Forgot your password?
typodupeerror
Networking Wireless Networking

Ask Slashdot: Dealing With an Advanced Wi-Fi Leech? 884

Posted by Soulskill
from the call-the-internet-police dept.
An anonymous reader writes "Recently, I had found out (through my log files) that my wireless router was subject to a Wi-Fi Protected Setup (WPS) brute force PIN attack. After looking on the Internet and discovering that there are indeed many vulnerabilities to WPS, I disabled it. After a few days, I noticed that I kept intermittently getting disconnected at around the same time every day (indicative of a WPA deauthentication handshake capture attempt). I also noticed that an evil twin has been set up in an effort to get me to connect to it. Through Wi-Fi monitoring software, I have noticed that certain MAC addresses are connected to multiple WEP and WPA2 access points in my neighborhood. I believe that I (and my neighbors) may be dealing with an advanced Wi-Fi leech. What can I do in this situation? Should I bother purchasing a directional antenna, figuring out exactly where the clients are situated, and knocking on their door? Is this something the local police can help me with?"
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Dealing With an Advanced Wi-Fi Leech?

Comments Filter:
  • by Anonymous Coward on Wednesday February 20, 2013 @05:25PM (#42959055)

    And punch him in the nose.

  • Change your WPA keys (Score:5, Informative)

    by supersat (639745) on Wednesday February 20, 2013 @05:27PM (#42959071)
    WPS works by giving out your WPA keys, so if they've gotten in once through WPS, they will continue to have access.
  • simple (Score:5, Funny)

    by polar red (215081) on Wednesday February 20, 2013 @05:28PM (#42959085)

    UTP

  • Use squid (Score:5, Funny)

    by h4rr4r (612664) on Wednesday February 20, 2013 @05:28PM (#42959087)

    Setup squid and redirect all web traffic through it. Replace all images on machines that are not yours with goatse.

    • by admdrew (782761) on Wednesday February 20, 2013 @05:42PM (#42959337) Homepage
      I also like this response - http://www.ex-parrot.com/pete/upside-down-ternet.html [ex-parrot.com]
      • by mrcaseyj (902945) on Wednesday February 20, 2013 @06:36PM (#42960073)

        Set your SSID to "UnauthorizedTrafficRoutedThroughPolice"
        and/or
        Set up a server between your ISP and wireless access point with a VPN. If you get caught by his evil twin access point, you will know because your VPN connection will fail. Even if it doesn't fail at least your traffic should be secure.
        or
        Set your SSID to "ConnectingHereConstitutesConsentToEnterAndSearchYourHouse" Maybe the opportunity for an easy search would get the cops interested.
        You should probably file a complaint with the police in case his illegal activity comes back to your IP address.
        You may want to find out what kind of person you are dealing with before getting the police involved. Your strategy should probably be different if you are dealing with a local gang leader or homicide parollee rather than a high school nerd.
        If the offender happens to be on probation it could give you extra leverage.
        Keep in mind that if he lives next door he can listen in on your conversations with a sensitive directional microphone. He could also probably easily tap your phone, especially if it is cordless or cellular. So be carefull about speaking your passwords or other sensitive information out loud. Mail theft, burglary, vandalism, and other nasty attacks could become an issue.

    • Re:Use squid (Score:5, Insightful)

      by DigitAl56K (805623) on Wednesday February 20, 2013 @06:12PM (#42959751)

      If you're going to go so far as to let them on to your network, instead of pranking them you could passively watch who they log into websites as in order to determine their identity, gather evidence, and file charges. Of course, disconnect your other systems - since if he's hacking your wifi he'll probably also try to probe your other devices.

      Of course, IANAL, and perhaps monitoring such things is illegal even though it's going over your private network.

  • by attemptedgoalie (634133) on Wednesday February 20, 2013 @05:28PM (#42959089)

    You can give them satellite images of the house of the person that stole your identity, and they won't drive over for that.

    So for something involving log files and such? Not a chance.

