How to tell if your Wifi is hacked?

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

so how can you tell if your wi-fi is hacked and how do you prevent such things from happening in this video we're going to look at several networking tools that you can leverage to get a better understanding of what's happening on your network and prevent hackers from taking control this is leo and you're watching the pc security channel this video is brought to you by crowdsec an open source free security tool check them out using the link in the description before we can enter the waters of networking we need to understand a very simple networking concept which is the ip address think of this as the address of the device on the network these are all local addresses of course which means that you might see the same addresses when you look at your own systems by the way the tool i have open here is called wireless network watcher and what it's doing is listing every device that's connected to my wi-fi right now and any of you can download this and check this out and so first of all if you see anything here that you don't recognize that could be a red flag you can count the number of devices and then think well how many devices do i actually own or have on the network and if you see more devices than you expect that's another red flag so in this case we have 192.168.1.1 this is the home ip address basically the address of my router the second one is the ip address of the computer that i'm using right now supernova the third and fourth seem to be connecting in and out intermittently and that's likely my mobile devices and the fifth i believe is a virtual machine or maybe the third is virtual machine i can't tell right now but in this case every device on the network is accounted for however if you notice anything here that you don't recognize well somebody else is connected to your network so what do you do how do you get them off of your network well in order to do that you will most likely need to go into the interface of your router so how are we going to do that well just visit the router's ip address so all you have to do is go to 192.168.01.1 and this is going to be the home address for every router on every network so it doesn't matter where you are what kind of router you have this is always going to be that address and once we hit enter as you can see it's going to ask me to log in now if you don't know the username and password of your own router well isn't that strange but you'll be surprised how many people actually don't the first thing you should always do when you get a new router is change these credentials to something that you understand or at least make sure that you've got a strong password here because if you've got default credentials and they're very weak someone could easily hack into your network simply by brute forcing this very interface that you're seeing right now or if you've got a router manufacturer that just uses the same username and password by default on all the routers when they're shipped well i mean pretty much anyone could just go in here and type in the credentials and basically take full control of your network if you don't know what these credentials are you can likely find them taped to the back of your router so just physically walk over to it check out the box and it should be written somewhere and once you log in you will be able to change it now once logged in you want to go into the local network on the top here of course the ui may be different for you because you may have a different router i'm just showing you a very basic router that was provided by the isp i'm using so it should be very similar to anything you use but you want to go ahead and find wlan wherever you are and the reason for that is wlan or wireless lan is basically the local wi-fi connection that you will be connecting to to get to the internet and in here you will be able to do things such as control the different wi-fi networks that are turned on or off and also change passwords this is not the password to your router that is likely going to be found under management and diagnostics but this is basically your wi-fi network name and password so if you see a device here that's not supposed to be there the first thing you want to do is change your wi-fi password and you can do that by going into the wlan ssid configuration and here you can change the encryption type and the wpa passphrase and this is basically your password and the different wi-fi networks you're broadcasting are going to be listed under different ssids so we've got ssid one and two on 2.4 gigahertz we've got six on five gigahertz basically anything that's turned on here is actively broadcasting you don't have to worry about any that are turned off but once you've done that once you've changed your password you should be able to kick out any attackers but what if we wanted to detect an attack and see what's going on well you need to analyze the packets that are traveling over your network and in order to do that you need a packet analyzer so here i have wireshark which is currently showing me all the packets that are moving to and from different destinations and addresses in the network most of these are going to be encrypted but before we can see anything interesting in wireshark we need to initiate a network attack so in order to do that we're going to go to kali linux and i'm just going to quickly log into my vm over here and we're going to start a network attack so you guys can see what it looks like now we're locked in and we're just going to do a simple nmap scan which is the basic beginning point of any kind of network discovery attack this is basically designed to give the attacker a list of different targets show them the different devices that are there and i'm just gonna try to attack the basic device that i'm running right now so i'm just gonna go back and find the address that we're looking for so my computer is at 192.168.1.103 so that's the address we'll be targeting and as you can see now the nmap scan has begun now if we go back to warshark and set a filter for arp it should be able to detect the packets that are going to be broadcast performing this sort of discovery attack on this network we're almost done and as you can see all of a sudden we have a ton of requests each of these are being broadcast and you can see the info in each of these packets is basically who has 192.168.1.1.04 tell 192.168. and you can see the range of 5p address is continuing to grow because the attack is basically trying to list all the devices on this network so it's going to try in a range from 192.168.1 all the way to the last possible address within 192.168.1 so it's scanning through the different ip addresses trying to detect different devices on the network it's querying that information and looking for potential targets what we're looking at right now is what you would call a packet storm and if you're seeing this well that's kind of alarming because it seems like something is trying to storm the network with packets trying to figure out what devices are on it of course there are variety of different attacks that an attacker can use but in general most of them will involve sending a ton of packets so if you notice a packet storm it's usually a sign that somebody is trying to probe your network so there you have it those are a couple simple steps that can help you understand if a hacker is on your network and kick them out i hope you found this video helpful please like and share it if you did on the theme of free security products this video is brought to you by crowdsac a free open source intrusion prevention system the project is on github so you can check it out today and install it on your favorite linux box i've already set it up on ubuntu and it's super simple and easy to use crowdsake allows you to ingest alerts from various sources parse through the logs and build your own intrusion detection system you can set up custom rules leverage the community blacklist and automate your entire security process so if you're an individual or company looking to monitor alerts from various different sources this is a great tool to do it you can also deploy an agent on windows which is currently in alpha once you have it set up you're going to look at the crowdset console this is going to show you a bird's-eye view of all your agents scenarios and alerts you've also got access to cyber threat intelligence so this is where you can look up any kind of ip that you like so i'm just going to paste malicious ip here and if we do a search it's going to give us the confidence level and the various actions associated with it so as you can see this one is flagged as bad actor the attack details show it's an http scanner and crawler you can see the reporting period and can also make a comment so it's very much community driven and while some parts of the project are still in development still in beta this is a great time to jump in and start playing around with the tools getting involved with the projects so check them out link in the description show them some love for supporting the pc security channel this is leo thank you so much for watching and as always stay informed stay secure you

Info

Channel: The PC Security Channel

Views: 285,116

Rating: undefined out of 5

Keywords: The PC Security Channel, TPSC, cybersecurity, cyber security, computer security, internet security, antivirus, anti malware, ransomware, trojan, virus, PUP, best antivirus, best internet security, learn cybersecurity, hacking, hack, security, technology, cyber insurance, cybersecurity degree, best EDR, EDR, How to tell if your wifi is hacked, Is your wifi hacked, change wifi password, protect your wifi, wireshark tutorial, hack wifi network

Id: U7YtvLprUrc

Channel Id: undefined

Length: 9min 27sec (567 seconds)

Published: Mon May 02 2022