Overclock.net › Forums › Software, Programming and Coding › Networking & Security › What can I do with a leech's MAC address?
New Posts  All Forums:Forum Nav:

What can I do with a leech's MAC address? - Page 2

post #11 of 55
You can enable MAC address blacklisting. It's easy to change your mac address but it would stop a less-able user.
post #12 of 55
Quote:
Originally Posted by N3C14R View Post
Disable SSID broadcasting?
That wouldn't do crap. It'd take 5 minutes to get around that.

Quote:
Originally Posted by TwoCables View Post
Damn. Based on the way I had my security set up even before this, I'd say this person is truly an expert.
That or they are a pedophile, weirdo or anything of the like and instead had a long amount of time to run an automated program.

I'd maybe consider contacting your provide and having them check out that MAC address so if they got on anything bad it doesn't fall on you. (Could also potentially find someone)

Again, just reminding. >_<"
AMD Build
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Ryzen 1700 ASRock AB350M Pro4 Sapphire Radeon NITRO Rx 480 8GB 2x8GB DDR4 - Corsair Vengeance LPX 16GB @ 2666 
Hard DriveCoolingOSMonitor
Samsung Evo 960 M.2 Wraith Spire Windows 10 x64 Pro LG 27U68 - 27in - 4K -IPS 
KeyboardPowerCaseMouse
Cherry MX Red w/ White LEDs Corsair HX1050W Gold Corsair 88R mATX Logitech G500 
Mouse Pad
RatPadz XL 
  hide details  
Reply
AMD Build
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Ryzen 1700 ASRock AB350M Pro4 Sapphire Radeon NITRO Rx 480 8GB 2x8GB DDR4 - Corsair Vengeance LPX 16GB @ 2666 
Hard DriveCoolingOSMonitor
Samsung Evo 960 M.2 Wraith Spire Windows 10 x64 Pro LG 27U68 - 27in - 4K -IPS 
KeyboardPowerCaseMouse
Cherry MX Red w/ White LEDs Corsair HX1050W Gold Corsair 88R mATX Logitech G500 
Mouse Pad
RatPadz XL 
  hide details  
Reply
post #13 of 55
I'm going to go out on a limb and say if this guy was able to crack your already previous "secured" wireless network (WPA2PSK or above I assume) then he had enough foresight to use a program/OS like backtrack5 to change his MAC address to cover his tracks.
post #14 of 55
Thread Starter 
Quote:
Originally Posted by Ryleh View Post
Did someone use Aircrack-ng or something of the like to penetrate your security? O_O"
I don't know.


Quote:
Originally Posted by Ryleh View Post
That's a pretty serious offense if so...
Is it something that happened at a set time like they came by and took it or was it at random times like they were doing it from their house or something?
I don't know about that either.


Quote:
Originally Posted by Ryleh View Post
I say use one of those programs that require information from the user post connection(I forget what the name of a popular one >_<) and use one it to see what information you can milk from them if they're stupid enough to actually input stuff.
Networking and security is new to me, so I am having trouble understanding.


Quote:
Originally Posted by Ryleh View Post
Or set up a faux connection (router not being connected to anything) that they'll never actually be able to get on the internet with. Blacklisting their IP with MAC Authentication would work just as well.
I don't know how to blacklist an IP with MAC Authentication.

This is embarrassing: there's much I don't know.


Quote:
Originally Posted by Ryleh View Post
Really sorry if i'm completely off-key on what you're asking...
And i'm not trying to present ideas based off of intelligence.
Just reminding you of thinks you probably already know of.
I wish I knew of these things.


All I know is that on Monday the 24th an OCN staff member told me that OCN's "sensors" detected that I created a 2nd account. Then yesterday they said that OCN was accessed from my PC when I was not home and while my PC was off. So right there I knew it was a wireless hacker. I enabled the Wireless MAC Filter and during that process I saw a foreign MAC address with no IP address. So I blocked that MAC address after I enabled the MAC filter (there's just one computer that needs wireless access, and it's a laptop).
It's a computer!
(18 items)
 