    You should redirect all network traffic to goatse for a week, and just use a 3G hotspot while your normal one kills the thief's eyes.

  • by Picass0 (147474) on Wednesday February 20, 2013 @05:28PM (#42959097) Homepage Journal

    ...I think that means he's consenting to letting you administrate his system. I suggest you do so.

  • by Frobnicator (565869) on Wednesday February 20, 2013 @05:29PM (#42959099) Journal
    Log in to the Evil Twin network. Start a bunch of illegal torrents and "accidentally" alert the appropriate parties by IP address. Some appropriate in-theater movies and the MPAA would be a good start.
  • Some quick basics (Score:4, Insightful)

    by Pubstar (2525396) on Wednesday February 20, 2013 @05:29PM (#42959121)
    The first thing would obviously be MAC whitelisting on the router, though if he is smart enough, he would just spoof his MAC to one of the ones on your network, so its unlikely it would stop him. Depending on where you need your wireless router, have you considered turning down the radio strength and putting the router in an area where it covers where you want to use it without the WiFi signal going too far outside the bounds of your house?
  • by ruir (2709173) on Wednesday February 20, 2013 @05:30PM (#42959133) Homepage
    Lets hope this article is just a marketing scheme. Anyway, in case it is genuine: Somebody has been freeloading, so what? You have got two options: 1) upgrade your security. double up encryption with MAC authorization. Hide your SSID. Maybe even going to digital certificates.Use only encrypted communications protocols. Many other options. Many time invested. 2) Setup a honeypot. Something open or better yet with poor security. Let him break, monitor the activity, eventually you will get a his personal data. Then decide on the course of action. Cheers
    • by LukeWebber (117950) on Wednesday February 20, 2013 @06:23PM (#42959889)

      Freeloading? If that was his only intention, he wouldn't have troubled to set up the evil twin. This guy is serious trouble, and you don't want him on your LAN.

    • by kroby (1391819) on Wednesday February 20, 2013 @06:38PM (#42960089)
      It is widely known by security professionals that hiding your SSID actually decreases security. For starters, it is easy enough to sniff a SSID out of the air. What is more concerning is that wireless clients configured to connect to a hidden network will constantly try to connect to any wireless network, essentially asking "Are you my network?" A malicious access point could say, "Yup, sure am!" At that point your wireless client will be more than happy to divulge your preshared key. There are even affordable retail products that accomplish this out of the box. Check out the Wi-Fi Pineapple.
    • by Hatta (162192) on Wednesday February 20, 2013 @07:31PM (#42960605) Journal

      Anyway, in case it is genuine: Somebody has been freeloading, so what?

      Ask yourself, why would someone go to such great lengths to use someone else's bandwidth?

  • by hottoh (540941) on Wednesday February 20, 2013 @05:30PM (#42959145)
    -Reduce transmit power
    -Move or buy a directional antenna

    Have time on your hands?
    http://www.ex-parrot.com/~pete/upside-down-ternet.html
  • by faedle (114018) on Wednesday February 20, 2013 @05:31PM (#42959149) Homepage Journal

    If they're going to go through the trouble of setting up a honeypot, you might was well give up and just shut the radio off and run 100% wired.

    Or, go rogue yourself and capture all his traffic. Bonus points if you rate-limit the wireless to effectively have no bandwidth.

    The local cops? If your local police department is anything like mine, they don't even send out officers to investigate real property crimes like theft anymore. They'll just laugh at your little WiFi problem.

  • by epyT-R (613989) on Wednesday February 20, 2013 @05:31PM (#42959159)

    You could try leaving the access point open and partitioning it with an ipsec segment. Deny any other connection attempts to the interface. Otherwise just hardwire it and be done with it. Wireless will never be secure. You'll just end up fighting a war of attrition, and that 16yo hax0r has much more free time than you do.

