cancel
Showing results for 
Search instead for 
Did you mean: 

Keep getting hacked

Grafter
Posts: 38
Registered: ‎19-01-2019

Keep getting hacked

Hi,

 

I keep getting hacked and I believe its number 16, 18 and 9 in my street. Here is evidence and this mac 20e5170c0f3c does not belong to us (they even booted me off my router admin page when I was seeing who was on it). Can you please do something about this? It is getting very annoying and they already broke one power line adaptor ( I believe they are using wireshark to crack the wfi , as wireshark is a well known hacking tool for cracking wifi passwords). I don't believe they have the knowledge of Kali Linux and how to use its tools. I keep changing the router password etc, but they just re-crack it. They have even read my emails so I changed my passwords. I know this as they are uni students with big mouths and I over hear everything they say. I heard them mention my password and other stuff, they have been causing problems since I reported them for there noise, we have had problems with uni students since 2007 (when the college got uni status 2007). I also want to add they are hiding from the router detecting them from being picked up via the admin page, but I can can still scan the network and see who is on it etc. I even have it set so only binded macs are allowed yet they are getting on.

Thank You

 

Wolfheart

wolfheart@wolfheart-GE60-2QD:~$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0
0.0.0.0 192.168.0.1 0.0.0.0 UG 600 0 0 wlan0
0.0.0.0 192.168.0.1 0.0.0.0 UG 601 0 0 wlx20e5170c0f3c
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlan0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wlx20e5170c0f3c
192.168.0.0 0.0.0.0 255.255.255.0 U 600 0 0 wlan0
192.168.0.0 0.0.0.0 255.255.255.0 U 601 0 0 wlx20e5170c0f3c
192.168.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 wlx20e5170c0f3c
192.168.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 wlan0
192.168.250.0 0.0.0.0 255.255.255.0 U 0 0 0 anbox0
212.227.81.55 192.168.0.1 255.255.255.255 UGH 0 0 0 wlan0
wolfheart@wolfheart-GE60-2QD:~$

 

39 REPLIES 39
Anonymous
Not applicable

Re: Keep getting hacked

There is nothing that Plusnet can do about this as security is in your remit not theirs so contact the Police.

https://www.legislation.gov.uk/ukpga/1990/18/contents

Plusnet Help Team
Plusnet Help Team
Posts: 8,115
Thanks: 982
Fixes: 399
Registered: ‎01-01-2012

Re: Keep getting hacked

Thanks for getting in touch.

As per the advice above I'm afraid there isn't anything we can do regarding this. The best bet would be to contact the Police

If this post resolved your issue please click the 'This fixed my problem' button
 Matthew Wheeler
 Plusnet Help Team
Seasoned Pro
Posts: 490
Thanks: 264
Fixes: 5
Registered: ‎25-09-2015

Re: Keep getting hacked

@wolfheart, can you explain exactly what you believe the routing table you pasted shows? I'm not sure it shows evidence of hacking.

Have you tried disabling WiFi, ans seeing what the routing table looks like then?

Grafter
Posts: 38
Registered: ‎19-01-2019

Re: Keep getting hacked

@corringham  this wlx20e5170c0f3c does not belong to anything in my house and i am sure if you take away the wlx you get the mac address. For some reason they are bypassing the arp mac bind (so only certain devices may connect) and cracking my wifi password. It does not show as a device connected in devices connect page, but when I do a route i found that on my network. They have even deleted files off my computer, (I had radionics settings for healing my friends daughters and they gone and other stuff). They also keep disconnecting me from my network. I have a good idea who it is, i believe its university students next door to me, as I have overheard them speaking about my email password and dropbox password etc. Its also a brand new router (TP-Link Archer c5400 v2 and with latest firmware). I have only had problems since i reported them for noise at unsociable hours. I have also contacted the police and the University itself.

Seasoned Pro
Posts: 490
Thanks: 264
Fixes: 5
Registered: ‎25-09-2015

Re: Keep getting hacked

@wolfheart, yes I believe you are probably correct that that it is a MAC address, but the route table doesn't show connected devices - it shows routes.

That entry simply shows that there is a default route set up, which is quite normal - it is quite possibly the WiFi interface itself.

Individual devices wouldn't show up in that table.

