View previous topic :: View next topic |
Author |
Message |
machinelou Apprentice
Joined: 05 Apr 2003 Posts: 267
|
Posted: Sun Nov 23, 2008 4:48 am Post subject: Wireless lan compromised? |
|
|
I think that my wireless lan has been compromised. I have a dlink DIR-655 running WPA-personal encryption. Lately, I've been having problems connecting to the internet from within my lan. I noticed that soon after my machines connect to the wireless network the default gateway, dhcp server, and dns servers change from the router's ip (192.168.1.1) or some other machine (192.168.1.188). Furthermore, this was happening to all of my machines that used dhcp (2 pc laptops and 2 os x machines). WTF? When I try manually setting those settings back to 192.168.1.1 and viola, my internet works again. Next, I check to see if any of my machine have the MAC address associated with that weird ip. No. The mac address (00:14:bf:0f:dc:2b) isn't coming from any of my machines.
So, I ban that mac address from the router's wireless client list. The router logs show 80+ connection attempts from that mac address. Next, I changed my SSID and the WPA password.
Was I hacked? Why were the dhcp settings being changed to 192.168.1.188? The other thing I considered was that my router firmware was just really messed up. However, the problems persisted after upgrading the firmware. Since changing the SSID, WPA password, and banning the weird mac address my network problems have disappeared. But, why would a hacker change the dhcp settings? |
|
Back to top |
|
|
d2_racing Bodhisattva
Joined: 25 Apr 2005 Posts: 13047 Location: Ste-Foy,Canada
|
Posted: Sun Nov 23, 2008 5:00 am Post subject: |
|
|
Hi, maybe you should do a hard reset of you router.
There a little red bottom behind the front panel of the router. |
|
Back to top |
|
|
machinelou Apprentice
Joined: 05 Apr 2003 Posts: 267
|
Posted: Sun Nov 23, 2008 5:04 am Post subject: |
|
|
I didn't try that but, I did reboot the router, upgrade the firmware, and pull the power plug to no avail. |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21624
|
Posted: Sun Nov 23, 2008 6:18 am Post subject: |
|
|
By controlling DHCP, the attacker can set your default gateway. By changing your default gateway, he can cause you to send all traffic to him. If you send all traffic to him, he can monitor all your traffic. You should consider everything you did online during that time to have been read by a presumably malicious third party. |
|
Back to top |
|
|
dmpogo Advocate
Joined: 02 Sep 2004 Posts: 3267 Location: Canada
|
Posted: Sun Nov 23, 2008 8:02 am Post subject: |
|
|
And that MAC address is not by chance your router MAC address ? |
|
Back to top |
|
|
|