  • fair trade (Score:3, Funny)

    by Anonymous Coward on Wednesday February 20, 2013 @05:31PM (#42959165)

    You're giving him cancer, he's using some of your wifi. Just segregate your personal network from the wifi network and see if you have QoS options to limit how much you share. Can't we all just get along? ;)

  • by eksith (2776419) on Wednesday February 20, 2013 @05:32PM (#42959169) Homepage

    On my Android phone, it will detect the closest Wifi signals and you may be able to pinpoint where exactly this evil twin is. A directional antenna may help, but without knowing exactly where to direct it to, you may be aiding the leech. You can try disabling SSID broadcast and reducing transmit power.

    No one will trouble themselves this much just to avoid paying a monthly fee and just by the fact they're knowledgable in these means they've spent a lot of time online already. My guess is that this individual is conducting illegal activities through yours and your neighbor's connections, so you or your neighbors may get a visit from law enforcement pretty soon.

    • by Mr. Freeman (933986) on Wednesday February 20, 2013 @07:22PM (#42960551)
      "My guess is that this individual is conducting illegal activities through yours and your neighbor's connections"

      This is highly likely. The guy has invested much time and effort in this so they clearly have motives other than saving a few bucks. OP should make attempts to locate this guy and to shut him down. Use laptops or cell phones with wireless monitoring applications to locate the guy's AP. Nothing too fancy, just do a bit of sneaker-netting while watching the signal strength. You don't need to triangulate the location to within a foot, you just need to get a general idea of where this thing is. Once you get close you should be able to tell which building/car it is in. If this yields inconclusive results then contact the local HAM club. They may be able to assist you in locating a rogue AP or wifi leech in exchange for beer and pizza.

      Also, OP needs to file a police report. Will the police do anything? No, of course not. However, it will help to shield OP from liability when the FBI comes knocking in regard to whatever illegal activities are being conducted through his internet connection. He'll be able to point to the police reports as evidence that someone else was on the network long before the authorities showed up.
  • by ZaMoose (24734) on Wednesday February 20, 2013 @05:32PM (#42959171)

    ...but only if it comes with a cool pings-like-the-motion-detectors-in-Aliens handset, as where's the fun in not having that?

  • Oh come on... (Score:5, Insightful)

    by lesincompetent (2836253) on Wednesday February 20, 2013 @05:33PM (#42959197)
    Do i really have to say it? WPA2, 63 characters pwd.
  • by Rob the Bold (788862) on Wednesday February 20, 2013 @05:33PM (#42959205)

    Wouldn't a leech just look for an open access point? One with a fast connection would be a bonus.

    Your interloper would seem to be doing something more nefarious. Why does a simple leech need an evil twin?

    Is your local constabulary at all competent in this sort of matters, or are they the kind that go around wardriving for open access points? Because it's gonna suck to try to explain the problem if they don't have a clue, but something's up, and to me it sounds like something leaning toward the criminal.

    I think I'd get the directional antenna. Maybe you're dealing with the neighbor's 12 year old, so just alerting the parents could do the trick. If it's your local psycho, that's another story.

  • by Anonymous Coward on Wednesday February 20, 2013 @05:33PM (#42959207)

    To FBI surveillance van.

  • If you find him... (Score:5, Insightful)

    by ShieldW0lf (601553) on Wednesday February 20, 2013 @05:34PM (#42959225) Journal

    If you find him, give him props and buy him a beer and ask him to share how he's doing what he's doing with you. Sounds like some pretty cool shit.

  • by radiumsoup (741987) on Wednesday February 20, 2013 @05:35PM (#42959231)

    start knocking on doors and asking your neighbors if they would mind terribly if you spoke with their 15 year old son for a few minutes, because you've determined he's been hacking your wifi. Eventually, you'll hit the right house. For the wrong houses, act confused and say you must have miscalculated by a house or two, and that you're sorry. Bring cookies to show you're not an ass, though.

  • Some ideas (Score:4, Informative)

    by Proudrooster (580120) on Wednesday February 20, 2013 @05:35PM (#42959239) Homepage

    Lock incoming connections down by MAC address and disable your SSID. This will probably make them go away. Also, run WPA2+AES and pick a longish WIFI key.

    If you have an ASUS Dark Knight router you can setup multiple SSIDs (guest networks) that disconnect every 60 seconds and name them "StopStealingMyWifi". This way you real SSID is hidden and your multiple guest networks are visible, but are unusable. You can also set hours of operations for your radios on the ASUS and turn off your radios at night and when you are not home. Lastly, if you are running dual band, turn off the 2.4 Ghz and run on the 5Ghz band. The 5Ghz signal travels poorly outside your home. WIFI is tough to secure with all of the WIFI hacking tools, but get a good router and rotate shield frequencies and should go away.

    Lastly, here is an article on the subject.... this article disagrees with me on disabling your SSID and I am sure others will have an opinion....
    http://www.wikihow.com/Secure-Your-Wireless-Home-Network [wikihow.com]

    • Re:Some ideas (Score:5, Interesting)

      by Anonymous Coward on Wednesday February 20, 2013 @06:00PM (#42959599)

      Knock up a cron job to change your WPA2 key every 24 hours. Use a QR code generator to print out the code on paper for your new key every morning, so you can just snap it with your phone and you're on. He'll get bored of trying to break something that changes faster than he can break it, and he'll move onto someone else.

      Agree also with disabling wireless at the times he uses it, and when you're not, if this is feasible for your lifestyle.

      And 5GHz also sounds sensible.

      If you do find out who he is, change your SSID to *his* name and address. That should freak him a bit.

    • Re:Some ideas (Score:4, Interesting)

      by Carnildo (712617) on Wednesday February 20, 2013 @06:47PM (#42960195) Homepage Journal

      The techniques you describe will be effective against someone who just wants free Internet access, but if they're attacking for any other reason, it's like going into a bar in the bad part of town and proclaiming how tough you are: it does nothing to improve your safety, but makes you a much more attractive target.

  • by CambodiaSam (1153015) on Wednesday February 20, 2013 @05:37PM (#42959259)
    If someone had an extension cord plugged into my outside outlet and it ran to their house to steal power, I would walk over, knock on the door, and ask them to stop it. And yes, I would also unplug it.

    If you have the means to determine where they are it's worth asking them to stop. That alone might change their attitude toward poking at networks.
  • WPA2-Enterprise (Score:4, Informative)

    by Rinisari (521266) on Wednesday February 20, 2013 @05:39PM (#42959287) Homepage Journal

    * Use enterprise auth to a RADIUS server with an LDAP backend?
    * Lower the transmit power to something that just works within your place?
    * Use just A or just B or just N? Maybe they're on older tech?
    * Configure your router not to well, route. Use it as just an AP and you have to manually set the IP info on your machines, and the router is not *.*.*.1 on the network.
    * Do the above, but use an external VPN for all of your traffic. A static route in the router gets you onto the VPN.
    * Change your SSID to something threatening to indicate that you're onto them and that you asked Slashdot how to make them stop?

  • Be enlightened (Score:4, Insightful)

    by Kohath (38547) on Wednesday February 20, 2013 @05:39PM (#42959299)

    Change your SSID to "Do_not_steal_my_WiFi". It's the enlightened approach -- the same approach that the "Gun Free Zone" and "Drug Free Zone" people use. Only backward, ignorant people would disagree.

  • Change Password (Score:5, Interesting)

    by pellik (193063) on Wednesday February 20, 2013 @05:43PM (#42959345)
    Brute force attacks take time, lots of time. Just start changing your key every week and he will probably go away. Having your computer run 96 hours to get a password that then changes 72 hours later just isn't worth it, even for a criminal. If he keeps at it then someone just enjoys the challenge, and you should hunt them down just for the mystery.
  • I don't get it (Score:5, Insightful)

    by chord.wav (599850) on Wednesday February 20, 2013 @05:46PM (#42959419) Journal

    Some neighbor comes in good faith and opens his digital life to you, so you can MITM him and this is how you react? That is rude man. I think that guy deserves an apology sent from one of his social networks accounts.