  
CPUMotherboardGraphicsRAM
i5-2500K @ 4.5GHz (1.368-1.384V fixed voltage) ASUS P8P67 EVO B3 (UEFI ver. 1850) GTX 780 ASUS DirectCU II (1228 / 6300, 1.180V) G.SKILL Ripjaws X 8GB (2 x 4GB) 1866MHz, CL9 
Hard DriveHard DriveOptical DriveOptical Drive
250 GB Samsung 840 EVO (OS) 3 TB Toshiba P300 (storage) Samsung SH-S243N 24x DVD Burner Samsung SH-S203N 20X DVD Burner 
CoolingOSMonitorKeyboard
Thermaltake Frio Win 7 Home Premium x64 SP1 Retail AOC G2460PG (24" 1920 x 1080 144Hz G-SYNC) Filco Majestouch 104-key Cherry MX Blues w/NKRO 
PowerCaseMouseMouse Pad
Corsair HX650 (Bronze, ordered on 12-12-2009) CM 690 Intellimouse Optical (1.1A) 1000Hz polling rate Basic, but premium round 
AudioAudio
X-Fi Titanium HD Klipsch ProMedia 2.1 (with 16 AWG Monster Cable... 
  hide details  
Reply
It's a computer!
(18 items)
 
  
CPUMotherboardGraphicsRAM
i5-2500K @ 4.5GHz (1.368-1.384V fixed voltage) ASUS P8P67 EVO B3 (UEFI ver. 1850) GTX 780 ASUS DirectCU II (1228 / 6300, 1.180V) G.SKILL Ripjaws X 8GB (2 x 4GB) 1866MHz, CL9 
Hard DriveHard DriveOptical DriveOptical Drive
250 GB Samsung 840 EVO (OS) 3 TB Toshiba P300 (storage) Samsung SH-S243N 24x DVD Burner Samsung SH-S203N 20X DVD Burner 
CoolingOSMonitorKeyboard
Thermaltake Frio Win 7 Home Premium x64 SP1 Retail AOC G2460PG (24" 1920 x 1080 144Hz G-SYNC) Filco Majestouch 104-key Cherry MX Blues w/NKRO 
PowerCaseMouseMouse Pad
Corsair HX650 (Bronze, ordered on 12-12-2009) CM 690 Intellimouse Optical (1.1A) 1000Hz polling rate Basic, but premium round 
AudioAudio
X-Fi Titanium HD Klipsch ProMedia 2.1 (with 16 AWG Monster Cable... 
  hide details  
Reply
post #15 of 55
Quote:
Originally Posted by TwoCables View Post
Damn. Based on the way I had my security set up even before this, I'd say this person is truly an expert.
Now days you would be surprised at how easy it is. It really only requires a lot of patience, a big dictionary file and some nice hardware to crack most wpa networks. Multiple gpu setups can brute force 100k+ keys a second and the software is freely available to do this. With the right hardware it can range from an hour to a couple days. The best defense is to use alphanumeric passwords with lower and upper case characters and make the password fairly lengthy.
WorkInProgress
(20 items)
 
  
CPUMotherboardGraphicsRAM
i7-3770k Gigabyte Z77X-UP5TH 2 x HD6950 Corsair Vengeance 
Hard DriveOptical DriveCoolingCooling
2x 1 TB WD Black Raid 0  Lite-On 24x DVDr-RW DL Pump: Swiftech MCP35x2 RAD: 2x MCR320  
CoolingCoolingCoolingCooling
RAD: HW Labs GTX 360 Stealth GPU's: 2 x EK FC-6950 CPU: EK Supreme HF Scythe Ultra Kaze 3K RPM x10 
CoolingOSMonitorKeyboard
Zalman MFC1 Plus Fan Controller x2 Win 7 Pro x64 3 x Asus VW246 Logitech G15 rev1 
PowerCaseMouseMouse Pad
Corsair TX850 Custom(work in progress) Logitech G5 RocketFish SpeedPad 
  hide details  
Reply
WorkInProgress
(20 items)
 
  
CPUMotherboardGraphicsRAM
i7-3770k Gigabyte Z77X-UP5TH 2 x HD6950 Corsair Vengeance 
Hard DriveOptical DriveCoolingCooling
2x 1 TB WD Black Raid 0  Lite-On 24x DVDr-RW DL Pump: Swiftech MCP35x2 RAD: 2x MCR320  
CoolingCoolingCoolingCooling
RAD: HW Labs GTX 360 Stealth GPU's: 2 x EK FC-6950 CPU: EK Supreme HF Scythe Ultra Kaze 3K RPM x10 
CoolingOSMonitorKeyboard
Zalman MFC1 Plus Fan Controller x2 Win 7 Pro x64 3 x Asus VW246 Logitech G15 rev1 
PowerCaseMouseMouse Pad
Corsair TX850 Custom(work in progress) Logitech G5 RocketFish SpeedPad 
  hide details  
Reply
post #16 of 55
Thread Starter 
Quote:
Originally Posted by N3C14R View Post
Disable SSID broadcasting?
I've already done everything in my router's firmware that anyone here on OCN would recommend.


Quote:
Originally Posted by Ryleh View Post
That wouldn't do crap. It'd take 5 minutes to get around that.



That or they are a pedophile, weirdo or anything of the like and instead had a long amount of time to run an automated program.

I'd maybe consider contacting your provide and having them check out that MAC address so if they got on anything bad it doesn't fall on you. (Could also potentially find someone)

Again, just reminding. >_<"
Hmm, I like this idea. I'll consider it!
It's a computer!
(18 items)
 
  
CPUMotherboardGraphicsRAM
i5-2500K @ 4.5GHz (1.368-1.384V fixed voltage) ASUS P8P67 EVO B3 (UEFI ver. 1850) GTX 780 ASUS DirectCU II (1228 / 6300, 1.180V) G.SKILL Ripjaws X 8GB (2 x 4GB) 1866MHz, CL9 
Hard DriveHard DriveOptical DriveOptical Drive
250 GB Samsung 840 EVO (OS) 3 TB Toshiba P300 (storage) Samsung SH-S243N 24x DVD Burner Samsung SH-S203N 20X DVD Burner 
CoolingOSMonitorKeyboard
Thermaltake Frio Win 7 Home Premium x64 SP1 Retail AOC G2460PG (24" 1920 x 1080 144Hz G-SYNC) Filco Majestouch 104-key Cherry MX Blues w/NKRO 
PowerCaseMouseMouse Pad
Corsair HX650 (Bronze, ordered on 12-12-2009) CM 690 Intellimouse Optical (1.1A) 1000Hz polling rate Basic, but premium round 
AudioAudio
X-Fi Titanium HD Klipsch ProMedia 2.1 (with 16 AWG Monster Cable... 
  hide details  
Reply
It's a computer!
(18 items)
 
  
CPUMotherboardGraphicsRAM
i5-2500K @ 4.5GHz (1.368-1.384V fixed voltage) ASUS P8P67 EVO B3 (UEFI ver. 1850) GTX 780 ASUS DirectCU II (1228 / 6300, 1.180V) G.SKILL Ripjaws X 8GB (2 x 4GB) 1866MHz, CL9 
Hard DriveHard DriveOptical DriveOptical Drive
250 GB Samsung 840 EVO (OS) 3 TB Toshiba P300 (storage) Samsung SH-S243N 24x DVD Burner Samsung SH-S203N 20X DVD Burner 
CoolingOSMonitorKeyboard
Thermaltake Frio Win 7 Home Premium x64 SP1 Retail AOC G2460PG (24" 1920 x 1080 144Hz G-SYNC) Filco Majestouch 104-key Cherry MX Blues w/NKRO 
PowerCaseMouseMouse Pad
Corsair HX650 (Bronze, ordered on 12-12-2009) CM 690 Intellimouse Optical (1.1A) 1000Hz polling rate Basic, but premium round 
AudioAudio
X-Fi Titanium HD Klipsch ProMedia 2.1 (with 16 AWG Monster Cable... 
  hide details  
Reply
post #17 of 55
Quote:
Originally Posted by TwoCables View Post
All I know is that on Monday the 24th an OCN staff member told me that OCN's "sensors" detected that I created a 2nd account. Then yesterday they said that OCN was accessed from my PC when I was not home and while my PC was off. So right there I knew it was a wireless hacker. I enabled the Wireless MAC Filter and during that process I saw a foreign MAC address with no IP address. So I blocked that MAC address after I enabled the MAC filter (there's just one computer that needs wireless access, and it's a laptop).
All that is scary as hell.

Hopefully he just ran an automated script, connected, guessed your router's info then just changed his Mac address to be your own... and then just made an account with your mac address and IP address.

You really should alert your ISP at a minimum.

