[TheYoungHustla]

Hello, I'm a new member here and need you guy's help. I've taken many steps since March of this year to keep my wireless network from being hacked, from upgrading to WPA from WEP, changing the password, MAC Filtering(which I found out is useless), and decreasing the transmit channel.

Then sometimes I would see my Mail.app launch on it's own, and decided to use Little Snitch. I noticed a lot of things going on that were still connecting to my computer w/o any apps running at all, just by being connected to the internet. Especially things trying to connect to Finder and a lot of connections in mDNSResponder(shows all things connected to wireless network)(usually shows about 6 connections!!!).

I'm on Comcast, and they require us to use these Netgear routers that are distributed by them that do not currently have WPA2 enabled. So, I log into my router and decided to add 'Parental Controls' with websites that had keywords "porn", "murder", "sex", etc. Since I'm the only one that really uses my home network, so I suppose, and I don't associate myself with any websites that deal with murder, sex or porn, this would possibly exposed if my network was STILL compromised. And after checking the 'Parental Control Internet Activity Log' from logging into my router connected to the Comcast Home Networking system, I noticed constant attempts to access sites w/ porn, and sex.

Now this perv has used my MAC address and is using that to access my wireless network. I've tried changing my MAC Address by following some tutorial online using Terminal, but it went back to my original MAC address once I restarted..I need to figure out how to eliminate this problem, ONCE AND FOR ALL.....hopefully the experts here at MacTalk can help me.

Current setup:
Macbook Pro
Leopard 10.5.6
Comcast Home Network
WPA

Mod edit: wall of text has been paragraph-izied.

[mitty]

if someone has compromised your MAC address, can't you just change your WPA password/code? change it on a daily basis... hopefully it'll annoy them enough that they just stop trying to hack your system.

[TheYoungHustla]

That's the problem, I've even tried that too!!
I'm believing that once they have access to the MAC Address they have automatic access through my computer as the gateway to accessing my network, without needing the WPA passphrase or just pulling my passphrase from Airport. I just need some more help/suggestions, thanks!

[Lutze]

Actions that you need to take:

1. Check for a hardware & software keylogger
2. Back up your data files (photo's music etc)
3. Consider formatting your computer once you've confirmed that you do not have a hardware keylogger on your computer.
4. Confirm that nobody else has access to your computer - if you are in a shared house this may take a bit of tinkering.
5. Password protect your computer using a password created by the password tool in OSX - go for a very strong password that you can't remember. Do not leave a note of the password anywhere.
6. Turn off you wireless devices when you are not home.
7. Check the log on the modem / router says that it has Mac address (yours and another connected - it will show if it's got 2 IP addresses)

I should also add - having your MAC address does not give them access to your computer. They need the password for your network unless they are directly (cable or wirelessly) connected to your computer. Confirm that it's not someone else in a shared house.

[MissionMan]

Quote:

Originally Posted by Lutze

Actions that you need to take:

1. Check for a hardware & software keylogger
2. Back up your data files (photo's music etc)
3. Consider formatting your computer once you've confirmed that you do not have a hardware keylogger on your computer.
4. Confirm that nobody else has access to your computer - if you are in a shared house this may take a bit of tinkering.
5. Password protect your computer using a password created by the password tool in OSX - go for a very strong password that you can't remember. Do not leave a note of the password anywhere.
6. Turn off you wireless devices when you are not home.
7. Check the log on the modem / router says that it has Mac address (yours and another connected - it will show if it's got 2 IP addresses)

I should also add - having your MAC address does not give them access to your computer. They need the password for your network unless they are directly (cable or wirelessly) connected to your computer. Confirm that it's not someone else in a shared house.

I think Lutze is correct. I suspect they have a keylogger or some program that has given them backdoor access to your machine. Have you torrented anything lately? There were some torrents that had trojans in them recently.

[~Coxy]

Quote:

Originally Posted by TheYoungHustla

That's the problem, I've even tried that too!!
I'm believing that once they have access to the MAC Address they have automatic access through my computer as the gateway to accessing my network, without needing the WPA passphrase or just pulling my passphrase from Airport. I just need some more help/suggestions, thanks!

Even if 'they' know your computer's MAC address, they cannot access a WPA network without the passphrase. The problem is likely going to be something else like a trojan or keylogger as was mentioned.

[watters]

If you are using a wireless network it's not hard to work out your MAC address.

[Nevets_Anderson]

Just a couple of thoughts - if you turn off wireless for a while and Just use ethernet - then you can work on your settings etc and get things tight - also not running wireless will piss who ever it is off and yet allow you to work (all be it connected to a bit of cat 5 cable) That way your can plan your revenge.. the other thing is if you and a buddie have a copy of kismacng

The 2 of you could then use / triangulate on the person using your mac address (you would have to catch them live) and scare the S*it out of them!

Good luck and let us know how you go!

[watters]

Quote:

Originally Posted by Nevets_Anderson

Just a couple of thoughts - if you turn off wireless for a while and Just use ethernet - then you can work on your settings etc and get things tight - also not running wireless will piss who ever it is off and yet allow you to work (all be it connected to a bit of cat 5 cable) That way your can plan your revenge.. the other thing is if you and a buddie have a copy of kismacng

The 2 of you could then use / triangulate on the person using your mac address (you would have to catch them live) and scare the S*it out of them!

Good luck and let us know how you go!

Yep this is definitely the best advice I can think of. Applications such as kismac show (just by putting your wireless card in passive mode and scanning) what wireless network activity is happening in your surroundings. Features such as WEP encryption, hidden SSIDs and MAC address filtering are made useless using these apps as it won't take long for someone to get in. You can see the MAC addresses of the people connected to different networks which is how this person would have gained yours. Things you do wirelessly aren't very secret.

[TheYoungHustla]

Quote:

Originally Posted by Lutze

Actions that you need to take:

1. Check for a hardware & software keylogger
2. Back up your data files (photo's music etc)
3. Consider formatting your computer once you've confirmed that you do not have a hardware keylogger on your computer.
4. Confirm that nobody else has access to your computer - if you are in a shared house this may take a bit of tinkering.
5. Password protect your computer using a password created by the password tool in OSX - go for a very strong password that you can't remember. Do not leave a note of the password anywhere.
6. Turn off you wireless devices when you are not home.
7. Check the log on the modem / router says that it has Mac address (yours and another connected - it will show if it's got 2 IP addresses)

I should also add - having your MAC address does not give them access to your computer. They need the password for your network unless they are directly (cable or wirelessly) connected to your computer. Confirm that it's not someone else in a shared house.

What legitimate/up-to-date Keylogger detectors are out there? I've tried searching Google, but onl found something like Tripwire which was updaterd from mid-2007

Quote:

Originally Posted by MissionMan

I think Lutze is correct. I suspect they have a keylogger or some program that has given them backdoor access to your machine. Have you torrented anything lately? There were some torrents that had trojans in them recently.

I don't have Limewire or any type of torrent program or my computer. The only think I have that was from a torrent is Reason 4, and that was because my DVD became unusable, but I just added just the program from the torrent 2 days ago, this problem I made this thread about has been happening way back in March

Quote:

Originally Posted by ~Coxy

Even if 'they' know your computer's MAC address, they cannot access a WPA network without the passphrase. The problem is likely going to be something else like a trojan or keylogger as was mentioned.

I've tried iAntivirus and nothing popped up infected, do you have any other suggestions for something that may detect a Trojan or keylogger?

Quote:

Originally Posted by Nevets_Anderson

Just a couple of thoughts - if you turn off wireless for a while and Just use ethernet - then you can work on your settings etc and get things tight - also not running wireless will piss who ever it is off and yet allow you to work (all be it connected to a bit of cat 5 cable) That way your can plan your revenge.. the other thing is if you and a buddie have a copy of kismacng

The 2 of you could then use / triangulate on the person using your mac address (you would have to catch them live) and scare the S*it out of them!

