Router Settings & Users

[sswcharlie]

Hi

Using Linux Mint 17 Cinammon.

Someone is using my router unauthorised and eating up my data limits. 10g in 3 days.

My ISP will not tell me who is using?

How do I check to see if the settings are correct for security etc.
Can I tell who the users are, including myself ?

Router is a TP Link TD W8901G. Set up originally while on Win7.

Thankyou

Charles Harris

[xenopeek]

This isn't really Linux Mint specific. In any case, can you log in to the admin page of your router? You can download the user manual from TP-Link: http://www.tp-link.com/en/products/deta ... 8901G#down

Normally I'd go through these steps:

• Enable WPA2 if it wasn't enabled already, or change the WPA2 password.
• Change the admin password for the router.
• There is probably a log or overview of devices that are currently connected to your router, or have been connected in the past. Disconnect devices you are sure aren't yours. When they attempt to reconnect, WPA2 + new passwords should block them.
• If all else fails you can probably also enable MAC address filtering; allowing only devices with specific MAC addresses to connect (so you'd add your own only).

Probably best to do all of this while (temporarily) connected with ethernet cable to the router, and not using wifi.

A quick search turns up TP-Link has a lot covered in their FAQ: http://www.tp-link.com/en/article/?faqid=144

[nomko]

Use some packet/network sniffer and find out that way who is connected to your wireless network. One hint: disconnect every hardware you have like mobile phone, tablet, netbook/notebook, desktop systems.

[chiefjim]

If all else fails you can probably also enable MAC address filtering; allowing only devices with specific MAC addresses to connect (so you'd add your own only)

MAC filtering is a great tool for blocking unwanted users from using your system.

[nomko]

If all else fails you can probably also enable MAC address filtering; allowing only devices with specific MAC addresses to connect (so you'd add your own only)

MAC filtering is a great tool for blocking unwanted users from using your system.

MAC filtering is "dangerous" too. MAC addresses can be copied and used to infiltrate on a WIFI network. MAC filtering option must be disabled on routers. Not a good idea to provide such bad advise...

If you want to avoid unwanted access to your WIFI network, do this:

change the password on your router
When you change your password, the person who is accessing your network won't be able to access it again. use a mixture of numbers and letters characters and make sure your password is very long.

As example:
password: linuxmint
This is a bad password, too short and contains 2 letters which are the same: n and u and no characters or numbers. And beside that, it's easy to guess too.

A better password would be this
password: Myd0gis@g3rm@nsh3PP3rdd0g@ndtsn@m3issp@rky

( my dog is a german shepperd dog and its name is sparky )

As you can see i've used a mix of letters, numbers and characters. And it is 42 numbers/letters/characters long. Not so easy to find out.
Although some letters are used several times like the n and d, the password itself is more than secure enough.

[chiefjim]

MAC filtering is "dangerous" too. MAC addresses can be copied and used to infiltrate on a WIFI network. MAC filtering option must be disabled on routers. Not a good idea to provide such bad advise...

If you want to avoid unwanted access to your WIFI network, do this:

change the password on your router
When you change your password, the person who is accessing your network won't be able to access it again. use a mixture of numbers and letters characters and make sure your password is very long.

Dangerous perhaps, particularly when relied on as a sole measure. I also have a complex and rather long password. Used together they make logging in a bit more difficult. Reminder the intent of the OP was to block unwanted users stealing his bandwidth. Like the new neighbor who is too cheap to sign up for his own service.

Security from hackers is a different although related subject. Typical home systems would be only a minor speedbump to a determined hacker.

[acerimusdux]

My suggestions:

1. Change both the default user AND password. And for passwords, I recommend using a password manager like lastpass (available as a browser plugin for firefox or chrome) or keepass2 (available in official Mint repositories). Makes it easy to have highly secure passwords everywhere, while only having to remember one.

2. Don't allow remote login unless absolutely necessary. Your router likely has a web interface, and that should be set to allow only local access. I allow local administrative access only by 4 known MAC addresses. Yes MAC addresses can be spoofed, but someone would have to know them to spoof them. How do they get that without access to your machine? In addition to a password of course, just an easy extra layer.

3. Use WPA password encryption. A surprising number of people still use WEP which is long ago known to have been cracked.

4. Disable "plug and play".

5. Disable SSID broadcast. This means a computer won't automatically see your network. To connect from your machines, you'll have to click on the network aplet in your taskbar, and choose "Connect to Hidden WiFi network", and then remember both the name and password you chose in step 1. Once this is saved it will still find it and connect automatically.

6. Change the default IP address and the address range in the routers DHCP configuration as well. Not every home router has to be 192.168.0.1. The entire range of 172.16.0.0-172.31.255.255 is also valid for private network use. Pick something in there.

7. Visit a site like: http://www.stayinvisible.com/ and see what IP you are being seen as from outside your network. Then run a scan against that (with some routers this won't work from within the network, but try it). Just do "sudo apt-get install nmap". Then "sudo nmap 111.111.111.111" (whatever the IP was) and "sudo nmap -sS 111.111.111.111". Unless you are running a webserver, or have a VOIP phone (like Vonage), or something else unusual, you really shouldn't have any ports open to the outside world.

8. Check if there are firmware updates for your router.

9. Check your router's DNS settings, make sure it is set to use an approved DNS from your provider, or another reasonably trusted source like google (8.8.8.8 ) or OpenDNS (208.67.220.220 ).

That's probably more than enough to secure a home network.

