# Securing Wifi router



## nilanko (Jul 13, 2011)

*Securing Wifi router [URGENT HELP NEEDED]*

I bought a Wifi router from BSNL along with their 900ULF Unlimited plan. The BSNL guys said that whoever receives signal from this modem can access Internet. To prevent misuse by my neighbours, this is what I did:

1. Logged in to 192.168.1.1 to access Router settings.
2. Went to Configuration->Wireless Network.
3. Under security settings, I selected "WPA Mixed mode" for 'Select security option'.
4. I selected the authentication method as "PSK(Pre Shared Key)".
5. In "WPA Pass Phrase:" field I entered a password/security key.

Now whenever I try to access Internet from my father's laptop, I am asked the SSID first (because it is set to be hidden). Then it asks for the security key, which is the password that I set. So, now, is it possible for any person who doesn't know the password, to access internet through is modem using Wifi?

Some additional info: My neighbours too have Wifi router whose signal I can receive. Their SSID isn't hidden. I can connect to it but I can't access internet. But their connection is shown as Unsecured. Can you tell me what did they do to prevent misuse?

Another ques: I see a field called "TxPower" on the Wireless Network configuration page. What is it used for? It was initially set to 20% but I set it to 100%. Can you give some info on this?
---------------------------------------------------------------------

*Hey guys HELP ME!!*

Here's what I did:
1. I logged in to access the router settings of my neighbour.
2. In Mac address filtering, I added the Mac address of my wifi router in Whitelist and saved the setting.

*i.imgur.com/NPMYR.png
(I copied my router's Mac address from here)

3. Now I am not able to even connect to their wifi router.

*i.imgur.com/hlFlr.png
(I am shown this)

Now I am worried whether any problem would arise....for example if they access their settings, they will be able to get my router's Mac address. Can they misuse it anyway or use it to misuse my internet connection?


----------



## thetechfreak (Jul 13, 2011)

nilanko said:
			
		

> So, now, is it possible for any person who doesn't know the password, to access internet through is modem using Wifi?


 As long as the password is not known by the person he cant do anything with it.
That is the connection will be received but he wont be able to access the internet


----------



## Anorion (Jul 13, 2011)

The power is how strong the signal is. 20% means you will  be able to access it from places close to the router. If you push it to 100% you can access it from much farther away. You may not be able to access your neighbour's wifi as it may not be set in PPoE mode, although it may be something else. 
there is a process known as packet sniffing, that decrypts the wifi password once it can collect enough packets of data. This only affects some types of WPA security, WPA2 is far more secure.


----------



## Ishu Gupta (Jul 13, 2011)

nilanko said:


> Some additional info: My neighbours too have Wifi router whose signal I can receive. Their SSID isn't hidden. I can connect to it but I can't access internet. But their connection is shown as Unsecured. Can you tell me what did they do to prevent misuse?



Could be MAC Address Filtering.

I would say you set this up as well. Use the whitelist/allow access mode and enter the MACs of all your wifi devices.

Disable Hidden SSID. Its pointless. Puts your computer on risk (If you enable autoconnect) and its a PITA if you have to enter SSIDs everytime.

Switch to WPA2 if you can.


----------



## asingh (Jul 13, 2011)

1. Keep SSID exposed.
2. Use WPA2 and set a password.
3. Set your transmitters strength level to 100%.

Also you can go to the router settings and DHP Server, and see all the MACs hooked in. It should only show what you are aware off.


----------



## mrintech (Jul 13, 2011)

Securing WiFi is quite easy:

1. Hide SSID
2. Set a Strong Password
3. Enable MAC Address Filtering
4. Go for encryption WPA2-PSK [AES] OR WPA-PSK [TKIP] + WPA2-PSK [AES]

Additional Steps:

* Change the Default username and password of Router/Modem
* Set the Tx Power (Transmission Power, as far as I can tell) to the value sufficient for your Home, Balcony etc.


----------



## nilanko (Jul 13, 2011)

Thanks everybody for all your suggestions/info.

@Ishu Gupta: I checked my neighbours' router's settings (I can access those because they didn't change the default ID/pass given by BSNL, though I have NO intention to use misuse their connection, I just logged in to check their settings). They have Mac Address filtering disabled. And they have also turned off encryption. Though I can connect, I can't access the internet. This is what I want. Can you tell me any other possibility which makes me unable to access the internet through their modem? Waht might have they done?

*Hey guys HELP ME!!*

Here's what I did:
1. I logged in to access the router settings of my neighbour.
2. In Mac address filtering, I added the Mac address of my wifi router in Whitelist and saved the setting.

*i.imgur.com/NPMYR.png
(I copied my router's Mac address from here)

3. Now I am not able to even connect to their wifi router.

*i.imgur.com/hlFlr.png
(I am shown this)

Now I am worried whether any problem would arise....for example if they access their settings, they will be able to get my router's Mac address. Can they misuse it anyway or use it to misuse my internet connection?


----------



## Anorion (Jul 13, 2011)

^go over and show em how to secure it


----------



## nilanko (Jul 13, 2011)

^^You mean what? My question was:


> Now I am worried whether any problem would arise....for example if they access their settings, they will be able to get my router's Mac address. Can they misuse it anyway or use it to misuse my internet connection?


----------



## asingh (Jul 13, 2011)

^^
Are you nuts or what. Putting your routers MAC address in another routers, that too your neighbors. This actually means, that their router is now OPEN for your device.

Just set security on yours and forget about it. You probably cannot get into their router now. They secured it.


----------



## nilanko (Jul 13, 2011)

asingh said:


> ^^
> Are you nuts or what. Putting your routers MAC address in another routers, that too your neighbors. *This actually means, that their router is now OPEN for your device.*
> 
> Just set security on yours and forget about it. You probably cannot get into their router now. They secured it.



Their router 'open' for my router? 
Q1. *What does that actually mean?* See, I am noob in this case. Just tell me whether whatever I did will do any harm to me or not.

Q2. *Can the Mac address of my router that I added to their whiltelist be used by them to gain access to my router's settings or internet connection in any way?*

*Another thing:* They have still NOT secured their connection. It is still shown as 'Unsecured'.

I am REALLY terrified now.
...and my heart is beating like hell....


----------



## mrintech (Jul 13, 2011)

LOL 

Buddy, just UNDO the changes whatever you have done in the neighbors router

Be happy with your Router, why you are SO concerned about others WiFi Connection? 

AAAAAND

Seems like they secured it..... Go to their House and ask them to remove your MAC Address


----------



## Ishu Gupta (Jul 13, 2011)

nilanko said:


> Q2. *Can the Mac address of my router that I added to their whiltelist be used by them to gain access to my router's settings or internet connection in any way?*



No                      .


----------



## asingh (Jul 13, 2011)

^^
Yups, unless you add their MAC on your router.


----------



## nilanko (Jul 13, 2011)

@mrintech: What lol? >_< I am not so concerned. My aim is not to misuse others' connection and not get my connection misused. I can't undo the changes because I can no more connect to their modem. Although I clearly see beside their connection option: "Security type: Unsecured".

@Ishu: Hope you are 100% correct.

@asingh: umm...didn get you. Is your answer yes or no for this ques: *Can the Mac address of my router that I added to their whiltelist be used by them to gain access to my router's settings or internet connection in any way?
*

BTW, why am _*I*_ unable to connect to their modem even if their connection is unsecured? PS. This happened earlier also but later I was able to connect again.


----------



## Ishu Gupta (Jul 13, 2011)

nilanko said:


> @Ishu: Hope you are 100% correct.
> 
> @asingh: umm...didn get you. Is your answer yes or no for this ques: *Can the Mac address of my router that I added to their whiltelist be used by them to gain access to my router's settings or internet connection in any way?
> *



I can find your router MAC add in 5 seconds. (If I am in range and the router is turned on)

So don't worry. 



nilanko said:


> BTW, why am _*I*_ unable to connect to their modem even if their connection is unsecured? PS. This happened earlier also but later I was able to connect again.



Because you entered the MAC of your *ROUTER*.

Only devices which have the same MAC Add as your router can access that router via WiFi. If your neighbour wants to use wifi, he needs to connect to the router via wire and disable MAC filtering.


----------



## Anorion (Jul 13, 2011)

why would you add the MAC address of your router to their whitelist in the first place? do you want to run their internets using your router? it would have been (somewhat) sensible if you added your laptop's MAC address to their whitelist... they cannot misuse this, even more so considering they havent secured their own connection (which I am still skeptical about) were there other addresses on the whitelist? how did you get access in the first place? I still think they have MAC address filtering enabled considering that they had a whitelist at all, now if you want to get in, change the MAC address of your laptop to the MAC address of your router, which you have through mysterious means got into their whitelist
if you are asking if using someone else's unsecured wifi is safe, then no, not for logging into say your email or social networking site, basically, any transfer of secure data over the air can be decrypted and abused, but thats only if there is some malicious guy with a wide open wifi waiting for people to use his connection so he can get their data
PS Ishu is 100% correct lol


----------



## nilanko (Jul 13, 2011)

@Ishu:Well I can do that in 3 seconds. Just see the network map and hover the pointer over router icon or see its properties.



Ishu Gupta said:


> I can find your router MAC add in 5 seconds. (If I am in range and the router is turned on)
> 
> So don't worry.
> 
> ...



Well that's the point that I wanted to confirm. No other device in this world would have the same Mac Add as that of my router. They mostly use Wifi. Now, this means that they won't be able to connect to their own router using their laptop wifi adapter! LOL! Means, it'll be mandatory for them to remove my router's Mac add from their whitelist! This is what I want! Since their connection isn't working from the time I did this, they haven't turned on their router yet, although they have their router turned on all the day, only today I see they have turned that off (I think they are thinking that it's a problem with BSNL).



Anorion said:


> why would you add the MAC address of your router to their whitelist in the first place? do you want to run their internets using your router? it would have been (somewhat) sensible if you added your laptop's MAC address to their whitelist... they cannot misuse this, even more so considering they havent secured their own connection (which I am still skeptical about) were there other addresses on the whitelist? how did you get access in the first place? I still think they have MAC address filtering enabled considering that they had a whitelist at all, now if you want to get in, change the MAC address of your laptop to the MAC address of your router, which you have through mysterious means got into their whitelist
> if you are asking if using someone else's unsecured wifi is safe, then no, not for logging into say your email or social networking site, basically, any transfer of secure data over the air can be decrypted and abused, but thats only if there is some malicious guy with a wide open wifi waiting for people to use his connection so he can get their data
> PS Ishu is 100% correct lol



I actually wanted to add my wifi adapter's Mac to their whitelist so that I could access internet using their router, but that too, just for a minute to see if was possible. I have intention to use my neighbor's internet for free. But, by mistake, I added the Mac of my wifi router instead. Their MAc add filtering was DISABLED. I enabled it and added my router's add in the whitelist. As soon as I did it, the connection broke and I tried to re-connect but could not (whose reason now I have understood).


----------



## Ishu Gupta (Jul 13, 2011)

nilanko said:


> @Ishu:Well I can do that in 3 seconds. Just see the network map and hover the pointer over router icon or see its properties.


This only works AFTER connecting to the router.
And why are you worried if you know tha knowing the MAC is not a very big deal?




> Well that's the point that I wanted to confirm. No other device in this world would have the same Mac Add as that of my router. They mostly use Wifi. Now, this means that they won't be able to connect to their own router using their laptop wifi adapter! LOL! Means, it'll be mandatory for them to remove my router's Mac add from their whitelist! This is what I want! Since their connection isn't working from the time I did this, they haven't turned on their router yet, although they have their router turned on all the day, only today I see they have turned that off (I think they are thinking that it's a problem with BSNL).


Like I said,


			
				Ishu said:
			
		

> If your neighbour wants to use wifi, he needs to connect to the router via wire and disable MAC filtering.


or you can spoof your Routers MAC Add and disable it yourself.





