Someone has hacked into my Network..Bypass MAC filtering too

Hi guys,


someone has managed to bypass my WEP security & MAC filtering ..and now is stealing my bandwidth..my sites are opening up slowly so i guess he/she is downloading big stuff for sure.


i am on 192.168.1.120...

the bandwidth thug is on 192.168.1.66.

what do i do?

How do i find out his MAC ID/ physical address usign his IP???
i want to report him to police ASAP


EDIT: okay i got his MAC ID.. its " 00:16:fe:8d:d7:36"

Now what?

 

For one, switch to WPA or WPA2. For two, MAC address filtering is...well, easy to crack.

For three, change your passwords. For four, completely reset your router in case he hacked settings and then give it an admin password.

Five, call the police a file a complaint. However, good luck figuring out who it is. MAC IDs can be very easily forged.

 

If he got passed your WEP and MAC filter, I would think he wouldn't be dumb enough to give away his true MAC id to you...

I'd just reset router, turn off wifi and switch to WPA(2), change password, etc. Then put up wifi again.

 

Err...if i file a police complaint..they ll come down to my house..and all are sleeping rite now..


I ll try switching it off..

U were right... even MAC Filtering is not disconnecting him...

my net is running damn slow now..

 

Anyone who uses WEP, is asking for trouble.

 

First of all, 192. 168.*.* are local IP addresses; they are on your network.

What does an IPCONFIG /ALL show from your machine? How about a PING -a 192.168.1.66?

You could simply reduce the range of IP addresses your DHCP is able to give out and do a IPCONFIG /RELEASE followed by an IPCONFIG /RENEW from your machine.

 

wow..that's messed up...Greg, u say mac filtering is somewhat easy to crack...how u figure?...I always thought it was a sure way to stop intruders..well I guess not, obviously by this case that the OP is giving here...OP what is the hostname of this intruder..are u Positive it's not one of ur devices? And yes WPA/WPA2 is waayyy better than WEP.

EDIT: Yes..AKAJohn makes a good point..limit the number of IP's that ur Router distributes..that's how I have mine set up, along w/ mac filtering and WPA. I don't think u can get any more secure than that...unless u make a really messed up password that a hacking program would find very difficult to decode.

 

switching to WPA2 will disabled all comps on the house..and make my parents are go grrrr..

i was on vacations..just came back so didnt have time to make it WPA2.

..will reporting it to police or ISP help catch the crook?


(i know 192.168.XX is LAN ip..lol)..

let me try Tracert & Flushdns.

P.S: I want to catch him. & get him punished...not just disconnect him.

 

All he has to do is hardcode the WiFi adapter on his PC to use a 192.168.*.* address. You just need the password for WiFi access after that.

Assuming that he/she has hacked the router, or was able to sniff out packets on the WiFi network (WEP really makes this easy), he/she could have sniffed a MAC address too. Or just hacked the router.

 

Okay he has disconnected now...

How usefull will it be to report it to ISP or police?

Singapore cops are quite effective in catching Network leechers (i hope so )

 

192.168.xx.xx is a DHCP address. It was automatically assigned to that user.

I suggest you put a QoS block on his MAC address. You cant change MAC addresses that easily. Also limit the DHCP users

 

lol..u shoulda try sending him a netsend message so he knows that u know he's there, and ur watching him...I could tell u this much..I wouldn't like to be him right now.

 

for sending a message i need an application which he is also using..


I am trying out Nmap to find out more about his comp...


here is his ping response: (proving that he is quite close to my house)

 

No it won't, just go manually reconfigure the wlan settings for your network on the other computer, it takes 10 seconds. You can do that while evrybody is sleeping.

 

net send * DIE HACKER

that will send an annoying pop up message to anyone in your workgroup

 

If you have this much spare time, set up a honey pot. Create an information collection trap.

 

n/m haha hope you catch the person

 

how to use that cmd?

net send opens up this:


C:\Users\me>net send*die hacker
The syntax of this command is:

NET
[ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |
HELPMSG | LOCALGROUP | PAUSE | PRINT | SESSION | SHARE | START |
STATISTICS | STOP | TIME | USE | USER | VIEW ]

 

if your in vista use msg command

just type

msg *

and follow instructions


EDIT: msg * yourmessagehere

 

The first thing to note in sending net send messages in Windows XP is that the "Messenger" service in Services has to be at least set to manual and started or you will get an error when trying to send messages. And the computer to which the message is going to be sent to also has to have the messenger service started.

The command should be like this: net send /users type message here <-- this wil send the message to all users in the workgroup/domain.

You can type: net send ? to see the list of other commands.

Edit: I guess Vista might be different as w/ the msg * above in blackbird's post.

 

none of those is working..

 

The -a switch of the ping command will return the name of the machine at the other end if it has one

Since this machine is presumably connecting wirelessly it would have to be quite close to your wireless access point/router

 

If you want to try and catch the thief, or help the police do so, I would second this advice. In terms of minimizing how much the thief can download, try using the QoS settings if the router has them to set the assigned IP address to the lowest quality available, so that every other request will trump the thieve's requests.

Also, download Microsoft's Network Monitor 3.1 and start a packet capture on the IP address that's been assigned to the thief. If the thief is sending any identifying data in his/her packets, that data'll be captured, including data that is opaque to the TCP/IP level.

 

thanks..i ll try all this the next time he logs in.

 

Set it up before he logs in. Also, you probably should take care and watch your own usage...because he can sniff your data as well.

 

I'll disconnect from your internets right after this post.

 

you sure? did you type cmd in the vista start search, open up the command prompt then type "msg * yourmessagehere"

 

Infortunately, your best best is to reset your route.

IT: Just press the reset button in your router for more than twenty second and reinstall everything and secure youre wireless with WPA2.

Reseting your wireless will kick anyone connected to it offline.

 

not a hacker so don't know the steps...any decent wireless card will show available wireless connections as well as the MAC address associated with it...

 

Wireless packet sniffer - grab packets in the vicinity of the wireless router you want into, crack the encryption (WEP is, by all accounts, notoriously weak), and extract the source and destination info, including MACs.

EDIT: At least that's my guess based on fooling around with MS Network Monitor on my own little home subnet (it's actually amazing - ok, ok, so I got bored with sorting my sock drawer - to watch how much junk goes back and forth when a system connects to even a simple MS workgroup, at least if there's one or more WinXP-Pro systems on the network - calls for various IP addresses, browser announcements, browser elections called, etc..., etc..., no wonder it takes so long for an MS network to settle down and become useable).

 

When you setup WPA2 AES, go to www.grc.com and use their password generator. Select the ALL PRINTABLE CHR one for max security. Use at least a min of 20 chr, longer the better but may impact the performance if the CPU is weak in the router. A 20 chr str will take over 20yrs at 100k/sec brute force attack if it had to go through them all.

WEP security just puts a bullseye target on you. Some look at it as a game to see who can break it the fastest.

You deffinately want to report it to the authorities, just encase he was doing some illegal activity. This will protect you if something comes back. Don't delay to long or he will get away. It would have been best to notify the police before kicking him off. They have scanner software they could have used to locate him in just a short period of time. The use beam antenna to determine the direction it's was coming from.

 

And how about Turning off SSID broadcast?

 

after setting up WPA2 and getting control of your network back...

i think you should change your
router's IP address,,,
user and admin logins and passwords..
SSID name... (and turn off broadcast)
implement MAC filtering
limit the #IPs DHCP can assign

then the hacker will have to use the RATS trojan he planted in your system inorder to gather the required info to hack back into your system