Wi-Fi Security Question for Computer Gurus...

  • Posted by a hidden member.
    Log in to view his profile

    May 06, 2010 2:41 PM GMT
    OK, I log onto my iMac this morning, and I get an error message saying my Mac's address to my wireless router is in use by another device. I have 4 devices on that router: my partner's MacBook Pro via Ethernet, plus, 3 independent wireless channels for my iMac, iPhone, and HP printer, which were all inactive at the time. Yet I could see the router activity lights were blinking away, when they should have been steady.

    So I accessed the router via the Macbook's Ethernet connection and opened its utility program, and promptly changed the WPA passwords for the wireless channels, and then reprogrammed each of the devices for the new passwords. This time I used 3 different 15-character passwords, whereas before I had the same 10-character password for all the devices. I know, not ideal, but I didn't consider my router to be a target for anyone.

    That got me back on the Internet, and with faster connection speed than I've been experiencing for a few weeks, plus the router lights stopped their frantic blinking. Only then did I do what I should have done first, explored the router utility program and discovered I had a selection that would show me all connected devices. Right now it just shows my own 4 devices.

    Well, within the router's short wi-fi range I've got a neighbor who does computer repair, and I suspect he hacked me. Next time I'll know to check the utility program for unauthorized connected devices.

    So, questions: could my neighbor really have hacked my 10-character WPA password? If so, he more than likely had been using the printer channel, which is seldom used, but he mistakenly poached the wrong channel this morning, blocking my iMac. BTW, the printer has mysteriously failed to print a few times recently, and then resumed printing with a later attempt.

    How do I prevent this in the future? I don't want to confront & accuse him, because I'm not certain. Is there anything non-hackable? Can ordinary people outside of spy agencies obtain software that breaks passwords? Mine was very original and not something he would have guessed. Thanks for any advice, and a possible cautionary tale for those using wireless routers.
  • Posted by a hidden member.
    Log in to view his profile

    May 06, 2010 5:07 PM GMT
    I wouldnt jump to quick conclusions here... Sometimes I got that error message when i recently turned on my Iphone. To solve that problem I assigned fixed private adresses to each device via their MAC(=hardware) adress, never happened again.... Ofc you might be hacked but I heard this happened to a few pals with their Iphone as well, renewing the lease obtained from your router can badly time with the Iphones intervals with bad luck...

    to really check if you had been hacked usually a look at your uptime and used bandwidth could have given you a pretty good clue. 10 char aint too strong if in addition you use words that can be figured out by a dictionary attack. you can also change the ssid to not broadcast and only allow devices with a certain MAC address to connect, both these things can be circumvented by someone with a bit of knowledge..but better than nothing...
  • Posted by a hidden member.
    Log in to view his profile

    May 06, 2010 5:09 PM GMT
    Do you use a MAC address filter? I set my router to only permit connection by devices from a defined MAC address list, which I input. The issue with this, is that you have to edit this list every time you add or change a device (iPhone, computer, printer, etc) or a visitor wants to use your WiFi.
  • Posted by a hidden member.
    Log in to view his profile

    May 06, 2010 6:58 PM GMT
    OK, thanks guys, I'm gonna explore these suggestions, and try to make myself "smart" about things I don't normally consider. I've been using computers since the 1970s, longer than the age of many guys here, but neither am I a programmer or a geek, just an end-user. But some good things to look into, that I hope I can understand. Thanks again! icon_biggrin.gif
  • Posted by a hidden member.
    Log in to view his profile

    May 06, 2010 7:11 PM GMT
    You can set your router to not broadcast it's ID, so it won't show in access searches.

    You'll have to manually enter your router info on each device you use, but combining that with some good passwords *and* a MAC address filter makes it pretty much impossible for people to hack into it.
  • Posted by a hidden member.
    Log in to view his profile

    May 06, 2010 7:20 PM GMT
    GwgTrunks saidYou can set your router to not broadcast it's ID, so it won't show in access searches.

    You'll have to manually enter your router info on each device you use, but combining that with some good passwords *and* a MAC address filter makes it pretty much impossible for people to hack into it.

    I had thought about that, but sometimes my iMac seems to lose the router. Without the router broadcasting the name of the channel I have assigned to that device, I'm not sure how I could reestablish the connection. Please forgive me if I'm being ignorant, but my experience with Wi-Fi is limited. All I know is that sometimes my iMac cannot find my router, and I have to go through a completely new set-up procedure. I'm not sure I can do that if I hide the ID.
  • Posted by a hidden member.
    Log in to view his profile

    May 06, 2010 8:01 PM GMT
    Sure can... hit the apple key plus space bar search for keychain

    notice the password for your router is saved there....go to system preferences/network set the network order to make the airport top hit advanced and you can set the order of preferred
    networks....you should see your network name there on top if that is all in order then the problem is loosing the signal in between and it will fix itself
    if too slow turning the airport on / off on the top right menu bar speeds it up
    you do not need to repeat the whole setup process.....


    Not broadcasting the SSID and using MAC Adress based access is something to do but thats the first 2 things hackers bypass, you can get the SSID with a sniffer and you can easily clone a MAC address....as strong secure password is the best choice takes VERY long to hack that.

    1df!0glke.32ef.... for example cant be found in any dictionary...

    on a sidenote:
    the most 2 used passwords for user accounts are: god and penis, odd combination if you ask me icon_razz.gif
  • Posted by a hidden member.
    Log in to view his profile

    May 06, 2010 8:26 PM GMT
    Librarian saidSure can... hit the apple key plus space bar search for keychain

    OK, I did that, typed in Keychain, and got a list that made no sense to me.

    This is confusing me, making my head hurt. I just wanna protect my Wi-Fi from hacking. Does it have to be this complicated? icon_sad.gif
  • Posted by a hidden member.
    Log in to view his profile

    May 06, 2010 8:28 PM GMT
    Librarian saidthe most 2 used passwords for user accounts are: god and penis, odd combination if you ask me icon_razz.gif

    My passwords have never included anything referencing god or penis. So why did I get hacked?
  • Posted by a hidden member.
    Log in to view his profile

    May 06, 2010 10:11 PM GMT
    I don't think you were hacked Red, you can get that error occasionally with some routers, there can be a multitude of reasons.. when you login to the router over wifi you are assigned an IP address and along with that you get a licenses access expiration for that IP address, usually it's about an hour long, however, that license you get is usually automatically refreshed before it runs out, but sometimes things can go a bit wonky and the refreshing doesn't happen and the router/computer are to stupid to work it out, the router could be thinking that this license already belongs to someone else and your computer is thinking it belongs to you, so next time you log back in your computer thinks it'll use this address but gets an error from the router... Bingo, you get an error message.

    Also, your router has whats called a DHCP server which assigns IP addresses, sometimes it can become a little slow or outdated and that will throw up a warning too.

    Other times it can be software on your computer not allowing a proper IP address refresh by the operating system, even though you might get the same IP address you'll get an error message.

    I could list you a hundred different reasons why this can happen, all of which are pretty much just small problems..

    Now, can you hack WPA??? Yes you can, but it takes considerable effort and time on the part of the hacker, did someone hack your router, probably not, the likely hood of your computer repairing neighbor not having an internet connection of his own is probably pretty slim.

    Reason for the blinking lights? well, software could have been downloading in the background of OSX (OS updates and the like) your computer could have been negotiating a new license, the router might have been talking to a server on the internet (time updates, checking for firmware updates and the like)

    The reason your router might be faster? a reboot.. simple as that, most lower end routers built for the consumer market tend to slow down after a couple of months constant use... a reboot refreshes everything.and if you have an all in one modem/router possibly supplied by your ISP they are even worse at this...
  • Posted by a hidden member.
    Log in to view his profile

    May 06, 2010 10:33 PM GMT
    Is there an on-line course to learn this stuff? I'm a former programmer, but wi fi is one of the mysteries of life to me.
  • Posted by a hidden member.
    Log in to view his profile

    May 07, 2010 2:14 AM GMT
    All wifi routers and access points have a default administrator username and password. Change that username and password.
  • Posted by a hidden member.
    Log in to view his profile

    May 07, 2010 4:46 AM GMT
    I use a matrixed security model of Administrative, Technical, and Physical Safeguards coordinated to Prevent, Detect, and Correct security threats.

    Tools include Wireshark, Zenmap, Snort, ClamAV, Firewalls with Port Knocking / Single Packet Authentication, DMZ architectures, Switches, Encryption, and many others.

    My hope is that the casual glom or scriptkiddie with go away and find an easier target.
  • Posted by a hidden member.
    Log in to view his profile

    May 07, 2010 5:09 AM GMT
    lilTanker saidI don't think you were hacked Red, you can get that error occasionally with some routers, there can be a multitude of reasons.. when you login to the router over wifi you are assigned an IP address and along with that you get a licenses access expiration for that IP address, usually it's about an hour long, however, that license you get is usually automatically refreshed before it runs out, but sometimes things can go a bit wonky and the refreshing doesn't happen and the router/computer are to stupid to work it out, the router could be thinking that this license already belongs to someone else and your computer is thinking it belongs to you, so next time you log back in your computer thinks it'll use this address but gets an error from the router... Bingo, you get an error message.

