Sign in with
Sign up | Sign in
Your question
Solved

Please help: How do I track down someone hacking into my network?

Last response: in Wireless Networking
Share
April 22, 2014 2:09:37 PM

Hello,

I use wpa2; I already know not use wep. I've changed my password 3 times already. I keep seeing a droid razer and some other device off and on. It looks like this:



All I can do is see the mac address. When I go into my router page via 192.168.x.x I see the client list but no matching mac address. Even if I did, I don't know what I could do with that. I know I can do a mac filter but that can easily be spoofed. I found something called moocher hunter but it's from singapore and I'm already leary about the situation and I am slow to integrate another possible problem variable and it does not look widely known. Is there a trusted program out there I can use? I suspect which neighbor it may be already but I'd like to be sure before confronting them. Any help is appreciated. I confess networking is not my area of strength or expertise. I'm okay but no expert by any means so please keep that in mind.

Thanks,

Justin

More about : track hacking network

April 22, 2014 2:23:12 PM

this rk3 refer to a cell phone do you have one that connect to your router and that you use .
m
0
l
April 22, 2014 2:35:20 PM

No, I know exactly which phones we have and it's not this. I've literally run through the checklist to make sure and matched my tablet, ipad, 2 droids, 2 Sony digital clocks and all cpus to my client list. I'm very observant of these details and have found 2 rogue clients off and on either this rk3 or a droid razer xt912 (something like that _verizon). I don't use verizon either. A reasonable question though but no.

I'm hoping someone can chime in saying, yeah, I had this, ran software ____ and was able to triangulate/locate perp. Or do x to boot perp off of network. It's frustrating. I changed my password a 4th time right now and the razer was back on!
m
0
l
Related resources
April 22, 2014 2:41:54 PM

get to your router setting and check if this mac address of this phone is on the permit list for wi-fi and block it you will find to who it belong .
m
0
l
April 23, 2014 9:35:23 AM

Do you have one of these: http://www.amazon.com/MINIX-Storage-Media-Streaming-Pla...

That is what I found when I google'd NEO-X7-216A

Or possibly another device like a smart TV or a device similar to Chromecast that is a media device but is showing up as a phone. If you have any of these in the area that could be it.
m
0
l

Best solution

April 23, 2014 11:42:04 AM

If you changed the WPA/WPA2 password multiple times and someone still is getting in they likely have obtained your WPS security key. WPS was designed for idiots who were too lazy to even key in a password...push magic button and you get network.

Make sure you have WPS disabled. The password is a 8 digit number that is easily cracked and there is no way to change it. Once someone get this number your router happily gives them the new WPA password.

Also be sure you have current firmware on the router. A number of routers had a bug that let you turn off WPS but would still honor a request containing the key number.
Share
April 23, 2014 3:19:01 PM

@bill001g Thanks, I just disabled it and will change all passwords again. I will let you know how this goes. @badasal; no it's not a device in the house and it's definitely not that. @scout_3 I blocked the mac address but the person is still hacking in as of today.

@bill001g. It's been about 30min and no return but the hacker may just be done for the day. I'll update within the week. Hopefully that did the trick; I never knew about wps. Wow, that's lazy and bad! I appreciate learning this already. I hope you are on the money with this and I have nothing further to worry about...we'll see!
m
0
l
April 23, 2014 7:31:27 PM

in your new password use capital and lower letters with number do not use any dictionnary word ,also check it could be someone around you that have your password and could connect to the network ,the other thing in your router under wpa 2 check if you use tkip -aes as coding for the password .
m
0
l
April 23, 2014 11:29:51 PM

scout_03 said:
in your new password use capital and lower letters with number do not use any dictionnary word ,also check it could be someone around you that have your password and could connect to the network ,the other thing in your router under wpa 2 check if you use tkip -aes as coding for the password .


I made a very long password mixed in upper/lower case + numbers + a symbol + non-dictionary word. Under wpa 2 it's aes.

So far since I turned off wps I haven't seen any unknown devices; I'm really hoping that's what does the trick. I'll update again within the week as I believe the hacker seems to try and access during the afternoon and early evenings from the pattern I've observed thus far.
m
0
l
April 23, 2014 11:32:21 PM

@bill001g: learned something new today, thank you! I had never used WPS before since to me an SSID and password are easy enough to enter and I didn't think it would save me that much time. Now I will never use it! I will definitely be turning it off on my own equipment and recommending the same to all my friends and clients.
m
0
l
April 24, 2014 2:00:59 PM

It's been about 24 hours. I'm home in between clients and I don't see any activity from rogue network presence. I will update and most likely select bill001g's answer as the solution if this continues to hold up through then. In advance thanks soooo much!!!
m
0
l
April 24, 2014 7:51:59 PM

i agree with the choice for the best answer keep us inform how it goes .
m
0
l
April 29, 2014 7:05:57 PM

Seems to be fixed! Thanks everyone for their help!
m
0
l
!