Moderator
Moderator
Posts: 30,086
Thanks: 3,183
Fixes: 488
Registered: ‎14-04-2007

Re: Keep getting hacked

Putting 20e5170c0f3c in here fails to produce a hardware result.

Customer and Forum Moderator. Windows 10 Firefox 84.0.2 (64-bit)

Seasoned Hero
Posts: 5,763
Thanks: 2,548
Fixes: 168
Registered: ‎30-06-2016

Re: Keep getting hacked

The first question that comes to my mind is are they getting into your network through WiFi or your powerline  devices mains carried data. It is not uncommon for these to accidentally connect to neighbours units, let alone deliberate action. Have you changed the passwords in these? Have you tried working without the powerline units by replacing them with Ethernet cable?  

Anonymous
Not applicable

Re: Keep getting hacked

@Baldrick1 as far as I am aware an immediate neighbour wouldn't be on the same phase as you so the powerline adapters may not be an issue.

Seasoned Pro
Posts: 490
Thanks: 264
Fixes: 5
Registered: ‎25-09-2015

Re: Keep getting hacked

@Strat, that's a good point. However I still think that the wlx20e5... is an interface on the router, and nothing external.

Does anyone else have a TP-Link Archer c5400 v2 who could check their routing table? I think the one posted above is quite normal. The Archer V2 is a very competent router, and so is likely to have a more complex routing table than cheaper routers so that it can cope with VLANs and VPNS etc.

As long as a secure WiFi key is used, I think it unlikely that it could be cracked easily. I'm familiar with Wireshark , and it wouldn't help hack with a secure connection as any keys would be encrypted.

So the only possibility I can see is that the powerline adapters are a weakness. I'd stop using those just to be sure.

Grafter
Posts: 38
Registered: ‎19-01-2019

Re: Keep getting hacked

@corringham That mac address is not any of my devices, not my router or modem, it matches nothing in this house. I know the mac addresses of my router and modem.

 

Also as for the powerline adaptors the other ones we have are working fine (both tp-link ones, the one that got broken was a netgear and someone had changed the password etc). What i found rather odd also (the netgear adaptor is now in the bin, as it completely stopped working and i lost my temper with it since it no longer was working and threw it at my bedroom wall and managed to break one of the metal parts of the plug lol

Seasoned Pro
Posts: 490
Thanks: 264
Fixes: 5
Registered: ‎25-09-2015

Re: Keep getting hacked

@wolfheart, it is actually a network interface, the name is sometimes formed from a MAC address but doesn't have to be. It can only be something built into the router, and its likely to be visible only in the routing table.

Any external device (e.g. someone else's computer) would route through one of these interfaces (wlan if connected wirelessly), and wouldn't appear in the routing table.

It is quite possibly a logical interface used in conjunction with VLANs or VPNs.

Seasoned Hero
Posts: 5,763
Thanks: 2,548
Fixes: 168
Registered: ‎30-06-2016

Re: Keep getting hacked


@Anonymous wrote:

@Baldrick1 as far as I am aware an immediate neighbour wouldn't be on the same phase as you so the powerline adapters may not be an issue.


See https://community.plus.net/t5/Plusnet-Blogs/Powerline-Adapters-Make-Sure-you-use-Encryption/ba-p/1319916. The assumption that neighbours will be on another phase is conjecture. 

@wolfheart

Just because your Powerline devices are working doesn't mean that they are not also linking in to a neighbours. Again, see the above link.

 

Anonymous
Not applicable

Re: Keep getting hacked

@wolfheart, can you please explain exactly what you mean by:

For some reason they are bypassing the arp mac bind

I think you may be reading too much into this so an explanation of the above might help. But if you are confident that your network is being breached then I will refer you back to my original post on the matter.

 Edit:- Corrected Typo.

Anonymous
Not applicable

Re: Keep getting hacked


@Baldrick1 wrote:


See https://community.plus.net/t5/Plusnet-Blogs/Powerline-Adapters-Make-Sure-you-use-Encryption/ba-p/131.... The assumption that neighbours will be on another phase is conjecture.

I am more than willing to stand by what I said and having read the article it was one of my neighbours and not the immediate I cited. I know for a fact that my immediate neighbours to my left and right are on different phases from me. But equally I also know that I share the same phase with another opposite.