So I have a Linksys EA6100 and whenever I plug it in and wait for it to boot up, it broadcast two different SSIDs that aren’t secure and this has never happened to me before. It is a dual band smart router and I was always paranoid about security, so I have disabled the guest network as well as the 5Ghz band and I have hidden my SSiD name but from what I understand hackers can still detect my name. I called Linksys today and they pretty much told me that I have been hacked and its not normal for it to do that. Before I called Linksys, l called my local PD non emergency number and they told me that unless I can prove it then they can’t do Squat. so I’m wondering if anyone here has the knowledge to help me out.
A little bit about me I started watching Tek Syndicate about 2015 and have been a big fan ever since. I prefer Level1techs to Tek syndicate but hope that one day they may get back together someday. Also this is my first post, any help is greatly appreciated.
I am not sure if I understand the Issue completely.
However it does sound like your neighbour may have set up a rouge Access Point to fool you into connecting to that instead of your Linksys. In an attempt to obtain your wireless encryption key.
Make sure your router is logging as much as possible. They may not have spoofed their MAC address and this will be some good proof.
so what i mean by two different ssid ( network names) are coming from my router whenever I plug it into the wall. It has never done that before. the network name goes away when I unplug it which tells me that it’s coming from my router. Ive tested this multiple times. But on a side note, I may just have to invest in another router after seeing this post.linksys smart router
That’s what I mean. Is change password. Some even let you change username too. Find your exact model info and search for total reset online. Then update or reinstall firmware just to make sure There’s no back door. Reconfigure your setup how YOU want. With a very strong password. And possibly different username. If allowed.
Do you still have access to the admin console on the router? If you have been hacked I would expect this password would have been changed out. It would be what I would do as an attacker.
If you have lost access then you are going to have to perform a hardware reset. This will reset it back to factory settings and dump all of your setting. So you will have to make sure you have any isp settings to connect to the internet.
In order to do this you put a pen or other object into the hole circled in the below picture for 10 seconds.
This should clear everything out and reset it back to the way it came. First thing I would do is update the firmware in case you have updates.
Personally if it were me I would be replacing the router. Either your configuration was not secure eg telnet / Admin console open on wan, using insecure wifi encryption, or the router has security vulnerability (not uncommon might have firmware updates available).
With that I know fuck all about Network Security, I am only able to accurately state how much I do not know. Even then I am probably lacking.
I agree with everything you said.
Get a new router from another OEM. Change the password first thing, firmware update, lock everything down as much as you can, and then change the password and admin screen name, something long and difficult to forget because reasons.
yeah I agree. I’ve been doing a little research into how easy it is to hack into a router and to me, it doesn’t take that much no how. they have programs that can detect a router and if that router has any known vulnerabilities and exploit them. Ive looked into the updates that have been rolled out and it looks like there have only been two so far, which is somewhat disheartening. One in 2016 another 2017. If I didn’t know any better id say these manufacturers do this on purpose, kind of like a planned obsolescence thing. but idk i’m just upset with the fact that ive only had it for about a year and i paid $90 for it and my uncle gave me a kindle for christmas but I don’t think I’ll be using that a whole lot.
Thank you to every one who pitched in I really appreciate it I guess I’ll stick to using my laptop which has an Ethernet port so I don’t have to mess with WiFi unless the can hack that too.
It is good practice to just do a hardware reset and then update the firmware of the router. Change the admin password and redo the settings.
If there is a vulnerability your neighbor will hack it again. That’s the problem with consumer routers not being updated for security.
Disable remote management if its default on
Disable UPnP facing the web as well if default is on.
You can use the site below to port scan server sockets. They should show timed out which is good as that means your invisible on the internet. http://www.whatsmyip.org/port-scanner/
Sounds like it was reset to factory defaults, this seems out of the ordinary but could indicate the router is failing.
None of the things you have done have made it any harder for someone with the knowledge to break into your router, instead it makes it harder on you.
Most wireless attacks revolve around WPS attacks so disabling that and keeping a good strong key is necessary for a secure setup. In some cases disabling WPS only disables the button and not the function. It’s hard to know without testing it yourself.
I wouldn’t trust anything Linksys has to say on this. Nothing against them but you likely aren’t talking to anyone actually from Linksys, but rather a contracted out call center. The techs there don’t have the kind of knowledge and training they need to make such an assessment as you have been definitively hacked.
They can’t, and neither can any of us TBH.
The only way you could some how prove it is to mitm your own wireless traffic and to know what you were looking for. I’m going to tell you now, without extensive knowledge of said hacking you would never be able to catch them in the act unless you were standing there watching them do it.
I don’t believe you were hacked though, and I will explain why.
I’m not an expert on wireless ap hacking, but I did pick it up as a hobby for a while. If one is going to try to leverage access to a wireless network the last thing you would want is to be noticed. So why remove the PSK and go to a unsecured setup? It doesn’t make sense if you’re trying to go undetected. If your neighbor had hacked your router he wouldn’t need to go unsecured. He should have your WiFi passcode the same as you, and with that he has the same access as you.
What seems more likely is a firmware update or even nvram reset caused the router to factory default. I’ve seen this kind of thing happen on routers gone bad. They won’t keep settings long term.
It’s possible to view the DHCP tables to see who’s connected and their uniquely identifiable Mac addresses. my bet is your devices will be the only ones listed there.
Official support isn’t always a sure sign. A lot of routers have unofficial builds that work just fine but you’ll have to crawl the ddwrt forums for that.
I wouldn’t recommend it because it’s often a noticeable hit in speed running ddwrt.
Yeah you’re right, I don’t have the extensive knowledge in networking and security. Ive had my suspicions about my neighbor for a while now. It seems every time I connect to my wifi he seems to go to his computer. I know this because he lives right above me and the acoustics are excellent, I can hear him rolling in his computer chair. One of the first things Ive done is try to down play and reassure my self saying “oh hes just being strange, or I’m being paranoid.” but since this new issue with my router has arisen, I’m starting to have serious doubts. If worse comes to worse I’ll have to invest in a new router but that will be a while. I just was hoping if there was a way to catch him that it could be implemented.
airmon-ng/airodump-ng in Linux will show you all access points and clients associated. If you have the will to learn and a capable wireless card you can see who is connected to what given you’re in range.
OK thank you Ill look into it. I’m also curious if he could be using something called a KRACK attack. I use linux on my netbook and wpa supplicant I guess has some vulnerabilities and I 'm not too sure that my router is even updated even though I have automatic updates enabled. this one post that someone put up had me worried.https://forum.level1techs.com/t/linksys-smart-router-vulnerability/115135 my router model is on that list unfortunately.
