Tomato v1.23 wireless connection being hacked

Discussion in 'Tomato Firmware' started by BlitzCanuck, Apr 10, 2010.

  1. BlitzCanuck

    BlitzCanuck Networkin' Nut Member

    First off, apologies if this is posted in the wrong section.

    I'm running 1.23 on a WRT54gl with a WPA password that is a combination of letters and numbers.
    Back in February i noticed the activity light on the router was blinking like mad even though my pc wasn't turned on. I went to my ISP's site and checked my internet usage and discovered that for the previous 7 days, there was an accumulated 30gigs of usage that wasn't mine. It was quite obvious that someone else was using my wireless since my typical uploads are just a few hundred megs per day at most but now were a couple of gigs.... just in uploads alone.

    I changed the password and immediately the light stopped blinking. the next day i checked my usage again and that definitely solved the problem.

    Except that about a month later it happened again. This time i caught it earlier so they only stole about 7 gigs. But that still put me over my monthly usage limit so again i was billed extra. Changing the password again solved the problem.

    Except that it happened yet again....for the 3rd time, only a few days later.

    My ISP won't/can't do anything about it and they made it clear that i will be paying for all of the usage.
    I'm mystified as to how this is happening and I don't know what to do. Changing my password every day is going to be a huge pain.
    Would going back to the Linksys firmware help?
    Is there another solution?

    I'd appreciate any suggestions.
  2. Azuse

    Azuse LI Guru Member

    WPA2 AES, or nothing tbh.
  3. Porter

    Porter LI Guru Member

    Just with some studying of Wikipedia I came across this:

    Since they claim to have WPA2 support there only seems to be one solution: don't use WPA anymore, because it has several weaknesses and use a passphrase that is truly random and probably uses the maximum length of 63 characters. There are enough generators around.

    Second: You probably should use the MAC-Filter under Basic/Wireless Filter.

    Third: Having some stranger in your local network is very bad, because he probably can access non-protected shares as well, so your other PCs might need some security hardening as well.

    Good luck!
  4. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Looks like that only works if you're using a common SSID.

    So, choose an uncommon SSID and make sure you're using AES instead of TKIP (I don't think WPA vs WPA2 matters yet).
  5. ringer004

    ringer004 LI Guru Member

    Admin password?

    Did you disable remote wireless access and change your admin password?

    I can't imagine how someone could crack WPA in almost no time.

    1) Make sure your WPA(2) password is completely random characters and 12+ characters long.

    2) Change your admin password to something equally difficult to guess.
  6. BlitzCanuck

    BlitzCanuck Networkin' Nut Member

    My password wasn't random but it could never just be 'guessed'.
    Still, i've effected all your suggestions. Thanks for taking the time.
    I'm crossing my fingers.
  7. ringer004

    ringer004 LI Guru Member

    "My password wasn't random but it could never just be 'guessed'."

    You might be surprised. If you used a combination of your address, wife and/or kids names, birthdays, etc, it would not take long to brute force your network (assuming the attacker has access to that info).

    If this happens again and you implemented all the prior suggestions, then you have another problem. If your WPA passphrase is random enough, and long enough, it *theoretically* can't be cracked in a reasonable amount of time.

    So one conclusion to come to is your attacker left a backdoor into your local network. This is possible if he had access to your local network (as opposed to just guessing your WPA passphrase and leeching your wireless). That's why I mentioned to change your admin password on your router also.

