Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | 4 | (show all)   Print Thread
Standard User grapevine1
(regular) Sat 12-Jan-19 13:02:14
Print Post

stop wifi remotely, ethernet lan to remain on.


[link to this post]
 
Trouble is that an individual is continually attempting to hack into wifi modem/router, also attempts have been made to enter an HP printer when switched on thro' its wifi.. A wifi scanner was hired to collect evidence of the offenders/Hackers wifi signal from his router, and, watched on an android tablet with wifi analyser having be loaded.
The near property suffering from the attempted hacking into, has previously been a sub 3 Mips at very best (BT long line in poor shape in the country) into an old netgear modem/router which feeds a new ethernet lan to each room as a spiders legs.
Facts;- Within days the property will receive an uplift to broadband from FTTC via it is hoped a better quality length of twisted copper dropwire.into a HUB modem/router which must be replaced.
Suggestion has been once again to purchase another UNLOCKED modem or modem/router and wifi unit so that wifi only can be swithed off when not required for use.
What value for money UNLOCKED modem or modem/router would you purchase that would provide access to full router stats and what separate wifi unit would you fit so that its DC power could be remotely switched or the wifi signal be able to be switched on/off as required without the modem/router or separate wifi unit being physically accessed.. The new copper from the FTTCcab will deliver above 25 Mips
Standard User Michael_Chare
(fountain of knowledge) Sat 12-Jan-19 17:22:32
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: grapevine1] [link to this post]
 
I could configure my ebay Zyxel VMG8924-B10A to only allow specific MAC addresses to access the Wifi. It will work with ADSL and VDSL. The box can also be configured to allow remote management only from a specific subnet. If that helps!

Michael Chare
Standard User baby_frogmella
(knowledge is power) Sat 12-Jan-19 17:50:06
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: grapevine1] [link to this post]
 
In reply to a post by grapevine1:
Trouble is that an individual is continually attempting to hack into wifi modem/router


I assume the existing wifi network is protected by a strong WPA2 password? if not, that would be the first thing you would need to do, irrespective of router. Once you have enabled WPA2 encryption, this makes it quite difficult for the hacker. WPA2 can be hacked but its not something which can be done easily by any wannabe hacker.

In answer to you question, yes wifi can be stopped remotely on routers. You would need to buy a Netgear or Linksys router and use their smartphone app to turn on/off the router's wifi - the smartphone app works through a 3G/4G data connection so no need for the smartphone to be connected to the router in question.

FluidOne FTTPoD 330/30 Mbps
Phicomm K3

Edited by baby_frogmella (Sat 12-Jan-19 17:52:40)


Register (or login) on our website and you will not see this ad.

Standard User grapevine1
(regular) Sat 12-Jan-19 18:45:55
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: Michael_Chare] [link to this post]
 
Michael
Thank you so much for the prompt response, Yes I understand what you say we have used wpa2 plus loaded the old modem router (on the long poor quality twisted pair copper line from the exchange) with the MAC adresses that we wish to be the only ones to be accepted. I have had captured and saved live the info of the full details electronic address's etc of the eguipment attempting the multiple attempts to enter our internet connected equipment, and watched as we change wifi channel the culpret follow the changes of channel on 2.4.Gb and the following of the chanel in use by the HP printers. So we now have the evidence.

I have to determine which modem to purchase and that must feed the current ethernet network that has a Giga switch to connect to the printer any laptop etc connected to the ethernt sockets.
Another point I must add is we cannot use the smartphones (on wifi) to print off etc within the property because the mobile mast signal has been lost for the next 3 to 6 months (untill their relocation) by the current development commenced of some 2000 dwellings etc and until the move of the Mob network mast stations, the current signals have diminished to 'zilch' in the property and a very low signal within the curtilage. In the summer months the signals have been reduced for years by the trees that existed in the signal path line, some have now been removed!.We are hoping soon to use the new smartphones thro our new proposed broadband wifi unit.
Finally we want to be able to contiue to switch on the wifi , for security, only when it can be monitored and is required, and off when not which is the current situation. -- Thanks Grapevine1
Standard User grapevine1
(regular) Sat 12-Jan-19 19:27:29
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: baby_frogmella] [link to this post]
 
baby_frogmella,Yes Thank You,
Yes, I have just purchased some new smartphones with android 8.1 for that purpose.
My intention in this post was to see what others with up to date knoweledge might suggest.for I am very rusty on the subject.
Currently the router on the twisted pair long line likes nothing other than Windows 7 so two Laptops are main and standby for that purpose. but until recently they were required for our professions networks,
Now it appears modem/routers work to windows 8.1 or 10 plus smartphones.etc
Previously we used a windows 7 laptop to switch the modem/router WiFi on/off.
Today a modem/router (obviously locked) has arrived sent by the new broadband provider and we will be TXTed to swap the DSL copper feed from the FTTC cab to their modem/router in the next 10days (which modem will be retained as a standby). What a joy it will be to have a min of 29G Mips of the 36 Max offered.
I wish to once again to purchase our own modem/router as I will be able to monitor remotly the 'router stats' etc for security purposes (until now I had a Mobile panel unit to an external antenae rooftop) for signaling.
May I ask which of the Netgear/Linksys Modems was in your mind as a value for money purchase obviously I never purchase the latest and they woul;d not be for gaming or such geeky purpose.
BW grapevine1
Standard User baby_frogmella
(knowledge is power) Sat 12-Jan-19 20:36:24
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: grapevine1] [link to this post]
 
Had another thought: many routers allow you to hide the wifi network names so this might be the best way to go, instead of having to continuously switch on/off wifi.

You then manually type in the network name & password on your wifi client(s) and connect that way. Basically your router becomes 'invisible' to the hacker. It goes without saying choose a very strong wifi network name (SSID) & pw to greatly reduce the risk of the hacker guessing these correctly.

Wrt router choice, if money's no object go for something like the Netgear D7800. Its a great router with top class wifi range/speeds and allows you to hide the SSD. See here, page p98 (turn off 'enable SSID broadcast' setting)

If you want something a bit cheaper, then go for the TP Link VR900v2. It also has an app (where you can switch on/off wifi remotely) and again allows you to switch off wifi network name if you wish. simply tick the 'hide SSID' box. Have a look here at the VR900 emulator:
https://emulator.tp-link.com/Archer_VR900(EU)_V3/ind...

FluidOne FTTPoD 330/30 Mbps
Phicomm K3

Edited by baby_frogmella (Sat 12-Jan-19 20:37:44)

Standard User grapevine1
(regular) Sat 12-Jan-19 23:22:51
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: baby_frogmella] [link to this post]
 
Hi F-M
I was just looking at TP Link VR900 and thought must read all this spec so now I have just looked at your last post with the V2 ----VR900V2 will look in the early hours when I have been a little refresed
Id been keen before I posted this strand to go for a seperate wifi unit for 2.4 and 5 Ghz but maybe I can be persuaded to go down this VR900V2 route. I dont really want to self design and construct modules like I did before the commercial technology has advanced so much since 2012/3.I cant forget all my years in research with a soldering iron before I got booted upstairs.
You have some extremely constructive posts over time clearly hands on!. If you wish to PM me go ahead.
This could all get very interesting technically Ive been hands off this topic for more than three years. A number of advances have missed my gaze because of otherwork.The cost of the latest commercial gear maybe somewhat excessive I fearand especially if you are not using it for gaming or geeky.
Starting to burn some midnight oil again BW & Thanks
Grapevine1
Standard User baby_frogmella
(knowledge is power) Sun 13-Jan-19 09:54:14
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: grapevine1] [link to this post]
 
The VR900V2 is a great all-in-one router for the money. I normally do recommend having a separate modem & router but only if you like to have a powerful router with advanced features such as OpenVPN, Plex server or installing third party firmware such as DD-WRT which gives you almost unlimited config options. However for a regular user who just wants to setup the router and forget about it, an all-in-one router such as the VR9000V2 would be perfect. I recommend buying it from Amazon as you have 30 days hassle free returns and also its on sale for £99.99 (usual price is £120+)

FluidOne FTTPoD 330/30 Mbps
Phicomm K3
Administrator MrSaffron
(staff) Sun 13-Jan-19 15:28:56
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: baby_frogmella] [link to this post]
 
Had another thought: many routers allow you to hide the wifi network names so this might be the best way to go, instead of having to continuously switch on/off wifi.


If someone has been persistent then this won't help at all, and can cause as many problems for legit users of the wi-fi network.

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Administrator MrSaffron
(staff) Sun 13-Jan-19 15:30:44
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: grapevine1] [link to this post]
 
If you have evidence, then since hacking wi-fi can see you arrested, reporting to the police might be an avenue, i.e. its likely that someone is wandering around trying different networks for holes.