Good luck and let us know how you go!

How to do I turn off wireless with a Netgear CG814WG from Comcast? I seriously have searched throughout the net trying to figure that out. Do you think installing kismac would possibly harm my computer even more by installing some unknown trojan and make things worse, since it's basically made for criminals already..

Quote:

Originally Posted by watters

Yep this is definitely the best advice I can think of. Applications such as kismac show (just by putting your wireless card in passive mode and scanning) what wireless network activity is happening in your surroundings. Features such as WEP encryption, hidden SSIDs and MAC address filtering are made useless using these apps as it won't take long for someone to get in. You can see the MAC addresses of the people connected to different networks which is how this person would have gained yours. Things you do wirelessly aren't very secret.

Again, do you think this could make matters worse installing a program basically made for criminals, I mean come on, they even have the devil as part of it's logo....lol


I am using a long 26-character alphanumeric passphrase that is not something you can easily think of or is in the dictionary/encyclopedia.
Let it be known, I'm also using FileVault, enabled Stealth Mode in my Firewall and under my sharing section in System Preference, I share NOTHING!
EDIT: Screenshots removed

[khalil]

Off topic but, is this "The Young Hustla" as is The Young Hustla? [TheYoungHustla.com] on MySpace Music - Free Streaming MP3s, Pictures & Music Videos or someone else here?

[TheYoungHustla]

Quote:

Originally Posted by khalil

Off topic but, is this "The Young Hustla" as is The Young Hustla? [TheYoungHustla.com] on MySpace Music - Free Streaming MP3s, Pictures & Music Videos or someone else here?

lol..
yea that's me
I should've chose a different username to conceal my identity, but w/e

[dotnet]

None if the screenshots show anything suspicious to me, and in particular don't show any activity beyond your own IP subnet. Use tools like netstat to find out about connections to the outside (beware though that no locally running tool will give meaningful output if the machine has been rootkitted).

If you suspect a compromise have a closer look at the Netgear router. It is possible that someone is using it to steal your bandwidth. Make sure you turn off management via the WAN port and from Wifi clients. Change the admin password. Turn on logging and look at the logs.

Cheers
Steffen.

[TheYoungHustla]

Ok..thanks tho...The screeshots will be deleted now

[Back2Bedlam]

I don't know if you do it or not, but in your netgear wireless router homepage, click on wireless settings, and make sure the following is not ticked ' Allow Broadcast of Name (SSID)'

Then use something similar to me for your SSID so that if someone does try and hack it (and they work out how to see your SSID), they have no idea how (on a windows based machine) to replicate the following SSID ''.

[Nevets_Anderson]

"How to do I turn off wireless with a Netgear CG814WG from Comcast?"

Does Comcast have a support email may be you should try them ?

"kismac would possibly harm my computer even more by installing some unknown trojan and make things worse, since it's basically made for criminals already.."

Kismac is a tool, just like a baseball bat or a Hammer it can be used legally for good and or bad things...

[iPirate]

I use kismac. It won't harm your computer, it is perfectly safe software, as long as you get it from the official place. It's not made for criminals, it's made for people who find the need for wireless detection.

It's like guns. They are used to harm and to protect, that doesn't mean all guns are for criminals.

[iGobbleoff]

+1 for turning off wireless for a coupla months... easiest way to get someone off your network is to just pull that plug

[BiRDBRAiN]

Best way to look for suspicious proggies is to have a look at the process list in 'Activity Monitor'.

Just search for it in spotlight and run it.

Or on the command-line type:
ps -x

[BiRDBRAiN]

Forgot to mention.

Pulling the plug will stop access via wireless, but if you don't purge the proggy thats grabbing your info the problem could eventually come back.