    And not to skip over the obvious, you are using WPA and not WEP? I had to ask, since WEP can be cracked with very little effort.
  8. Azuse

    Azuse LI Guru Member

    WPA is cracked alomst as easily as WEP thanks to it's TKIP compatibility, something many people still don't realise. WPA2 AES with the full length hexadecimal key or nothing. If you aren't then a gpu accelerated "password recovery" tool will brute-force it's way in in very little time.
  9. EricCartman

    EricCartman LI Guru Member

    Make use of Mac Filtering, if you don't use wireless connection disable it, if you are using Allow only your MAC Address check your logs regularly, use static DHCP if you have 3 pcs use IP range from -, and last make use of RANDOM under wireless and randomize your password :)

    This is good password " T%Wwe7hWQ!uzdTpKRYU$ZoGacDTn6a6PCkuRg43xur3$h22&uTqFiHGHRr7nHZW "
  10. vanhh

    vanhh Network Guru Member

    he/she might not have to guess. Your computer might sends information out without your knowing. He/she might have left something behind. Check your computer first. Then work on your router with all the suggestions above. This time don't broadcast your router SSID and disable router wireless by schedules when you are not using it.
  11. EricCartman

    EricCartman LI Guru Member

    How many computers do you have?
    Which OS are you using?
    What kind of protection do you use? Firewall, Anti virus?

    Personally I would do this way.

    Disconnected router and net.
    Reinstall Windows,install protection Anti virus, Spy Bot and so on. once all if it done connect to net WITHOUT wireless connection hard wire only.
    Update Windows and Anti virus,

    Than connect wireless router and do this:

    Make use of Mac Filtering, if you don't use wireless connection disable it, if you are using Allow only your MAC Address check your logs regularly, use static DHCP if you have 3 pcs use IP range from -, and last make use of RANDOM under wireless and randomize your password

    This is good password " T%Wwe7hWQ!uzdTpKRYU$ZoGacDTn6a6PCkuRg43xur3$h22&uT qFiHGHRr7nHZW "

    and change mac adress of your router so the attacker won't know its you and CHANGE router name TOMATO to Something Alse :)
  12. EricCartman

    EricCartman LI Guru Member

    Upgrade to higher version of tomato :)
  13. GreenThumb

    GreenThumb Addicted to LI Member

    Nah. As long as the password length is 14+ characters (and uses special characters), there ain't any GPU around that will be able to brute force it.

    A password of 14 characters long that uses all 94 printable ascii characters will have an entropy of ~90 bits. This means it would take the latest ATI GPU (which can calculate a billion passwords per second) about 78 billion years to exhaust all possibilities.

    The OP is either using easy passwords, not using AES, or is using WEP.

    I wrote a program for my own personal use that generates random passwords using a cryptographically secure PRNG. Here is an example of a 14 character long password:

    Here is an example of a full 64 character long password:

  14. BlitzCanuck

    BlitzCanuck Networkin' Nut Member

    How exactly would i do this?
  15. BlitzCanuck

    BlitzCanuck Networkin' Nut Member

    Is this really necessary? I mean, does v1.23 have security issues?
  16. mikester

    mikester Network Guru Member

    Another useful tip is to disable wireless and all internet during hours you don't use it under "Access Restriction". Leaving it or any computer on all the time is an invitation for trouble.
  17. Bukkit

    Bukkit Addicted to LI Member

    Correct Me If I'm Wrong: MAC-Filtering is useless.
    As soon as the WPA key is cracked, the Network Traffic can be listened. If you are active with your WLAN-Device which has the allowed MAC-Address, the attacked see's your MAC-Address in every transmitted package (Data Link Layer).
    MAC-Adresse can be easily faked (e.g. see your tomate at: .../advanced-mac.asp).
    If your device if offline, he could have full-access to your Network with the faked MAC.

    Use WP2 with AES, a totally random Pre-Shared-Key of 63 printable ASCII characters, turn in Wi-Fi if u dont use it(I use the button of my WRT54GL to toggle it on/off) and disable 'Wireless Access' on Tomato.
  18. TVTV

    TVTV LI Guru Member

    Also try and upgrade to 1.27 as the attacker might know your public IP and make use of some vulnerabilities in 1.23's services to gain access to the router.
    WPA2-AES is the best way to go. TKIP, as the other guys said, is... well, not "easy" to crack but it's crackable.
  19. rhester72

    rhester72 Network Guru Member

    What vulnerabilities would those be?

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice