How to block a user who use your wifi ? Please i need an answer

Suzaku
Suzaku Member Posts: 2
First Comment

Please answer me

Tagged:

Best Answer

  • kltaylor
    kltaylor Member, Beta Tester Posts: 1,231
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    #2 Accepted Answer
    Hi @Suzaku welcome to the community and thanks for asking your question.
    Sorry to hear that you have someone connected to your home network that you'd rather not be.  If you have a Fingbox you can find their device listed in there, select that device and scroll down.  You should see an option to 'Block' the device.
    In addition to (or alternately if you don't have a Fingbox) I'd seriously consider changing the passwords to your router, as well as to each of the WiFi bands that the router supports (2.4Ghz and 5.0Ghz).
    Once the passwords have been changed, reboot the entire network and that person should not show up any longer.  Please let us know if you need any further help or have additional questions to ask.
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
    Robin_from_FingCiaranSuzakujjvoliver
«1

Answers

  • Lee_Bo
    Lee_Bo Member Posts: 271
    100 Comments 100 Likes 5 Answers 25 Agrees
    ✭✭✭✭
    Also, go into the Fing settings and enable "Auto block new devices".  Works great.
    kltaylorCiaranSuzakujjvoliverthomasmerz
  • Edward444
    Edward444 Member Posts: 10
    Name Dropper Photogenic First Comment
    I have the same problem. I have reset both the password and the name to enter the router with ones that are difficult and it has been hacked three times now. What I would like to see is a box developed that would go between the input cable and the router. The box would allow three tries to get the name and password and if the tries failed that mac address would be locked out from trying again for "X" amount of time. That would slow the hacker down if not get them to give up and look for an easier target. If Fing developed this I would be happy to buy it. I'm getting tired of having my router broken into
  • Suzaku
    Suzaku Member Posts: 2
    First Comment

    Thankyou guys for answering...its really help :))

  • Adam_Aether
    Adam_Aether Member Posts: 1
    First Comment

    In my own network, if I feel intrusion is an issue, I enable whitelisting MAC ACL and just add guests when I need to, it's a one time event per new client device and then I don't have to think about it again.

    kltaylor
  • kltaylor
    kltaylor Member, Beta Tester Posts: 1,231
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    Edward444 said:
    I have the same problem. I have reset both the password and the name to enter the router with ones that are difficult and it has been hacked three times now. What I would like to see is a box developed that would go between the input cable and the router. The box would allow three tries to get the name and password and if the tries failed that mac address would be locked out from trying again for "X" amount of time. That would slow the hacker down if not get them to give up and look for an easier target. If Fing developed this I would be happy to buy it. I'm getting tired of having my router broken into
    That sounds frustrating.
    What exactly gives you the impression that the router was hacked after you changed to a robust password?  What conditions did you experience that led to that conclusion?
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
  • Edward444
    Edward444 Member Posts: 10
    Name Dropper Photogenic First Comment
    >What exactly gives you the impression that the router was hacked after you changed to a robust password?
    I start getting problems with page loading on the internet. Everything comes to almost a complete standstill, I'm talking about pages that won't load or where there is a significant delay before they do. I tried at these times and couldn't get into my router.  I also called my provider and the tech there told me that he also couldn't get access to the router. I then unplugged the router and plugged it back in 30 seconds to a minute later and then found that my password didn't work. I then reset the router manually and finally got into it using the factory password. I went in and reset all the parameters to what I had prior, changed the network name, and created new passwords. The router is a Technicolor that is provided by Spectrum. That router severely limits how difficult you can make passwords and names. With entry names you are limited to letters only either upper or lower case. I have used random letters in a random series of upper and lower case letters for the name as long as 15 letters. On the password you are limited to letters and numbers only, no ASCII symbols and there again I have used long lists of random upper and lower case letters along with random numbers. What I need is something that will limit the number of attempts that can be made before someone attempting to guess the name and password gets locked out for as I suggested for "X" amount of time because once they get in to the router they have access to the passwords and settings etc. The owner wouldn't get locked out even if they forget their password because they have physical access to the router reset button
  • MerlinTG
    MerlinTG Member Posts: 3
    Photogenic First Comment

    In my own network, if I feel intrusion is an issue, I enable whitelisting MAC ACL and just add guests when I need to, it's a one time event per new client device and then I don't have to think about it again.

    Nice thinking, but I wouldn't be to sure about that ACL.
    If a Hacker wants to enter your WiFi network, and after trying he/she gets blocked by an ACL, the first thing they do is watch the network traffic to get a MAC-address that is allowed on the network and then try with that MAC-address.
    I'm no hacker, but I'm a network admin and had this experience allready.
    ACL is a start, but it's by no means THE solution.
    Marcjjvoliver
  • Lee_Bo
    Lee_Bo Member Posts: 271
    100 Comments 100 Likes 5 Answers 25 Agrees
    ✭✭✭✭
    edited June 5, 2020 #10

    “The router is a Technicolor that is provided by Spectrum.”

    Then that may be the issue. Did you buy it from Spectrum or are you leasing it? If you’re leasing it, then it still belongs to Spectrum and they can reset it and change passwords if they want.

    IMHO, what you need is your own router.

    Marc
  • Edward444
    Edward444 Member Posts: 10
    Name Dropper Photogenic First Comment
    >“The router is a Technicolor that is provided by Spectrum.”
    Thanks for the advice. The router was provided when I signed up with them for Television and internet service so I would guess that it is leased.
    >If you’re leasing it, then it still belongs to Spectrum and they can reset it and change passwords if they want.
    That is true but they have no reason or need reset it or change passwords. They have access to whatever password I use anyway. Besides as I mentioned even the tech from Spectrum I talked to couldn't get access to the router while we were on the phone
    >IMHO, what you need is your own router.
    That is an idea. Any recommendations for a router that is difficult to hack?



  • kltaylor
    kltaylor Member, Beta Tester Posts: 1,231
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    There's a discussion located here where we've talked about different routers and what is recommended from a variety of folks here in the community.
    The security of the router really depends on what configuration you set it up with and how complex the passwords are to access it.  Now is a good time to consider and use a password manager to help facilitate that for you.
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
  • Jake96
    Jake96 Member Posts: 2
    First Anniversary First Comment Photogenic

    Assuming you have a fingbox you can just block the device in your list assigned to your network.

    But it only works if the person’s device is still the same (MAC address)

  • Edward444
    Edward444 Member Posts: 10
    Name Dropper Photogenic First Comment
    To klttaylor, Thanks for the advice I will look into it.
     

  • Edward444
    Edward444 Member Posts: 10
    Name Dropper Photogenic First Comment
    To Jake 96
    Since I have added the fing box no unauthorized device has appeared on my network devices list. That however does not appear to prevent them gaining access to my router and going in and making changes to the settings, passwords etc there. I used to have a small program that would in real time give me real time access to who was trying to get into my computer but that was when I was younger and more active in that kind of thing. Anyway If I can't find a device that will block access to my router then my next step is To report it quoting this; Texas Penal Code § 33.01, et seq. Offenses Covered by the Computer Crimes Statute;  Knowingly accessing a computer, computer network or computer system without the consent of the owner
    I do appreciate all of the replies and advice, thanks!

  • Marc
    Marc Moderator, Beta Tester Posts: 2,660
    1,000 Likes 2500 Comments 100 Answers 250 Awesomes
    ✭✭✭✭✭✭
    edited June 5, 2020 #16
    Hi @Edward444 , you can use a " @ " sign in front of a name to "tag" a person.  This way they will be notified when you call them out.  It will also autofill the name as you type after the "@" sign.  Note your name at the beginning of my response as an example.  Hope you enjoy the forums and welcome!
    Thats Daphnee, she's a good dog...
  • Edward444
    Edward444 Member Posts: 10
    Name Dropper Photogenic First Comment
    Thanks @Marc By the way cute dog. We just lost our Llasa Apso. She was 15 and just couldn't go anymore. She was a good dog also
    MarcTjcelmer1
  • mide
    mide Member Posts: 1
    First Comment

    Hi.

