Bandwidth Theft in South Africa

[w1z4rd911]

I discovered today that I have been a victim of bandwidth theft. Someone got my ISP details from my modem somehow and used up my whole cap in 72 Hours plus he used my backup bandwidth as well, so I was capped off to local uisage only. This killed a few business deals I had this weekend.
Has any one else suffered from this. Telkom is investigating and tracking them down as they have their own means of catching these thieves.

[Abatis]

just please do yourself a favour, and change the username and password on your router!!!!!

[Jonboy]

We had a guy that hacked into our office VPN and used 4 of our 12Gb one time. Just changed passwords and upgraded security, sorted.

[Hex_Rated]

admin
admin

Where you using wireless with encryption? Even WPA can be broken now... I don't know about WPA 2. If you're running WiFi to distribute the bandwidth to the office computers it's most probably someone in the vicinity. Or a wardriver.

[Jonboy]

We can only assume it was someone in one of the other offices because our offices are situated in a highly built up area and the wireless router only picks up signal within about 50m.

It was before my time but apparently at that stage there was no encryption, kan jy glo!

Out of interest, what's a wardriver?

[po10cy]

we also had someone chowing our bandwidth, 20gb used in less than 5 days, username and password change seems to have sorted it.

[bosaap]

There is so many ways of securing your internet and account........
You will be so surprised to know how many ppl leave their routers user name and password defaulted. And the wireless unsecure ..... even if u have WPA on and the crack the password you can setup other securities like only MAC address can connect.....

Just walk around and see how many wireless networks is out there and you will be able to connect to at least 40% of them as they have the simplest key or there is no security on......

[Hex_Rated]

Out of interest, what's a wardriver?

Ask KB

Joking. It's someone who drives around with antennae on his laptop and searches for wireless networks, hacks them and supposedly stores their GPS co-ordinates for later, when he feels like downloading some bestiality/movies/games etc.

KB is a "white hat" wardriver though, so he doesn't abuse the system or steal bandwidth.

[Hex_Rated]

There is so many ways of securing your internet and account........
You will be so surprised to know how many ppl leave their routers user name and password defaulted. And the wireless unsecure ..... even if u have WPA on and the crack the password you can setup other securities like only MAC address can connect.....

Just walk around and see how many wireless networks is out there and you will be able to connect to at least 40% of them as they have the simplest key or there is no security on......

It's very easy to spoof MAC addresses. The hacker can listen to the traffic and pull the MAC addresses out of "thin air" and set his card to use that MAC address.

[RuadRauFlessa]

And that is why I never run with a default setup on a router and why I don't employ 802.11a/g at home.

[Kasyx]

A lot of the time one doesn't even need to go wardriving. One can just do a port scan on one of the Telkom/IS IP ranges searching for open http (port 80) ports. Most routers seem to allow external http connections by default, so all they have to do is connect to your IP through their browser and, if you haven't changed the default router password, they are in. Most routers don't encrypt your ISP username and password, meaning one can merely check the source of the page and get your ISP password.

My suggestion is to disable external access to your router. However, if you need external access, change the port it operates on (maybe to 443 or something similar). You also need to change your router's default password and, if you think you have been hacked, the password on your ISP account.

[bosaap]

There is so many ways of securing your internet and account........
You will be so surprised to know how many ppl leave their routers user name and password defaulted. And the wireless unsecure ..... even if u have WPA on and the crack the password you can setup other securities like only MAC address can connect.....

Just walk around and see how many wireless networks is out there and you will be able to connect to at least 40% of them as they have the simplest key or there is no security on......

It's very easy to spoof MAC addresses. The hacker can listen to the traffic and pull the MAC addresses out of "thin air" and set his card to use that MAC address.

Yes I know but you have that extra security and will take longer to crack.......

[Hex_Rated]

Remote admin is something you should avoid like the plague if you can. Disabling external ping also works well. Probably prevents 90% of the attacks. A ping sweep will (eventually) reveal your PC to the hacker if you allow external pinging.

Yes I know but you have that extra security and will take longer to crack.......

Very true, some things prevent most of the attacks. Unfortunately a determined hacker will be able to get through. A script kiddy will probably fail.

