princesspapercut@alien.topB to Tech SupportEnglish · 1 year ago

Deauth and/or Wireshark help needed - my landlord (also my neighbor) deauth attacked my network.

2

1

Deauth and/or Wireshark help needed - my landlord (also my neighbor) deauth attacked my network.

princesspapercut@alien.topB to Tech SupportEnglish · 1 year ago

2

Issues: I need help with a couple of Wireshark tasks, getting notifications from my ISP that don’t belong to our devices. I also welcome any other advice, direction, tools you feel would support my situation. The hackers sub rules say that help requests are not allowed.

This mess has been happening intermittently for a few months, but got permanently bad as of last Friday. Various devices in our house are no longer accessible. I used to be a network analyst a very long time ago, so some of what’s happening is easily understood. But I didn’t have experience with hacking and I’m having a hard time not knowing what I’m looking at. But, hey, the police believe us and want us to report it again - but it looks like it’s permanent - so they’ll be getting a call soon.

I’ve installed Wireshark, but am having difficulty finding:

the ‘frame control field’ - from what I’ve read online, that is a way to identify a packet subtype of 0x0c that will indicate deauthentication activity. Please correct me if I’m mistaken.
how to write a filter string to find matching MAC or IP addresses

I’ve also received text notifications about ‘generic android devices’ connecting to our network. I’ve been really sick and didn’t have the capacity to pay better attention to this. No one in my house has connected to the internet for the first time since this problem began.

They say, “A device called Generic Brand Android device has just connected to your home network for the first time. Set up in the [isp] app at [url goes here].”

What we’ve done so far to help the situation:

We have changed our password to something long and complex.
Installed a network scanner app (Network Analyzer Pro - Android) that kicks ass and is easy to understand.
Narrowed down all MAC addresses for every single device in our house and matched it to our Gateway admin and the network scanner’s lists of connected devices.
Also narrowed down a few MAC addresses w/ IPV4 numbers that we suspect are related to devices at our neighbor’s place.
Noticed that when our Wyze camera has come back online, is the same time we’ve been getting the text messages.

Chat

HeyWiredyyc@alien.topB
link
fedilink
English
arrow-up
1·
1 year ago
Make sure your firmware is updated on your router/modem as well since it could be opened to an exploit.
- princesspapercut@alien.topOPB
  link
  fedilink
  arrow-up
  1·
  1 year ago
  Ooh, good call!

Tech Support

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !techsupport@poweruser.forum

General Submission rules:

Please include your system specs, such as Windows/Linux/Mac version/build, model numbers, troubleshooting steps, symptoms, etc.
The community is only for support with tech issues.
Try to research your issue before posting, don’t be vague. State everything you have tried and all the guides/tutorials/sites you have followed as well as why they were unsuccessful. Do everything you can to reduce the effort of the wonderful folks offering to help you.
After solving your problem, please edit your post to mark it [solved]
Please do not submit the same issue more than once within 24 hours.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

1 user / day
1 user / week
1 user / month
1 user / 6 months
1 local subscriber
6 subscribers
6.49K Posts
6.95K Comments
Modlog

mods:
communick