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User grapevine1
(regular) Sun 13-Jan-19 16:20:00
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: MrSaffron] [link to this post]
 
Mr Saffron,
Thank you sdo much,
I thank you for your kind information
We are fully aware of all the charges that would apply to any person carrying out such interference to communications and any equipment involved etc and further charges that will apply to those persons whose actions cause Harressment alarm and distress and especially fear of any form of violence as a result of their actions. There is another fact that it all may add further legal charges if it has also caused damage to any part of or contained within the property in which a dissabled person resides and further especially if that residence has been prior registered with the local authority and an annual reduction in that properties council tax has been in place in prior years to the offences taking place. There is also a Human rights issue which is to complicated to address at present.
This is all compounded if the situation has been reported to any Police Officer and no action resulting or known to have been ignored.
BW
grapevine1
Standard User grapevine1
(regular) Sun 13-Jan-19 16:38:49
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: baby_frogmella] [link to this post]
 
Baby_frogmella,
I am greatfull for your suggestions all points you have put forward I have reason to agree with, may I ask what dongle have you had any experience or even use of USB or otherwise in connection with the switching signal from a 3/4G signal to switch the WeFi on and off.

As a matter of interest what version of the Netgear router model you mentioned, or other such netgear items do you consider might be value for money for a domestic installation to enable a WiFi modem to be switched on/off.

Historically I have always in the past fed the ethernet output of the Modem or Modem/router into a Gigabyte 8 or 10 o/p switch

When I set up the last Netgear system the only commercial way was to use a small laptop to monitor the Routerstats of the line in question and via the ethernet cable switch the wifi on/off.

The smarfone app is a big step forward for all those who live where even the 9yr old kids are streats ahead these days of my historical ability when I was 18yrs old in respect to machine code programming.. They sure can Hack without any formal programming education.
BW
grapevine
Standard User grapevine1
(regular) Sun 13-Jan-19 16:47:18
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: baby_frogmella] [link to this post]
 
Baby_frogmella,
I am greatfull for your suggestions all points you have put forward I have reason to agree with, may I ask what dongle have you had any experience or even use of USB or otherwise in connection with the switching signal from a 3/4G signal to switch the WeFi on and off.

As a matter of interest what version of the Netgear router model you mentioned, or other such netgear items do you consider might be value for money for a domestic installation to enable a WiFi modem to be switched on/off.

Historically I have always in the past fed the ethernet output of the Modem or Modem/router into a Gigabyte 8 or 10 o/p switch

When I set up the last Netgear system the only commercial way was to use a small laptop to monitor the Routerstats of the line in question and via the ethernet cable switch the wifi on/off.

The smarfone app is a big step forward for all those who live where even the 9yr old kids are streats ahead these days of my historical ability when I was 18yrs old in respect to machine code programming.. They sure can Hack without any formal programming education.
BW
grapevine

PS Sorry posted (wrong thread)
Standard User baby_frogmella
(knowledge is power) Sun 13-Jan-19 17:18:44
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: MrSaffron] [link to this post]
 
In reply to a post by MrSaffron:
Had another thought: many routers allow you to hide the wifi network names so this might be the best way to go, instead of having to continuously switch on/off wifi.


If someone has been persistent then this won't help at all, and can cause as many problems for legit users of the wi-fi network.


But surely if the router isn't publicly broadcasting any wifi network name, then the hacker has nothing to hack into? Like I said, most - if not all - wifi clients allow you to manually enter a wifi network name & password so all the OP needs to do is to make a note of the hidden SSID and pw and simply enter this into the req'd clients - this would just need to be done just once for each client as the clients would normally auto-reconnect. He would have 100% control over which clients are allowed onto his network.

FluidOne FTTPoD 330/30 Mbps
Linksys EA9500v2
Standard User baby_frogmella
(knowledge is power) Sun 13-Jan-19 17:32:54
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: grapevine1] [link to this post]
 
If you want to buy a Netgear router at a reasonable price then something like the Netgear D6400 is a good option. Once installed, the Netgear genie smartphone app allows you to switch on/off the router's wifi.

Wrt wifi adaptors, most of my wifi clients have wifi built-in. On my desktop PC I'm using this wifi adaptor which is great. If you have a choice, go for a PCI wifi adaptor rather than a USB model as the PCI models (generally) perform better. Obviously for a laptop PC requiring wifi, you're limited to USB models only,

FluidOne FTTPoD 330/30 Mbps
Linksys EA9500v2
Standard User ukhardy07
(knowledge is power) Sun 13-Jan-19 21:27:45
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: grapevine1] [link to this post]
 
Hey, I actually work in the security field and have done corporate wifi penetration testing etc in the past. A lot of the advice here is unfortunately poor and comes from a concept of applying logic, rather than understanding the security underpinning WPA2 encryption.

So to set things straight:
1) MAC address filtering does absolutely nothing for security.

