How to tell if your Wifi is hacked?
ฝัง
- เผยแพร่เมื่อ 1 พ.ค. 2022
- How to tell if your Wifi is hacked? In this video we demonstrate changing your passwords and detect nmap scans and hackers with Wireshark.
Get CrowdSec for free: crowdsec.net/?mtm_campaign=PC... (sponsor)
Wireless Network Watcher: www.nirsoft.net/utils/wireles...
Wireshark: www.wireshark.org/
Buy the best antivirus: thepcsecuritychannel.com/best...
Join the discussion on Discord: discord.tpsc.tech/
Get your business endpoints tested by us: tpsc.tech/
Contact us for business: thepcsecuritychannel.com/contact - วิทยาศาสตร์และเทคโนโลยี
The easier way is to turn off all your wifi devices and then look for any that are still on , after that block that MAC address
Very good tip here. Had to do that last year.
Ok strategy for a personal network, but not very useful in even a small network with employees. Have you EVER gotten full user compliance in ANYTHING?
How are you going to look for any that are still on when all your devices are off?
@@StefanVeenstra I think that is obvious. Look with a wired network device, or connect with a known wireless device.
@Dacia Sandero guys That’s because the strategy is backwards. Generally, you block ALL MAC addresses and authorize specific MAC addresses.
Besides, MAC addresses are hard coded into network hardware. They can be specified in virtual hardware, but if you show me a lot of 10 year olds who know how to do that, then I know you are an alien from another planet.
Very helpful as always. Much appreciated. Your tutorials give a very detailed and thorough insight into the complicated world of PC security, but you offer step by step guidance. Thank you.
Disabling WPS on the router is a good way to keep out less skilled intruders. I would say that it is the main entry vector for this kind of individuals.
I totally agree. Also Upnp is worth disabling
how do i disable it?
@@alessandro3950 UPnP is only works if devices is connected through the router usb port right?
@@arikowidtrash7074 hackers can use upnp the fingerprint the router model
Honestly, with the abundance of free tooling. Evil twin attacks are the easiest and most common way to hack wifi
2:15 no wrong. Not all NAT routers use that as their Default LAN IP Address.
you no nothing thats why your here watching this..
2:07 that is not correct. Router configuration page usually depends on the gateway IP address of your LAN
Technically, yes, but most home users will be able to access their router at the same address as shown in the video.
I also noticed this error. I have routers that ends with 1.1 but also 0.1.
I too thought that was a very strange and broad assertion to make.
I have two routers, one has 1.1 and other has 0.1
@@shushrutgupta I think you need to set the ip of the 2nd router in line with the main router, if main router ends with 1.1, 2nd router must be 1.X
You should scan with monitor mode to see what your wireless traffic is really doing. Your devices may be talking to other things that its not showing you. TP link switch has a Storm control feature, and if youre concerned what your NVR for wireless cameras is talking to, you can use port mirroring on the TP link.
Technical jargon overload 😄
Yo English for us idiots please 🤣🤣🤣
@@swinganamiss1194
wheres the any key?
I used aerodump-ng to see see my own data...the thing is, I can't actually see my own data anywhere. It's nowhere to be seen. All other neighbors data shows up (encrypted) but i cannot figure out why I cannot retrieve my own data over the air.
I can't possibly be hacked since I hooked up with a Microsoft certified technician level 3
He had heavy Indian accent, but I bet it is a question of foreign talent, he said he is sitting in Atlanta.
Anyway, for only 299.99$, some personal information about myself to verify my identity and his help with my bank account, he installed a internal version of anti hack tools direct from a secure Microsoft server.
All foreign IP addresses begone.
Screw you AVG, Bitdefender and so on, pffffff.
🤣🤣🤣
He has to be a kindly sir
Lol
His company is closing now they will call you to give you a refund
Was his name Jack by any chance? I think I used the same guy as you!
A simple way is to whitelist the mac-addresses of your devices. Then if someone has your password, they can't connect, unless they clone one of your mac-addresses and connect when that device is not connected. Not impossible to connect to such a network, but as in the physical world, security is a layered approach.
Take into consideration that it is possible to change your MAC address.
Thanks, that was very helpful.
Does it necessarily to have SSL on the router? I still have to use the old one from my internet provider (gpon to eth + wifi combo) and it doesn't have the SSL
In entrusting your recommendation, I downloaded and extracted nirsoft's .zip package to my computer system -- which subsequently triggered a virus threat warning by Microsoft Defender. I proceeded to run a separate scan with Malwarebytes, and one of the included files was flagged. Whether a minor or major penalty, the circumstance is disconcerting.
