i have run into or it found me , a new attack i didn’t think was possible. i had my router set pretty much open i live alone not much company. i started seeing my ip being used callinhg for groups and advertising a server at my ip with my ip. so thinking someone was getting in i went and set the mac addresses of the machines i use as the only addresses that could access the router . about an hour later i couldn’t get in the internet with my main machinei tried everything couldn’t connect with the wireless no problem with a wired connection. 2 or 3 days later with 1 machine destroyed i still couldn’t get in on wireless i thought it was something in the dialer i converted my machine to kali linux from windows again and it was better but still couldn’t get on the internet with wireless. Kali linux dialers show the mac address on the outside envelope of the dialer, with my main machine it is a constant source of irratation because in one of the classes we built a change mac, well i don’t know what or who has locked my mac to an address that is not mine and i’m stuck with it if i try to change it they knock me off line. at anyrate i know that mac address well and i looked at the dialer and it was different . i closed the dialer and tried signing on and it failer i opened the dialer and the mac address was different yet. i didn’t change it but it was or appeared to be changed if i opened the dialer the mac address on the inside was the same as always , the only to get back on the internet wireless was to change the mac limit in the router to open so any mac address can sign in . what can i do to defend against this kind of attack and what is that they are doing to change my mac address in apearence to the router so that it will reject my machine.i have a list of the different mac addresses that have been on my machine without me putting them there.and different ip addresses to go with them some of the time if i got signed in.
You said, “i had my router set pretty much open i live alone not much company.”
I’m not sure exactly what you mean, but that’s not a good idea. Consider logging in directly to your router interface and changing the username and password. Make sure you use a strong, secure password and don’t lose them. Also, change the WIFI SSID and Key (in addition to the physical router device’s interface).
If intruders are not getting in through the router interface login or through the wireless login, then is someone able to get into one of your devices, whether phone, laptop, etc., perhaps through downloaded software or email? Hard to say without being there to investigate. “Minimize your attack surface.”
gdub , open meaning i didn’t have as many security features enabled local like in my house i was password protected and had a few other features in place wep was on a push button i should have been alright no problem. i have a couple used computers i just got , I’m wondering if it came in the door with them. i don’t have a monitor yet so i’m not running them but i did start them up to make sure they run. just towers to use for storage and to practice some on . none of the video cards are any good so i have to get cares before i can do much of anything with them. my thought is to hook them together and use them as one after i get them going … but i have no idea what is on any of them.
any idea would be greatly welcome i can’t find anything in any of my systems i completely went thru may main and even reinstalled a different operating system on it after overwriteing and cleaning the hard drive. the shreader don’t miss much. but the problem presists somewhat. it just an irratation now i can get online with wireless and i have locked down the mac addresses again to 6 and i use 3 or 4 of them. but i see my ip coming up on my screen when i’m using wireshark advertising and talking to other ip addresses i don’t recognize . if someone is going to have a party at my place i want to be invited ya know .?
any ideas ? The internet provider i use has went thru the router and can’t find anything i have the firewall sent to med instead of low now . I talked to woman i know over east she had the same kind of problem with her computer and had to take it to a shop to get it to start up and connect she had some of the same kind of problems.
I have a lot of ideas but too many possibilities to go through. Can you find a good cybersecurity professional in your area to help you? Of course, that would be expensive but would save you a lot of headaches. If you want to fix this yourself, it will probably take a lot of patience and your own research.
Again, minimize your attack surface. Do a hard reset on your home router, resetting to factory defaults. Then change the default login name and password on the router console interface. Use unique, long, secure passwords for all accounts and don’t reuse them anywhere. Use a secure password manager like LastPass or 1Password. Disable WEP in the router console interface, it’s too insecure. Try limiting MAC addresses to just 1 device MAC (your main computer device) and perhaps using a direct wired connection and not using WIFI. Go through the other router settings looking for anything else that needs to be secured.
Is that 1 main device secured properly? Does it have malware allowing a hacker onto your network through that device? Do you have proper endpoint protection on that device? A properly configured firewall, updated antivirus? Have you tried XArp? On firewall, do you have default block all inbound and outbound with rule exceptions? Have you done a security scan with nmap or other program looking for open ports and other vulnerabilities?
Keep in mind some of these suggestions are just tempory, like limiting to 1 device and wired connection (with no WIFI signal), just until you can see where an intruder might be getting in. What if someone is hacking an Internet Of Things device, phone, or some other unsecured device? It’s hard to say, too many possibilities.
Are you using Windows? What operating systems?
Correction: above I said “Disable WEP”. I meant Disable WPS. But, in additon, make sure you aren’t using WEP either.
WEP is disabled and i have never used it to weak . The operating system i’m useing is kali linux i just went thru the whole computer hard drive when i put kali in about a week ago with the over write and erase over write and erace then encripted the hard drive on install. i’m pretty confident there’s nothing in my machine my main i have already cut the wifi from this machine and went to wired i had wireshark going when i did and it made a mess of what the guy was doing right then, made me think of a man in the middle that wasn’t quite in the middle . On my router i have an option to leave the ssid hidden or to broadcast it i left it hidden and change the name on my account and the password as well as going hard wire with my main. I think he is on the ropes with that , i also went to 802.11 funchion on the modem i’ll try to attach a bit of wireshake to this its not only my network that he is effecting.