    Also, your router has whats called a DHCP server which assigns IP addresses, sometimes it can become a little slow or outdated and that will throw up a warning too.

    Other times it can be software on your computer not allowing a proper IP address refresh by the operating system, even though you might get the same IP address you'll get an error message.

    I could list you a hundred different reasons why this can happen, all of which are pretty much just small problems..

    Now, can you hack WPA??? Yes you can, but it takes considerable effort and time on the part of the hacker, did someone hack your router, probably not, the likely hood of your computer repairing neighbor not having an internet connection of his own is probably pretty slim.

    Reason for the blinking lights? well, software could have been downloading in the background of OSX (OS updates and the like) your computer could have been negotiating a new license, the router might have been talking to a server on the internet (time updates, checking for firmware updates and the like)

    The reason your router might be faster? a reboot.. simple as that, most lower end routers built for the consumer market tend to slow down after a couple of months constant use... a reboot refreshes everything.and if you have an all in one modem/router possibly supplied by your ISP they are even worse at this...


    smart guy that liltanker. Your neighbor didn't hack your WPA password. I get that message a lot if I just let my MacBook pro doze off. First thing I try is simply to open the network control panel in system preferences, click the Advanced radio button, then the TCP/IP tab, then the Renew DHCP Lease radio button. If that doesn't work, I just pull the router's power supply and let it reboot. Inelegant? Yes, but simple and it works. I suppose the pain with my approach for you is that you have multiple devices connected, each of which 'may' be affected... Or not if the router allows them to keep the same IP address on reboot.

    Btw, you can see all attached devices on your router at any time by opening a browser window, typing just 192.168.1.1 (for most browsers) into the address bar and clicking on the Attached Devices (or similar phrase) link in the browser administrator window.
  • Posted by a hidden member.
    Log in to view his profile

    May 07, 2010 6:12 AM GMT
    rightasrain saidthen the Renew DHCP Lease radio button. If that doesn't work, I just pull the router's power supply and let it reboot. Inelegant? Yes, but simple and it works. I suppose the pain with my approach for you is that you have multiple devices connected, each of which 'may' be affected... Or not if the router allows them to keep the same IP address on reboot.

    more simple would be to disconnect from the network and then reconnect, you should be given a new IP address
  • Posted by a hidden member.
    Log in to view his profile

    May 07, 2010 6:33 AM GMT
    U have to disconnect and reconnect REPEATEDLYicon_rolleyes.gif Get Webroot, this will keep a log of IP addresses accessing ur computer. Yes anyone can access ur computer, don't believe anyone WHO SAYS THEY CAN'Ticon_twisted.gif
  • Posted by a hidden member.
    Log in to view his profile

    May 07, 2010 6:47 AM GMT
    *rolls eyes*
  • Posted by a hidden member.
    Log in to view his profile

    May 07, 2010 7:08 AM GMT
    icon_eek.gif
  • Posted by a hidden member.
    Log in to view his profile

    May 08, 2010 4:24 AM GMT
    It is very unlikely that someone hacked your WPA passkey unless it was really short and a word/name straight out of the dictionary.

    There is no such thing as unbreakable encryption, just like there's no such thing as a foolproof home alarm system or an uncrackable safe. Like all security methods, the point is to become a "drowning cat", i.e. to be such a pain in the ass to try to handle that the would-be miscreant moves on to an easier target. WPA (TKIP) is good enough for most home users. Statistically speaking, someone who has the desire, tools, and patience to crack WPA passkeys probably has a much better home network than you do already, and won't be interested in stealing (or in the Newspeak of modern webfolks who grew up on Napster and LimeWire, "sharing") your bandwidth. However, the WPA standard is already at least 8 years old I think. If your devices support it, you should upgrade to WPA2. Routers are cheap, NICs are cheap. This shouldn't be a barrier.

    There's some good advice in this thread:
    Yes to non-broadcast of your SSID.
    Yes to MAC filtering ("whitelisting").
    Yes to assigned IP tables.
    Yes to bookmarking your router config page (192.168.x.x), and creating an administrator password (most routers actually come with NO administrator password at all) so that you can log in to your router and check security logs, change settings, add MAC addresses, and, most importantly, restart the router on command. Every once in a great while my router will spontaneously drop external HTTP requests and I don't have Internet access. However, I can quickly log in to the router itself from my phone while lying in bed or in the yard and restart the router without having to go to the other room and physically unplug it.

    One additional word of advice would be to just upgrade your entire system. By far the best way to upgrade your keep-Steve-Jobs-rolling-naked-in-piles-of-diamond-encrusted-Sacagawea-dollar-coins Apple device would be to scrap it and set up a dual-boot Ubuntu/Windows7 PC. icon_cool.gif