How do I setup Upside-Down-Ternet?

[comprocks]

I tried looking for a guide to do this on Windows 8. I found a guide for Ubuntu but not Windows.

I came across Upside-Down-Ternet and found it interesting but complicated to set up.

Could someone please provide a detailed step-by-step guide on how to set this up on Windows 8?
I want to redirect the untrusted IPs to http://www.kittenwar.com as the guide suggests it would be extremely annoying.

 

[USAFRet]

That gets set up on your router or firewall box, not your OS.

I'm assuming you want to do this because of leeching neighbors? Why not just change your WiFi password, and don't let them in?

 

[MarkW]

Alternatively, you can tell your router to only allow computers with certain MAC ID numbers to connect to it, and then only those machines will ever even get a response from the router. Someone might see the router, but seeing it, and connecting to it are very different beasts.

There are so many ways to setup good security. Just have to decide which methods you want to use.

 

[comprocks]

Alternatively, you can tell your router to only allow computers with certain MAC ID numbers to connect to it, and then only those machines will ever even get a response from the router. Someone might see the router, but seeing it, and connecting to it are very different beasts.

There are so many ways to setup good security. Just have to decide which methods you want to use.

There is a little problem with MAC Address Filtering. I had tried that but then sometimes devices in the 'allowed' list were not able to connect. So, I want to try this.

 

[comprocks]

That gets set up on your router or firewall box, not your OS.

I'm assuming you want to do this because of leeching neighbors? Why not just change your WiFi password, and don't let them in?

This is actually for a relative who insists that his WiFi is being hacked even after changing the password multiple times. I thought this would work for him, but since I don't know how to set it up, I need help.

Do you know how I could set it up on a DI-624 (D-Link)?

 

[USAFRet]

That gets set up on your router or firewall box, not your OS.

I'm assuming you want to do this because of leeching neighbors? Why not just change your WiFi password, and don't let them in?

This is actually for a relative who insists that his WiFi is being hacked even after changing the password multiple times. I thought this would work for him, but since I don't know how to set it up, I need help.

Do you know how I could set it up on a DI-624 (D-Link)?

On that router? Doubtful.

But for your relative...what leads him to think his WiFi is being hacked? What security protocol is he using?

 

[comprocks]

On that router? Doubtful.

But for your relative...what leads him to think his WiFi is being hacked? What security protocol is he using?

He lives on the first floor and he says that the security guard always informs him of people standing near his window when he is or is not at home.
The guys come with laptops, phones and every other portable WiFi-capable device you can think of.

He uses WPA2 with a randomly generated 10/15 character password.

P.S: How would you set it up on a router that was capable of being setup with this?

 

[USAFRet]

On that router? Doubtful.

But for your relative...what leads him to think his WiFi is being hacked? What security protocol is he using?

He lives on the first floor and he says that the security guard always informs him of people standing near his window when he is or is not at home.
The guys come with laptops, phones and every other portable WiFi-capable device you can think of.

He uses WPA2 with a randomly generated 10/15 character password.

P.S: How would you set it up on a router that was capable of being setup with this?

While not 100% impossible to crack, WPA2 with a good password is very much non-trivial.

On a router? I wouldn't. I'd set up a whole house firewall box, with some Linux variant. Smoothwall, untangle, or similar.

But they are probably standing outside, using someone else's WiFi. Why would they have to be right near his window?
Look in the router admin page, and see what devices have connected recently.
Also, buy a $10 fake security camera, and mount it outside in a visible place.

 

[MarkW]

He could always turn off the router when he was leaving. Its a little difficult to connect to something that isn't even turned on.

 

[comprocks]

While not 100% impossible to crack, WPA2 with a good password is very much non-trivial.

On a router? I wouldn't. I'd set up a whole house firewall box, with some Linux variant. Smoothwall, untangle, or similar.

But they are probably standing outside, using someone else's WiFi. Why would they have to be right near his window?
Look in the router admin page, and see what devices have connected recently.
Also, buy a $10 fake security camera, and mount it outside in a visible place.

What exactly is a firewall box? How would you set it up (step-by-step)? And how would you wire it with the router? What are the requirements to setup/use a firewall box?

I know I am asking a lot of questions but I really want to learn how to do this!

And P.S: He said he is sure they are not using someone else's WiFi as they leave almost immediately when he turns off the router momentarily.

 

[comprocks]

He could always turn off the router when he was leaving. Its a little difficult to connect to something that isn't even turned on.

A little difficult? Is it even possible?

He does turn off the router when leaving but when he is in the house, there is no way to stop them as he also wants to use the WiFi (Internet).