If you don't want to i'm sure you'll get much more educated information once the California crowd wakes up. Pretty sleepy here on the North-Coast right now too
AMD Build
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Ryzen 1700 ASRock AB350M Pro4 Sapphire Radeon NITRO Rx 480 8GB 2x8GB DDR4 - Corsair Vengeance LPX 16GB @ 2666 
Hard DriveCoolingOSMonitor
Samsung Evo 960 M.2 Wraith Spire Windows 10 x64 Pro LG 27U68 - 27in - 4K -IPS 
KeyboardPowerCaseMouse
Cherry MX Red w/ White LEDs Corsair HX1050W Gold Corsair 88R mATX Logitech G500 
Mouse Pad
RatPadz XL 
  hide details  
Reply
AMD Build
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Ryzen 1700 ASRock AB350M Pro4 Sapphire Radeon NITRO Rx 480 8GB 2x8GB DDR4 - Corsair Vengeance LPX 16GB @ 2666 
Hard DriveCoolingOSMonitor
Samsung Evo 960 M.2 Wraith Spire Windows 10 x64 Pro LG 27U68 - 27in - 4K -IPS 
KeyboardPowerCaseMouse
Cherry MX Red w/ White LEDs Corsair HX1050W Gold Corsair 88R mATX Logitech G500 
Mouse Pad
RatPadz XL 
  hide details  
Reply
post #18 of 55
The fact that he knew that you visited OCN is a bit weird, i agree.
post #19 of 55
Thread Starter 
Quote:
Originally Posted by Valafar View Post
Now days you would be surprised at how easy it is. It really only requires a lot of patience, a big dictionary file and some nice hardware to crack most wpa networks. Multiple gpu setups can brute force 100k+ keys a second and the software is freely available to do this. With the right hardware it can range from an hour to a couple days. The best defense is to use alphanumeric passwords with lower and upper case characters and make the password fairly lengthy.
In addition to increasing the security, I changed the network password to a 63-character randomly-generated password using http://www.random.org/passwords/. 63 is the limit for my router.

Then I noticed my router has a 32-character limit for its own password, so I did the same thing for the router's password.

The previous password was complex, but it was just a combination of 3 things I had memorized: a very rare word and 2 four-digit numbers I have memorized together. So I was able to memorize the entire password by just remembering that it's these 3 things that I have memorized all in a row.

Also, the previous security was very secure, except I did not have the Wireless MAC Address Filter enabled because when I set my security up, I was going up and down the steps over and over to keep changing things. When it came time to do the MAC address filtering, I was like "sigh.... no". So I essentially had 3 things left to do: change both passwords to something way more secure (2 things right in a row), and then enable the MAC Address Filter. Everything else was as secure as possible.
It's a computer!
(18 items)
 
  
CPUMotherboardGraphicsRAM
i5-2500K @ 4.5GHz (1.368-1.384V fixed voltage) ASUS P8P67 EVO B3 (UEFI ver. 1850) GTX 780 ASUS DirectCU II (1228 / 6300, 1.180V) G.SKILL Ripjaws X 8GB (2 x 4GB) 1866MHz, CL9 
Hard DriveHard DriveOptical DriveOptical Drive
250 GB Samsung 840 EVO (OS) 3 TB Toshiba P300 (storage) Samsung SH-S243N 24x DVD Burner Samsung SH-S203N 20X DVD Burner 
CoolingOSMonitorKeyboard
Thermaltake Frio Win 7 Home Premium x64 SP1 Retail AOC G2460PG (24" 1920 x 1080 144Hz G-SYNC) Filco Majestouch 104-key Cherry MX Blues w/NKRO 
PowerCaseMouseMouse Pad
Corsair HX650 (Bronze, ordered on 12-12-2009) CM 690 Intellimouse Optical (1.1A) 1000Hz polling rate Basic, but premium round 
AudioAudio
X-Fi Titanium HD Klipsch ProMedia 2.1 (with 16 AWG Monster Cable... 
  hide details  
Reply
It's a computer!
(18 items)
 
  
CPUMotherboardGraphicsRAM
i5-2500K @ 4.5GHz (1.368-1.384V fixed voltage) ASUS P8P67 EVO B3 (UEFI ver. 1850) GTX 780 ASUS DirectCU II (1228 / 6300, 1.180V) G.SKILL Ripjaws X 8GB (2 x 4GB) 1866MHz, CL9 
Hard DriveHard DriveOptical DriveOptical Drive
250 GB Samsung 840 EVO (OS) 3 TB Toshiba P300 (storage) Samsung SH-S243N 24x DVD Burner Samsung SH-S203N 20X DVD Burner 
CoolingOSMonitorKeyboard
Thermaltake Frio Win 7 Home Premium x64 SP1 Retail AOC G2460PG (24" 1920 x 1080 144Hz G-SYNC) Filco Majestouch 104-key Cherry MX Blues w/NKRO 
PowerCaseMouseMouse Pad
Corsair HX650 (Bronze, ordered on 12-12-2009) CM 690 Intellimouse Optical (1.1A) 1000Hz polling rate Basic, but premium round 
AudioAudio
X-Fi Titanium HD Klipsch ProMedia 2.1 (with 16 AWG Monster Cable... 
  hide details  
Reply
post #20 of 55
Thread Starter 
Quote:
Originally Posted by Ryleh View Post
All that is scary as hell.

