=?windows-1252?q?Brute_force_attacks_on_router=85_Mayb?= =?windows-1252?q?e=3F?=

From: Phil Sieg 
------------------------------------------------------
Ok gang I need some help here... Dave Brockman weigh in if you have =
time.

I have a wireless network at the office that will not behave. I always =
run my wireless routers as AP only with no DHCP. PfSense is doing all =
the heavy lifting.

I have replaced the router at the office with 4 different brands in the =
last 8 months. Currently a Cisco/linksys product. Was fine until =
yesterday then started acting up in similar ways to the last 3 units. =
Some of my connected computers just disconnect and will NOT maintain a =
connection unless I reboot the router. Add to that the the admin web-gui =
is not accessible unless I reboot.

Some routers were running factory firmware, some had DDWRT.

I know the amount of information I am giving you is light, just wondered =
if anybody either had a good idea of what it might be due to prior's, or =
that I am getting brute-forced repeatedly because it is a target rich =
environment (20+ wireless networks) or is it the proliferation of =
wireless that is gimping things up?

Hello.... Bueller?    Bueller?

Phil Sieg
President
SeniorTech LLC / snapf=C5=8Dn=C2=AE
www.snapfon.com
phil.sieg@seniortechllc.com

Phone: 423.535.9968
Fax: 423.265.9820
Mobile: 423.331.0725

"The computer is the most remarkable tool that we've ever come up with. =
It's the equivalent of a bicycle for our minds."

Steve Jobs, 1955-2011





=============================================================== From: Stephen Kraus ------------------------------------------------------ Time to start watching what is connecting, best thing to do is see if you can get the client list of what is connected via MAC addresses and look for repeat MAC addresses of devices you don't own. What security are you running? n vy y s

=============================================================== From: Nick Smith ------------------------------------------------------ Have you tried changing the wireless channel the AP is operating on? With that many networks in range there might be some overlap interfering with the signal maybe? Just a guess.

=============================================================== From: wes ------------------------------------------------------ are you using Synergy by any chance? I had this exact behavior across multiple models when using Synergy. I also continue to see other users of Synergy report this as a bug. -wes n vy y s

=============================================================== From: Stephen Kraus ------------------------------------------------------ Nick: It shouldn't be delayed like that though, it would be noticeable instantly. ou e ed or .

=============================================================== From: Nick Smith ------------------------------------------------------ It was just a guess, i had a similar experience at a customer site with a more powerful AP on the same channel, would kill the connection and disconnect the clients like he was describing. Getting hacked is not as boring though. :-)

=============================================================== From: wes ------------------------------------------------------ eehhhhhh I dunno about that, signal overlap could go unnoticed during low usage times, and then spike up once someone starts playing a youtube video :) -wes On Thu, Feb 28, 2013 at 12:25 PM, Stephen Kraus wro= te: k : s he y n h.

=============================================================== From: Phil Sieg ------------------------------------------------------ wps and unpnp disabled. I have changed channels up and down the = spectrum. Phil Sieg President SeniorTech LLC / snapf=C5=8Dn=C2=AE www.snapfon.com phil.sieg@seniortechllc.com Phone: 423.535.9968 Fax: 423.265.9820 Mobile: 423.331.0725 "The computer is the most remarkable tool that we've ever come up with. = It's the equivalent of a bicycle for our minds." Steve Jobs, 1955-2011 time. always run my wireless routers as AP only with no DHCP. PfSense is doing = all the heavy lifting. the last 8 months. Currently a Cisco/linksys product. Was fine until = yesterday then started acting up in similar ways to the last 3 units. = Some of my connected computers just disconnect and will NOT maintain a = connection unless I reboot the router. Add to that the the admin web-gui = is not accessible unless I reboot. wondered if anybody either had a good idea of what it might be due to = prior's, or that I am getting brute-forced repeatedly because it is a = target rich environment (20+ wireless networks) or is it the = proliferation of wireless that is gimping things up? with. It's the equivalent of a bicycle for our minds."

=============================================================== From: Stephen Kraus ------------------------------------------------------ Are you running WPA2 Phil? n vy y s

=============================================================== From: Jason Brown ------------------------------------------------------ The issue could be as simple as a leaky microwave within 1/4 mile. --Jason

=============================================================== From: Stephen Kraus ------------------------------------------------------ Depends if he is operating at 5Ghz or 2.4Ghz n vy y s

