We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Anybody know about hacked routers?
grumpycrab
Posts: 5,031 Forumite
in Techie Stuff
Just been to a small charity office whose broadband usage has recently gone off the scale (capped fortunately). Usage this month has averaged 0.75GB per day. Normal usage is a few MB per day. Usage graphs show that this has occurred at all times of day (computer switched off at night).
(wifi password recently changed; router password set to DEFAULT)
I binned the very old TP-LINK router and configured one of my spare ones. Disabled wifi. 0MB exchanged overnight. Fixed.
BUT does this mean that all data on connected devices has been compromised? I feel a Dido Harding episode is required. What is a hacked router doing exchanging stacks of data without any clients connected!?! Help.
(wifi password recently changed; router password set to DEFAULT)
I binned the very old TP-LINK router and configured one of my spare ones. Disabled wifi. 0MB exchanged overnight. Fixed.
BUT does this mean that all data on connected devices has been compromised? I feel a Dido Harding episode is required. What is a hacked router doing exchanging stacks of data without any clients connected!?! Help.
0
Comments
-
More than likely someone who is allowed access to the wifi.
Happening at night? Switch the router off and change the password again and restrict who you give the new password to.Censorship Reigns Supreme in Troll City...0 -
Thanks. I changed the wifi password a month ago (should have done more then) and -looking at the usage graphs- data use has gone up. Definitely a hacked box.0
-
What happens when you disable the wifi on the suspect box?
My thought? Somebody gives the neighbour the wifi password when you change it. Bring in MAC controls for the wifi connections. Carefully check through the logs to find out what machine ios connecting outside hours.This is a system account and does not represent a real person. To contact the Forum Team email forumteam@moneysavingexpert.com0 -
They can be used as botnet relays and for other nafarious relay purposes, here is an example article explaining:
http://krebsonsecurity.com/2015/01/lizard-stresser-runs-on-hacked-home-routers/Science isn't exact, it's only confidence within limits.0 -
I was in a hurry - the ISP had stopped data but allowed me to up the cap to a. enable data and b. let me fix the problem. I (hopefully) fixed the problem by reconfiguring a spare router of mine.What happens when you disable the wifi on the suspect box?
However, when I've an hour or two I will "interrogate" the suspect TP-LINK logs.
Current issue - the charity is considering whether to do a Dido Harding...
PS. data usage overnight 0MB. But wifi was disabled. The office is in a semi-rural location. I really doubt it was a wifi thief. I'll see what the logs say.0 -
Somebody is hacking the WIFI ..
Mac address restrictions will do nothing as it is simple for me to spoof my mac if I want to hack your wifi I just sniff the mac of another device connected to the router and then spoof that mac address.
The way to ensure this doesn't happen again is change the wifi password to something long and complicated, use upper and lower case characters and include numbers and special characters.
Then, and this is the important bit - You must ensure that WPS is disabled on the router.
You can log into the router to change this setting - Once you have done this you have removed the easiest attack vector against any home router as the WPS PIN can be brute forced very easily and the router forced to advertise its WPA key ..
Hope this helps
Andy0 -
You all say it was a wifi hack. Even though the password was changed. Will the router logs prove this?0
-
I was taking the line that the wifi wasn't being hacked per se but compromised by having the key given away which your solution doesn't cover.Somebody is hacking the WIFI ..
Mac address restrictions will do nothing as it is simple for me to spoof my mac if I want to hack your wifi I just sniff the mac of another device connected to the router and then spoof that mac address.
The way to ensure this doesn't happen again is change the wifi password to something long and complicated, use upper and lower case characters and include numbers and special characters.
Then, and this is the important bit - You must ensure that WPS is disabled on the router.
You can log into the router to change this setting - Once you have done this you have removed the easiest attack vector against any home router as the WPS PIN can be brute forced very easily and the router forced to advertise its WPA key ..
Hope this helps
Andy
Most users haven't a clue about sniffing MAC addresses and spoofing.This is a system account and does not represent a real person. To contact the Forum Team email forumteam@moneysavingexpert.com0 -
It will give you evidence of what machines are connectinggrumpycrab wrote: »You all say it was a wifi hack. Even though the password was changed. Will the router logs prove this?This is a system account and does not represent a real person. To contact the Forum Team email forumteam@moneysavingexpert.com0 -
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards