I have been dealing with this for a few years, and I'm up to my ears with anger..
Someone in my neighborhood has been sneaking their way into my wireless. I have set up Ip blocking, I've used mac filtering I've changed my routers password nearly a hundred times with random passwords.
So far I've not noticed traffic attacking my servers or PCs. But they are eating up a TON of bandwidth and my ISP keeps yelling at me for it. All I do on my wireless is watch Netflix on my damned Roku. I've used programs to monitor the traffic on my individual machines and there's nothing fishy going in or out of them, but the traffic through my router is nuts. I can't even look at the log in real time because everything just speeds by on the screen.
I don't know how in the hell they're getting on my network, and if i don't do something about it soon, my ISP is just gonna drop me and I'll have to get a new one.
I don't know what they're doing, but apparently they're using enough to make Charter bitch. They don't usually bitch and I'm on Netflix and Youtube all the time listening to movies and TV while I work from home.
It might be malware on one of the local systems. Consider hooking each one to the network to determine the infected source.
Disable uPnP, WPS and remote management on your router.
Make sure you are using WPA or WPA2 and not WEP. And a random character password of 10+.
Your ISP might be messing with you due to running servers and using up a ton of bandwith on a residential connection. It doesn't really matter what they say as long as they continue to provide the service you are paying for.
You might be paranoid, consider a psyche eval.
Use a MAC address Whitlist approach, not blacklist.
Disable WiFi and get a roku model 2 that uses ethernet cords.
Try a PFSense router configured as a proxy to get a better handle on traffic monitoring if you are so inclined.
I already tried this, and even hooked them up to a separate router and montored it. Only thing router said was going on was a ping to the router every once in a while to announce they were there.
I have both uPnP, and WPS tunred off. Router has a hardware switch for the WPS. And turned it off in routers software.
My password has been 27 characters and randomized every time I set a new password. I use WPA2
None of my servers are connected to the outside world anymore. They're just storage servers for media and music. I have the DNS zeroed out on all the machines.
Not paranoid.
Not sure my router has a white list but I'll check.
I planned on replacing Roku soon, and My phones use wireless cause my cell data plan is crap.
PFSense router also planned in the future when I update my kid's PC to a newer machine.
All PC's have been formatted and reinstalled in the last month due to hard drives failing. Got a bad batch of drives from Seagate.
Yes. And it only appears when I turn on wireless. And only connects when I have a wireless device connect. Doesn't matter what device. But within 2 min of me connecting a phone, or the Roku, a device connects that I don't recognize and starts monopolizing my internet.
I've changed my router mac filtering like @Peanut253 said. I haven't seen anything so far. And the traffic going through router has significantly diminished.
I think this has been resolved. So far nothing is out of the ordinary.
Here's my question though. Why would a mac address whitelist be any different than a blacklist?
Well I am assuming you are on latest firmware and if you are than possibly someone close knows an exploit for that firmware or you think you have turned off WPS and it stays on... If it is someone near you than thats crazy they have thwarted every measure you have tried. Maybe buy a Ubiquiti AP and use the netgear router as just a router and see if they can still get in.
Nmap and Wireshark are your friends, scan that subnet, I don't think whitelisting your MAC and blacklisting everything else is a good idea, if this, hypothetical intruder manages to spoof your MAC address, you will totally lock yourself out of your network.
If you've disabled wps, changed your password and all that and they're still getting in consistently then either it's one of your devices which is the problem or there is some sort of security vulnerability in the router. So if you're absolutely certain that it's not your stuff then the only real option is to replace the router.
Do you know which neighbour it is? Given the range there can't be that many possibilities. I don't see why you couldn't get the police involved, what they're doing is definitely illegal.
The problem with Mac filtering is that it's very simple to see every mac address on a wireless network, even without being connected to it or knowing the password, so it's dirt simple to spoof your mac address to one which is allowed on the network.
If there isn't some massive vulnerability in the router which allows someone to connect no matter what you do you may be better off configuring a radius server for authentication and switching the WiFi over to wpa enterprise. You can simply install freeradius on a computer (this computer will need to be turned on whenever you need to connect to WiFi but atleast for testing you could use anything) and configure everything and see if that helps. The main advantage here is that with radius the handshake is encrypted so it's not possible for an attacker to intercept and brute force it.
freeradius is a thing? Damn. Do they have a pfsense package? If so I'll be doing that tonight. Radius is a thing of glory.
@OP, you may also try decreasing the power settings to your access point. If you turn down the power enough so that it only covers your house he'll have a harder time getting access.
Yeah, I think they're doing something big. I THOUGHT I knew who it was, but the dude who I thought it was is like 75 years old and can hardly walk. There are 2 other houses near me on my block, and 3 others across the road. But none of them LOOK like the hacker kid type I guess. But that's stereotyping and for all I know it could be one of them. Whatever they are doing, the amount of data they are using is massive, and it's not going to any of my machines.
Also, I don't use anything that's 2.4ghz cept the Roku, so I made a long ass wire to go to that and shut off the 2.4ghz line. And router says the requests for an IP have stopped.
Also going to see if I can get my old Dell Optiplex 3000 to run pfsense. use that as my router, and use the one I'm using now as just a switch. Can I use my current router as a switch and ap at the same time without using the routing functions?
Within 2 minutes of a device - any device - connecting to 2.4ghz wifi, they're on it and my traffic goes through the roof and it sends it to a random mac address that I'm not seeing in the connected devices. The mac address isn't the same every time it connects.
But so far (crossing my fingers and knocking on wood) I haven't seen any excess traffic since I made the changes suggested here that I can without spending money.
Also, my wireless transmitter is set as low as it can go without disrupting connectivity. I don't even get wireless through most the house now. Just the most used rooms.