when he made those searches....

 

And what Google employees were thinking when they were sniffing the wifi with their fancy picture cars for streetview

Anyways, I've added some DHCP in the "security" mix. It only hands out fixed IP addresses to certain MAC addresses while throttling any addresses out of that range to 0kbps up/down and 0udp/tcp connections allowed.
I know this only does a little to nothing for added security but I thought I'd just throw it on here.

To the guy that had his wlan breached, how did you find out? Logging?
~Aeny

 

Beyond a strong password with good encryption method and reduced signal, there isn't much left to do for the "average" people.
How do people know their wifi get breached..~~? Someone who is capable doing so probably would not leave a trace.

Oh, if you want wifi and completely safe, some form of faraday cage building complex probably can work.

 

Uh, that doesn't really make sense. You just need to enable Mac filtering, grab all the Mac addresses from your devices, input then and leave them at that.

MERICA

 

MAC address spoofing. Stupidly easy. Even a caveman can do it*.

*Dont sue me, GEICO...

 

Step 1. They have to know/aquire an approved Mac address.
Step 2. They have to know how to spoof.

I graduate from college in 24 weeks as a network administrator. This is not ft Knox. It's your home wifi. I seriously doubt anyone actually worth their weight in life is going to spend their time trying to hack a home wifi for something insignificant.

Please do not argue with silly, improbable points.

MERICA

 

Yes, and if you want to toss around certificates and degrees, I'm *this close* to getting a BS in computer science, got a CCENT cert (not much, but it's something), and I'm addicted to NBR (seriously, I have a problem ).

Anyway, I like how this article puts it: How to spoof a MAC address - TechRepublic.

Linux, BSD (and I guess, by default, OSX), and Windows all allow the user to change their MAC address in the default networking tools provided (such as ifconfig).

Putting a lot of faith into MAC filtering just isn't a good idea. Is it a bad idea to implement filtering? Nope. Is it a bad idea to imply that someone can just do filtering + WPA2 and be done with it? Ehhh... it'll stop your average short-attention-span script kiddie, but anyone who's determined to get in and has access to Google can break the average home network security, especially considering that users (the weakest link, mind you) usually use very simple or very guessable (by context) passwords and/or reuse passwords from elsewhere.

 

But you mean 1234 isn't a good password??

MERICA

 

Nah man, you need to seed it with some alphabetical symbols too. Sooo... 123abc seems fine .

 

Yeah, I had a program running in my aod150 that snapped the breaches ink the network, and basically saved them in the list

 

Errrr yeah... lets say no comment to move beyond the point of MAC filtering
College means nothing, I got a bunch of monkeys in my Cisco CCNA classes that pass them easily and know NOTHING.

@Jarhead, I'm sure we all know in there that it's no foolproof way and what you said it the only reason I personally implemented it, to keep the scriptkiddies/certain people out. But then again, if they can break a WPA2 key they certainly can spoof a simple MAC. I guess it's more for those times when someone "accidentally" finds out the wifi password. Like family members giving it to everyone and their dogs.

The question is, is there a BETTER way than a MAC filter? Faraday cage is no option, I'd have to put cameras in there to make sure it doesn't get breached :laugh:
I wish i just had a cabled network but when they built this house 18 years ago they were derping around so badly they forgot to lay any....

Also, password is as long as my router allows, which is sadly not that long. At least it's random..
~Aeny

 

Well, I suppose one could implement a RADIUS solution to authenticate users on a network, but then you'd need some sort of (real or virtual) RADIUS server, and this then comes back to the problem of "people have no idea how to use good passwords".

 

Whatever happened to good ole Ethernet cables?

Sent from my SM-N9005

 

For anything other than a laptop/tablet/phone, I'd use Ethernet over wireless any day of the week. At least with that, all you have to worry about (concerning someone breaking into your network) is someone physically tapping into your network equipment.

I'm sure the NSA has something a bit more subtle than that for wired, but then again we can pretty much assume that they can/do whatever they feel like... But then again, they aren't exactly script kiddie dumb either..

 

I dabble a little bit in wireless pen testing. I'm not an expert or anything, but I have been playing with backtrack 5r3 and Kali linux (and other various linux based pen testing suites/windows tools..)

bruteforcing is extremely hard. I've never personally bothered with it. If you run a 'halfway' hard to guess (aka NO dictionary terms) it would take on average YEARS of a high end computer with dual video cards working to brute force it around the clock.... It doesn't even have to be a difficult password, something easy to remember for you, say for example "hr13K231sD4" or whatever...

The only way I've personally cracked a router running wpa/wpa2, is routers with WPS vulnerability. Many newer routers cannot be penetrated this way. Ones that can, typically take between 2-20 hours depending on how fast the router allows you to try WPS keys. You literally just 'set it and forget it' walk away, come back later and you have the key. Disabling the WPS function isn't enough on many routers, it often times just disables the push button, but the key can still be entered. The problem is, the WPS pin number is only 8 digits. It is broken down into 3 parts. The first 4 digits, the next 3 digits, and the last digit is just a check sum based off the first digits. Routers that have WPS vulnerability will respond letting you know if the first 4 digits are right. Once you get the first 4 digits figured out, you move into the next 3 which clearly come much faster. Once that is figured out, the checksum number is apparent, and you instantly get the routers security key.
Not only that, but if the person decides to change their security key, and fail to change their wps key, you can instantly use that wps key again and get the password back instantly.