    1. Disable WPS service on router.
    2. Create password with special characters and without words that can be in a dictionary.
    3. Use WPA2-PSK (AES)
    4. Check your router model for any 0day or exploit.
    5. Use last firmware
    jjvoliver
  • Edward444
    Edward444 Member Posts: 10
    Name Dropper Photogenic First Comment
    Thanks for the recommendations.
    1. Disable WPS service on router.
    That is done.
    2. Create password with special characters and without words that can be in a dictionary.
    Unfortunately the Technicolor router provided by Spectrum is very limited in that respect.  For the name to enter the router only upper and lower case letters are allowed. For the password Upper and lower case letters and numbers are allowed but no special characters. For both I use long strings of random letters both upper and lower case that make no sense For the password I use the same with the addition of random numbers. That is the best I can do with the limitations of this router.
    3. Use WPA2-PSK (AES)
    Sorry, old and not familiar with this. Can you provide me an explanation please?
    4. Check your router model for any 0day or exploit. Will do, thanks
    5. Use last firmware will check also, again thanks











  • jciek
    jciek Member, Beta Tester Posts: 6
    First Anniversary Photogenic First Comment
    If someone connects to your router unlawfully and you don't have a Fingbox to block him, depending on your router model, you can connect to it, and add the MAC address of the unauthorised device to the list of blocked devices. That way, even if the unwanted user has your wifi password, his device will be blocked at the router level. I hope this helps.
  • Maturity
    Maturity Member, Beta Tester Posts: 1
    First Anniversary First Comment Photogenic
    Hi Suzaku from reading this thread it seems to me that the issue is someone connecting from the internet not through the wifi?  On my old Linksys router I have login from the internet disabled and also I have it set to also disable maintenance of the router by wifi connected users (you have to connect with wired to do that).  Also I have the Fingbox configured to block any new devices until approved.  So far this seems to help.  Oh, and also I have the router provided by the ISP set to bridge mode so that I can use my own router.
    HTH
    Marc
  • jjvoliver
    jjvoliver Member Posts: 16
    10 Comments First Anniversary 5 Likes Name Dropper
    edited June 12, 2020 #22
    Hi guys, 

    First and foremost, please allow me to apologize for the long post I'm about to dump on you.

    Under no circumstances do I consider myself to be a tech guru or anything of the sort, however, I am one VERY paranoid individual when it comes to networked devices. As such, I have a somewhat messy infrastructure in place to keep my home network as secure as possible.

    Please, bare with me as I explain the set up, and I hope some of you can benefit from this explanation:

    It should be evident to everyone that runs any type of network that keeping every single device in the network updated to the latest firmware/OS/Kernel is always a top priority, so I won't even touch the subject here.

    It all starts at the gateway (which is the cable modem provided by my ISP, so, leased). For this I have only 1 IP enabled and it belongs to my main Router (Netgear Orbi RBR50). WiFi is off for both bands in the modem too. Basically, the only function of the modem for me is to be the gateway out of my network to the internet. I have my Orbi router DMZ'd in it, and every single port forwarded to my Orbi router as well. What this accomplishes for me is having full control of my network in my router, and almost no control over my network for the modem, which keeps my ISP outside my LAN (for the most part).

    I do not have my Modem in bridge mode, but rather in NAT with routing mode. Thus, my ISP modem has a different IP range than my Router/mesh system.

    Now, between my Modem and my Orbi router I have a Cujo Smart Firewall in bridge mode (you would not believe how many blocks that thing gets per hour. I'm talking 1,000+ easily). This handles most of the outside attempts to attack my network, and keeps them from even getting to my Orbi router.

    The first thing I have attached to my router is my FingBox, and I have EVERY new device to be automatically blocked the moment it gets in my network. So, if anyone wants to use my network, they will need to reach out to me and ask me to enable it in my FingBox.
    Then there is a Raspberry Pi 4 running AdGuard Home (mostly an add blocker, but has some routing functions as well to make sure I have full control of my network at all times).

    The DHCP assignments is handled by AdGuard Home (so my router is not the DHCP server anymore) and every single one of my "stay-at-home" devices has an assigned IP based in the MAC address in the AdGuard as well (what this does is that, if a device clones any of those MAC addresses, AdGuard will immediately see the attempt and do 1 thing: Either won't allow the connection, or will kick out the real device. In any case, I would be aware almost instantly. This is because 2 devices cannot use the same IP address in the same network.) which leaves only my mobile devices open to DHCP assigned IPs (phones, tablets and laptops).

