Is someone trying to hack into my wifi??
- Thread starter punchsuckr
- Start date
CooCooCaChoo
Senior Member
I would change the password on both channels. If you haven't hidden the SSIDs, I would rename the channels and hide them as well.
punchsuckr
Senior Member
Yes hiding SSIDs is quite useless since they can easily be sniffed...only causing more problems with clients.
I can see an android client with connected time as 0:00 but which got an IP address from the router.(!!)
All I can see in the router logs for this device are the following:
DHCPREQUEST(br0) 192.168.1.27 20:02:af:3d:98:b5
dnsmasq-dhcp[11805]: DHCPACK(br0) 192.168.1.27 20:02:af:3d:98:b5 android-c964f3a4cb40b31f
This is from an hour back...router has been switched on for 2 weeks now and only this occurrence.
Blocked the two in a MAC filter.. turning off my radios and changing my PSK
This is weird.. had setup with a 15 char randomised PSK... but I haven't changed it in a while now.
I can see an android client with connected time as 0:00 but which got an IP address from the router.(!!)
All I can see in the router logs for this device are the following:
DHCPREQUEST(br0) 192.168.1.27 20:02:af:3d:98:b5
dnsmasq-dhcp[11805]: DHCPACK(br0) 192.168.1.27 20:02:af:3d:98:b5 android-c964f3a4cb40b31f
This is from an hour back...router has been switched on for 2 weeks now and only this occurrence.
Blocked the two in a MAC filter.. turning off my radios and changing my PSK
This is weird.. had setup with a 15 char randomised PSK... but I haven't changed it in a while now.
System Error Message
Part of the Furniture
You should always assume that at all times some bot or idiot is trying to hack into your network. Use strong encryption with RADIUS to greatly reduce the possibility of someone hacking in. Perhaps your network has been touched by windows 10 in which RADIUS/hotspot can help here.
If your network is private and you dont let visitors use your network than you can implement access control lists using whitelists for mac addresses of devices you have.
If your network is private and you dont let visitors use your network than you can implement access control lists using whitelists for mac addresses of devices you have.
AdvHomeServer
Senior Member
Is someone trying to hack into your ROUTER? Absolutely yes. More on that later.
Is someone trying to hack into your wireless? Perhaps. But there's no IP address or name so they didn't get in. I'm guessing a device announced itself but the router wouldn't connect. Someone with knowledge of Asus internals could explain the DORA (discover, offer, respond, acknowledge) wireless process and how it relates to this situation. Changing the password certainly won't hurt. Are you running Win 10? My wonderment involves the new feature that allows others to sign in ... is this a byproduct of that advancement? Is there a ROKU or the like in your house?
Given the Asus DORA process, it could be your next door neighbor testing your password and that's about it. Just guessing.
Re your network being attacked: Yes it is and so is mine and so is everyone else's, hundreds of times a day. Every day. Using snort and pfBlockerNG, I can see uncountable attacks every day, including their IP addresses. Some come from respected universities and it's legal to scan. While I consider them to be public nuisances, they call themselves Internet Scientists. The rest are kiddies and crooks. To the good, SPI, built into every router, protects the network from all messages that weren't originated on the home network. The exception is open ports. If you have an open port then it need protection. A lot of that protection involves keeping your software current so flaws can't be exploited.
The first 6 characters of the mac address is a mfgr code. Type the address into google and look around a bit. You'll see who made the device and that might be a clue as to who or what.
Don't hide your SSID. You're the only one who is being inconvenienced by it.
Is someone trying to hack into your wireless? Perhaps. But there's no IP address or name so they didn't get in. I'm guessing a device announced itself but the router wouldn't connect. Someone with knowledge of Asus internals could explain the DORA (discover, offer, respond, acknowledge) wireless process and how it relates to this situation. Changing the password certainly won't hurt. Are you running Win 10? My wonderment involves the new feature that allows others to sign in ... is this a byproduct of that advancement? Is there a ROKU or the like in your house?
Given the Asus DORA process, it could be your next door neighbor testing your password and that's about it. Just guessing.
Re your network being attacked: Yes it is and so is mine and so is everyone else's, hundreds of times a day. Every day. Using snort and pfBlockerNG, I can see uncountable attacks every day, including their IP addresses. Some come from respected universities and it's legal to scan. While I consider them to be public nuisances, they call themselves Internet Scientists. The rest are kiddies and crooks. To the good, SPI, built into every router, protects the network from all messages that weren't originated on the home network. The exception is open ports. If you have an open port then it need protection. A lot of that protection involves keeping your software current so flaws can't be exploited.
