PDA

View Full Version : Need advice: is my wifi security at stake?



Xanxi
16th March 2015, 18:54
Hi.

My wife has discovered today something really weird.

My home computer network is partly cable based and partly Wifi.

I use the box from my ISP (Free, which is the best box on the french market) to access the internet and to route all network trafic. I have a Synology NAS, several computers (PC, Mac, Retro), mobile divices (smartphones, Palm devices, PSP) and a Femtocell device.

My Wifi network, which name is NOT broadcasted, uses WPA-PSK and the network is based on static IP.

My Wifi SSID is Commodore.

It happens that someone very close is broadcasting since today a network called Amiga_500 (WPA2, strong signal).

I see this as a security menace: someone could want to let me know that it is hacking my Wifi. Chances that someone from my neighborhood is an amiga user and would call a wifi network this way appears very unlikely to me.

I have scanned everything with Wifi Guard and checked the interface from my router. I can't see a wifi device that does not belong to my network for now.

What do you think i should do?

For now, i'm shutting down wifi until further notice.

johnim
16th March 2015, 19:03
hi as long as you have a password non amiga or retro themed i think you should be ok

RED IMPACT
16th March 2015, 19:03
Could just be a fan or someone messing with you...

Have you looked at your connected devices in your router? Anything suspicious in there? If not then I doubt you have anything to worry about.

Xanxi
16th March 2015, 19:56
I don't see any unindentified IP on my network at the moment.

I think my pass is strong enough, but these days WPA keys (not WPA2) can be cracked within a few days with the help of a lot of howto available on youtube.

- - - Updated - - -

This is crazy!
Another SSID called Amiga_2000 has just appeared!
Can't be!!

84920

Arnie
16th March 2015, 19:58
I cant remember what it's called exactly but you can only allow certain mac addresses that you use on the router.

DutchinUSA
16th March 2015, 20:00
:D It's probably just a fan .. some lonely soul who loves Amigas that is trying to get your attention. Maybe you two can become best buddies? ;)

Xanxi
16th March 2015, 20:47
Seems more like a psycho to me.

@arnie: yeah it's called MAC filtering, but this is easily avoided in a matter of seconds for someone who knows what he's doing. Unfortunately, hacking knowledge has become very common with tools like Backtrack and a lot of information available anywhere.

Simon_G
16th March 2015, 23:24
I think you are being a bit paranoid :)

rootboy
17th March 2015, 05:21
Depends, are you using one of these?

https://www.google.com/#q=motorola+surfboard+backdoor

My partner at work was and he got pawned pretty hard the second day that it was up (including the attacker re-flashing his firmware).

moijk
17th March 2015, 08:05
Someone is just pulling your leg. Finding hidden SSIDs is easy. So (s)he is just making networks to play with you. Unless you see any activity on your network which indicates that someone else is using it, nothing have been breached.

And it seems to work, you're all worked up over this. If (s)he somehow have found this post, you'll know who it is just by going after the laughter... ;)

diskers
17th March 2015, 08:13
But why are you using WPA. If you can't get a WPA2 Wifi card for your Amiga connect it by wire. First never use onboard ISP WIFI AP, anyway I never have and won't. Numericable, Free and also all general public cable or phone line / fiber ISP providers all over the world in majority if not all of them use cheap modem AP hardware combos. Buy a medium range router for 50 to 75€ or ever less. If it can be flashed using a custom firmware like tomato, gargoyle or DD-WRT it will be a plus. Then you will even be able to set WPA2 Radius authentication. Isolate WIFI device communication... Mac Filtering is a good way to protect unwanted devices to connect but it's not intended to protect WIFI devices on a non encrypted broadcast or on a already broken one. Why bother to enable MAC Filtering if all traffic is already decrypted the MAC address handshaking between the host and client too...

demolition
17th March 2015, 10:00
Unless you know what you are doing, do not use anything but WPA2, and use a proper password (should not contain family names for example). As other people mentions, it is easy to discover hidden SSIDs, and MAC filtering is not to be used for security. It corresponds roughly to just leaving your front door closed but not locked, when you are not at home. Many people will go by and not know that they can easily get in, but people set on breaking in will find out quickly.
Most routers allow you to see a list of connected DHCP clients through the web interface. Check that only your own devices are listed there.

I use a router with OpenWRT on it which is very nice. I have one WPA2 wifi for my own devices which can access my LAN, and another WPA2 wifi for visitors which cannot reach any of my devices. The firewall is set up to only allow them to use HTTP and HTTPS towards the Internet.

Having a router like this also means that you can see all the traffic spam that the internet throws at you and it can make you a little paranoid. For the last couple of weeks for example, I have been receiving large numbers of syn packets from 4 IPs, so it looks a bit like a syn flood, although the rate is not high enough to trigger the syn flood protection in my router (which also means the rate is not high enough to crash it). They are targeting port 80 and 443 which were directed towards my web server. I have now closed the ports so they will not reach the server and the router will drop those packets which it has been doing for >1 week now, but I am still getting a constant stream of syn packets from the same IPs (all from the same ISP). Maybe they were trying to hack my webserver or something, although a syn flood should not cause it to break as long as it can keep up with the traffic.

Xanxi
17th March 2015, 12:40
I have no Amiga connected with Wifi, only by cables.
Wifi is there only for 2 laptops and a few mobile devices.

Unfortunately i can't use WPA2 with my current ISP box, which is a bit outdated and limited to WPA- TKIP and AES.

It is a good idea to move to a separate router. Can you recommend a specific model with interesting options and good security?


Meanwhile, i may bring my wifi back online, but decrease the strengh of the signal by removing the antennas from the box. Perhaps the signal would be limited to my place?

demolition
17th March 2015, 13:01
While router software like OpenWRT, DD-WRT and similar are very nice, they are also relatively complicated to use since they are so configurable. So unless you are technical enough, I suggest you stick with the standard software. Since my Internet is >100Mbps, I needed Gigabit interfaces on both sides. I got a TP-Link TL-WR1043ND (http://www.tp-link.com/en/products/details/?categoryid=238&model=TL-WR1043ND) which has very good value for money in my opinion, and is easy to upgrade to OpenWRT if you want to try it. It does not have 5GHz radio though, so it cannot do more than 802.11n.

For the radio, it is often possible to reduce the radio strength in the router configuration.

kenshigros
17th March 2015, 19:44
Hi
if you try changing Commodore with Atari what will happen then ?
I had a kind of similar experience but not exactly the same.
I had a kind of virus which created a virtual environment and when checking the bandpass and all there it was 2 wifi were working .
But to you personaly there must be someone pulling your both legs that is for sure but try changing just the name to see....

au revoir

PS:something funny though is to be using PC and running an Amiga emulator and then your PC is infected thru an Amiga virus...that is another story...

diskers
18th March 2015, 10:46
You can try a Netgear or Asus. I won't take any TP-Link home router AP though as demolition said it's a good value for money, anyway personally I don't like them because there were affected in the past with many bugs related to security. Anyway check this one http://www.netgear.fr/home/products/networking/wifi-routers/WNDR3400.aspx
or a more expensive one: http://www.netgear.fr/home/products/networking/wifi-routers/wndr4300.aspx. Tell us how much you can pay for a router and we will try to find something.

- - - Updated - - -

PS. To measure the signal range you will need specialist gear. Radio signals range and behavior are difficult to predict. There's too much factors on which the propagation of radio wave depends. And remember a weak signal is also a security thread because connected devices have to repeat many times packets during data transfer what facilitates the packet capture. And on the other side if your device can't get a connection because it doesn't get the signal does not mean that another device with a better WIFI card or with a stronger antenna won't connect. You don't know from were someone is connecting and what gear he uses.

Xanxi
18th March 2015, 14:07
Yeah i have checked the TP-Link TL-WR1043ND which is very affordable, but it seems that this router has a WPS option. WPS is a major flaw and it seems it can be cracked easily with backtrack or similar from what i have read on the web.

I'm going to check those suggested by diskers.
I could pay about 100 EUR for this for a solid device that i would keep for years.

demolition
18th March 2015, 14:33
If you put OpenWRT on it, those security concerns should be solved. :)
I didn't investigate the software quality much on the device since I knew I'd be reflashing it anyway.

Xanxi
2nd April 2015, 22:09
I update this thread to keep you posted on the last events.

Now i have checked thoroughly all nearby wifi networks.

It appears that the Amiga_500 / Amiga_2000 fellow uses an ASUS router. The first SSID is 2,4 GHz and the second is 5 GHz. Both are broadcasting a WPS pin code and the ASUS router appears to be well known on Google for major flaws with WPS.
Considering all that, it seems unlikely that this guy might be a serious hacker and i feel less at risk.

However, after a week back online, i have definitly deactivated the WiFi from my ISP box (WPA only), and replaced it with an Apple Airport Extreme 5 with WPA2.
I had a good bargain on this device and it appears to be rock solid as Apple does not use the WPS to its usual specifications and is currently immune to any WPS weakness. Remember that WPS if cracked in a matter of hours, even when you think it is deactivated in your router setup.
Besides, the wifi signal is good and conveniently 2,4 and 5 GHz.
I was thinking of a more modern ac wifi device, but i have no compatible card on any of my computers, and they are all there for several more years with no upgrae intended.

I feel better now :-)

AmiNeo
4th April 2015, 03:46
Maybe you just have a lot of neighbours with fond memories of Commodore systems? Maybe you have awoken some Commodore passion in a neighbour who is now following suit and nostalgically naming his routers, hoping you'll notice in a fun way.

I would set up another router and SSID it something like CommodoreFTW.... if another pops up called AMIGARULEZ, you've made a friend :D

Beavis
4th April 2015, 07:50
No need to get all worked up, bruteforcing WPA will take months/years, except if you have the WPS vulnerability...
So best to disable WPS.
Why not change your SSID to something like: "hi A2000, mail me at xxx@yyy.com", so then you might find out what he/she is up to.