Cracking WEP is a joke. With no connected clients, it can easily be done in 5-30 minutes, with clients often times in 2-10 minutes. Doesn't matter how long or special the WEP key is.

 

Certain routers have other vulnerabilities.. But for the most part, newer routers are impossible to crack with a 'decent' wpa2 key.

If you really want to be safe, just research whatever model router you have, find out if its vulnerable, and use a good password!

 

Well....

Intentional Backdoor In Consumer Routers Found - Slashdot

 

Interesting.. I always like to learn about new stuff!

 

Errr...I would describe it as extremely difficult, not impossible. Apart from the obvious flaws (like the intentional one Jarhead posted) if your network key is long enough, it will take a hacker long enough to brute force your wifi to where you will notice the person sitting in their car outside your home for several days.

My biggest advice, keep your router's power range low enough to where there is no useable signal beyond your front door. That's what I do.

 

When I first learned about brute forcing, I though the same thing. As many people who brute force, actually use desktop PC's. Using GPU processors can crunch numbers much faster then CPU's. So people will use their CPU, along with 2 or more video cards, to crunch numbers. Again, I am no expert, so I don't know the full reason why GPU cracking is so much more efficient.

That said, I always wondered, who lugs their desktop around, or are these people only cracking passwords around their home... I also wondered how a router would accept say, 20,000 passwords per second, they simply wouldn't.

To brute force all you have to do is catch a 4 way hand shake, http://api.ning.com/files/O4ZOJkqnR...hkB-G*A0dfHxGNnyAYhRlRQaDV5GDunfPY05/3way.PNG
a 4 way hand shake happens anytime a user connects to his router legit. Once you capture that, you can take that 4 way capture back home, anywhere really, and begin to decode it. Running millions of combinations of keys until it deciphers the code.

Even a basic key, as long as it uses random numbers/letters/caps and on caps, without even using alt codes, would take YEARS of running a very high end computer with dual video cards to crack.

It's much easier to find vulnerabilities, or, when people DO brute force, they use dictionary tables, some tables being 20+ gB of different possible combinations. It's not as easy as one might think!

There is no dictionary term for D1hL3Hmm2N09yU

When it comes to modems like AT&T dsl, the "2wirexxx" and "ATTxxx" modems, they come factory with I believe a 10 digit number, all numeric, those routers can be brute forced in a couple days fairly easy, as there are only so many combinations of a 10 digit number.


If we had NSA's super computers, yeah, you could brute force any password pretty damn quick lol.

 

That's why I advocate using Leet and regular language when creating your network key. It makes it that much more difficult to crack.

Not sure if the GPU angle is entirely on point. I think the GPU used has to be a GPGPU, and not a gaming-centric one.

And the number one thing I do to ensure maximum security? Change your network key once a year. There's not a hacker in the world who'll be able to keep up with that time constraint...provided there are no other serious vulnerabilities in the network like what you described.

 

Tick them off even more by changing it even more often than a year.

 

Or put it on powered switch and flip it off when you leave home. Flip it back on when you get home. Can't beat a powered off router.

Sent from my SM-N9005

 

After reading this thread, I feel like I need to go home and double check my passwords and such. I was just curious when I came by this thread, and now I'm just paranoid. Thanks guys.

 

It's always a good idea to change passwords every so often.

 

Yeah thought about that, perhaps something like a wemo sensor connected to the router, however the issue is my modem gets a bit sensitive if powered on and off repeatedly
Billion 7800

 

Well if your system is WEP then your already hacked....but if you use WPA2 and the password is symbol number at least 8-10 in character length they won't even try bothering your system also turn off Guest access and update your firmware and that will more then block the most hackers they want easy target not something they have to work night and day to get internet access from. That 8-10 character with symbol combination on your keyboard will take them a lifetime assuming they live that long to hack your system.

Not really....8-10 character number and symbols will more then suffice to stop hackers from even trying if your more paranoid just turn off your router broadcasting then....then you be complete off the grid from any drive by day hackers.....I see where users changed the password to much and then forget it...that does no service to them in the end....

 

Assuming that the person attacking the network knows even a little information on the network owner, and considering the public's tendency to create passwords the relate closely to them (birthdays, hometowns, favorite book/game/movie/etc., etc.), I still say that changing passwords every so often is a good idea.

That said, if you forget your password, it doesn't matter how good/bad it was since you're locked out now. But we have things like KeePass and other managers so that this shouldn't really happen (or very unlikely to happen).

 

Or the RESET button that clears all the things, including all the passwords for all the things Can't really get 'locked out'.

~Aeny