[RuadRauFlessa]

There is so many ways of securing your internet and account........
You will be so surprised to know how many ppl leave their routers user name and password defaulted. And the wireless unsecure ..... even if u have WPA on and the crack the password you can setup other securities like only MAC address can connect.....

Just walk around and see how many wireless networks is out there and you will be able to connect to at least 40% of them as they have the simplest key or there is no security on......

It's very easy to spoof MAC addresses. The hacker can listen to the traffic and pull the MAC addresses out of "thin air" and set his card to use that MAC address.

Yes I know but you have that extra security and will take longer to crack.......

Just change the WEP key once a month. Or simply disable the wireless and get a 100Mb/s connection to your router with a CAT5e or CAT6 cable.

[Kasyx]

Your average wardriver is probably way too lazy to take the extra time to crack additional security measures. More often than not they will probably just leave it and move on to someone else's (less secure) network.

[Jonboy]

This may sound kind of daft, but does the same concept apply to utilising bluetooth on one's cell? Could somebody use my data bundle in the same way?

[Hex_Rated]

I think it's possible in theory, they would have to spoof your SIM card to the network somehow. On second thought, I don't know if that's possible. They'd have to get the SIMs S/N (which is possible with an AT-Hayes command) and probably some more info (which I don't know if that's possible) and then they'd have to program a separate SIM with the details of your SIM.

[bosaap]

I dont know about the bluetooth.
But with wireless you can also just hide the network name for the wireless that way no1 can see it. ANd setup every1 that needs to connect manually rather than auto detect

[po10cy]

it is actually possible with bluetooth to use your phone BUT the only way that words is if they use software to access and control your phone thru bluetooth, so your phone literally dials the numbers and calls out and then they listen thru their phone like a bluetooth headset.

[Kasyx]

This may sound kind of daft, but does the same concept apply to utilising bluetooth on one's cell? Could somebody use my data bundle in the same way?

As far as I am aware it is, theoretically, possible, however the number of people in SA who have the ability to do it is so low that the chances of one of them actually going for your phone in particular is probably akin to winning the lottery.

[RuadRauFlessa]

This may sound kind of daft, but does the same concept apply to utilising bluetooth on one's cell? Could somebody use my data bundle in the same way?

As far as I am aware it is, theoretically, possible, however the number of people in SA who have the ability to do it is so low that the chances of one of them actually going for your phone in particular is probably akin to winning the lottery.

Wahahaha. That is like an impropability factor of 1045234567^23414134:1

[Mow]

Guys seriously . Cracking WPA is possible but its not a case of run a script and it works. It takes time , depending on the specs of the machine .. anywhere from an hour to 12. You also need atleast two wireless interface preferably on two notebooks cause running it on one will futher increase necessary processing power. Interestingly enough , GPGPU acceleration has dropped that hour to around 2min. But its still very experimental.

As for mac spoofing ... Dude this can be done in less than a minute. Dunno if you guys have realized but all wireless devices have a transmit power control feature. This is there to help limit the wireless signal to your property . Decrease the size of the wireless cell and you decrease wardriver access.

99% of the time this so called bandwidth theft is due to torrents , windows updates or a lazy admin. Also be reasonable if you decrease the size of the cell to what you need and run WPA 2 the odds of them getting in through your wireless is slim to none. If you are still paranoid after that you can look at a radius server , but good luck with the configuration.

Jonboy,

I doubt there are many guys with that kinda skill. Hacking a VPN is leet. so much so dude if its ipsec and you guys are running SHA im gonna call you a liar. Because SHA was only recently compromised in a lab environment using something close to a supercomputer.

Kasyx,

Dude a router that allows remote http access by default is failing at is only purpose .... security. I have never seen one with this enabled as default.

[Kasyx]

Http access allowed by default? It's more likely than you think

I know some Billion routers come with external access enabled by default. Mine did.

[RuadRauFlessa]

Http access allowed by default? It's more likely than you think

I know some Billion routers come with external access enabled by default. Mine did.

Mine 2

[Mow]

Maybe get a real router then . chuck the lucky packet stuff you got.

edit.

do you know how easy it would be to write a script that scan telkoms ip range . tries to log into any wan address it finds and collects login info !!!!!!!!!! I could have a thousand accounts in a day or so.