1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My 54g with thibor got hacked

Discussion in 'HyperWRT Firmware' started by polakatl, Apr 12, 2006.

  1. polakatl

    polakatl Network Guru Member

    First time ever I got my wireless networked hacked into. The ip of the router was changed, wireless disabled, and web based configuration was off. Tried the old and new adress.

    I did not have any wireless encryption but I did have the MAC filter enabled. There was also a password to get into the router.

    After a hard reset I set up the mac filter and WPA-TKIP security. Am I still voulnarable? What can I do to prevent this from happening again? How did the hacker get in through the mac filter?
     
  2. Thibor

    Thibor Super Moderator Staff Member Member

    you were vulnerable because encryption was disabled. it serves you right :)
    mac address spoofing is easy to do. make sure your passphrase is 20+ characters and a mixture of letters and numbers. it will make things more difficult in the future. you are fortunate, more damage could have been done to your network. he did you a favour by turning off wireless as it prevented a repeat attack
     
  3. Toxic

    Toxic Administrator Staff Member

    if the wireless encryption is disabled and no security measures are in place a war drive can find out your max address, then find out what router you use, then use your default password and hack your system, surf the net or even worse, download child pornography and blame it ALL on you. remember your net connection is you sole reponsibility and allowing hackers or the like to suck up you bandwidth will do nothing but harm, lets hop he didn't steal more of your computers then you hope.

    I suggest you first read my wireless security guide and take measures to stop this happening NOW

    http://www.linksysinfo.org/modules.php?name=Content&pa=showpage&pid=37

    firstly CHANGE the default router PASSWORD.

    For all those reading this, the problem was NOTa design fault of HyperWRT firmware. the user did not carry out basic security policies.
     
  4. robsonn

    robsonn Network Guru Member

    Yes this is very common problem in these days when WiFi is very popular. I dont belive when i look in overall statisctics that almost 30% of AP on the world dont use encryption and almost 20% has default SSID and password !!
    polakatl go to here http://www.kurtm.net/wpa-pskgen/
    and use this free WPA key generator
    Generate key with max security (63 bytes of random alpha numeric key + symbols that are offten missed in dictionary or brute force attacks)
    ex.
    ;1`r>$mZRadyQibbv7jE19.9n<,pa`Bf|/UMy}i%xzi,ELN>kY([,.RWbk@w"8:
    Now you can use your WLAN while you are safe :D
     
  5. polakatl

    polakatl Network Guru Member

    Toxic: maybe i shouldn't have posted under this forum. i wasn't trying to imply that the firmware was at fault here.

    My main problem was that I was under the impression that the mac filter was "bulletproof" . Also the reason I wasn't using security is couse of compatibility issues. I had one card that did one type and the other another so I couldn't get them to agree on a security standard.

    thanx for everybody's responses.


    funny that someone took the effort to do this, probably from their car since i'm pretty sure my neighbors are not capable of doing this.
     
  6. Toxic

    Toxic Administrator Staff Member

    lol macfilter is not bulletin proof, nothing is, dont forget, there is armoured piercing bullets :)

    Encryption is the only way to stop a war driver. with encryption data is sent in clear so a war driver can see your packets, sniff them and decipher the mac addresses of your wireless devices, then spoof his own mac address to get onto your network.
     
  7. howardp6

    howardp6 Network Guru Member

    The MAC address filtering adds no security, since it is sent in plain text even with WPA2 encryption. Linksys and the other router manufacturer should not recommend it as security recommendation, since you can change the MAC address of a wireless NIC. There are safeguards against MAC address spoofing, but they are not router based. Use the highest form of encryption you can use. There are some people who will do what was done to you as a warning not to leave as access point unsecured. There is really no excuse not to use encryption, since ther have been articles on people stealing bandwidth on unsecured wireless access points. If someone used your router to download come copyrighted music or video, you can be sued since they can trace it back to your IP Address.
     
  8. vincentfox

    vincentfox Network Guru Member

    Most people don't realize, you can go into the Advanced properties of driver for the ethernet card, and change the MAC address. So it takes but a few seconds to have my card pretend that it is yours.

    You say you had a password set on the router, I assume it was not admin? Even if you did change it to something hard to guess, if they had access to your traffic because it was unencrypted AND you hit the router webpage using http:// they would be able to see the password as you entered it.

    I always use https:// when connecting to my routers. Yes I do it over an unencrypted network but I feel SSL security is good enough.
     
  9. eq2675

    eq2675 Network Guru Member

  10. eq2675

    eq2675 Network Guru Member

  11. eq2675

    eq2675 Network Guru Member

Share This Page