    And, of course, there is the obvious use of a VERY secure WiFi password in WPA2-AES (click here to understand why I choose AES instead of TKIP)

    Then, all my devices have their own security features all active (antivirus, firewalls, ad blockers, etc.)

    Now, make no mistake: If individuals are able to hack into banks, government institutions, airports and even the military, there is no amount of security that will keep your network bulletproof, but it's never bad to make it as hard as possible to breach your network.
    Having said that, I suggest that you ALWAYS have a back up for all your important files in 3 or more different places, where at least 1 of those needs to be isolated from any type of connection (external USB hard drive, USB stick, DVD discs and such). And if you have files you would never want anyone else to know about, then NEVER keep them in ANY of your connected devices, and sure as hell don't share them with anyone over the internet. Once something is up in the cloud, it's going to be there forever, and there's nothing any of us can do about it.

    And, for God's sake, stop sharing everything over SMS, MMS, WhatsApp and social networks, those are the worst. If you MUST share something private and/or confidential with someone, use USB sticks and such, and if that is not possible because it's urgent and you are too far away for this to be feasible, there are certainly more secure options than those (Telegram and Signal to name a couple), which use end-to-end encryption and your data is not visible to any of the devices in the middle (plus a few more gimmicks to make you feel more in control, such as messages that can auto-destruct after a set amount of time.

    At the end of the day, there is no such thing as too much security when it comes to our digital lives, but we can certainly do some things to make it safer for everyone involved. Also, keep in mind that there is always some level of trade-off between security and convenience. Having too much of one will certainly impact the other negatively.
    MerlinTG
  • jjvoliver
    jjvoliver Member Posts: 16
    10 Comments First Anniversary 5 Likes Name Dropper
    edited June 12, 2020 #23
    jciek said:
    If someone connects to your router unlawfully and you don't have a Fingbox to block him, depending on your router model, you can connect to it, and add the MAC address of the unauthorised device to the list of blocked devices. That way, even if the unwanted user has your wifi password, his device will be blocked at the router level. I hope this helps.
    Not entirely correct.

    It does help, but there is so much more involved to secure your network.

    A lot of devices can generate random MAC addresses on-demand, so this would only slow them down a bit at the beginning.
  • Marc
    Marc Moderator, Beta Tester Posts: 2,660
    1,000 Likes 2500 Comments 100 Answers 250 Awesomes
    ✭✭✭✭✭✭
    jjvoliver said:
    jciek said:
    If someone connects to your router unlawfully and you don't have a Fingbox to block him, depending on your router model, you can connect to it, and add the MAC address of the unauthorised device to the list of blocked devices. That way, even if the unwanted user has your wifi password, his device will be blocked at the router level. I hope this helps.
    Not entirely correct.

    It does help, but there is so much more involved to secure your network.

