got hacked..

Discussion in 'General Mac Discussion' started by abhishekit, Mar 30, 2004.

  1. abhishekit macrumors 65816

    abhishekit

    Joined:
    Nov 6, 2003
    Location:
    akron , ohio
    #1
    dude....yesterday night..i found out that some one was using my wireless connection..
    i use a wireless dlink router, 128 bit wep encryption...but no mac address filtering..
    way i found out, it showed me on itunes that 1 user is connected..
    and i cant see him using samba,,,so he is using a mac most probly..
    so the question is....how can i communicate with that person...assuming he is using a mac..?
    thanks
     
  2. superbovine macrumors 68030

    superbovine

    Joined:
    Nov 7, 2003
    #2
    128 wep hmm. its takes about 1 day to crack ad 128 bit wep encryption unless s/he is a lucky punk, so that probably means s/he is your neighbor. check your router menu's for the dhcp clients. you will get is his ip address. as for sending him a message, if he is on a mac i don't think you will be able to to. the best chance is for the person to be using windows and have windows messenger enabled then you could send them a message through there (this assume you actually own a pc). basically what you should do is now update your firmware on your router, changes all passwords and keys. the person change crack 128 bit wep so the only course of action is to use WPA encryption. there is two types one using a radius server and one without. since you don't have a radius server use the one without. a firmware update should let your router support wpa (hopefull). be sure to update your airport software. early on there was issue with airport extreme and wpa. it was *very* annonying. if wep is only chance make sure you are using strong truely random keys. this will make it harder to crack. www.apple.com/download i believe there is a wep key generator and on download.com there is on too. also check your router logins regularly and change your keys and password regularly.
     
  3. abhishekit thread starter macrumors 65816

    abhishekit

    Joined:
    Nov 6, 2003
    Location:
    akron , ohio
    #3
    hmm..thanks for the advice dude...
    here's what i came up as to why wep is not secure

    edit: there is a program airSnort...and it does exactly whats said in the above link..its for Linux i think...
     
  4. SilentPanda Moderator emeritus

    SilentPanda

    Joined:
    Oct 8, 2002
    Location:
    The Bamboo Forest
    #4
    With my Airport Base Station I use WPA, MAC Address filtering, only give out 1 IP address, and don't broadcast my SSID. See if you can do something similar. I doubt you'll have much problem after that.
     
  5. crazzyeddie macrumors 68030

    crazzyeddie

    Joined:
    Dec 7, 2002
    Location:
    Florida, USA
    #5
    THE best way to protect yourself is MAC filtering, which will not allow anyone else to connect to your router unless you add their MAC address (or they some how gain knowledge of your MAC address, then copy it to their machine).
     
  6. ExoticFish macrumors 6502a

    ExoticFish

    Joined:
    Dec 3, 2002
    Location:
    The inner depths of madness, aka Kent, OH
    #6
    the best way is a combination of everything you can find cause it's not that hard to forge a MAC address.
     
  7. OutThere macrumors 603

    OutThere

    Joined:
    Dec 19, 2002
    Location:
    NYC
    #7
  8. OutThere macrumors 603

    OutThere

    Joined:
    Dec 19, 2002
    Location:
    NYC
    #8
    Just noticed that you had presumed that he was using a mac...One way that I've communicated with people who are listening to my shared music is to change the name of my music to messages that I want him to see. It sometimes takes a while, but then he will get the message and respond in some way. Same deal as above with what you send him.
     
  9. Doctor Q Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #9
    If he's using a Mac, how 'bout this silly way to send him a message? Record your message as an audio file and make it the only song in your shared iTunes library. When he connects for some free music, he'll hear your message loud and clear!
     
  10. abhishekit thread starter macrumors 65816

    abhishekit

    Joined:
    Nov 6, 2003
    Location:
    akron , ohio
    #10
    he is using Linux...i m almost sure about it..airsnort, kismet or wepcrack...
    all require monitor support for the wireless card..currently only linux allows that..
     
  11. bousozoku Moderator emeritus

    Joined:
    Jun 25, 2002
    Location:
    Gone but not forgotten.
    #11
    If you turn on Rendezvous support in iChat, won't it show you all iChat users connected to your network with Renzdesvous activated? If this person is using iChat and has Rendezvous support turned on, it might be another way to check.
     
  12. OutThere macrumors 603

    OutThere

    Joined:
    Dec 19, 2002
    Location:
    NYC
    #12
    I don't think that he is using Linux, because he would not have been able to connect to your shared music, only people with Mac and Windows can do that. You can find out if he is using a Mac like so...

    Download Rendezvous Browser http://www.versiontracker.com/dyn/moreinfo/macosx/21622

    Open up Rendezvous browser and open the "local" part if it's closed.
    Go to Mac OS X duplicate suppression, and you should see your computer, plus however many other Macs you have. If there is one too many, then he is using a Mac, otherwise he's using windows.
     
  13. abhishekit thread starter macrumors 65816

    abhishekit

    Joined:
    Nov 6, 2003
    Location:
    akron , ohio
    #13
    yah ..u r correct...itnues means windows or mac..but he may be has a partition, coz the hacking tools are for linux only...
    and thanks for the neat tip for sending the message using smbclient..
    now my question is, how can i get the netbiosname from the ip?
     
