Menu
Reply
RobinMurison
  • 5
  • 0
  • 0
Tuning in
1,069 Views
Message 1 of 8
Flag for a moderator

How to get protection against Wireless hacking

When I reset my Hub 3.0 router to factory defaults it automatically turns on WiFi reception.

Issue trying to setup a wired connection without having a man in the middle attack.

Steps:
1 Disconnect wire to the outside world
2 reset to factory defaults.
Desired result the Wireless should be turned off and need turning on.
Actual result The Wireless is turned on automatically.
3. Connect desktop to routerusing an ethernet cable
Expected result Desktop should be allocated an IP address by the Hub 3 DHCP
By default 192.168.0.10

Actual results
IPCONFIG Man in the middle attack on when I just have an ethernet between me and my Virgin router with WIFI25%.jpg

On the Router the correct Mac Address is shown but the device name is Unkown
When I disable the wireless which appears to be disabled successfully
And I reboot both router and PC
I can use ipconfig /release and ipconfig /renew as expected.
and I get the expected IP address: Default Value 192.168.0.10

Once we have the correct DHCP relationship between Hub 3.0 and Desktop reconnect the router to the external cable and reboot the router again hope fully to get a good connection.

I can now access the internet successfully but I am unaware if there is still a man in the middle spying on me.


After that the internet works as expected.
At the beginning of this process I called 150 and they said they would reboot my modem remotely. That reboot never happened.
I had time to reset my router to factory defaults 3  times and eventually get to the minimum useful result of getting one desktop machine connected to the internet.
I have not been able to safely attach anything to the wireless router since 13 October 2020.
It is now 24 November 2020 and I am still waiting for Virgin to take this Wireless attack seriously.

The attack has destroyed 3 computers including a completely brand new Intel NUC £831 and it is now a useless hunk of plastic. And I am still waiting for someone to provide me with some support which will protect the router from a wireless attacks which from the symptoms is being achieved either by specialised equipment or more likely through a neighbours compromised Wi-Fi within about 100 yards of my house.

It is obvious that this man in the middle attack means the router or Virgin's systems have been compromised to enable the wired connection to the Hub to be routed to itself via Wi-Fi which is exceedingly odd attack in itself. Especially as I had reset the hub to factory settings several times before I got to the desired result and with out Virgin even picking up the phone. I eventually hung up because I appear to have solved my immediate problem which is being able to work.

I need some help resolving this.

0 Kudos
Reply
RobinMurison
  • 5
  • 0
  • 0
Tuning in
1,038 Views
Message 2 of 8
Flag for a moderator

Re: Logging in to Router on home network. Insecure Connections.

On Monday morning, I was having problems connect my desktop to the internet. So I rang Virgin Media on 150 and they said they would remotely reboot my router this did not happen. Normally this starts almost immediately after they say they are about to do it.

So 10 minutes later well after the delay I would expect for the router to be rebooted automatically,  I started investigating the issue myself. As I have had issues with external attacks on my network I started by disconnecting the cable to the internet.

 

I reset my Hub 3 router to factory defaults again which automatically turns on my Wireless Router. This automatically reboots the router.

 

 So the only thing which can be attacked externally is the wireless router.

 

While I am setting up the router I have 1 device attached to the router by a wired connection.

 

I would expect the routers DHCP would set the IP Address to the default 192.168.0.10.

 

But no it is set to 169.254.136.47.

 

I tried disconnecting it using ipconfig /release it returned

----

Windows IP Configuration

 

An Error occurred while releasing interface Ethernet : the system cannot find the file specified.

----

When I logged into the router an unknown device was attached with the correct Mac Address.

 

I applied an empty whitelist to the wireless connection and disabled the Wireless router.

 

And rebooted the router and the PC.

 

I then used ipconfig /release and ipconfig /renew to get the expected 192.168.0.10.

 

Once I had the expected DHCP address I reconnected the cable to the internet.

 

This took about 45 minutes, as my connection to the internet appears to now be trouble free and my usual response from Virgin engineers when I report this type of attack which I have now reported at least twice is denial that what I am saying is possible. I decided to hang up, and not wait for their total lack of assistance.

 

This appears to be a man in the middle attack with my wired connection being redirected to an external address via the Wi-Fi and back to the router through nothing but my wireless. So presumably hacked either through either some local specialised equipment or more probably a neighbours compromised Wi-Fi.