 

[MarkW]

I have read the D-Link manual for that unit. He can lock the router down to ONLY allow the devices that he wants connecting to it to access it. How this works is that every device that uses the internet has a unique MAC ID. The link below describes how to reveal the MAC ID of your computer. This MAC ID is assigned at the factory, and can never be changed for the port that accesses the Internet.

http://www.wikihow.com/Find-the-MAC-Address-of-Your-Computer

Now, get the the MAC ID of every device that he wants to be able to use the router. Make sure he has one MAC ID for every device. Because when he gets done here, nothing thats not on that list will be able to connect to this router. No exceptions. Here is a link to the manual for that router. It is the manual in PDF format.

http://www.dlink.com/-/media/Consumer_Products/DI/DI_624M/Manual/DI624M_manual_en_us.pdf

On page 28, you will find "Only allow computers with MAC address listed below to access the network". Select that. Then enter a name for that device and fill in the 6 boxes with the 6 parts of the MAC ID. A MAC ID looks like this: 7E-43-5F-00-24-CB. If it does not have all 6 sets of 2 digits, it is not the MAC ID. If it has any digits that are not a number or the letters A through F, It is not a MAC ID. Be care to make sure that B's are B's, and that 8's are 8's. They are easy to mistake and a wrong MAC ID will confuse things. Pay close attention to what is being entered in the MAC ID boxes. Triple check to make sure there are no typo's.
Make sure he adds the MAC ID for the computer he is working from FIRST!
Click the APPLY icon to store each MAC ID into the router.
Then add the other devices he want to access it.

When you are done, ONLY the devices with MAC ID's saved in that section of the router will be allowed to connect to it. If he gets a new device, he will need to get its MAC ID and add it to his router before it will be able to connect.

This takes a little bit of time to setup, but it assures that only your devices can connect to that router. It won't even acknowledge any unlisted device.

 

[comprocks]

I have read the D-Link manual for that unit. He can lock the router down to ONLY allow the devices that he wants connecting to it to access it. How this works is that every device that uses the internet has a unique MAC ID. The link below describes how to reveal the MAC ID of your computer. This MAC ID is assigned at the factory, and can never be changed for the port that accesses the Internet.

I'm sorry but haven't I already mentioned earlier that using MAC Address filtering, for some reason, randomly prevents connection of devices in the 'allow' list? That is why I wanted to know about Upside-Down-Ternet!

 

[USAFRet]

How, precisely, are they breaking the WPA2 password?

 

[comprocks]

How, precisely, are they breaking the WPA2 password?

A quick Google search led to me finding this:
http://www.wirelessdomination.com/how-to-crack-wpa2-wifi-password-using-reaver-wpa2/

This may be just one of the methods but it's possible that they are using this... At the end of the article, it says write down the WPS Pin, so if the password is changed, it can be hacked in about a minute again.
(A Small Quote: "I recommend you keep note of the WPS pin, so that if the password is changed again you can hack that in few seconds the next time by using the following process.")

This is how they must be doing it.... I mean, I have no clue but it's a guess as good as any!

 

[USAFRet]

How, precisely, are they breaking the WPA2 password?

A quick Google search led to me finding this:
http://www.wirelessdomination.com/how-to-crack-wpa2-wifi-password-using-reaver-wpa2/

This may be just one of the methods but it's possible that they are using this... At the end of the article, it says write down the WPS Pin, so if the password is changed, it can be hacked in about a minute again.
(A Small Quote: "I recommend you keep note of the WPS pin, so that if the password is changed again you can hack that in few seconds the next time by using the following process.")

This is how they must be doing it.... I mean, I have no clue but it's a guess as good as any!

OK, yes. If he is using WPS, don't do that. Horribly broken.

Just set a strong WPA2 password. Leave WPS out of the situation completely.

 

[comprocks]

OK, yes. If he is using WPS, don't do that. Horribly broken.

Just set a strong WPA2 password. Leave WPS out of the situation completely.

And a randomly generated 10-15 character password is somehow not good enough.

As I said, there have to be other methods to hack a WPA2 password, right? Maybe ones that don't involve using the WPS pin? That's what they must be using.

Let's help other people who want to setup this utility as well. Please tell me more about the firewall box and how I could set that up. Then, I can mark this thread as closed/answered.

 

[USAFRet]

OK, yes. If he is using WPS, don't do that. Horribly broken.

Just set a strong WPA2 password. Leave WPS out of the situation completely.

And a randomly generated 10-15 character password is somehow not good enough.

As I said, there have to be other methods to hack a WPA2 password, right? Maybe ones that don't involve using the WPS pin? That's what they must be using.

Let's help other people who want to setup this utility as well. Please tell me more about the firewall box and how I could set that up. Then, I can mark this thread as closed/answered.

Cracking a WPA2 password is 'possible', but non-trivial exercise. It would take hours or days, generally.

Is it at all possible for him to do with WiFi altogether? You can't hack a Cat5e cable.

Also, MAC address filtering. Set the router to only accept his known devices. Yes, the MAC address can be spoofed, but that's one more layer of security.

As for the firewall box...I'm trying to visualize how it would be done regarding WiFi. Let me think on it a bit.