=============================================================== From: Phil Sieg ------------------------------------------------------ yes I have it set to WPA2/WPA Phil Sieg President SeniorTech LLC / snapf=C5=8Dn=C2=AE www.snapfon.com phil.sieg@seniortechllc.com Phone: 423.535.9968 Fax: 423.265.9820 Mobile: 423.331.0725 "The computer is the most remarkable tool that we've ever come up with. = It's the equivalent of a bicycle for our minds." Steve Jobs, 1955-2011 On Feb 28, 2013, at 4:01 PM, Stephen Kraus = wrote: wrote: spectrum. with. It's the equivalent of a bicycle for our minds." time. always run my wireless routers as AP only with no DHCP. PfSense is doing = all the heavy lifting. the last 8 months. Currently a Cisco/linksys product. Was fine until = yesterday then started acting up in similar ways to the last 3 units. = Some of my connected computers just disconnect and will NOT maintain a = connection unless I reboot the router. Add to that the the admin web-gui = is not accessible unless I reboot. wondered if anybody either had a good idea of what it might be due to = prior's, or that I am getting brute-forced repeatedly because it is a = target rich environment (20+ wireless networks) or is it the = proliferation of wireless that is gimping things up? with. It's the equivalent of a bicycle for our minds."

=============================================================== From: Bret McHone ------------------------------------------------------ Do your APs have any kind of logging functionality? -B : . . e ay ss

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 For what you use them for, I'd actually suggest you give up on those little routers and buy an actual AP (I like Engenius if Cisco makes your wallet's ass cheeks clinch) Are your routers 2.4Ghz only? N + DualBand (or sometimes just in 5Ghz) may perform better if 2.4Ghz density is an issue. When you cannot reach the web gui, are you hard-wired into the device? Make sure you are running WPA2-PSK w/ AES and NOT WPA/WPA2 TKIP. Part of the TKIP design forces the AP to disassociate any active connections. I've heard it's useful for forcing certain types of authentication traffic for capture, replay, comparison and brute force cracking attempts. Not that I would know anything about such things. Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRL8wiAAoJEMP+wtEOVbcdLYMH/2B7iKBJKyaVk/qyJyzIYB3y Cqs1Kay1VNUYR+gwJQq0KCLVlLg2y3ISWI0w0qO6GWAWJlYwLyblGaxSfM2O0h/K jf57/q5goMkeRdXmcU7oksPMq/FTorl9jyv2n8tZOFpXPG/YaF/VHZHDQqhDdQHX Mdn6Ly2ny46AnviSzDAs5p3jkPPwN9NMj9TnJ3xQBUPje17zzg7L02LWHmKVWP5O thwJlMeOptmoOLuuUomLqVXbnoiEIksl9jIWW8RF6od7qdMsEJ+Txht5dOdv5Sq9 KJ/uU7ST9IkkCyvmo+rzrFWZU3eIj7J6qv6YlDIPq5YAjAMUmRVuhlOribhAuVs= =fFAa -----END PGP SIGNATURE-----

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 He could check the DHCP pools on the pfsense box, but it doesn't really sound like he's passing any traffic, Layer 1-3, I doubt he will see many odd MAC addresses, most likely very few (from the wireless side). Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRL8xxAAoJEMP+wtEOVbcdDmYH/1aWrQFeyKii/qgPMdjf125D IrIWdMkKfob/OUX0ZSIumOBxSHp+qXWe1fQRsgV/Q43gShRobuggJI1KECQuAppH d0J2/464Dt6eNPr93ppMgkFFEXXrUqzUzupMDzkp1w3ZOyE3wY4Wokh9KLUzSZtb OVpYg36XmcXzFDaCvz6TrZEbdSSZODHYtXuYsKVBLb8CqDxbOc14bCVfAcBDVx4t nfsxIVKti5TFkFEE2kYXWMeTHkECdaIiw4tpC8HyfgjisL5Ntru+RRWYikFo1cIT AKFGEggDv/9WBiSEtfmWuHkymdz+p6GRLIGAOWewpFv/RctmKxLhQ1Yrn4ko9+g= =ElO2 -----END PGP SIGNATURE-----

=============================================================== From: Chad Smith ------------------------------------------------------ I'm weird. when I read the subject line of this email, it sang to me... "Hey, I just met you. And this is crazy! Attack my router - Brute force me, maybe." *- Chad W. Smith*

=============================================================== From: Stephen Kraus ------------------------------------------------------ 'Brute Force me maybe' That sounds so so so wrong. And Illegal

=============================================================== From: James Nylen ------------------------------------------------------ Somebody is brute forcing my lamp. https://nylen.tv/lamp Available for a limited time only.

=============================================================== From: Stephen Kraus ------------------------------------------------------ And we descend further down the rabbit hole

=============================================================== From: Dominic Sundar ------------------------------------------------------ Phil you may wanna run Kismet and look at the data coming forth. might Just be a interference from other network in the area. look at the most used channel in the area and try to avoid those on you router. Dominic