WPA on XP

Discussion in 'Windows - General discussion' started by Mez, Aug 26, 2010.

  1. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    Someone has been hacking my network. I have tried several times to set up WPA on my old XP system without success. Is it possible? I was able to connect the computer hardwired to the computer once using 'the button' on the router but the next time I connected a second time without the 'hard wire' it did not work.
     
  2. ntense69

    ntense69 Member

    Joined:
    Jul 6, 2006
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    did you enter the password to connect is your networked restricted by mac addresses
     
  3. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    Yes and no. At one time I did list the MAC addresses that kept him out for a week. I left the router on and the modem and computers down last week when I went on vacation. I bet that had him fooled. I bet he spent a few hrs trying to crack that one!

    What I have is a network seed there was a seed and then various passwords created by the seed in my router software. The later OSs just took the seed but I think the default password field is bigger. I think the field for XP is too short to take it all. It is hard to be sure because I can't see the letters and it fills the field but it does not scroll. The router setting only stated WPA. You got me thinking. Duha! I started playing around with the different authentications under wireless/properties, could it be WPA-PSK? I think that allows that allows for the full seed under wireless/properties. At least the field scrolls which it did not before. Maybe I need to set it up under wireless/properties.
     
  4. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    That is what it was, WPA-PSK with AES encryption. It took a few guesses, I guess I could have looked on Linksys web site but I find it extremely difficult to find info there. Far easier to muddle through with a little help from you. They want you to cough up 60 bucks for user support. That is where I started, but I don't have 60 bucks to give to them.
     
  5. ntense69

    ntense69 Member

    Joined:
    Jul 6, 2006
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    what type of router do you have
     
  6. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    A linksys WRT310N.
     
  7. ntense69

    ntense69 Member

    Joined:
    Jul 6, 2006
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    1. Have you disabled the broadcast ssid Wireless Network Name

    2. Have you got a password you use yourself or do you let your router choose one

    3. Have you ran a key logger scanner anti virus and spy-ware on your computer

    4. How long is your password and does it consist of numbers and letters with upper and lower cases
     
  8. GryphB

    GryphB Regular member

    Joined:
    Jan 26, 2006
    Messages:
    148
    Likes Received:
    0
    Trophy Points:
    26
    Have you ever tried making your wireless connection hidden? (disable the SSID broadcast ;) and change the name of the network)
    then make a manual connection to the network.
     
  9. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    1) It is now, it was not, some devices needed that but now they will not be networked.
    2) The router was set up to send the connection info after you press a button. It is manual now, I am sure that is how he got in the last time. He was in less than an hour after I tried to connect a wireless game device. I suspect right after but I was not looking. He had been kept out for 24 hrs before that.
    3) No and yes. Where do I find a key logger scanner? Can you suggest a good one? I would be extremely interested in that. In safe mode I uninstalled Malwarebytes then reinstalled and ran it. I was clean.
    4) The network key was generated so it ought to be strong. The router pass word it is long but not as strong as it could be.
     
  10. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    I was hacked again! None of my names password and keys were at new recommended lengths even though some were computer generated.

    He now has some kind of app that will look for a factory default wireless network and can grab it before I can. I had to set the router up at some one else'e house. The key is over 30 characters long and everything else is over 20. All exceed the recommended length for a secure system.

    If he cracks this I will increase everything again and start wiring my house with ethernet. Does anyone know the max length cable can be between a switch and the computer?
     
  11. ntense69

    ntense69 Member

    Joined:
    Jul 6, 2006
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    1. what security setting are you using
    2. 300 ft for a max length of a cable for wired
    3. i never use router generated passcodes i use my own
     
  12. GryphB

    GryphB Regular member

    Joined:
    Jan 26, 2006
    Messages:
    148
    Likes Received:
    0
    Trophy Points:
    26
    I think no longer than 100 feet
     
  13. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    1. WPA AES
    3. Thanks I was a bit worried. Old technology required much shorter lengths.
    3. Yes that was a problem. The Lynksys site stated a fast computer could break a key the size of the software generated key in 2 days. I am sure it was not by chance that they picked the length on the software generated key as the example. That is about how long it took him to break it. Plus it was all caps. I got the message! Both the network name and key exceed their length recommendations. Obviously, it is still crackable but will he waist that much time? I figure the key will be over 100 times harder to crack. The key is now 35 chars long of mixed content. Mostly letters of mixed case with just enough numbers to keep it honest. I suspect he has to dedicate some resources to the project. I am figuring he will give up in a few weeks maybe a month. There are hundreds of houses he can pick on. Most will not even figure that they are being tapped. If he is smart, he will have learned not to steal a mb of band width. You can do a few 100k with out anyone being the wiser. I do have a gb router so I am sure I was a 'find'. He also has my house zeroed. He could have none that easily while I was broadcasting.
     
    Last edited: Sep 4, 2010
  14. ntense69

    ntense69 Member

    Joined:
    Jul 6, 2006
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    16
    here is what i have used and with no problems as i have a linkysys wrt54g with dd-wrt v23 sp2 firmware and will be different from your set up

    i have a pre shared wpa key with tkip Algorithms and the max i have any wired hardware is 50 feet not including my wireless which is about 50 feet for that

    also might try changing your channels for wireless connection

    and if you have a firewall on your router enable it

    and when you logon to your router make sure you don't have it remember password
     
  15. cee43ja1

    cee43ja1 Regular member

    Joined:
    Sep 14, 2007
    Messages:
    4,134
    Likes Received:
    1
    Trophy Points:
    46
    the WRT310n is capable of dd-wrt. make sure to go to their forums to get the new firmware, NOT THE ROUTER DATABASE! had to upgrade the routers i flashed before because it was using unstable firmware from the database.


    that's a scary thing to happen to anyone. at once, someone got in my network but i changed the workgroup name way before and did a MAC address block. probably was surprised when he didn't have wireless access to the router since i turned it off. and i knew it was someone else because it was a d-link wireless product when i searched the MAC address.
     
  16. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    I do not 'remember' any passwords unless I do not care if it is broken into. They can be ported out.

    My hacker was much smarter. He hacked the Mac address in days. My biggest problem was not using a big enough name and key. Had I just added one more character to the key it is unlikely he would have gotten in. It would have gone from 2 days to about a month. At that length, adding one more character takes it from fairly doable, to this is taking to long. Doubling the size, puts it out of the realm of possibilities. I was fearful he put spyware on one of our computers that the spyware scanner couldn't find. If that was the case he would be in and I would be wiring my house.

    I had dd-wrt on it for a while. I didn't see much advantage. I am completely fearful to do anything right now. I am sure he is doing his best as I write. The network is tens of thousands of times harder to crack now so I will leave it at that for now. I think he will stop trying in a month or so. Then I might be brave enough to fiddle with it.

    What is the advantage to dd-wrt? Right now I only allow 2 computers on the system. If we can't get on I know the jig is up.
     
  17. cee43ja1

    cee43ja1 Regular member

    Joined:
    Sep 14, 2007
    Messages:
    4,134
    Likes Received:
    1
    Trophy Points:
    46
    lots of advantages with dd-wrt, most notably is performance. from any point after you flash your router, you will be able to see who logged onto your network from the WOL tab; it will show full MAC address.

    you can also disable wireless access to the router, and the hacker will be presented with a '401 bad request. can't use wireless to access GUI' message. even if he got ahold of one MAC address from your network, he would be unable to change anything in the router since there is no direct connection.


    there is a possibility there's a keylogger program was installed before. they're designed not to show up on the targeted systems, and sends a email to the hacker with all of your keystrokes. best way to rid of it is a clean format and install. or you can disconnect from the internet and look for suspicious files.
     
  18. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    I am not sure what this means...

    The spyware scanner I used is supposed to catch data loggers. I take that with a grain of salt but I have not seen our hacker yet. They need to be memory resident. Formatting is out of the question for one. The original back up was lost. I have yet to find a correct shared OS disk. Then who knows what might be inside. I have the key code but it doesn't work with any of the system disks. I would have to go to 7. Then I may as well get a new computer. I have been out of work for a year with plenty of bills. I have used it to access the router in the past because it is wired to the router but not the last time.

    The other computer actually has a backup C: disk. Unfortunately, it is a green disk so performance is way down. I loath to format my black drive because it has utilities installed that are not available anymore and I was not smart enough to archive the install packages.
     
  19. ps355528

    ps355528 Active member

    Joined:
    Aug 17, 2010
    Messages:
    1,071
    Likes Received:
    28
    Trophy Points:
    78
    mez .. rootkit keylogger buddy.. your ntoskrnl file has been compromised...and it won't show unless you run a proper rootkit detection program like SVV... or you are up against somebody like me running some satan mofo fast hardware (64 node cluster turning in 66GFlops/s) who can break any key you put in front of me in about 10 minutes.. but the hole is this.. no matter what wireless system you run authorised devices have to connect.. when they do they pass the keys back and forth.. people sit and wait for the keys being passed.. listen in and then attack them with everything they have.. now think for a minute.. I have a supercomputer.. I can smash keys that way in 5-10 minutes.. but there is such a thing these days as the "cloud" .. a vast supercomputer that anybody can use in theory. I have seen wardriving groups setting up serious clustering wpa-psk cracking units on there... they can bust stuff that would take me maybe 10 minutes in seconds.. literally..

    as for logging mac numbers.. whats the point?.. as soon as I crack your key I get the mac number of the authorised machines anyway so I just spoof that onto my hardware and you can't tell which is my nic and which is yours... and your router will accept me because I have a mac that is authorised in it's tables...

    directional screening my friend.. only allow your signal to go where you want it to go.. or wire everything.. home made beam antennas are very useful in these situations if you MUST use wireless.... and mounted off vertical will usually stuff up anybody more than a few yards away outside.


    run a network sniffer for a while and watch carefully while logging everything in and out.. you will see your bogey during quiet times.. but you need to leave it quiet otherwise you won't see who is what or which the suspect connections are... A better trap is a honeypot.. a nice pretty much unsecured spare wireless router connected to nothing in particular except a logger... hackers always go for the easy target.. pros you won't ever keep out... but they will hit an run.. using for specific purpose then out and away usually leaving no traces.. but you have a script kiddie.. and they are easy to deal with.

    soooo.. have a good look at your running system with a rootkit sweeper SVV is good but takes some knowledge to actually use.. http://www.antirootkit.com/software/System-Virginity-Verifier.htm

    run a proper network sniffer on a known clean machine.. http://www.kismetwireless.net/

    adopt a proper screening strategy.. make your signal impossible to lock to from more than a few yards outside your house.. simple way is to adjust the radiation polarization from vertical omni to some variant of horizontal.. signal strength inside will drop considerably.. outside signal strength will drop dramatically.. especially if you screen likely radiation directions where there are other houses but nothing you want to connect with..

    I hack all my neighbours all the time.. for fun.. and for p2p after they go to bed.. it's sport seeing how many linksys and bt ho-hubs I can bust in a night... all these people run wireless in houses where the longest possible cable run would be 30 feet!!!!!

    happy hunting... your bogey is within 100 yards.. by playing with your antennas and some grounded foil you can make that 10 yards.. then you got em!!!

    [​IMG]
     
    Last edited: Sep 5, 2010
  20. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    I didn't see anything when I went to your root scanner link. I do have a proper one and it did not show anything.

    I agree that the hacker is withing a few hundred yards and I think I know what direction. He doesn't have all the tricks you have. He has been out for about a week. We can tell because he is not subtle, he wants me to know that he is in. I am in one of those houses that can be wired fairly easily. I almost bought a switch last week. I will go wired if he gets in again. Still that requires some level more resources than just tightening router security. Plus, this is a good learning experience for me.

    If the hacker was smart I would never have known about him. In the wee hrs he could have run flat out without me being the wiser. Instead he was running so hard, the internet was almost dead during normal hrs. It took me too long to guess what was happening. Everyone in my neighborhood is a computer moron except for me. It did not occur to me that someone would be using a directional antenna. I bet he is less than 25 yrs old. He is way too cocky but then he had me running for some time. He has plenty of routers to choose from I suspect mine was the only gb router in range so he wanted to use mine.

    I can visualize the grounded screen but how do I
    I will check out the sniffer and give you a buzz if I get confused.
     

Share This Page