As an example, my network name is BTHub6-6S4Z. When I bring my iPhone home, it transmits a signal effectively in all directions of every WiFi name it has ever connected to, in the hope it finds BTHub6-6S4Z. It also broadcasts its MAC address. My iPad does the same, my macbook, my PS4, Printer etc.

As an attacker what I can do is listen to the wireless traffic around me - this is called "monitor mode." In the case above, say I had an attacker living next door to me. The attacker would be able to see my iPhone is looking for BTHub6-4S4Z, and they also can see my iPhone MAC (lets say it's 11:22:33:44:55:66).

If I had MAC address filtering enabled, it is bypassed with no hacking at all. The attacker can see my iPhone with MAC address 11:22:33:44:55:66 is requesting BTHub6-4S4Z. All the attacker needs to do is pop in the properties of their network card, and change their MAC to be 11:22:33:44:55:66, and connect to BTHub6-4S4Z. In they go, 15 second job.

Same applies for "hiding your SSID." Say I hide my SSID for my BTHub6-4S4Z network... My iPhone, iPad, Macbook, PS4, Printer, Work Laptop etc will still connect in, and in doing so they will push out this data in every direction asking for this network. Once they connect, they will push out data saying the SSID they are associated with. The attacker can see every device in my home effectively calling out for BTHub6-4S4Z... They can even see a list of every device in wireless range of themselves that is associated with my network name, and all of the MACs. The SSID is hidden, but it is literally being broadcast in every direction by every device I own, in clear text, unencrypted form. Easy to figure out my networks name right smile ?

Point is, hiding your SSID, and MAC filtering do nothing to solve security. This data is literally pushed out by every device, in every direction, and is never "hidden." The WiFi specification is not designed to hide this data, as it was never a security measure.

2) A strong WPA2 password is important, although most hackers will not exploit the password, but rather exploit flaws in WPS or the PINs. On older devices, these can often be exploited in less than 2 minutes... Even if I had a 50 digit WPA2 password, if I exploited WPS, this would just hand over the 50 digit password. WPS exploits are no slower/faster depending on password complexity.

This is why disabling WPS is real important. It is recommended to change the WPA2 password and have a length of 16+ characters (if you know you are being compromised, set a super long PW e.g. 60 characters), and it is recommended to change the SSID from the vendor default also. WPS should not be used / enabled... This applies to all WiFi extenders / booster type devices also.

NOTE: On many devices when you turn off WPS, it does not actually disable. This is a flaw in design, and applies to older devices again.

When an attacker sees an SSID of BTHub6-XXXX, it tells them 1) The device to be compromised is a BT Smarthub and 2) The password is most likely 10 characters (the default length used on all BT Smarthubs). This severely reduces the possible password combinations. This is why changing SSID/password is important as now the attacker has a much bigger job on their hands to test all possible passwords.

Unfortunately, authentication is totally flawed on WPA2 implementations. What this means is, as an attacker I can basically send a request to your router, and ask it to disconnect every single device, it will respond by doing just that. There is no protection of this mechanism where devices connect / disconnect.. If you have a very malicious attacker, they could get "angry" and retaliate by constantly sending requests to your AP to disassociate every device, resulting in the user being unable to ever connect to the WiFi. This is highly illegal, but does occur at times.

WPA3 will resolve this flaw, apparently. smile

WPS etc is getting more secure, for various reasons, but I would still disable it.

In your shoes I would do the following:
1. Reset the router to factory defaults - the reason I say this, attackers can setup remote management which enables them to get into your routers settings from anywhere in the world. E.g. they could go into the settings from Australia... In the settings would be any wifi password.

Everytime you change the password, the attacker just logs into the router from another network (e.g. mobile phone data), pops in the settings and brings up the new password. Then they connect in...

Hence, it is worth resetting with a pin in the reset button to ensure they have not installed any of these "back doors."

2. As soon as the router is reset, login to the router, and change the admin password of the device to something complex e.g. a 16 digit random password.
3. Login to the router with the new admin password, navigate to the WiFi settings, disable WPS/WPS PINs.
4. Change the SSID to something else, keep SSID broadcast on, there is no security benefit disabling this. Do not bother with MAC filtering, there is no security benefit.
5. Set the router to WPA2-AES only, NOT WPA / WPA2 Mixed Mode. Set a password of 16+ characters (or 60 if you don't mind entering it one time on every device). Ensure no dictionary words are used e.g. Football10 and do not use common variations of words e.g. F00tb4ll10.
6. Double check remote access is disabled on your device (if your device supports it). Double check changing the SSID/Password has not re-enabled WPS.
7. If you can, reduce the WiFi AP power, so it only covers the property as required.
8. Apply any firmware updates to your device, in case there are inherent security weaknesses on your APs WiFi setup. If there is an auto update function, enable it. If you have ISP kit, this should get updates automatically...