The first 6 characters of the mac address is a mfgr code. Type the address into google and look around a bit. You'll see who made the device and that might be a clue as to who or what.
Don't hide your SSID. You're the only one who is being inconvenienced by it.
Last edited:
AdvHomeServer
Senior Member
I haven't tried, but can't mac addresses be spoofed? Granted it would take a clever person to find out a mac address on the whitelist but, if the attacker is a trusted neighbor and a shiftless teenoid, then there's your problem.
RADIUS takes a RADIUS server along with the router encryption. That's a whole level of complication. Most routers don't include RADIUS servers. DD-WRT does, but there's less there than meets the eye. I would describe it as 'nice'.
System Error Message
Part of the Furniture
mac addresses can be spoofed but a whitelist is the easiest method almost every wifi router can do. Pretty sure OpenWRT xhould have RADIUS too and enterprise level routers. On some routers you can bind mac addresses to a user on RADIUS further reducing the chance of a leak unless windows 10 also gives your mac address but the routers will also let you set what time a user can access the network too so you can enable the user only when needed.
punchsuckr
Senior Member
Turns out the android that had obtained the IP was an old s3 which was lying in a switched off state for quite a few weeks but still managed to login to wifi
As merlin said the rogue device was a failed attempt only... but till I discovered the above I had already changed the PSK and setting up all other devices with the new password...along with enabling the MAC filter, wasting quite a few hours in the process. It was the s3 appearing in the logs that got me all paranoid.
Anyways, I guess the changed PSK was a good idea since I hadn't changed it ever since I got my previous router 4 years back.
As merlin said the rogue device was a failed attempt only... but till I discovered the above I had already changed the PSK and setting up all other devices with the new password...along with enabling the MAC filter, wasting quite a few hours in the process.
It was the s3 appearing in the logs that got me all paranoid.Anyways, I guess the changed PSK was a good idea since I hadn't changed it ever since I got my previous router 4 years back.
tsunami2311
Senior Member
just set up a mac address allow list, if not listed it can connect to wifi,
sfx2000
Part of the Furniture
I don't think anybody is trying to hack in - something I've noticed with a lot of devices that provide guest network services with openWiFi and a captive portal - the WiFi client will be logged as an attachment, but unauthenticated..
Where things can be a real pain is MAC randomization - where devices attaching to untrusted or unknown network may use a MAC address that is not hardcoded into the device when attaching, but one trust is establish, the MAC addr goes to the hardcoded one inside the device - Android and iOS seem to do this the most...
Where things can be a real pain is MAC randomization - where devices attaching to untrusted or unknown network may use a MAC address that is not hardcoded into the device when attaching, but one trust is establish, the MAC addr goes to the hardcoded one inside the device - Android and iOS seem to do this the most...
NetworkError
Occasional Visitor
A hidden ssid is only hidden until a wireless device connects to it. Hidden ssid makes an evil twin easy as pie. Mac filters are like locks on doors ... they only stop the honest guys
sfx2000
Part of the Furniture
Yes, and guest network, if enabled, should be turned off...
Friends don't let friends do WPS, IMHO...
punchsuckr
Senior Member
Never ever enabled WPS in the history of owning wireless routers... As for the guest n/w I have a long random passkey and use it exclusively for my smart TV which doesn't know how to use a 2.4/5GHz common SSID network.
As for the guest n/w I have a long random passkey and use it exclusively for my smart TV which doesn't know how to use a 2.4/5GHz common SSID network.I have thought about this quite a bit. I have the tools necessary to see if my network is being attacked but the knowledge to expose it.
It would be fantastic is we have a tab in the network tools that helped expose suspicious connections. This would help novices learns how to spot these kind of things.
It would be fantastic is we have a tab in the network tools that helped expose suspicious connections. This would help novices learns how to spot these kind of things.
RMerlin
Asuswrt-Merlin dev
Or it would make them become jumpy every single time a random port scan occurred.
Then they wouldn't be getting much sleep.
Similar threads
Latest threads
-
-
LAN > DHCP List - Manually Assigned Name + Icon DONT SAVE
- Started by copperhead
- Replies: 2
-
-
-
RT-AC87U 5GHz frequently dropping after latest signature update
- Started by bibbis
- Replies: 0
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!