> I actually wanted to add my wifi adapter's Mac to their whitelist so that I could access internet using their router, but that too, just for a minute to see if was possible. *I have intention to use my neighbor's internet for free* lol. But, by mistake, I added the Mac of my wifi router instead. Their MAc add filtering was DISABLED. I enabled it and added my router's add in the whitelist. As soon as I did it, the connection broke and I tried to re-connect but could not (whose reason now I have understood).



See above. You have two options.


----------



## asingh (Jul 13, 2011)

1. Just re-boot your router.
2. Put in the DNS and gateway settings.
3. Apply security as mentioned with password.
4. Enable MAC filtering.
5. Enable Firewall.
6. Disable WEB Remote Management.
7. Check your DHCP table for MAC's hooked in when radio is on.


----------



## nilanko (Jul 13, 2011)

> or you can spoof your Routers MAC Add and disable it yourself.


Now tell me how to do that. That would be better. Please.

...and that sentence on which you are lolling was just a mistake.  I really *DO NOT* have any intention to use their connection for free. I just like experimenting with things. But the problem is: the results are stupid.


----------



## asingh (Jul 13, 2011)

^^
He was joking. *Ishu*, stop scaring him yar. Just tell him the basics to get his router up and running with highest possible security on his device. I guess he trusts you only. Please. And forget he mentioned the word "neighbor".


----------



## nilanko (Jul 13, 2011)

asingh said:


> 1. Just re-boot your router.
> 2. Put in the DNS and gateway settings.
> 3. Apply security as mentioned with password.
> 4. Enable MAC filtering.
> ...


This is an answer to what? See, I am completely a noob in these things. I have never dealt with a router. I got that router yesterday only.

And yeah, yeah Mr. Ishu Gupta, please stop scaring me! Am already soooo scared!!!


----------



## Ishu Gupta (Jul 13, 2011)

nilanko said:


> Now tell me how to do that. That would be better. Please.





asingh said:


> ^^
> He was joking. *Ishu*, stop scaring him yar.



I wasn't joking. I was saying that he has a choice of spoofing the router's MAC on his WLAN card.

@nilanko Forget about your neighbours. They'll get it fixed from BSNL. You won't be caught.



> 1. Logged in to 192.168.1.1 to access Router settings.
> 2. Went to Configuration->Wireless Network.
> 3. Under security settings, I selected *"WPA Mixed mode" for 'Select security option'.*
> 4. I selected the authentication method as "PSK(Pre Shared Key)".
> 5. In "WPA Pass Phrase:" field I entered a password/security key.



And in your router, just use WPA2PSK with a strong password. You don't need anything else (No hidden SSID nonsense).


----------



## asingh (Jul 13, 2011)

^^
Basically I said the same, Ishu wrote it better.

@OP: Do what Ishu wrote and you are good to go. Surf. Chill.


----------



## Anorion (Jul 13, 2011)

^^^hes just telling you how to configure/ secure your router
spoofing the MAC address is way too easy, try a social engineering approach where you give yourself full access, and restrict their MAC addresses from using too much of their own bandwidth, and make them believe that they are entirely secure at the same time


----------



## Ishu Gupta (Jul 13, 2011)

asingh said:


> ^^
> Basically I said the same, Ishu wrote it better.



That's right from the OP's first post.  



Anorion said:


> spoofing the MAC address is way too easy, try a social engineering approach where you give yourself full access, and restrict their MAC addresses from using too much of their own bandwidth, and make them believe that they are entirely secure at the same time



Don't get it. 

Are we fiddling with the neighbours router or the OPs router?
And what exactly are we doing?


----------



## asingh (Jul 14, 2011)

Next time someone uses the word 'neighbor' in this thread, it will be deleted. + An infraction.


----------



## nilanko (Jul 14, 2011)

Anorion said:


> ^^^hes just telling you how to configure/ secure your router
> spoofing the MAC address is way too easy, try a social engineering approach where you give yourself full access, and restrict their MAC addresses from using too much of their own bandwidth, and make them believe that they are entirely secure at the same time


You mean ... what? 

@Ishu: I used WPA2PSK encryption only.


----------