[nomko]

5. Disable SSID broadcast. This means a computer won't automatically see your network.

That's a security risk as well. Disabling SSID broadcast means that the connecting computer and the router are signaling the whole time to eachother. A hidden network which cannot be seen by a computer will be pinged to make it hidden for the computer. That creates extra bandwidth and these signals can also be picked up quit easily and used/penetrated/hacked. Bad suggestion also.

Change both the default user AND password. And for passwords, I recommend using a password manager like lastpass (available as a browser plugin for firefox or chrome) or keepass2 (available in official Mint repositories). Makes it easy to have highly secure passwords everywhere, while only having to remember one.

It is a good idea to change the default router login and password. Using a password manager requires......a password. And it will be saved on your computer by default. Therefore accessible. Best place to keep logins/passwords: write it down in a notepad and keep that in a desk drawer. It sounds stupid and old-fashioned, but your notepad is not connected to any network, think about that

Everything sounds safe proof!

[acerimusdux]

5. Disable SSID broadcast. This means a computer won't automatically see your network.

That's a security risk as well. Disabling SSID broadcast means that the connecting computer and the router are signaling the whole time to eachother. A hidden network which cannot be seen by a computer will be pinged to make it hidden for the computer. That creates extra bandwidth and these signals can also be picked up quit easily and used/penetrated/hacked. Bad suggestion also.

It's a marginal benefit, but not more a risk than broadcast. The bandwidth used by pings is too immaterial to worry about. We're talking home networks here, not large numbers of clients.

And there has to be communication between connecting machines either way, it doesn't really matter whether the client or router initiates that. There's constant signalling either way. The communication between two machines isn't going to be more efficient one way or the other.

And sure anyone actually scanning your traffic with the type of tools used by hackers is going to see the name either way. But sometimes people don't break out those tools until they first see a network using an ordinary client. Real world, not having your network show as an option for all of your neighbors is still the best security position. If someone running "1337 h4x0r" tools can see my network name, big deal they still only see the name.

It is a good idea to change the default router login and password. Using a password manager requires......a password. And it will be saved on your computer by default. Therefore accessible. Best place to keep logins/passwords: write it down in a notepad and keep that in a desk drawer. It sounds stupid and old-fashioned, but your notepad is not connected to any network, think about that

Everything sounds safe proof!

But your notepad also isn't encrypted. These password tools store nothing without using encryption which security researchers doubt that even NSA can currently break. And when using them, people are more likely to use longer more complex more secure passwords, and to change passwords at recommended times.

[nomko]

But your notepad also isn't encrypted. These password tools store nothing without using encryption which security researchers doubt that even NSA can currently break. And when using them, people are more likely to use longer more complex more secure passwords, and to change passwords at recommended times.

I was reffering to a paper notepad! Not the notepad on your computer

It's a marginal benefit, but not more a risk than broadcast. The bandwidth used by pings is too immaterial to worry about. We're talking home networks here, not large numbers of clients.

The vulnerabitlity in this is that the signal can be picked up and used to copy all kind of stuff. Those signals contains a bit more than only a "Hee, i'm here!" notification. So, better is to leave the SSD broadcasting turned on.

[acerimusdux]

I was reffering to a paper notepad!

So was I!

The vulnerabitlity in this is that the signal can be picked up and used to copy all kind of stuff. Those signals contains a bit more than only a "Hee, i'm here!" notification. So, better is to leave the SSD broadcasting turned on.

But with SSD broadcasting turned on the signal can also be picked up and it contains the exact same stuff. and it's only the stuff that isn't encrypted that is vulnerable, thus not the data, but the stuff needed for directing network traffic (name, IP address, MAC address.) So more than the name, but still all stuff we've already said was easily discovered.

[nomko]

But with SSD broadcasting turned on the signal can also be picked up and it contains the exact same stuff. and it's only the stuff that isn't encrypted that is vulnerable, thus not the data, but the stuff needed for directing network traffic (name, IP address, MAC address.) So more than the name, but still all stuff we've already said was easily discovered.

And therefore there is no benefit at all to hide your SSD.

[acerimusdux]

And therefore there is no benefit at all to hide your SSD.

Little to no benefit at little to no cost. I don't think it's worth the trouble on a larger network. But on a very small network, I still do. You aren't hiding anything from anyone who's actually looking, but there's still some benefit in hiding from those who aren't looking. But it's at best as effective as hiding your valuables under the seat in a parked car. Anyone actually looking is going to look under the seat.

There is equally little benefit to number 6 above, changing the network IP address range. Anyone scanning the network will see those as well.

Far an away the most important suggestions there are the secure password, WPA2 encryption, and disabling remote login if possible. If you want to keep it simple, you can stop right there. And for most people, the single most effective thing they could do to improve their security is probably to use a password manager.

[DrHu]

If I suspected that, first I would change the routers (default) password; you are allowed to do that
--use longest password available, and connect directly to router without internet connection via an Ethernet cable
http://www.answersthatwork.com/Download ... resses.pdf
--the forum may remove/block this list (which is fine with me..), but you should know they (passwords lists) for routers exist

Step 2, what everyone else suggests..
--more monitoring of your system to see traffic/connections

And your wireless should be wpa mode
--today that will usually be the case; you can change wpa key (password, and again use the longest (MAX) size available and preferably a random one, or a passphrase which will be fairly random as it won't make up a dictiuonary word (use each beginning character of your passphrase)
http://www.symantec.com/connect/article ... -practices
http://answers.microsoft.com/en-us/wind ... 825090b810