Page 1 of 1

Fugger was stealing my wifi!

Posted: Thu Sep 15, 2016 9:55 pm
by smithcorp
Was getting big network slowdowns on the home network, and even getting messages popping up on Fetch TV saying bandwidth was low because of multiple devices attached. Happened most evenings in the past month.

I started looking on my router's admin page and found two devices connected to wifi i didn't recognise and sucking 100 mbps. Finally tonight I got the MAC addresses of all our devices and then ticked them off. Finally turned on MAC filtering on the fuggers and got them blocked.

Funny thing is my wifi password is seriously tricky - in a foreign language, lots of characters and some numbers - can't figure out how they could have got on?

Re: Fugger was stealing my wifi!

Posted: Thu Sep 15, 2016 10:15 pm
by Shonky
Using WEP or WPA2 encryption?

Re: Fugger was stealing my wifi!

Posted: Thu Sep 15, 2016 10:19 pm
by smithcorp
WPA2-Personal

Re: Fugger was stealing my wifi!

Posted: Thu Sep 15, 2016 10:28 pm
by Cursed

Re: Fugger was stealing my wifi!

Posted: Thu Sep 15, 2016 10:29 pm
by Shonky
Got me stumped then.

Re: Fugger was stealing my wifi!

Posted: Thu Sep 15, 2016 10:31 pm
by AstrO
Do you have WPS enabled? If so make sure you turn it off!

Re: Fugger was stealing my wifi!

Posted: Thu Sep 15, 2016 10:33 pm
by smithcorp
Bloody hell. But blocking the device's MAC address will help me won't it?

Re: Fugger was stealing my wifi!

Posted: Thu Sep 15, 2016 10:35 pm
by smithcorp
AstrO wrote:Do you have WPS enabled? If so make sure you turn it off!
I did have!

Re: Fugger was stealing my wifi!

Posted: Fri Sep 16, 2016 3:14 am
by hylas
WPS is insecure, having that turned off it a very good idea.

It's easy enough to grab the handshake of a WPA authentication but to crack the password you basically have to bruteforce attack it with a dictionary file or go the rainbow table option, either way it's a time consuming process. So if you have a combination of uppercase, lowercase, numbers AND special characters in the password and it's more then 10+ characters long you should be sweet. From memory, if I was to make a 8 character long dictionary file using JUST hex digits (also ONLY uppercase) it's a couple terrabyte's. To do the same but going up to 10 digits, it's something like 12 TB. You can start to imagine how big a dictionary file needs to be for say a 10 character long password, which includes uppercase, lowercase, numbers and special characters. It's really not worth the time.

Anyways, sounds like you've done good with MAC filtering anyway. As long as it doesn't bother you having to add new devices when needed, I spose that depends on how often that happens for you. I would of just gone with a password replacement and leave it at that, but I'm forever connecting different devices to my network, so filtering would irritate me.

Re: Fugger was stealing my wifi!

Posted: Fri Sep 16, 2016 6:43 am
by Cursed
I would be surprised if MAC addresses couldn't be spoofed, but it would mean bumping off one of your running devices to let it in which would not make for a smooth experience.

Changing the SSID or password every week or two for a couple of months will probably make your network more trouble than it's worth compared to other networks in the neighbourhood.

Depending on how much time you want to put into it and the capabilities of your router you could set up a transparent proxy that redirects all the miscreants web requests to the AFP website.

Re: Fugger was stealing my wifi!

Posted: Fri Sep 16, 2016 7:06 am
by hylas
Yes that's right Cursed, you can most definitely change your MAC to one that is already connected to the wifi. And all clients that are online can easily be identified by people not connected to the network. But yes, if you were imitating a client and trying to authenticate to the wifi, you would be causing issues for that client. Quite noticeable if you were using that device and getting kicked off the wifi frequently.

A RADIUS Server is basically an internal server on the network that does the authentication instead of the wifi router. It's more of an enterprise solution but if it's something that you were keen on setting up, then why not.

I would honestly just stick with a decently longish password with what I said before (uppercase, lowercase, numbers & special characters). No home network is really that tempting to bother cracking a decent password. If someone really was nearby being a dodgy prick, they will look elsewhere quite quickly.

Re: Fugger was stealing my wifi!

Posted: Fri Sep 16, 2016 8:15 am
by smithcorp
My pw is 28 characters long, with letters and numbers. I could fiddle with upper/lower case but I figured my pw would be very hard to crack. I will update the password, as full MAC filtering would be a pain with a house full of devices and little kids coming to Minecraft parties. I added the MAC addresses of the two dodgy devices to the refuse list and that solved the problem last night. I suppose they could change their device MAC addresses, so the PW change will hopefully make it harder for them.

Re: Fugger was stealing my wifi!

Posted: Fri Sep 16, 2016 8:47 am
by hylas
This is how big the dictionary file would need to be to bruteforce every possibility on your password. This is all uppercase and numbers at ONLY 28 characters (nothing shorter then 28).

~]$ crunch 28 28 -f /usr/share/crunch/charset.lst ualpha-numeric -o wordlist.txt
Crunch will now generate the following amount of data: 18230571291595767808 bytes
17386027614208 MB
16978542592 GB
16580608 TB
16192 PB

Now here's the same, but making it so that there's no consecutive numbers or letters.

~]$ crunch 28 28 -f /usr/share/crunch/charset.lst ualpha-numeric -d 1@ -d 1% -o wordlist.txt
Crunch will now generate the following amount of data: 4071028309950031388 bytes
3882435140562 MB
3791440566 GB
3702578 TB
3615 PB

Re: Fugger was stealing my wifi!

Posted: Fri Sep 16, 2016 10:05 am
by Montey
I would have left them connected, set up a transparent web proxy, pinched all their clear-text website passwords and anything else of interest, and then started fucking with them (e.g. when I see one of them browsing a website, start injecting animal porn; start posting things to their Facebook profile - yes a fake SSL cert would be required for this; etc.)

Re: Fugger was stealing my wifi!

Posted: Fri Sep 16, 2016 10:09 am
by Cursed
If you're using WPS on your router to facilitate easy connection for those Minecraft parties, you might want to turn it off. Apparently that is a big doorway into your network.

Re: Fugger was stealing my wifi!

Posted: Fri Sep 16, 2016 10:36 am
by smithcorp
Montey wrote:I would have left them connected, set up a transparent web proxy, pinched all their clear-text website passwords and anything else of interest, and then started fucking with them (e.g. when I see one of them browsing a website, start injecting animal porn; start posting things to their Facebook profile - yes a fake SSL cert would be required for this; etc.)
This would assume I am not a 55-year-old man with just enough tech ability to operate my toaster... :)

Re: Fugger was stealing my wifi!

Posted: Fri Sep 16, 2016 10:36 am
by smithcorp
Cursed wrote:If you're using WPS on your router to facilitate easy connection for those Minecraft parties, you might want to turn it off. Apparently that is a big doorway into your network.
Cheers Cursed - done that now. Interested to see tonight if they come back.

Re: Fugger was stealing my wifi!

Posted: Fri Sep 16, 2016 10:58 am
by Enforcer-J
I'd let them keep using it and then use wireshark etc to suss them out, find out who they are, steal their bank details and go round and kneecap them.

Re: Fugger was stealing my wifi!

Posted: Fri Sep 16, 2016 11:27 am
by hylas
Yeah I'm pretty much the same EnJ, I would love for someone to join my arp poisoned LAN :D

Re: Fugger was stealing my wifi!

Posted: Fri Sep 16, 2016 3:18 pm
by norbs
There comes a time in a mans life when you just want things to fucking work.

I am with smiss. but 10 years ago I would have gone hunting for sure.

Neighbours Smiss?

Re: Fugger was stealing my wifi!

Posted: Fri Sep 16, 2016 6:14 pm
by smithcorp
norbs wrote:Neighbours Smiss?
Our wifi is accessible from halfway along our street, so a pretty wide area. The immediate neighbours I doubt, but there's some folk down the battleaxe block down the back I'd put money on.

Re: Fugger was stealing my wifi!

Posted: Fri Sep 16, 2016 6:44 pm
by markus
Montey wrote:I would have left them connected, set up a transparent web proxy, pinched all their clear-text website passwords and anything else of interest, and then started fucking with them (e.g. when I see one of them browsing a website, start injecting animal porn; start posting things to their Facebook profile - yes a fake SSL cert would be required for this; etc.)
That's precisely what I'd have done as well :) Some easy solutions would be pineapple or the old jasager

Re: Fugger was stealing my wifi!

Posted: Sun Sep 18, 2016 1:48 am
by wobblysauce
smithcorp wrote:
norbs wrote:Neighbours Smiss?
Our wifi is accessible from halfway along our street, so a pretty wide area. The immediate neighbours I doubt, but there's some folk down the battleaxe block down the back I'd put money on.
Surprised others have not said this..

But turn down the power to the signal(normally something like, Tx Power Adjustment).. enough that it does not affect you, but gets from being 4 houses down.