If your device is end of life and not supported by the vendor, consider replacement with a new piece of kit, or a latest and greatest ISP device which will likely meet a much higher security standard out of the box (e.g. enhanced WPS pin lockout etc - still disable WPS).

At this point, it is likely the attacker will move onto an easier to compromise device. Your AP becomes a huge headache to get into...

Edited by ukhardy07 (Sun 13-Jan-19 21:51:01)

Standard User jabuzzard
(member) Sun 13-Jan-19 22:12:45
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: ukhardy07] [link to this post]
 
I was coming to post that MAC filtering and hiding the SSID is an exercise is wasting time. Basically I would second everything you have said as being things to do.

However I would add if the attacker is using a consistent MAC address one might consider using a MAC blacklist on it. Might take them sometime to work out what you have done.

There are some other options, just ditch pre-shared keys completely and go WPA2 enterprise. Lot more hassle but you could that put a lockout on failed authentication attempts.

As for turning the WiFi on and off remotely my suggestion would be a Ubiquiti EdgeRouter X SFP with whatever combination of UniFi AC Lite, AC LR, and Mesh AC being powered using the 24V passive PoE from the Edgerouter. You can then just SSH into the Edgerouter from wherever (assuming static IP and/or dynamic DNS) and then you can turn it off using

configure
set interfaces ethernet eth0 poe output off
commit
save
exit


and turn it back on with

configure
set interfaces ethernet eth0 poe output 24v
commit
save
exit


Note you only need the save command if you want it to persist across reboots of the router. It would also be possible to script this up so that it turns on and off at specific times.

You could do the same with a Mikrotik hEX PoE as well, and Mikrotik have a range of WiFi access points that work with 24V passive PoE. You could mix and match between Mikrotik and Ubiquiti if you wanted as the two 24V passive PoE's are compatible.

You would need a separate modem as well but a HG612 3b off eBay is cheap and reliable, and with the appropriate adaptor you can power that using 24V passive PoE too.

https://www.amazon.co.uk/gp/product/B00EBCQ5FM

Added advantage IMHO with this sort of option is that you are dealing with devices that are going to get regular and prompt firmware updates unlike the consumer grade devices suggested by other people. Personally I consider the consumer grade stuff to be worse than an utter waste of time if you are interested in security.

Obviously going down the Ubiquiti/Mikrotik router is more complex than ISP supplied or other consumer devices, but it is a thousand times more robust.

Finally you could consider physical security. That is wrap the property in a Faraday cage, though at this point you would then need to put a femocell inside the house if you want mobile coverage, or have a phone capable of WiFi calling. Rather extreme and very expensive unless your house happens to be made of bricks full of ferrous material smile
Standard User grapevine1
(regular) Sun 13-Jan-19 23:58:07
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: ukhardy07] [link to this post]
 
Hi UKH

My professional life has been in Electronics FOR Coms ,IT and Law. I believe we have met 2010/11. I had some involve,ment in your industry you can PM me if you like
My other halfs very elderly mother has just been rushed into Hospital 150 miles away, just to say if im off topic for a few days I have to concentrate on my rock.
Standard User grapevine1
(regular) Mon 14-Jan-19 00:31:55
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: jabuzzard] [link to this post]
 
Hi JB
My professional life has been in Electronics FOR Coms ,IT and Law. I believe we may have met 2009/11 (Digital Economy Bill). I had some involvement in your industry you can PM me if you like
My other halfs very elderly mother has just been rushed into Hospital 150 miles away, just to say if im off topic for a few days I have to concentrate on my rock, to share the projection and control of an old fashioned design of combustion Engine in front of us.
For interest The original half of My property was built by the family prewar the 30's and the black mortar etc was steelworks flyash a faraday cage that takes some beating but the new houses (microcabins) now being constructed the other face of the valley are internal wooden frame (in a day) sections metal foil covered with a brick outer layer, a signal reflector and blocker, hence my poor mobile signal at present. Some of the Beech trees in the signal path (are being removed) with their leaves forming a half wavelentgh attenuator in the summer months. I have added this last long sentance for some factual light relief. I spent a chunk of my life 67- 85 being fried by high powered 10 to 30 Ghz and getting the signal and reception up to 50,000miles. So the practical of domestic broadband although in recent years known to me. I considered was for another branch of Research and Consulting Engineers
BW
grapevine1
Standard User jabuzzard
(member) Mon 14-Jan-19 10:56:54
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: grapevine1] [link to this post]
 
It occured to me that an alternative approach might be to go down the route of either a honeypot and/or tarpit.

