wireless connection being hacked

[BlitzCanuck1]

First off, apologies if this is posted in the wrong section.

I'm running Tomato firmware v1.23 on a Linksys WRT54gl with a WPA password that is a combination of letters and numbers.
Back in February i noticed the activity light on the router was blinking like mad even though my pc wasn't turned on. I went to my ISP's site and checked my internet usage and discovered that for the previous 7 days, there was an accumulated 30gigs of usage that wasn't mine. It was quite obvious that someone else was using my wireless since my typical uploads are just a few hundred megs per day at most but now were a couple of gigs.... just in uploads alone.

I changed the password and immediately the light stopped blinking. the next day i checked my usage again and that definitely solved the problem.

Except that about a month later it happened again. This time i caught it earlier so they only stole about 7 gigs. But that still put me over my monthly usage limit so again i was billed extra. Changing the password again solved the problem.

Except that it happened yet again....for the 3rd time, only a few days later.

My ISP won't/can't do anything about it and they made it clear that i will be paying for all of the usage.
I'm mystified as to how this is happening and I don't know what to do. Changing my password every day is going to be a huge pain.
Would going back to the Linksys firmware help?
Is there another solution?

I'd appreciate any suggestions.
Thanks.

 

[Modelworks]

Use WPA2 not WPA. WPA is very vulnerable.
Password should be long, anything less than 13 characters is too short.
Make sure you create a strong password.
Something like this: R6K<v^s$#PldP!
http://strongpasswordgenerator.com/


Once you get a secure password in place, grab a laptop with a portable wifi antenna and hunt down the SOB stealing your connection

 

[nboy22]

Use WPA 2 as suggested by Modelworks and also you could slap some MAC address filtering into the settings on the router.

Of course, someone can spoof your mac address if they know how to, but I think that it would be good just to have another layer they would have to hack in order to get through.

 

[Fardringle]

It is difficult to crack WPA encryption unless you are using a simple dictionary word as your password. Use WPA2 if possible. It is even more difficult to crack. There are a few likely possibilities:

1) You're using an easy password and one (or more) of your neighbors knows enough of what they are doing to crack it. Use a truly random 64-character password created by a random password generator like grc.com (use the hexadecimal option). If the bandwidth usage continues then it is extremely unlikely that someone else is hacking your wireless and stealing your bandwidth and more likely your own equipment. EDIT: The site that Modelworks posted is another good password generator.

2) You're actually using WEP and not WPA. WEP is not terribly hard to crack with the right tools even with a good password.

3) You have more than one computer or Internet enabled device in your home and it's actually something in your own home that is using the bandwidth.

4) There is something wrong with your router and it is malfunctioning in a way that "uses" bandwidth from the ISP even when your computer(s) are not active. This is highly unlikely, but almost anything is possible with cheap consumer equipment. Upgrade to the latest version of Tomato (currently 1.27) to eliminate a bad firmware installation as a possible culprit.

 

[Gillbot]

I use WPA but I have long password (63 chars I believe) and it's yet to be cracked.

 

[Tsavo]

I use WPA but I have long password (63 chars I believe) and it's yet to be cracked.

I cracked it. Here's the passcode:

Humpty Dumpty sat on a wallHumpty Dumpty had a great fallAll the king's horses and all the king's menCouldnt put Humpty together again01

 

[onza]

so i'm curious to know what your PW is?

You dont have to spell it out but what is it? god, sex, love?

 

[Gillbot]

123456789012345678901234567890123456789012345678901234567890123

 

[MedicBob]

8675309

 

[BlitzCanuck1]

Thanks for the suggestions.
I'm keeping my fingers crossed.

 

[rudder]

Maybe you are hosting a porn site of send out spam without realizing it. Have you checked for viruses?

As others have said.. most users cannot crack a complex WPA password. usually the only way is a dictionary type attack.

 

[Modelworks]

Maybe you are hosting a porn site of send out spam without realizing it. Have you checked for viruses?

As others have said.. most users cannot crack a complex WPA password. usually the only way is a dictionary type attack.

I don't know if tomato firmware supports it but my netgear has the feature of try password 3 times and if you get it wrong you have to wait a preset time , I set it to 24 hours, before you can try again.

At that rate it would take them decades to crack.

 

[Fardringle]

8675309

I'm sorry, Jenny's not home. Would you like to leave a message?

 

[razel]

Next time you change your password, try by wired. WPA is time consuming to crack and it's faster to monitor all your packets and watch for passwords. This includes when you login via wireless to change your password on the router. They can search their packet logs for the new password. So when you go wired to change the password, turn off wireless or kick out all current wireless connections. If you can't turn wireless off or kick out, then only allow one dummy MAC address like AB:AB:AB:AB:AB to authenticate. You just need to temporarily block wireless while you change the password by wired. Use WPA2-AES, change your password, then set your wireless back to normal.

Best of luck.

Just had a brain fart... You can also take your router to a buddy's house and without having to block wireless change the password there away from your wireless coverage.

 

[Gambit808]

8675309

i loved that song! 80's rulle!

 

[msap14]

1. change the SSID of the network

2. make a rediculously complex password

3. dissable broadcasting (given your router/switch supports this)

4. enable mac filtering (given your router/switch supports this)

Hope my first post on anandtech helps 8P

 

[Fardringle]

1. Changing the SSID will only mean that you have to manually reconfigure the connection on your own computers. It will take a hacker a few seconds (tops) to find the new SSID even if you disable broadcasting of the ID.

2. It doesn't necessarily have to be a "ridiculously complex" password, but at least something that is not easy to guess. Random numbers and characters do make good passwords but a phrase you can remember works very well as long as it is mixed characters and not a word from the dictionary.

3 & 4. Disabling broadcasting and enabling MAC filtering have no real effect on wireless security. They only make it harder for you to connect your own legitimate machines, and some wireless clients actually won't connect properly if the router is not broadcasting its SSID. A wireless packet sniffer will find a non-broadcasting SSID and a few minutes of monitoring will find a legitimate MAC address that can easily be spoofed on the intruder's machine.



Use WPA2 with a strong password and nobody will ever get access to your wireless network unless you give them the password. Simple, easy, and secure.

 

[NesuD]

look in the device list in tomato and see which device listed there is not yours. You should be able to get their mac address, the ip your router is giving them, the computer name, and some information about the devices manufacturer possibly. If you want to have some fun classify all traffic by their mac to the lowest priority and then set max bandwidth limits for that class super low like sub dialup speeds. Did this to my teenagers to teach them a lesson and it was .. well hilarious. Your running tomato. You can do some damn fun bandwidth manipulation with it. Learn to use it. It is good knowledge to have.

 

[razel]

Those are fun things to do... but that's assuming that the hacker doesn't have the password to the router. Logging into the router is usually one of the 1st things I do (1st would actually be sniffing for windows shares, alot of my neighbors got great p0rn). In my expereince, most of the time the router password is at default or is the same as the wireless key. Funny how that's how mine is setup.

 

[RebateMonger]

Yeah, I'd be sure that remote administration to the router is disabled, change the router's password to something long, and change the WPA or WPA2 password to something long (25 characters or longer).

 

[Raduque]

Yeah, I'd be sure that remote administration to the router is disabled, change the router's password to something long, and change the WPA or WPA2 password to something long (25 characters or longer).

Do this all from a wired connection.