Wifi Security Breached - What Next?

sgx.saint

Hello.

I have been running a wireless network at home now for just over six months. I have two WAP (Wireless Access Points) and from day one I have had WPA2-PSK security enabled on both as one acts as a network bridge.

Recently I realised that securtity on both WAP had been removed and both wireless access points had been sharing my internet connection openly and freely for anyone to use.

After a while of trying to figure out why the security had dropped from both WAP, I realised we had a powercut a good few weeks earlier. At this points the WAP have obviously reverted to manufacturers default configuration which in this case was to share the connection with no encryption/security.

Now, in the way that I connect to the WAP, I did not notice that security was no longer in place as my laptop just automatically connected to the network as it was in range and as it did not need a password, it just connected with no warnings etc.

So, anyway, I checked what logs I have available on the main WAP, and just as I thought, at least 6 different people have been using my connection over the past few weeks. I have there MAC addressess, and PC 'Names' as this was stored in the log on my WAP. Unfortuantely, the log is deleted every 5 days so this was the most recent users of my connection.

Now, I don't mean to come across overley paranoid or anything but I am wondering what I should/can do from here.

At the very least, I tried to contact my ISP (Virgin Media), but their Indian Call Centre staff did not understand what I was trying to tell them. So, I thought about writing a letter just to say that my connection has been used without my permission etc.

I just don't like the thought of unknown people using my connection and knowing my luck they probably downloaded a thousand illegal mp3's and movies :rotfl:

So, I was wondering what members suggestions might be on what to do next. Inform the police? After all it is a crime to connect to my network even if there is no security. Or am I being too paranoid?

Cheers

.Anth

Donnie

Change your password?

sgx.saint

Password wasn't comprimised. No encryption was enabled.

I am more concerned about the four weeks of usage by a few people whom I don't know.

b33r

Well done for using WPA, you can get round WEP in about a minute, might as well not bother.

Anyway the main thing is that you have now spotted it so you can secure it again. Even if they have used your connection for illegal activity the chance of it been spotted is extremely slim so personally I wouldn't worry about it too much. If you are worried though, i would write a letter to your ISP stating the dates it was unsecure and even the MAC addresses you managed to collect and the reason why it unsecure. i.e. you had a powercut and didnt realise the access points would drop the connection security however at other times it is secure. Keep a copy and you will then have a defence in court if any illegal activity was logged between those dates.

Although Donnie's post wasn't massively constructive it is a good point because they had access to your network and so could have been directing your internet traffic through them and stealing your passwords so it might be wise to change them, again only if you are paronoid.

Donnie

Don't worry unless a negative consequence presents itself.

sgx.saint

Thanks for the reply B33r, I appreciate your advice.

I am not too paranoid, but I do tend to be quite obsessive about covering myself in the event of a situation such as this.

I might just fire off a letter with the MAC addressess to Virgin so at least its logged with them.

To be honest, I think I know who at least a few of these people are .....

A about two weeks ago, I had two lads on my doorstep asking me if I had a Wirless Network, and I for whatever reason said 'Yes'.

They had asked if they could use it for two months, and they would pay me, as they were new in the area and had no internet connection and they were'nt stopping long enough to get one installed.

I obviously said 'No' and they were'nt to pleased and off they went. Mind you, they asked again the following two days.

Now, I don't believe for a second they got access to my network by 'hacking' it. But, I do believe that as soon as they realised my network encryption was off, then they used it.

b33r

You could always have some fun too as you obviously have people in your area who jump on unsecure wireless networks.

We have been experimenting with a technique called "Upside-Down-Ternet" Google for this, sadly the guys page seems to be down but you can view the google cache of it.

Basically you run the wireless insecure and set up a list of MAC address that ARE allowed on your network (i.e. your computers) and they just use it normally, any other MAC address that connects you forward to a proxy you run yourself, we use squid on linux. Now basically you can do what the hell you want with their traffic.

Like turn every image they request upside down and forward it on, they then get pages like this:



The options are endless, direct them to a page saying "oi stop stealing other peoples wireless, the police have been informed" (that should make them fill their pants), forward them to goatse every tenth page, be imaganitive

sgx.saint

lol, nice idea.

Or direct all traffic to your local Police Force's website

sgx.saint

Virgin won't be interested, I wouldn't wast your time. You would be just drawing attention to yourself.

I agree that it would be a waste of time, in so much that Virgin would not act on the information.

I do however disagree with your second point. I have nothing to hide, and I don't see how advising Virgin that I had a lapse in Wireless Security would draw any un-wanted attention.

I find it unlikely that a power cut would cause the scenario you suggest, if it reset everything, nothing would work.

Not true. I have owned and run several WAP over the past two years. All of which if without power for a certain period revert to the manufacturers standard configuration. This in most cases, means they will openly share any connection.

If I recall correctly, there has been many discussion in the networking community and industry about agreeing upon a mutual standard in which all manufacturers would enable security by default on all there hardware.

This is due to many 'novice' users simply connecting their new shiny WAP and not enabling any type of security.

I remember this because I wrote a report about it not so long ago for my degree.

Actually if you view this article here:-

http://business.timesonline.co.uk/tol/business/money/article1434127.ece

and I'll take this quote "The problem comes when you buy a wireless router from a manufacturer such as Netgear, Link-sys or D-Link through retailers such as PC World or Currys, because you have to secure it manually, and you can easily miss out this step in the process."

Meatballs

I take it your internet connection device is seperate to your WAPs? If it is integrated and the powercut reset to manufacturers defaults your login details would also be wiped.

I've been known to jump on an unsecured wireless connection, when my internet connection goes down. Don't know who's it is, so doubt the lads realise its yours unless you're the only house in the street.

peterbaker

I find it unlikely that a power cut would cause the scenario you suggest, if it reset everything, nothing would work.

sgx.saint wrote: »

Not true. I have owned and run several WAP over the past two years. All of which if without power for a certain period revert to the manufacturers standard configuration. This in most cases, means they will openly share any connection.

My Netgear holds its settings and security for days after I pull the plug. I haven't left it yet for more than about a week so far, and I suppose there is an internal battery which has a limited capacity, but so far my settings have survived!