It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Wi-fi WPA hacked three time this week and it only takes seconds to do
page: 3share:
I have read that the reason most routers get hacked is that the manufacturer does not have a default router username or password or a simple one like
admin and password. If they use a default username and password it takes seconds to search for it on Google.
I have a TP Link router that lets me input my own username and password. They are both 16 characters long with upper and lower case letters, numbers and symbols. I also use MAC whitelisting. I have never been hacked.
Joe Public, from my experience, don't know the difference between wireless and router password. I have secured many of my friends routers.
I have a TP Link router that lets me input my own username and password. They are both 16 characters long with upper and lower case letters, numbers and symbols. I also use MAC whitelisting. I have never been hacked.
Joe Public, from my experience, don't know the difference between wireless and router password. I have secured many of my friends routers.
edit on 14/7/2014 by earthblaze because: (no reason given)
edit on 14/7/2014 by earthblaze because: (no reason
given)
a reply to: earthblaze
also move the router admin page off port 80 if you can !
its easy for me to write a bit of HTML/Ajax that can browser to local pages like 192.168.0.1... and upload the results to a server plus don't allow access to router admin page from the internet.
a reply to: AnonBelgium
Nope even with my ISP hijacking DNS lookups the router would block incoming packets in the NAT and not forward the packets on.
In my case i only knew i had someone on the network because my DNS server blocked lookups because the LAN IP address was not registered to a machine. I do this so that i can have time schedules in the DNS server used to block machines at night.
For a time i could ping who ever it was and i also checked the routers DHCP and ARP tables and could see the MAC addresses that had been used and had two unique devices and one was using a spoofed MAC address because only the first two digits had been changed.
opthPA
I don't have that option by i can log blocks to file but it was not tuned on at the time.
also move the router admin page off port 80 if you can !
its easy for me to write a bit of HTML/Ajax that can browser to local pages like 192.168.0.1... and upload the results to a server plus don't allow access to router admin page from the internet.
a reply to: AnonBelgium
Nope even with my ISP hijacking DNS lookups the router would block incoming packets in the NAT and not forward the packets on.
In my case i only knew i had someone on the network because my DNS server blocked lookups because the LAN IP address was not registered to a machine. I do this so that i can have time schedules in the DNS server used to block machines at night.
For a time i could ping who ever it was and i also checked the routers DHCP and ARP tables and could see the MAC addresses that had been used and had two unique devices and one was using a spoofed MAC address because only the first two digits had been changed.
opthPA
I don't have that option by i can log blocks to file but it was not tuned on at the time.
edit on 16-7-2014 by VirusGuard because: (no reason given)
a reply to: AnonBelgium
Mine is OK and i can even connect a PC to the ISP and use Poppe but if they did try to block me then I would chain a router/firewall and send the WAN to the router supplied by the ISP.
As you know many ISPs leave hidden open ports in the free routers they give you and that was a big red flag to me.
on pfSense it seems that you need to install and run a squid plus a squid extension to get url filters working and this has put me off using it plus i don't think it lets you group services in the firewall rules.
what i have decided to go for is two routers with one being in the usual place and the other less secure router being connected to a second card on the machine that runs the DNS/Proxy server and then get IPads to wifi to the new router.
I will need to write a bit of software to relay from the new wifi card to the exsisting LAN card and don't think i can just bridge it as i want to block some ports and i don't think i can do that on a bridge and using sockets i know how to streaam NC1 to NC2 on port XXX but i don't have a clue how to bind to all ports at the same time apart from how to sniff the network but we will see.
This is a bit like sharing a pc wifi connection to create a public hot-spot with the added advantage of forceing all port 80 traffic to a proxy server without needing a outbound NAT and also allows me to play with SSL trafffic on devices that don't allow the use of a proxy server plus it allows me to stop my Samsung TV poking around my LAN on devices that don't have a firewall like ipads, phones, xbox and sky boxes using DLNA i think its called.
Just blocking device on exit to the internet using none standard ports is only half the answer and i would use a VLAN to isolate devices on LAN2 but i still want the proxy server because this is where you can realy see what in the request and decide to block/allow or tweak the request.
You could try it BUT keep in mind some ISP's don't let third party network equipment directly connect to their network over PPPE (again my ISP as example)
Mine is OK and i can even connect a PC to the ISP and use Poppe but if they did try to block me then I would chain a router/firewall and send the WAN to the router supplied by the ISP.
As you know many ISPs leave hidden open ports in the free routers they give you and that was a big red flag to me.
on pfSense it seems that you need to install and run a squid plus a squid extension to get url filters working and this has put me off using it plus i don't think it lets you group services in the firewall rules.
what i have decided to go for is two routers with one being in the usual place and the other less secure router being connected to a second card on the machine that runs the DNS/Proxy server and then get IPads to wifi to the new router.
I will need to write a bit of software to relay from the new wifi card to the exsisting LAN card and don't think i can just bridge it as i want to block some ports and i don't think i can do that on a bridge and using sockets i know how to streaam NC1 to NC2 on port XXX but i don't have a clue how to bind to all ports at the same time apart from how to sniff the network but we will see.
This is a bit like sharing a pc wifi connection to create a public hot-spot with the added advantage of forceing all port 80 traffic to a proxy server without needing a outbound NAT and also allows me to play with SSL trafffic on devices that don't allow the use of a proxy server plus it allows me to stop my Samsung TV poking around my LAN on devices that don't have a firewall like ipads, phones, xbox and sky boxes using DLNA i think its called.
Just blocking device on exit to the internet using none standard ports is only half the answer and i would use a VLAN to isolate devices on LAN2 but i still want the proxy server because this is where you can realy see what in the request and decide to block/allow or tweak the request.
new topics
-
HOUSE VOTES 320-91 TO BAN CHRISTIAN BELIEFS IN AMERICA
Political Issues: 4 hours ago -
Dugin's interview and the West's complete ignorance of Russia
New World Order: 6 hours ago -
Thousands of Anti-Semitic People Protest Israel's government in Tel Aviv
Middle East Issues: 7 hours ago