on 15-07-2012 12:11
Answered! Go to Answer
15-07-2012 16:22 - edited 15-07-2012 16:22
Ok there is one thing you need to do.
TURN OF WPS completely, this can be hacked, once they have your pin it doesnt matter if you change the wireless key.
Once you have turned it off set a new wireless key (WPA AES) and then see what happens
on 16-07-2012 12:55
on 16-07-2012 16:44
on 17-07-2012 10:08
Wireshark will help in assisting you track down your issue, alas your not going to be able anything down below your superhub.
It maybe the results your getting from opendns giving route requests from your connection is due to maybe advert banner calls or something similar or possibly if your ip has changed and been given to someone else.
However one considiration might be if you have an old machine sitting around or which you can stick two network connections in or (see below)
That way you could pipe all the data through the box and monitor all dns requests and traffic made inside the network... however a far easier way.
If you have an old router that will run DD-WRT your able to connection this between all your machines and the superhub, there is an option for running to a syslog (montioring all requests) see here:
This would give you an idea of exactly what requests are being made.
From the sounds of it there should be no reason why you have been expoited and can only thing there is some flaw in the opendns reporting system, tallying up against a dd-wrt syslog you will be able to see if the requests are being made from inside your network... if they arent dont worry about it your secure.
on 20-07-2012 02:10
on 20-07-2012 09:23
Its not likely to be the mains adapters home plug AV specification from memory is 256 AES, you would either have to know the network name (if you set it manually) if you used the pair button instead you would have only had a 1 minute window to hijack the pair sequence so its not very likely to be the power line adapters.
That said ive not come across lenovo (lbm) ones before and im not sure what spec the adhear to, but is its a non standard spec your also going to need another non standard (lenovo) plug to make the hack work.
So again i dont think its likely to be that.
Glad your liking DD-WRT try putting everything behind DD-WRT then using the syslog as i said above, that will help you identify if the requests are inside your network and if so whats making them.
on 20-07-2012 14:36
on 20-07-2012 14:45
on 20-07-2012 14:59
Ummm, i think that if you want to block traffic from inside your network (DNS requests) you would be better to first identify whats making the requests.
Once you have the IP you should be able to use iptables script.
Using DD-WRT startup script (run script for testing) and following the guide here of the ip tables commands you need: