Wireless router hacker problem

[Kimsan]

I am a networking novice and hope someone can help. I am getting emails from Comcast that porn and other illegal videos are getting downloaded through my router. I have talked to Comcast and read on the internet and tried about everything they suggested e.g. WPA2 encryption, changed network and admin passwords to something random, changed SSID name, stopped broadcasting SSID, setup MAC filter, put aluminum foil over antenna, turn radio off when not using it, etc. Still getting the emails...worried they are smart and determined enough to steal personal info such as banking or 401K.

I have read that you can setup router for static IP addresses but haven't tried for fear I will screw it up. Also, understand computer generated random password of 25+ characters could help. I am about ready to look into getting second modem and forgetting the wireless router but that doesn't seem like a good option either.

Can anyone help with a true foolproof solution or send me to someone who can provide one? Thanks very much for any advise.

 

[LNCPapa]

First thing I'd like to know is who else lives in the home with you? Also, are you sure those e-mails you're receiving are legit? I don't know of any ISP that cares if you browse porn sites.

 

[Kimsan]

First thing I'd like to know is who else lives in the home with you? Also, are you sure those e-mails you're receiving are legit? I don't know of any ISP that cares if you browse porn sites.

Wife and 25 year old daughter. I've lived long enough to realize nothing is impossible but knowing them and how they spend there time I would be shocked if they were downloading any illegal movies (not just porn). Pretty sure the emails are legit. They state that someone has reported to them that content is being stolen (downloaded not browsed)...emails have all the details about the reported violations...and they are downloading everything from current movies just out on DVD to kid movies to porn. Below is example email:

Dear Comcast High-Speed Internet Subscriber:

Comcast has received a notification by a copyright owner, or its authorized agent, reporting an alleged infringement of one or more copyrighted works made on or over Comcast's High-Speed Internet service (the 'Service'). The copyright owner has identified the Internet Protocol ('IP') address associated with your Service account at the time as the source of the infringing works. The works identified by the copyright owner in its notification are listed below. Comcast reminds you that use of the Service (or any part of the Service) in any manner that constitutes an infringement of any copyrighted work is a violation of Comcast's Acceptable Use Policy and may result in the suspension or termination of your Service account.

If you have any questions regarding this notice, you may direct them to Comcast in writing by sending a letter or e-mail to:

Comcast Customer Security Assurance
Comcast Cable Communications, LLC
1800 Bishops Gate Blvd., 3rd Floor East Wing
Mount Laurel, NJ 08054 U.S.A.
Phone: (888) 565-4329
Fax: (856) 324-2940

For more information regarding Comcast's copyright infringement policy, procedures, and contact information, please read our Acceptable Use Policy.

Sincerely,
Comcast Customer Security Assurance

Copyright work(s) identified in the notification of claimed infringement:

Evidence:
Infringement Title: Big Wet Asses #3
Infringement File Name: Big wet asses 3
Infringement Hash: e2213d5c2fb381601022198c5a679e6ca2f70700
Infringement File Size: 1448831739 bytes
Infringement Protocol: BitTorrent
Infringement Timestamp: 2012-04-15 22:50:58 North American Eastern Time
Infringers IP Address: 75.64.189.181
Infringers Port: 11387
The following files were included in the download:
File 1: Big wet asses 3/Big Wet Asses 3 CD1 .mpg
File 2: Big wet asses 3/Big Wet Asses 3 CD2 .mpg

 

[DelJo63]

Please state make & model of the router in question, then describe (or draw) a wiring diagram of everthing
from the {DSL, Cable} coming into the home and how its all interconnected.

a) look for new firmware for the Modem (the box connected to the {DSL,Cable} as well as the router.
b) reload those into the boxes
c) immediately set new admin/passwords and disallow port 8080 access
d) fix the above using WIRED connections and enable WiFi last of all
c) depending upon the make/model of the router, disable GUEST access.
e) use address reservation in the router to set a tight, limited IP range for your know systems.
f) add only one or two spare addresses
g) allow only known systems to connect
---
h) now setup WiFi, set the SSID and enable WPA2 encryption

I'm headed out of town for the month of May so I'll not get back to follow-up but there are those here
that understand the above outline - - hopefully they will step forward.

Best wishes, Jeff

 

[Rick]

What you're experiencing is almost certainly not an outside individual, barring a mistake like setting up a "guest" network with no security. WPA2 is, for all intents and purposes, impossible to crack (I know, never say never but...). I would consider wireless only when all other options are exhausted.

BUT... As far as security tips go, anyone who is sophisticated enough to crack WPA2 won't find things like MAC filtering, hidden SSIDs, router passwords or address reservation even a nuisance let alone an obstacle. The real meat and potatoes is the encryption itself, so if someone did manage to crack your WPA2 network, then the only good advice is to:

1. Change your Wifi's SSID
2. Create a new, long, random passphrase with symbols.

The reason changing your SSID is important is because WPA attempts to obfuscate your key in the data stream by salting it with the SSID. If you just change your password and not your SSID, a hacker who had previously cracked your WPA network can just refer to the hash tables they've already computed and crack it again.

Now, I think a wireless hacker is extremely unlikely, but it could easily be a friend, boyfriend, house guest or anyone who has had access to the computer over the past few days.

Honestly, I would find it more likely that this is all just a mix up (Comcast has your IP mixed up with someone else) than a wifi hacker.

Have you tried searching your computer's hard drives for the content? Looking through the web history, downloads history, download folder etc.. would also be a good start. I know you may rather not snoop, but this could end up becoming more serious if it's not addressed. Using an undelete utility like recuva could aid your in your forensic endeavors.

I know no one wants to point fingers and it may be next to impossible to believe or explain, but there's a bell curve when it comes to the complexity of explanation versus the actual situation. It's difficult to imagine any other scenario than someone physically downloading it on your computer. I would explore the simplest avenues first and then move onto the less probable ones. Alternate explanations are not impossible though.

 

[Doctor John]

Have you tried asking Comcast (through an independently verified address/number!) whether it is genuine? I don't see anything in the "Comcast" message that couldn't come from anyone (anyone crooked, that is). Might it not be a phishing attempt?

 

[Kimsan]

Thanks very much for your reponses.

One further question for Rick....after the initial emails from Comcast I contacted their tech support and we changed the encryption to WPA2....the install tech had set it up for WEP. If originally hacked through WEP does that make it easier for them even with subsequent upgrade to WPA2?

I understand what you are saying...you don't know us and other things are more likely.....nothing is certain but death and taxes but I am pretty sure the downloads are not coming from within the house. Also, I did call the Comcast contact and as I would expect froma got lots of recorded branches on their voicemail that tell you to check with members of the household, adjust your admin settings on your router, stress that you are responsible, etc. but offer no real help. Bottomline doesn't seem to be phishing as they haven't really asked me for any information so not sure what their game would be.

 

[Rick]

If originally hacked through WEP does that make it easier for them even with subsequent upgrade to WPA2?

No, so the material that's been downloaded since you switched over to WPA2 would be the result of a fresh intrusion. Your situation boggles the mind.

I truly hope you get it figured out though. It would be unnerving to always question your own network's security.

 

[Kimsan]

Yes...we are thinking about spending the additional $ and messing with the cables to get one of the Powerline adapters you mentioned in another post

 

[fimbles]

Do you have bitorrent on your pc?

If you do remove it, If it gets reinstalled you have your answer.

 

[Kimsan]

Good point...no bitTorrent on any of my devices