It in the first instance might make identifying the culprit a piece of cake, as you would be able to man in the middle their traffic. Something a simple as sending or receiving an email could give them away. Also if they get in and then find the connection is rubbish and limited due to the tarpit approach they might decide it's not worth the effort.

A third approach would be to go on the offensive. Just watch their MAC address and send deauth packets when ever the associate with an access point. Do that for a day then stop. If they still attack your network start again. Repeat till they give up.
Standard User TechServ
(newbie) Mon 14-Jan-19 15:04:34
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: grapevine1] [link to this post]
 
Lots of good sensible comments on improving your wifi security already posted, but just as an aside - are you certain you are seeing hacking attempts via wifi?

The only reason I ask, is I have seen a number of times people mistaking "hacking" / unauthorised attempts to authenticate to a domestic wifi signal - do you have the MAC address of the suspect device? From this we could ascertain the vendor and even model number - unfortunately all to often in domestic settings the rogue device is found to be either a forgotten device or a neighbour inadvertently attempting to connect to the wrong router.

When you say that the device follows when you change wifi channels and trys to connect to the HP printer as well - this suggests it might be something locally that has once legitimately connected to the network rather than something malicious.

Very rarely does a domestic connection see multiple attempts to brute force connection over a period of more than a minute or 2, even rarer would be multiple attempts on separate occasions.

Far more likely to be a mobile device that once connected or entered incorrect password repeatedly automatically jumping on the SSID when in range, then timing out or the user forcing a different connection to regain working internet access.

There really is no need to spend a lot of money on a high end router I would suggest - use the ISP provided router and if you want to easily disconnect WiFi when not in use you can:

Disable all WiFi in the ISP supplied router
Login to the old Router and change the SSID Network name and set a new secure password with WPA2 encryption - ensure you do this for both 2.4GHz and 5GHz. Turn off DHCP on the old Router. Change the device IP Address from (say 192.168.1.1) to a unique static address ie 192.168.1.249. This device will no longer act as a router, only as a WiFi Access Point.
Connect the old Router to the new ISP Router from LAN to LAN - do not connect WAN / DSL on old router.
To disable WiFi simple power off the old router only. Internet connection will remain on ISP router without WiFi.

If you have the MAC address you can post this and we can look up the vendor and device for you.
Standard User grapevine1
(regular) Mon 14-Jan-19 16:39:56
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: TechServ] [link to this post]
 
Tech Serv,
Just to make this very short.
We know the two persons in particular that have been hands on the modem
We know the make of modem/router and its badge name
we know the service provider
We know the contract details
We know the MAC address
We know the vendetta of the two persons involved and the reason why.
AND a lot more
We now know who else is involved quite a surprise

I was placing this slightly strange marker headline to get some feed and looking for hands on users qualified or simply experienced by practical use and wished for info as to what equipment from personal practical application they think that produts and their configurations have been used to
protect without going to the killer top price to attempt a fix and or legally entrap (entrapment is generally not an offence) a troublemaker from such actions to a domestic situation

We now have the list of names of all those involved for all appropriate action which has commenced before I started asking these questions.
If you wish to PM me please do
BW
grapevine1

PS In sitting down with Hackers in the past (in the course of my employment to be one of a team looking into how they achieved what they achieved), the majority and most competant ones, had no formal education from a computer, IT or communications (I add electronic) formal education arena, we obtained, and I was one of a team increased my knowledge (in shock) and we as members of that team realised how our formal education in the subject was why we found it so difficult to find little or any structured approach that had been taken on their route to cause the havok that that those that do for fun or financial and material gain. I live with a very open mind
Standard User RobertoS
(elder) Mon 14-Jan-19 19:07:48
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: grapevine1] [link to this post]
 
Is this happening in the UK, or Bangkok, or Phuket? Or in any way associated with a business in those places.

(If anybody thinks that is filter evasion, the second is a place just like the first, and I have reason to think the OP may be associated with those two places).

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - Three 4G, tbb tests 35-45Mpbs down, 9-15 up.
==================================================
If you never think of anything off the wall, you'll never think of anything original.