  • by datapharmer (1099455) on Wednesday February 20, 2013 @05:52PM (#42959487) Homepage
    So yes, I've dealt with it. The easy solution is go wired for a while, setup a honeypot and track them down. Once you know where they are let them know you are less than pleased and if they don't stop there will be a call to the FCC and local authorities as well as a civil suit for harassment. If you can't go wired Lower your ACK timing and transmit power so they can't get a good signal without standing on your doorstep. switch to a certificate based system instead of a password based system with a new ssid. On the new system setup a proxy that requires additional authentication to reach the internet. Assign static macs to your own devices and block all other local IPs via iptables to prevent them from self-assigning one. As for deauthentication attacks, the best bet is to find them and ans send over a nastygram.
  • by BlueBlade (123303) <mafortier&gmail,com> on Wednesday February 20, 2013 @05:52PM (#42959493)

    Basically, there's nothing you can do if you keep using WPA.

    One option is to lower your wi-fi antenna power to exclude the area where the attacks are coming from. This can be hard to do if you need good coverage for a whole house or some such.

    Your best bet would be to use either 802.1x or EAP-PEAP. That's highly dependent on what router you're using, usually only high-end routers support these options, although some home routers certainly do (I remember the good old WAP54G supporting it). If you're going 802.1x, just setup a radius server, configure your devices and you're pretty much set. If you go the PEAP route, you'll need some certificates, and possibly a radius server unless you use client certificates for authentication.

    Both options will foil your wannabe hacker. Plus, you'll likely have the only advanced Wi-Fi setup around, gaining you geek creds ;)

  • by gnoshi (314933) on Wednesday February 20, 2013 @05:57PM (#42959551)

    There are two ways of dealing with this: getting this person off [i]your[/i] network, and getting this person off [i]everyone's[/i] network.
    Personally, I think if you can get everyone to squeeze him off their networks then that will probably be the nicest kind of vengeance.

    Consider writing up a simple letter (starting with: Just a note from a neighbor), detail that someone in the area has been breaking into wireless networks and may be pirating stuff/doing illegal things which could lead to difficulties for the actual owner of the OP. Then, provide a basic summary of what to do to avoid it (e.g. disable WPS, etc etc) and maybe even provide URLs for the major router manufacturers.
    With [i]some[/i] luck, [i]some[/i] people will pay attention and lock down their network.

    If you know who it is doing it (using handy phone apps to detect signal strength, or a directional antenna) then you could do a 'special' letterbox drop for that one person with a 'how to buy an internet connection'.

    Mind you, if this person is using an 'evil twin' they may be doing more than just stealing Wifi. If their MAC address is stable (i.e. they are not modifying it) you may want to capture some sample traffic with that included. If things do go awry you can use that to provide evidence it was that person's computer, possibly.

  • by wiredlogic (135348) on Wednesday February 20, 2013 @07:35PM (#42960651)

    Insert a Javascript zero day into his HTTP traffic and take care of his computer. He'll never know what took him out.

  • by Jimmy_B (129296) <slashdot @ j i m r a n domh.org> on Wednesday February 20, 2013 @08:09PM (#42960877) Homepage

    First of all, just to be clear: this isn't leaching, this is someone doing something nefarious. If they just wanted free bandwidth, they would never set up an evil twin network. Most of the replies on this thread are bad advice assuming it's a leech. The person responsible might be nearby, but probably not; if you track down the computer that's responsible, you're likely to find that its owner doesn't know what's going on and it's been taken over by an anonymous attacker over the Internet. Or you'll find a PwnPlug.

    The first thing you need to do is notify the police that you're being targeted by hacking. This is important; if your computer/network is taken over and used for something illegal, which is likely to happen, this will protect you. Second: you need to notify your employer, as well as anyone whose confidential data you're in possession of. And third: you need to harden your computer security, and figure out why you might have been targeted.

Serving coffee on aircraft causes turbulence.

Working...