Hopefully he just ran an automated script, connected, guessed your router's info then just changed his Mac address to be your own... and then just made an account with your mac address and IP address.

You really should alert your ISP at a minimum.

If you don't want to i'm sure you'll get much more educated information once the California crowd wakes up. Pretty sleepy here on the North-Coast right now too
Yeah, I tend to forget what time it really is - even where I live. I don't really have a regular schedule.

The only thing I want to know now is what this moderator meant by saying that OCN's "sensors" detected this. I mean what did they detect, y'know?

First this moderator said "our sensor picked up an anomaly. Did your brother/sister or relative join the forum?"

So I asked "Not to my knowledge. Why? I mean, can you go into specifics?"

The answer: "Well our sensors have picked up that you somehow have a second account here. The second account being P-unit

http://www.overclock.net/member.php?u=243792
"


So then I asked if it was possible that this was a false positive. The response?

"Have you logged in from any shared computers? Like at work or at a library?"

The answer is No because my sig rig is the only computer I ever use to access OCN. I answered several more questions and then the conversation suddenly ended.


Then about 7 hours ago I get this in my Inbox from the same moderator:

"Could you then, log out manually(press the logout button) and then log back in? I just want to check something because you tripped it 3 times now. Could be a glitch but just log out and log back in again manually" (this is a partial message... the rest just contains genuine pleasantries)

So I did, but it didn't trigger it.

I asked when it was last triggered, and the answer was "about 3 hours ago". This means that it happened when my PC was off and when I was not home.


So yeah, good idea about contacting my ISP. Unfortunately, it's Comcast.


Quote:
Originally Posted by Boyboyd View Post
The fact that he knew that you visited OCN is a bit weird, i agree.
I have to wonder now if he was like "What the hell is so special about this Overclock.net that it's the only site this guy ever visits? I'm gonna check it out and see what the big deal is."
Edited by TwoCables - 10/26/11 at 4:29am
It's a computer!
(18 items)
 
  
CPUMotherboardGraphicsRAM
i5-2500K @ 4.5GHz (1.368-1.384V fixed voltage) ASUS P8P67 EVO B3 (UEFI ver. 1850) GTX 780 ASUS DirectCU II (1228 / 6300, 1.180V) G.SKILL Ripjaws X 8GB (2 x 4GB) 1866MHz, CL9 
Hard DriveHard DriveOptical DriveOptical Drive
250 GB Samsung 840 EVO (OS) 3 TB Toshiba P300 (storage) Samsung SH-S243N 24x DVD Burner Samsung SH-S203N 20X DVD Burner 
CoolingOSMonitorKeyboard
Thermaltake Frio Win 7 Home Premium x64 SP1 Retail AOC G2460PG (24" 1920 x 1080 144Hz G-SYNC) Filco Majestouch 104-key Cherry MX Blues w/NKRO 
PowerCaseMouseMouse Pad
Corsair HX650 (Bronze, ordered on 12-12-2009) CM 690 Intellimouse Optical (1.1A) 1000Hz polling rate Basic, but premium round 
AudioAudio
X-Fi Titanium HD Klipsch ProMedia 2.1 (with 16 AWG Monster Cable... 
  hide details  
Reply
It's a computer!
(18 items)
 
  
CPUMotherboardGraphicsRAM
i5-2500K @ 4.5GHz (1.368-1.384V fixed voltage) ASUS P8P67 EVO B3 (UEFI ver. 1850) GTX 780 ASUS DirectCU II (1228 / 6300, 1.180V) G.SKILL Ripjaws X 8GB (2 x 4GB) 1866MHz, CL9 
Hard DriveHard DriveOptical DriveOptical Drive
250 GB Samsung 840 EVO (OS) 3 TB Toshiba P300 (storage) Samsung SH-S243N 24x DVD Burner Samsung SH-S203N 20X DVD Burner 
CoolingOSMonitorKeyboard
Thermaltake Frio Win 7 Home Premium x64 SP1 Retail AOC G2460PG (24" 1920 x 1080 144Hz G-SYNC) Filco Majestouch 104-key Cherry MX Blues w/NKRO 
PowerCaseMouseMouse Pad
Corsair HX650 (Bronze, ordered on 12-12-2009) CM 690 Intellimouse Optical (1.1A) 1000Hz polling rate Basic, but premium round 
AudioAudio
X-Fi Titanium HD Klipsch ProMedia 2.1 (with 16 AWG Monster Cable... 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › What can I do with a leech's MAC address?