Edited by RobertoS (Mon 14-Jan-19 19:08:58)

Administrator MrSaffron
(staff) Mon 14-Jan-19 21:28:32
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: baby_frogmella] [link to this post]
 
Does not stop them, only thing that can truly stop them hacking the Wi-Fi having no Wi-Fi

MAC filtering and hiding SSID are two of those make people feel like they are doing something comfort blanket security measures

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User jabuzzard
(member) Tue 15-Jan-19 14:23:53
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: baby_frogmella] [link to this post]
 
Because everything that is connecting to the AP is broadcasting the SSID it is looking to and/or is connected to.

So as the blackhat all I need to do is sniff the WiFi traffic in the vicinity for a short while and I will quickly find out what SSID's devices are connecting to.

At this point I would note that I can also see all the visible SSID's so can quickly get a list of SSID's that are being hidden, which as a "blackhat" are of extra interest.
Standard User grapevine1
(regular) Fri 18-Jan-19 20:56:01
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: baby_frogmella] [link to this post]
 
B_Fm
So if I was to pose you a question what modem would you chose to act as a WiFi only unit with its 12V DC supply switched off when not required and the approopriate turning off of its DHCP etc and what modem would you choose to handle the connection (today at last via a short twin copper feed noiw from the FTTC) to the ISP and our feed from the ethernet switch that has separate feeds from our laptops and other devices that we use in the house there is also a separate ethernet feed from the different security and monitoring units.
I must admit that I am partial to netgear routers fancy something like NETGEAR D7000 series Nighthawk AC1900 but have been reading up on the VR900v2, all will have to be 12 volts DC fed. I have a friend who is attempting to convert me to Mikrotik modems, and Ubiquitik so a little more reading I guess.
BW
grapevine1

A great improvement tonight, three new stout NEW poles yersterday in the lane and upgrade from 4M to 32, almost instant!! pages so worth the efforts I hope. Just like the office in central London!
Standard User RobertoS
(elder) Fri 18-Jan-19 21:45:06
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: grapevine1] [link to this post]
 
In reply to a post by grapevine1:
B_Fm
So if I was to pose you a question what modem would you chose to act as a WiFi only unit
wink [pedant mode on]
Modems don't do wifi. In fact technically neither do routers or modem/routers.

What are frequently called routers on broadband forums are nearly always all-in-one boxes containing a modem, a router, and a wireless access point. [/pedant mode]

Compare with an all-in-one printer. It isn't a photocopier. It isn't a scanner. It is a printer with the other functions built in smile.

In fact at the domestic level these days it is almost (or completely?) impossible to find a modem. The only ones called "modem" I see are all modem/routers configured in bridge mode to bypass the router (and WAP if fitted) component(s). The prime examples being the Draytek 130 and the two Openreach FTTC "modems".

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - Three 4G, tbb tests 35-45Mpbs down, 9-15 up.
==================================================
If you never think of anything off the wall, you'll never think of anything original.
Standard User adrenalize_
(learned) Fri 18-Jan-19 21:50:26
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: grapevine1] [link to this post]
 
From various feedback avoid the Netgear D7000 v2. The original D7000 v1 was great.

Thats got the ADSL/VDSL modem built in - but for just using one as a WiFi AP then its a bit overkill. The R6250 or R6300 are great small(ish) routers that can be put in AP mode and do 5GHz 802.11AC.
Standard User grapevine1
(regular) Sat 19-Jan-19 00:11:00
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: adrenalize_] [link to this post]
 
Thanks adrenalze
Thanks you dug my mind, Yes theD7000v2 was not what some expected, I now recall a bit of a surprise after the more solid v1 there are so many win a bits and lose a bit.
I think maybe with so many changes coming I refer to advances and speed of rollout etc.
Maybe the time has come for me to go for separates
Im running Gigabts switches, the cat6 cable has been in use here for some time .
I use modem as a throw away term and have been corrected to Wireless access point
I thought that WPA3 would have been in by now, anyday perhaps? Ive just got a gut feeling.
So a WAC 104 dont think its necessary for the 124 unless Ive missed something.
Something like an old DM200 I have for a little while or such like, just maybe have to wait a few more months. Possibly the R6250 a good suggestion as I believe it runs some 10signals.
The reason If we do get the offer anticipated of FTTP I could play further, I put a (40 metre by 40mm" duct) from inside the house to the edge of the tarmac road/lane in 2009.
Im sure in another year the landline will be an item of the past at a gathering pace.
BW
grapevine1
Standard User RobertoS
(elder) Sat 19-Jan-19 00:43:05
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: grapevine1] [link to this post]
 
In reply to a post by grapevine1:
Im sure in another year the landline will be an item of the past at a gathering pace.
Mine ceases at the end of this month. My FTTC ceased in December.

Fully 4G mobile now, see my sig, with my phone in wifi hotspot mode and obviously still performing all its other functions. Saving £40pm. Drives itself, a laptop and an iPad. Netflix on Chromecast to the non-smart TV tested and works.

Latency wouldn't do for a gamer, and can occasionally add a couple of seconds to a complex website load. But! In daily use latency is fine, (not 70Mbps AAISP standard, so what?), £40pm is £480pa, and my connection travels with me smile.

PS: A long-established silver surfer!

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - Three 4G, tbb tests normally 35-45Mpbs down, 65Mbps off-peak, 9-24 up.
==================================================
If you never think of anything off the wall, you'll never think of anything original.

Edited by RobertoS (Sat 19-Jan-19 00:47:03)

Standard User grapevine1
(regular) Sat 19-Jan-19 08:01:34
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: RobertoS] [link to this post]
 
Bob,
like you "PS: A long-established silver surfer! "
My line is running today at at 30/31G
So I'll now get separates for WiFi and ISP connection as it all appears to be working my contract for 12 months said min of 29G so thats more than enough after all the years sub 5G. The DP is on the ple in the Lane oposite the house a number of fibre cables still hanging down the pole from its renewal on Thursday when openreach contractors ended up closing the lane from 8:30 until gone 5:30 but did 3 poles in total. competition in the form of community broadband from the next village is creaping to me (a difficult half mile away) but dont think their price will interest any possibles where i am. Lucky i wasnt at home (left before dawn returned at 11:30pm) as there was all hell to play as the residents were not advance notified (nor me) neither was the council etc just a man with a flag apparently 1/2 mile appart, and its a long drive round.
BW
grapevine1
Standard User grapevine1
(regular) Sun 20-Jan-19 22:56:58
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: baby_frogmella] [link to this post]
 
Hi Baby F_M
I have just finished my hunt now at speed because I have a great working 32M download provision AT LAST.
Also have just established that there is a V3 of the VR900V2 which has just been claimed as a good mod and/or mod to the V2(It does however require 2.5Amp at 12 volts, which will do to carry me thro a temporary period. I should know tomorrow (Monday) if there is any physical mod to the V2 not only software, the V3 should now be in the market place so I was informed..

Then a pal of mine has promised to set up a Mikrotek separates system for me.
he rang me to say it was going to be a belated xmas present. he, I did not know, uses commercially that equipmentfor his Community broadband and other major public events, so when he stays with us again in the next weeks, I will get a full practical hands on tutorial in the gear he has a vast theoretical and practical experience in,
So we will inform all of the system and setting up to reduce being the aim of those to attempt any further easy DoS etc that I have suffered in the recent past.
I am not looking forward to Tuesday as thats down to transfer to 3G/4G new mobiles and mobile network migration provision. I always buy smartphones outright seperate from sims with now the advantage of dual sim smartphones I can now for advantage put the other country sim in before I get rushed off in future.
thanks for your ideas from your practical experiences.
BW
Grappevine1
Standard User baby_frogmella
(knowledge is power) Mon 21-Jan-19 09:03:52
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: grapevine1] [link to this post]
 
Yeah according to the TP Link website there now appears to be a VR900-V3. Pretty sure the V3 will have slightly different hardware, it *should* be an improvement over the excellent V2.

https://www.lambda-tek.com/TP-LINK-ARCHER-VR900-V3~s...

FluidOne FTTPoD 330/30 Mbps
Linksys EA9500v2
Standard User grapevine1
(regular) Thu 24-Jan-19 08:51:42
Print Post

Re: stop wifi remotely, ethernet lan to remain on.


[re: baby_frogmella] [link to this post]
 
Thanks for all your suggestions,
I now know I am on a pre 2012 CAB with a little update to the old infineon electronics so I believe it will only supply just over 200 customers.
There is one hell of a row going on near to the cab in that some asking for FTTC cannot get it because altho new houses have been put in the large house garden (called development) what was the most expensive road/lane to live in in Wales the cable feed to the houses goes a long way 4Km to get to them altho some can see the CAB.
We also found out last night when I with neighbours saw openreach working in a new BT manhole further down this lane making off a 36 core fibre cable that had been drawn from the exchange past my house to basically a field that has become a pivate schools playing field (the jointer was a little confused why he said this big cable when only one core is to feed a small changing room!!!!!!?????). We as residents were not notified because that field is in the neighbouing council land!!!!! It turns out that councillors agreed a land swop!!!!!! What have we stumbled on the river was the only boundary we were aware of so who got what for what.
BW
grapevine1
Pages in this thread: 1 | 2 | 3 | 4 | (show all)   Print Thread

Jump to