  14. topicolo macrumors 68000

    topicolo

    Joined:
    Jun 4, 2002
    Location:
    Ottawa, ON
    #14
    Just out of curiosity, were you broadcasting your SSID?
     
  15. abhishekit thread starter macrumors 65816

    abhishekit

    Joined:
    Nov 6, 2003
    Location:
    akron , ohio
    #15
    yup
     
  16. OutThere macrumors 603

    OutThere

    Joined:
    Dec 19, 2002
    Location:
    NYC
    #16
    Ok, got it. Here's how you can get his NetBIOS name from his IP address...it's complicated though.

    First, if you send him a message, you will probably want him to be able to send you back one, so get this app: http://www.versiontracker.com/dyn/moreinfo/macosx/21240

    Now we're ready to get his NetBIOS name:

    1) Go here: http://www.inetcat.org/software/nbtscan.html and click at the top "Download NBTScan Sources"

    2) When the source code has downloaded and expanded open up the terminal and put in "cd", space, then drag the source code folder into the window. The path name to the folder should appear after "cd". Hit return.

    3) Now, in the same terminal window type "./configure" and hit return. Wait for it to finish scrolling all the text and status

    4) When the scrolling has finished, type "make" and hit return

    5) when that finishes scrolling type "sudo make install", at which point it will do one of two things:
    a) If you have never done a "sudo" terminal command before, it will ask you if your system admin has had a talk with you (say yes) and ask for your admin password. When you type the letters won't show up, but it will take in what you type.
    b) It will ask you for the admin password, put it in. Remember - when you type the letters won't show up, but it will register.

    After putting in all the passwords that it asks for (if more than one), hit return.

    6) You've compiled and installed the app, now to run it.

    7) In the terminal, type "/usr/local/bin/nbtscan", space, then the hacker's IP address, then hit return

    8) after a brief delay it should give you a read out containing his NetBIOS name.

    There you go, I hope this helps! :)
     
  17. FlamDrag macrumors 6502

    Joined:
    Jan 8, 2003
    Location:
    Western Hemisphere
    #17
    Now that's a creative solution.

    Even though someone can spoof a MAC address, with Address filtering (to only allow certain addresses) wouldn't it be tough to spoof the RIGHT MAC address?
     
  18. Toe macrumors 65816

    Toe

    Joined:
    Mar 25, 2002
    #18
    Except that it is a piece of cake to spoof a MAC address. Download your favorite airport hacking utility, and it'll have a field for what MAC address you want to broadcast.

    Since one can see the MAC addresses of whoever is on the network (ie, the hacker can see your laptop's airport card's MAC address), you can just enter the same one as one that's already on there. So it's an easy two step operation to get around MAC-based filtering.

    Still, it's worth doing.
     
  19. Supa_Fly macrumors 68030

    Supa_Fly

    Joined:
    May 30, 2002
    Location:
    Toronto, Ontario, Canada
    #19
    Actually Airsnort is also for Windows XP Pro & PocketPC along with a kismet port to WinXP Pro not sure exact name but I did download it for future use. ;) .
     
  20. blue&whiteman macrumors 65816

    blue&whiteman

    Joined:
    Nov 30, 2003
    #20
    when you use a wireless network in an area where more than a handful of people live then you have to expect stuff like this. some people really get their kicks stealing wifi.
     
  21. adamjay macrumors 6502a

    adamjay

    Joined:
    Feb 3, 2004
    Location:
    Indianapolis
    #21
    these days my cable connection is geting up to 3 megabits/sec. so i've got plenty to share. In fact, in a ploy to get friends to move into the apartment above me, i've advertised 'free wireless internet' a'la me. probably not legal but i wont press charges!

    it does concern me that someone can duplicate my own MAC address to use my connection. i've got 128bit wep, password, and MAC Address filtering. is there anyway to protect against this?
     
  22. blue&whiteman macrumors 65816

    blue&whiteman

    Joined:
    Nov 30, 2003
    #22
    I have a 5mbit connection and I want it all because I pay for it all :)
     
  23. bennetsaysargh macrumors 68020

    bennetsaysargh

    Joined:
    Jan 20, 2003
    Location:
    New York
    #23
    argh, you beat me to it :p

    that MacXPop looks very nice, but where is the /usr/local/bin directory?
     
  24. OutThere macrumors 603

    OutThere

    Joined:
    Dec 19, 2002
    Location:
    NYC
    #24
    To get to /usr/local/bin, press Cmd + Shift + G in the Finder, and type /usr/local/bin in the box that comes up. Sorry I didn't mention it earlier, I didn't download MacPopX, I just found it online and suggested it, but now that I downloaded it, I realised that you needed to know where to put it. :p
     
  25. abhishekit thread starter macrumors 65816

    abhishekit

    Joined:
    Nov 6, 2003
    Location:
    akron , ohio
    #25
    OutThere761:

    Thanks for the detailed instructions.
    But, I got an error when i run 'make' , so i was not able to compile it successfully..Have you got it working?

    Thanks again
     

Share This Page