I never been hacked before until this year this helped me alot
I love DEVs answer and i was thinking the same thing. If someone is able to get on your wireless network they may also be able to completely take it. At that point they could set up a decoy for you and most likely you would never know it especially if your connection is high speed. Monitor mode, pcap, ident, then prepare an offensive. Setup a staged payload and set your preferred damon to listen on the port your new friend is connected to and promptly bump them off. When they reconnect you should have a shell on them. Happy hunting
saying "this is going to be the home address for every router on every network" is a pretty bold statement to make
As a Avast user I've been getting alerts that say someone is trying to scan you network for open ports idk what this means but I just hit block is that a good thing?
If your router is affected by several well-known vulnerabilities changing your password isn't sufficient.
Yeah you should update the firmware off your router & ban the MAC address of the device that shouldn't be on your network or you can whitelist only your devices to be able to get access to the internet on your router. 3rd party firewall & antivirus is a must .02¢
You need to kick the intruder first. Change the password, reboot the router. On the reboot, update the router if possible and check the settings. If your router does have those vulnerabilities, you'll need to replace the router, but you'll force the intruder to re-hack the system in the meantime, and they may not want to spend the time to do that. That will also give you a chance to check all your machines for malware or remote access software.
@@1slotmech This thing is pain in the a**...
First of alll Manufacturers always release update 2or 3 times per router life cycle....
2.Finding a Custom firmware supported routers even worse of it..most ofgood router even doens't support custom Firmware...
3.As year passing it's hardware and software performance decrease,and by it you are being forced to buy a new one!!💀🤔
@@iceManSwag even some devices now use random mac address at a time for privacy, it was effective before but not now
I have known some ISP routers to use .254 as the IP address
Our current ISP router is one example (although i have my own router piggy backing off of it, which is one i bought from Amazon, my router is in an upstairs room (so that i get good WIFI coverage in most rooms in the house, except for the kitchen (which is where the ISP router is), the WiFi completely drops out when i step into the kitchen), my router actually prompted me to set my own SSID and password when i set it up, and also to set my own admin password (and gave me the option to change the admin username))
And one neat feature of my router (not the ISP one) is the smartphone app, which can display a list of all devices on the network, and if they are connected to the 2.4Ghz or 5Ghz band, or if they are connected using Ethernet
I am impressed, you closed every open bracket. It's how I knew you weren't using parentheses.
Using DHCP reservations as you add each device to your network and assign them an IP Address outside of the DHCP dynamic range. This allows you to account for everything in your list. For instance, if the DHCP dynamic range is 100-150, assign devices to 2-99 and 151-254. It's a bit of work to make sure you only assign devices you know about (you basically need to ping them, power them off, ping again, and see that they do not respond, etc., one device at a time).
this sounds like actually smart
Some routers do not allow that - the reserved IP addresses must be within the DHCP pool.
Could you make a video reviewing Loaris Trojan Remover? I am very curious how it stands up to your expert testing
Thanks for your sharing
I have a question... If I activate MAC Address filtering to only accept those that I manually input there, and the router connected clients list only list those devices I let in, is it possible that another device is connected and using my network/internet even if it doesn't show on the list?
Easy way? Unplug the router. If your neighbor starts cussing like a sailor during the football game, your wi-fi is probably hacked.
Is there any tool to log all IPs during a certain PPERIOD of time, (a week)? because the intruder may not be on at the exact time I'm searching
Very good video. It helped me out because there was some unknown connected to my network.
Is there a video about the laptop/pc to see if there is some hacker activity?!
How about a video about phones being hacked?
I would love to verify my other devices and this video was perfect helping out with my Wi-FI hack
@Cherish God Looks like your neighborhood are dangerous....
What's your defense guide?
The amount of times i've been able to log into a users router with default credentials is too damn high.
Ya it's really high
For some reason I cannot see data/packets in airodump-ng nor wireshark for only MY wifi network. I can see activity on all other networks around me. But I am looking to retrieve and export my own data for cybersecurity. I even tried wireshark to scan the entire surroundings, but my data/packets simply never shows up and is mentioned nowhere. Literally there are no packets being broadcasted in any of these programs/tools under my Wifi network. I just don't know why?
Hacking WiFi WPA2 AES with a secure password (16 characters) is extremely difficult if not nearly impossible. Make sure you're using a unique custom created SSID (network name) AND a secure password of 16 characters. Both are used to generate the key. If you use a common SSID or the default SSID, it will be much easier to crack. If your routers firmware is not being updated anymore, you need a new router because these regular updates fix security vulnerabilities.
AES itself hasn't been broken (think it was up to 42 bits) but WPA2 has all the vulnerabilities that make the AES protection useless.
Otherwise AES-128, let alone 256, is impossible to break with current tech.
Their exist vulnerabilities in some big branded routers that allow through an Android phone with ROOT & application to scan the routers around you it will give you then a list of routers that can be hacked. Some of them you will be able to break in seconds. So the password won't help the app will show your password. Also have you changed the routers admin password.
@@rautamiekka Hahahaha we can't say even WiFi alliance is how much protecting with daily Zero day vulnerabilities in WiFi security protocols...
How much WPA3 is good till today?
2:20 - Routers do not all share the same IO address or have I missed something? It's dependant on the CiDR range that your router's been assigned??
What are the random networks that show up on my networks list I live in a rural area with only 1 neighbour, I know their network name cant even catch the signal for it but bunch a low signal networks show up magically ?
what would be a normal number of "arp" probes / requests per hour ?
Wow, very cool video! Looking to learn more about this topic
The main thing that I dislike about my mesh networks (I have had 2 and they are both the same) is everything needs to be done through an app and most of the settings are not available.
dude this is kinda scary,,,,,my wifi has been acting up and then I get this video recomended to me ...
Love your videos, but I'm scratching my head on something. The default nmap usage should only scan a few common ports on the specified ip adress, why are there so many ARP requests? I know that you can do a device's scan by specifying ip ranges, but that is not the default.
When I lived in a small apartment I turned down the broadcast strength so you'd have to be standing nearby to get any use out of it.
no all router let you set
But... what would be the solution? Scanning all devices for malware? Changing wifi password?
kick attacker from wifi and change password on router and network
@@user-yt4rs7ig1i Thank you for your answer
@@user-yt4rs7ig1i how do you kick the attacker from wifi? I changed wifi and router passwords and immediately after reboot I saw a computer connected which is not mine
@@DragFitness you sure it's not your computer?
I don't know if nmap gives mac adresses but if it doesn't you can set up mac filtering.
When I type the main IP into the browser address bar and hit enter, it gives an immediate warning. "your connection isnt private : hackers might be trying to steal your information: passowrds etc. ?
So unfortunately I can only choose Immunet or Windows defender which one is better In terms of malware Spyware and ransomeware
Any way to increase the bandwidth or bufferbloat by this ZTE 🤔 router page
Can they scan your network for devices if they aren't on the network?
could you do Avast one ransomware protection vs ransomware?
Can you please tell us your opinion about VPN: which are reliable and not collect u`r data. Thank you!
Some routers require you to enter the specific port along with the IP address to connect to it as well.
Most consumer routers don't do that.
Netcut is easier to use. You have to keep it running though.
Subscribed BUT I can't see the screen for $hiit because on phone 📱.. How can I see this without a laptop pls... Are what you're talking about apps to use ? ... Need to return. Thx
Hey just a warning I put the wireless network watcher.exe file through virus total and the hash comes back as malicious, is there a better program to use?
Great timing! Recently, I noticed some systems connected to one of my wireless networks with "*" as the hostname. As a result, I have no clue what the system is. I've tried using nmap to help identify the type of device those "*" entries might be but without any luck. :( Any ideas on how to identify these devices? They might be legitimate devices but just aren't identifying themselves. Thanks!
Get MAC of this devices and go check them on some MAC to vendor site. It could help you identify what is it. May be your washing machine 😁
@@_-_ttt_-_ Oooohhh, brilliant! I'll give that a shot. Thanks!
@@_-_ttt_-_ Thanks again for the tip! Turned out one of the devices is an Amazon FireTV. :)
@@TheCocoaDaddy you're welcome :)
Hmmm how do you track your wifi in wireshark though? I don't have that option
Can you please make another video like this that utilizes Android apps to your mobile phone by utilizing useful tools to see whether or not you're network is compromised to your mobile phone via Android or Apple
I wish he would answer your question! I need to know what to do on my android too!
This actually happened once. It was funnily my neighbour. I was shocked.
My problems the routers wifi my cellphone computer said check your wifi connection i. Went to redo the password it worked
I have modified USB LTE modem - how to check if everything is alright?
