[SOLVED] Is it possible to enter/hack a Router w/o being on whitelist and w/o showing up on devices list

[Mezz21]

Someone has covertly gained access to my Huawei B593 router (uses a sim card and 4G LTE). They do not have a device MAC address on the limited whitelist I set up on the router and their device doesn't show up on device list on the admin page of the router. However when my router is off they have no internet connection, when the router is on they do have internet connection.
They may be spoofing their MAC but I think even then they would at least show up on the admin page devices list. They know the password to the network but should not be able to connect because of the limited whitelist. They also aren't using an Ethernet cable. And I have disabled WPS on my router so they can use that.

So how are they able to connect to the network.

I believe they have somehow set up a back door and are connecting via that. My router page is http://192.168.1.1/ for Huawei. It looks like this https://drive.google.com/file/d/18d5nHlSDjHpBiXemNmjKVsN-DPk6EmaF/view?usp=sharing

But when I go to http://192.168.2.2/ I get sent to a strange Mikrotik page that looks like this https://drive.google.com/file/d/1mazxGb9VAy5fKXlQGYk52YXRuylqQijG/view?usp=sharing


Please help this criminal is slowing down my network speed and finishing my limited data.

 

[bill001g]

You have something very strange. What is the gateway IP on your PC.

If you run tracert to 192.168.2.2 does it pass through the 192.168.1.1 router first ?

Unless you have 2 routers with the microtik first I can't see how that works. Most ISP routers block private IP addresses on the internet.

With huawei who knows if they have more backdoors, they have been caught a number of times before on cell tower equipment. This is the reason you see all the politics related to huawei on the news.

I would change the wifi password and see if it blocks them. The mac address stuff is not a very good security measure. If changing the password works then you know it is something related to your mac filter not working.

 

[Mezz21]

You have something very strange. What is the gateway IP on your PC.

If you run tracert to 192.168.2.2 does it pass through the 192.168.1.1 router first ?

Unless you have 2 routers with the microtik first I can't see how that works. Most ISP routers block private IP addresses on the internet.

With huawei who knows if they have more backdoors, they have been caught a number of times before on cell tower equipment. This is the reason you see all the politics related to huawei on the news.

I would change the wifi password and see if it blocks them. The mac address stuff is not a very good security measure. If changing the password works then you know it is something related to your mac filter not working.

The gateway IP is 192.168.1.1

Here is the result of tracert on 192.168.1.1 https://drive.google.com/file/d/1AAlASR_2uSDbtmVL9M5MT7jn6U941D50/view?usp=sharing

I don't have 2 routers nor is there any mikrotik device in the vicinity that I know of.

I will attempt the password change but that's a bit involved because there are a some users who will be interrupted. When I do change it I'll let you know the result.

In the mean time please let me know how you interpret the tracert result.

Thank you for your assistance

 

[bill001g]

That is extremely strange. How did you happen to try that IP address.
In effect that router is in someone else house ? The high latency shows it is not in your house but hard to say when you are a cell network how far things are away because of the large overhead on cell networks.

Not sure private IP addresses are never suppose to be on the internet. That is why they are called private. Your ISP for whatever reason must allow them to be advertised. It will never go to another ISP...well none of the large ones that filter these blocks form being advertised.

Wifi is a huge pain when you are using passwords and you can not completely trust people to not give it out to other unauthorized people. The solution is to use enterprise mode (not sure if your router supports it but most do). This way you setup a small radius server so everyone gets his own userid and password. Radius has a even more advanced mode that authenticates the device itself so that someone can not give their id and password to someone else. Even the simple radius setup tends to be more work than many people are willing to use in a home network but it is extremely common in company networks where you can never 100% trust employees.

 

[Mezz21]

That is extremely strange. How did you happen to try that IP address.
In effect that router is in someone else house ? The high latency shows it is not in your house but hard to say when you are a cell network how far things are away because of the large overhead on cell networks.

Not sure private IP addresses are never suppose to be on the internet. That is why they are called private. Your ISP for whatever reason must allow them to be advertised. It will never go to another ISP...well none of the large ones that filter these blocks form being advertised.

Wifi is a huge pain when you are using passwords and you can not completely trust people to not give it out to other unauthorized people. The solution is to use enterprise mode (not sure if your router supports it but most do). This way you setup a small radius server so everyone gets his own userid and password. Radius has a even more advanced mode that authenticates the device itself so that someone can not give their id and password to someone else. Even the simple radius setup tends to be more work than many people are willing to use in a home network but it is extremely common in company networks where you can never 100% trust employees.

Well I was trying to access a smaller mifi device when mistakely used 192.168.2.2 (the mifi admin page address), while connected to my main network then I found that page.

One the main router there is a hidden network I set up. It doesn't have a whitelist but whoever's connecting will have to know the network name and password. Are there tools that can easily reveal this information or does it take heavy networking expertise and ability to crack the password? This person does not have Kali Linux level ability so they would have to be using a simple windows program assuming they aren't getting help from anyone

 

[thepersonwithaface45]

Well I was trying to access a smaller mifi device when mistakely used 192.168.2.2 (the mifi admin page address), while connected to my main network then I found that page.

One the main router there is a hidden network I set up. It doesn't have a whitelist but whoever's connecting will have to know the network name and password. Are there tools that can easily reveal this information or does it take heavy networking expertise and ability to crack the password? This person does not have Kali Linux level ability so they would have to be using a simple windows program assuming they aren't getting help from anyone

are you trying to reverse psychology someone into helping you hack into something?

 

[Mezz21]

are you trying to reverse psychology someone into helping you hack into something?

Lol that's what it looks like but I'm literally baffled as to how this was pulled off. But don't worry if I had hacking abilities I'd only use them for good not evil.

 

[bill001g]

Finding the network is not too hard. All it does not send out the beacon messages. I forget exactly but there are apps for phones that will detect hidden ssid. There are still messages being sent just not as many.

Cracking the password is considered impossible. The exception being WPS which you say you have disabled.

 

[kanewolf]

Lol that's what it looks like but I'm literally baffled as to how this was pulled off. But don't worry if I had hacking abilities I'd only use them for good not evil.

If you are concerned, WIPE THE SLATE. Factory reset all your network hardware. Create your networks from scratch. Set all new unique 12 character or longer passwords. Then you will know who got the new password. If you are concerned about kids giving it away randomly, then have them bring you a device and YOU type the password. This is how you secure a network after a breach. Then remember to change passwords every 6 months.