    A lot of devices can generate random MAC addresses on-demand, so this would only slow them down a bit at the beginning.
    and...  It would be easier to whitelist devices, that is only add the Mac addresses of the devices you want to connect to your network so everything else is blocked by default.
    Thats Daphnee, she's a good dog...
    jjvoliver
  • Edward444
    Edward444 Member Posts: 10
    Name Dropper Photogenic First Comment
    @jjvoliver, @Marc, @jciek I wasn't the originator of this thread but want to sincerely thank everyone for their experience and advice. I have implemented some measures. I installed a Fing box  and I have also made my passwords more robust. As I stated the Technicolor router is limited as to passwords. No special characters and such. I have done the following though. The  name and password are at least 15 random characters for the entry into the router. For the name I use random upper and lower case letters. For the password I add random numbers. I have also started changing the name and password every few days. Plus as stated I added a Fing Box. So far it has solved the problem. I had one network attack blocked on Monday and no more take overs of my router. Thanks again I really appreciate the help.
    Marc
  • jjvoliver
    jjvoliver Member Posts: 16
    10 Comments First Anniversary 5 Likes Name Dropper
    Edward444 said:
    @jjvoliver, @Marc, @jciek I wasn't the originator of this thread but want to sincerely thank everyone for their experience and advice. I have implemented some measures. I installed a Fing box  and I have also made my passwords more robust. As I stated the Technicolor router is limited as to passwords. No special characters and such. I have done the following though. The  name and password are at least 15 random characters for the entry into the router. For the name I use random upper and lower case letters. For the password I add random numbers. I have also started changing the name and password every few days. Plus as stated I added a Fing Box. So far it has solved the problem. I had one network attack blocked on Monday and no more take overs of my router. Thanks again I really appreciate the help.
    As long as I can be helpful, I'll try to help as much as I can. And I know that's the same train of thought of most of us in the community.
    I'm very glad to know your issue is resolved, and I urge you to consider the option of doing the same thing I did when it comes to the device provided by your ISP (meaning, use it only as your gateway to the outside, and get a router of mesh system and control everything from there), that you will be the one in control of your internal network, and not your ISP. At the very least, that is one risk you remove.
  • thomasmerz
    thomasmerz Member Posts: 35
    10 Comments First Anniversary 5 Likes Photogenic
    ✭✭
    What about GUEST-WiFi where access to other devices is prohibited by the router so that Fingbox also can't see these guest-devices? :-(
  • jjvoliver
    jjvoliver Member Posts: 16
    10 Comments First Anniversary 5 Likes Name Dropper

    Unless something changed recently, I was told by Fing that there is no way for the Fing Box to see more than 1 SSID. As such, Fing Box does not support guest networks.

  • thomasmerz
    thomasmerz Member Posts: 35
    10 Comments First Anniversary 5 Likes Photogenic
    ✭✭
    GUEST-WiFi and my "normal" WiFi share the same dhcp pool (192.168.1.0/24 network), so I hoped that fing could also see all guest devices in the same network/broadcast domain. If I would turn off that all guest-devices won't see / won't be able to connect to all/any other device in the same IP network. So if someone might be able to "hack" my GUEST-WiFi-password, Fingbox can't help me!? :-( But I don't want guests with their devices in my private-home-network where they could see more than I want them to see.

    What shall I do?
    Let all guests give access to my private-home-network? Or give access only to guest-network, but if they share my wifi-password with others, my wifi has been "hacked" or is "leaked" :-( (Kids will share wifi-passwords even if told not to do so if they find out, how to do it!)
  • Lee_Bo
    Lee_Bo Member Posts: 271
    100 Comments 100 Likes 5 Answers 25 Agrees
    ✭✭✭✭
    GUEST-WiFi and my "normal" WiFi share the same dhcp pool (192.168.1.0/24 network), so I hoped that fing could also see all guest devices in the same network/broadcast domain. If I would turn off that all guest-devices won't see / won't be able to connect to all/any other device in the same IP network. So if someone might be able to "hack" my GUEST-WiFi-password, Fingbox can't help me!? :-( But I don't want guests with their devices in my private-home-network where they could see more than I want them to see.

    What shall I do?
    Let all guests give access to my private-home-network? Or give access only to guest-network, but if they share my wifi-password with others, my wifi has been "hacked" or is "leaked" :-( (Kids will share wifi-passwords even if told not to do so if they find out, how to do it!)
    Guest and private should never share the same IP scheme.  That really defeats the purpose.  Someone on your "guest" network would still have access to your router/printer/switch, etc.  I know it would be a hassle but you could change the guest wifi password regularly.  You might also be able to install a second Fing box specifically for the guest network.
    jjvoliver
  • Edward444
    Edward444 Member Posts: 10
    Name Dropper Photogenic First Comment
    >As long as I can be helpful, I'll try to help as much as I can. And I know that's the same train of thought of most of us in the community.
    I'm very glad to know your issue is resolved, and I urge you to consider the option of doing the same thing I did when it comes to the device provided by your ISP (meaning, use it only as your gateway to the outside, and get a router of mesh system and control everything from there), that you will be the one in control of your internal network, and not your ISP. At the very least, that is one risk you remove.
    • Thanks for all sharing your experience and for your valuable advice. I am looking at implementing your advice as soon as possible including the inclusion of a Cujo firewall.

    jjvoliver