Does changing your IP adres of the router make it harder for these attacks
If i factory reset my router is there any Malwares so will it be removed
I never pictured you using a ZTE router Leo, I always pictured you using a Netgear lol.
Sorry for the wierd comment lol.
Can I prevent this type of attack by disabling SSID broadcast?
can i detect or remove a keylogger from my device , is there any free tool that will help me to do this ?
This will help you find basic attacks and unauthorized devices on your network, but it's far from perfect and not guaranteed to find all attackers. For instance, if I were to attack your network, I would first scan for all devices connected to your network, find a device that's always connected via WiFi but a device that is most likely not used very often or would go unnoticed if it were disconnected (maybe a smart TV or smart refrigerator). Then after cracking the wifi password, I would forcibly kick the target device off the network and clone it's Mac address so when I connect, it appears I'm that device I just kicked off. When you check the devices connected to your network, you won't see any unauthorized or suspicious devices connected because I'm now impersonating the target device.
But how do you even crack the wifi code?
@@chubbycheeks2731 you capture the wifi password hash, which is the encrypted form of the wifi password and is transmitted anytime a device connects to a wifi network, and then you either brute force attack the hash by guessing every letter/number/special character possible for each position of the WiFi password (which has a minimum length of 8 character, and most passwords are between 8 and 12 characters), or you use a dictionary attack which is a huge list of words and previously leaked passwords (usually billions of separate possible passwords in a list) and it goes through each one trying it against the wifi hash until it finds a match. This might sound like it would take forever, but a single GTX 1080 Ti is capable of testing over 500,000 wifi passwords per second.
@@bluegizmo1983 so how long would it take a pc with 1080ti to crack a password with 12 letters , and would it make it harder to crack if we used unique characters such as ş , ç , ı , ö , ğ , ü ?
@@chubbycheeks2731 WiFi passwords can only contain upper and lowercase letters, numbers, and the normal keyboard special characters like @ $ _ - ! ect, and must be between 8 and 63 characters long. Assuming a 12 character password of the entire available character set, using a brute force attack would be unfeasible. Now, if that 12 character password is a reused password that has shown up in a data breach before, then it becomes feasible using a dictionary attack which would possibly have the exact password from a previous data breach somewhere. The longer the password, the hard it will be to crack, and using special characters helps, but longer is better, and never reuse passwords. Most people set wifi passwords as a single word, usually lowercase, with maybe a digit or two at the end. Or sometimes two words combined, with a capital first letter. It's usually always as short as possible and easy to remember. Those are all trivial to brute force or dictionary attack.
@@bluegizmo1983 Ok ....
Are you using new router or old one still?
Could you test Tronscript vs an infected machine
Doesn't really tell you how to identify a device. I have many smart devices so it is difficult to tell what device is what on my network. Any tips?
Get the MAC of the device in question and go check it on a MAC address to vendor site.
Can you please do Kaspersky vs Emotet please?
I don’t have a Router. I have a Gateway. My internet provider did this change. I want to buy a Router because they no longer supply, sell or ré one de one. Customer service told me to go to Best Buy and have them call the Routers manufacturer for compatibility w
It’s the Gateway. In this case how do I check? Your IP’s aren’t recognized. If use My IP website, it gives me a long string of Random letters and numbers. I also have Windows 11 PTO NT ( beta
a ).
Some people use their phone number as a password for their rounter's UI. That's very convenient lol
yesss i love your video'
Im having an issue with this, I just factory reset my router so it should be at the factory default however the default admin and password on the router still are not working can anyone help?
Hii Leo appreciate your work 👍👍👍...I have a request for you can you pls test out the Net Protector Total Security Av this is from India....bcos in India a lot of people recommending this to others...hope you do that ❤️
Can I run crowdsec locally so that it monitors and alerts me against such packet storm events?
What you mean by packet storm? ....
Inside of network? DoS?
If I do see a packet storm attack on my network, how can I block it?
How do you get wireshark to show you entire network like in 5:10? Usually it would only show you your own computer and not other devices.
to be honest, i was waiting from someone to complain about that. he’s doing it in linux with a wlan card that support ‘promiscuous’ or ‘monitor’ mode, so he’s able to see everything in the air crossing his computer. not all wlan cards support this feature and it sounds like yours may not
@@njemtrn1129 Thanks for info. Well, to be honest, I only have desktop at home, not laptop so I don't have wifi at all. Just good old reliable cable.
Turn off dynamic IP. Hard code every IP to a mac. Make a list of MACs. If you see an IP not in the expected range, or with a questionable MAC, then some unknown device is using your network.
You can also use Fing to diagnose what types of devices are connected to your network.
MAC addresses can be spoofed though
That's great if you don't plan on having any guests over. But if you have actual friends and have them over for a party or something, hard coding all the MAC / IP combos is a pain and not needed.
@@1slotmech That's what a guest net is for. And with certain routers you can get "pinged" when a new device is found on the network.
@@MalamIbnMalam If you have two devices with the same MAC then communications will be unreliable unless the fake MAC is in receive only mode. Then that second fake MAC is sniffing for data. But most of it will likely be encrypted against man in the middle attacks.
Makes sense static IP may be won't let connect to the network if DHCP server is off 🤔?
Why not test windows security against some malware samples?
Change the wifi password, but they can reconnect using android QR code right?
I have this app called fing that detects devices on my Wi-Fi and there’s a device named Ubuntu it later changed to Ubuntu router can anyone help explain what it is or if someone’s hacking me Id really appreciate it
Nice
Yepppp
you can also know when you get a notice from your isp for activity you did not do or if the police raids you for downloading some really illegal stuff
Wut 👀
I am wondering why I can’t reach this domain?
But... If you shown how to enable MAC filtering on this video along with WiFi password change, then I think video is complete.
A blocked Mac is not a 100% because with the proper tools a Mac ID can be spoofed.
However that is a good fact finding start.
Title:
Me: Thanks for hacking my wifi, Leo -_-
Ahh, BEAUTIFUL. Locked my router down, just trusted devices allowed to connect now. Manually checked every single one, tagged them. Nothing else allowed, found 2 suspicious ones always connecting that were not part of my household.
Also, if your credentials aren’t working for the router, it’s possible that someone has changed them. The best way to get Around this would be a factory reset of the router!
"The only way" i would say
@@ducki8845 Not necessarily, your router's firmware could have an unknown exploit that could be used to bypass 😉
But yes, it's basically the only way to do it.
My internet provider here in Brazil is the owner of the router. Anything router related has to be done by them
I literally read that as "is your wife hacked?" 😂😂
Insomnia messing with my mind
😎👍👍👍Thanks
How do you do this on Android phone???
With that Wireless Network Watcher tool, I can't see my iPhone, but the Samsung is showing!
UPDATE: Ok, it showed up, but it comes up but takes a while for the tool to pick it up.
One time I changed my router credentials and I forgot them and I haven’t been able to get into it since and it’s been probably years. I don’t know what to do
Usually routers has a small hole in which you can insert a needle (or anything thin and pointy) to do a factory reset.
@@microsoul669 yeah but then everyone will be disconnected, password would be reset and it would be chaos. I haven’t been able to do a router firmware update in a while and I feel like it needs one
@@Akotski-ys9rr Do it .. update it..
And configure it..
@@BunnyBugs009 I mean not really my problem anyway. Nobody cares for the wifi here anyway.
if you are lazy like me, you just arp -a from the command prompt if you get an unknown ip other than your router within the lan subnet, there is an attacker posing as your router
That’s the reason why I have mac address allow list, even for my guest wi-fi
WHY would you have a Router with Wireless and No Key/Encryption going?
Let alone, Have you ever heard of MAC ID Filtering?
Also... I've been finding the Vaxxed on my Bluetooth and for last 6m Bluetooth is always turning itself on.
Searching on its own and also trying to upload to certain connections that bounce back reading connect failed.. 😷💉🔯
Yes most time now it's default fails here.. So we are forced to call company and they direct us to thier own similar pages... Now wlan here os overtaken by ADSL+ here... Usually if most people are hacked this way it's because of the company worker now fired and gone rogue.... BUT. I am noon entire... Lol but aren't cookies also packets ? ... Learnin to late
i tried to protect child while other having fun
Is soon as he alt tabbed to khali I know he knows what he's doing
Can you please help me my Gmail account got hacked it shows in my account suspicious app detected suspicious activity in my Gmail and unknown device connected to my Gmail and I changed my password several times I activated all 2 step verification methods in google I contacted google help center several time and a revoked all devices that passes two step verification that connected to my Gmail and I deleted all my saving password manager in Gmail I don't know what to do please help me if you can
Should your router pop up on wifi watch list
When I shut down my computer, a pop up window warns me by asking if I shut down, others will get shut down so I click shut down anyway. Happened every time
Sometimes you can just google the router model and get the creds (lol)
Can you Review the tron script, is it legit ?