freaking hacker: my neighbor cracked my wireless pw twice

this is what happened: 1 month ago, i noticed significant drop of my internet speed, and i have 10mb/s cable high speed. so i contacted my isp and had them checked on my modem, only to be told everything is fine.
then i started to notice a pattern, evry night from 8 pm -9pm, my internet would slow down to a haul, internet speed tests showed my internet is only 150kb/s instead of 1500-2000 normal speed.
i changed my wireless network password , my network had security on all this time wpa 2 personal. so my internet was back to 1500kb/s .
you'd think story would end here. but only 3 days after i changed password,
my neighbor cracked my wireless password again, yet i cant find any other computers logged on my network.
eventually, i changed my wireless network to non broadcasting, and changed both ssid and password again, i guess this time it will take a while for someone to crack a 12 digit ssid coupled with 24 digi password again.

i live in a 7 story 40 family building apartment housing, so there is no way to find out who is that weirdo hacked inot my network.

 

Let them access your network again, pull the IP address and try to get the name of the computer. Call the police as well, since they are clearly trying to rip you off.

Also, consider turning on any MAC filtering that you might have. AFTER changing your passwords and whatnot, you don't want that person getting your MAC and then "impersonating" your computer.

Make sure that your router does not just the default password either, just to be safe.

 

Drops in bandwidth don't really prove that someone has hacked your network. One thing you can do apart from Greg's suggestions is to take a look at the activity log stored on the router; any suspicious or unfamiliar websites may indicate that someone is indeed on your network.

 

He broke WPA2 in 3 days, that pretty quick afaik, try using a long complex password, with letters, numbers and symbols.

 

I second looking at the logs

 

use very long password generators (which also saves them like ,kee pass i think) u can use a 64 digit password which i think in WPA will take him maybe years to crack it
also use mac address filtering after making sure that u don't have any trojans on your computer .
example : you may change a password every day ( but there is a keylogger on your computer which send him the new password typed every day )
to sum up : - good anti virus (full scan ) + rechange your computer password + download a password generator program ( generate the longest possible password and save it the program, then use copy and paste + use mac address filtering )
you can also shutoff the wireless broadcast if this really out of control , and use wired

 

I third taking a look at the logs; those should show the MAC of each machine to which an IP was issued, and may also show some of the traffic from that IP.

 

thx all! but i never saw any device showed up on guest computer or lan computers. this is my log: alot blocksINFO] Fri Feb 06 20:17:38 2004 Blocked incoming TCP connection request from 61.191.61.244:6000 to 207.38.164.90:2967
[INFO] Fri Feb 06 20:05:02 2004 Blocked incoming TCP packet from 193.108.185.72:80 to 207.38.164.90:3072 as SYN:ACK received but there is no active connection
[INFO] Fri Feb 06 20:00:54 2004 Blocked incoming UDP packet from 60.15.177.171:36821 to 207.38.164.90:1027
[INFO] Fri Feb 06 20:00:43 2004 Administrator logout
[INFO] Fri Feb 06 19:53:10 2004 Blocked incoming UDP packet from 221.209.110.113:50993 to 207.38.164.90:1026
[INFO] Fri Feb 06 19:43:22 2004 Log viewed by IP address 192.168.0.196
[INFO] Fri Feb 06 19:42:00 2004 Above message repeated 1 times

 

Ok, the incoming packets that were blocked were packets coming in to your router from the outside world (i.e., the internet), not any system on your network, so those don't indicate that your network was hacked and was being used by one of your neighbors.

If the IP address the router assigns to your computer is 192.168.0.196, then the last lines would indicate you looking at your own router logs - if you didn't look at those logs on Friday, February 06, at 7.43pm, then that might be an indication of an interloper on your network.

 

If your router's web portal has it, look for "DHCP Clients List" or something similar, it will show you everyone that's currently connected. Some routers saves it permanently, which means once they connected you will have a copy of their mac address.

 

Make sure that your routers admin access is shut off for the external port.

Dial down the transmit power of your router to the minimum needed to work inside your house.

Place the router in the middle of the house instead of along an outside wall.

Cut your DHCP pool down to the minimum needed for home operation.

Cut the DHCP lease time down to a day or less.

Change the SSID to something at least 32 characters long with mixed alpha-numeric-special characters. No easily lookup-able words (dictionary words).

Hide the SSID.

Disable uPnP and probably any DMZ networks.

Consider MAC address filtering but this will probably be a bigger hassle than it's worth if you have a lot of friends over.

You'll never totally secure a wireless network. But you can make it hard enough to get in so that the black hats will move on to other, easier, networks to attack (if they are really hitting your net, the jury is still out on that little detail). Black Hats are lazy and often in a hurry. If your net is too much trouble to attack they will go elsewhere.

 

I highly suggest you disable uPnP on your router, theres exploits for this.

 

WPA2 codes crackable?

 

They're not crackable, but the key can be intercepted when it is generated. Otherwise, breaking into a WPA encrypted network 3 times in two days would be very very difficult. Even so, there are other ways.

Like I said, there is still no evidence that anyone is trying to break in.

 

I agree with above.

- change and hide your SSID
- use MAC filtering (only enable you own system's MAC), so no one else will be able to log into your Wifi .... even if they crack the encryption.

WPA2 is a tough cookie to crack in a short period.... I couldnt break my own (to see if it was safe) until a week almost.
.... so I use MAC filtering now... and hide the SSID.

 

Only if it's a dictionary word (or otherwise a phrase in a generated database).

If you give it two words and a number (preferably randomly in one of the words), it'll be a long time before the password is cracked with current algorithms.

I tested it out, and set two routers out to be cracked. Set one as a tough password, the other as a 8 character word that would be found in any dictionary file. The second router was accessed within 2 hours.