 

It also means the router and/or Virgins processes are also compromised.

 

This is a bizarre attack where using http even on what should be an internal network is open to abuse.

 

If you can get Virgin Media engineers to believe me I would be grateful. If I had not seen it myself I would not thought it credible although having worked in Anti-virus I know that almost all attacks are possible because we very rarely fix the really old stuff and we forget that it is still in use.

As was seen in the SIM hack that went undetected for 2 years as reported by AdaptiveMobile to Forbes.

0 Kudos
Reply
用心棒
  • 6.25K
  • 701
  • 2.17K
Very Insightful Person
Very Insightful Person
1,017 Views
Message 3 of 8
Flag for a moderator
Helpful Answer

Re: Logging in to Router on home network. Insecure Connections.

FYI:


A Windows-based computer that is configured to use DHCP can automatically assign itself an Internet Protocol (IP) address if a DHCP server is not available. For example, this could occur on a network without a DHCP server, or on a network if a DHCP server is temporarily down for maintenance.

The Internet Assigned Numbers Authority (IANA) has reserved 169.254.0.0-169.254.255.255 for Automatic Private IP Addressing. As a result, APIPA provides an address that is guaranteed not to conflict with routable addresses.


[Source: How to use automatic TCP/IP addressing without a DHCP server]

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

jem101
  • 2.36K
  • 275
  • 1.08K
Very Insightful Person
Very Insightful Person
1,013 Views
Message 4 of 8
Flag for a moderator

Re: Logging in to Router on home network. Insecure Connections.

I'm sorry but I've read through your posts four times and I still can't see any evidence of hacking - if you disconnect the coax cable from the Hub then it doesn't  initialise properly for a while hence the DHCP service not coming up and you getting the 169 address.

 

0 Kudos
Reply
RobinMurison
  • 5
  • 0
  • 0
Tuning in
973 Views
Message 5 of 8
Flag for a moderator

Re: Logging in to Router on home network. Insecure Connections.

Thanks!

Not a feature I was aware of.

I am slightly surprised as the Router DHCP was on by default so there is no reason the device could not see it.
I do not know why the computer would not be able to see it.

But it does explain the Symptoms.

0 Kudos
Reply
RobinMurison
  • 5
  • 0
  • 0
Tuning in
969 Views
Message 6 of 8
Flag for a moderator

Re: Logging in to Router on home network. Insecure Connections.

I was totally unaware of the 169.254.*** DHCP defaults.

0 Kudos
Reply
DJ_Shadow1966
  • 7.2K
  • 1.37K
  • 2.06K
Very Insightful Person
Very Insightful Person
965 Views
Message 7 of 8
Flag for a moderator

Re: Logging in to Router on home network. Insecure Connections.

Hello

The 169 IP address are not handed out by a router they are a function of the Operating system i.e. Windows, MacOs etc, if the device cannot get an IP address from the router the Operating System assigns that range of IP's, this IP address isn't route-able across the internet.

Regards Mike

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
ravenstar68
  • 19.54K
  • 1.15K
  • 8.55K
Very Insightful Person
Very Insightful Person
935 Views
Message 8 of 8
Flag for a moderator

Re: Logging in to Router on home network. Insecure Connections.

Lets look into your thoughts about a man in the middle attack.

1.  Each hub 3 is given a strong random wifi password by default.  So the idea of a hacker using it for an MITM attack is extremely unlikely.
2.  As discussed by the others the 169.254.xxx.xxx IP address you are given is what's referred to as an APIPA address, https://www.pcmag.com/encyclopedia/term/apipa

If for some reason the PC fails to communicate with the hubs DHCP server (for example, if it's not started yet), Windows will automatically assign the network interface an APIPA address (based in part on it's MAC address, and will check to see that no other device is using the same address.

This - combined with tools like Netbios, allows small local IPv4 networks to be set up without a DHCP server, albeit with no access to the wider internet.

A Windows PC with an APIPA address will still look for a DHCP server every 5 minutes, so once the hub is fully online, the PC should automatically connect.  Running ipconfig /release and ipconfig /renew merely short cuts the wait.  In my experience the hub takes several minutes to boot up lately.

Tim

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply