Network intrussion

Willbo · 30 Mar 2009 at 20:59

Think I've had problems with my wireless network recently where someone has been accessing my internet connection. My own fault really because I've had problems getting the wifi setup on my PS3 unless I had no encryption.

Now because I think someones been using my internet I'm extremely paranoid that they'll be abusing my IP so obviously I've got to get my encryption sorted which I think I now have.
Would you report this, I'm tempted to email my ISP or someone, incase my IP is reported to explain my situation. What would you guys do? I dont know how long I've got incase before I hear something if I have been reported?

Willbo · 30 Mar 2009 at 21:18

Sorry wasnt sure whether to put in networking of general chat

Look forward to some replies as I'm quite worried about what could happen

bigredshark · 30 Mar 2009 at 22:05

Basically I'd ignore it, but while I do work for an ISP I am not a lawyer.

If you've received email or similar it should detail what the misuse involved is. If it's downloading films or something then I'd forget about it (but I'm not a lawyer).

The only really bad thing I can see happening is if somebody was downloading kiddie porn on your unsecured connection. If you (somehow) know this to be the case I'd ask a lawyer or the police for advice and not touch anything, leave any and all logs alone.

But seriously, from the ISP perspective, we send hundreds of copyright infringement emails on every week (we get them from records companies and just forward them to users asking them to quit it please). But I've never seen any kind of legal request for user information about anything really illegal (kiddie porn etc). So the odds are fairly in your favour that nothing bad will come of it.

As to whether you can be held liable for misuse of your unsecured connection - I don't know, I suspect people will have an opinion but without asking a lawyer I wouldn't trust any of them personally. (and most good lawyers will tell you they don't know until it's really tested in court)

Willbo · 30 Mar 2009 at 22:23

well really dont want to go to court or anything like that because in all honesty i couldnt afford it.

I'm sure you're right in the fact that forgetting about it would be the best option. its just hard when you're not sure whats really gone on. Ive got encryption on the connection again now and just forfeited the internet connection to the ps3 until i can sort it.

can you recommend a decent firewall that could block intrustions or certain things?

Willbo · 30 Mar 2009 at 22:47

bigredshark said:
Basically I'd ignore it, but while I do work for an ISP I am not a lawyer.

If you've received email or similar it should detail what the misuse involved is. If it's downloading films or something then I'd forget about it (but I'm not a lawyer).

The only really bad thing I can see happening is if somebody was downloading kiddie porn on your unsecured connection. If you (somehow) know this to be the case I'd ask a lawyer or the police for advice and not touch anything, leave any and all logs alone.

But seriously, from the ISP perspective, we send hundreds of copyright infringement emails on every week (we get them from records companies and just forward them to users asking them to quit it please). But I've never seen any kind of legal request for user information about anything really illegal (kiddie porn etc). So the odds are fairly in your favour that nothing bad will come of it.

As to whether you can be held liable for misuse of your unsecured connection - I don't know, I suspect people will have an opinion but without asking a lawyer I wouldn't trust any of them personally. (and most good lawyers will tell you they don't know until it's really tested in court)

So going on your experience, how long would it take for someone to act on matters?

yashiro · 30 Mar 2009 at 23:07

A setting of WPA2-AES on my router works fine on my PS3. It is set as WPA or WPA2, AES cipher only.
I assume it must be working in WPA2 mode as the AES cipher is not part of the old WPA spec.
You should also enable MAC filtering, or use it instead if your router sucks for your PS3.
Try not to enable legacy or mixed modes (AES AND TKIP together) on your router, this can cause problems.
Make sure the PS3 firmware is upto date too.

bigredshark · 30 Mar 2009 at 23:15

Willbo said:
So going on your experience, how long do CEOP usually take to act on matters?

I actually don't know to be honest, we've never had an issue in our user base during my time at the company (3 years). I guess it also depends on severity etc...

bigredshark · 30 Mar 2009 at 23:17

yashiro said:
WPA-AES works fine on PS3, forget the TKIP rubbish. This the highest level you can find in most consumer routers.

You should also enable MAC filtering, or use it instead if your router sucks for your PS3.

I'd dump the mac filtering, it's trivial to circumvent and gives a false sense of security. I understand why some people think it's a good idea but I respectfully disagree.

Willbo · 30 Mar 2009 at 23:33

Well got all my security back up and running. Just popped out to work for a job and come back and needed to reset the router again so hopefully now it'll be ok.

Think the intruder had a go in a chat room form what I can figure, and the girl who sent the email to me saying about the IWR says shes 15
although wrong, dont sound too serious so i'm wondering if the emails an idle threat? *Fingers crossed*. i hope so, not sure how could explain all this to whoever gets in touch or police knocking on the door and make them believe me

tolien · 30 Mar 2009 at 23:40

Email sent to your IP?

bigredshark said:
I'd dump the mac filtering, it's trivial to circumvent and gives a false sense of security.

Indeed. MAC filtering and no encryption is no security whatsoever.

yashiro · 30 Mar 2009 at 23:44

Certainly it's no replacement for encryption. It does, of course, verify that you are in fact being actively hacked as opposed to someone just sneaking on the network. End result is the same of course. So sort the encryption out.

Willbo · 30 Mar 2009 at 23:46

do you think i should be worrying about the police knocking on the door or wont it be that serious?

Willbo · 30 Mar 2009 at 23:49

yashiro said:
Certainly it's no replacement for encryption. It does, of course, verify that you are in fact being actively hacked as opposed to someone just sneaking on the network. End result is the same of course. So sort the encryption out.

Network fully set up and PS3 working as well so bonus

just hope its secure enough now not to get hacked again

yashiro · 30 Mar 2009 at 23:53

As long as you're using WPA with a long pre-shared key you should be safe from most cheeky buggers.

Willbo · 30 Mar 2009 at 23:54

yashiro said:
As long as you're using WPA with a long pre-shared key you should be safe from most cheeky buggers.

sure am

yashiro · 31 Mar 2009 at 00:00

TCP 5223, 10070-10080, 5730
UDP 3478, 3479, 3658, 10070, 50100

I think are the common forwarding ports for PS3 if you have issues hosting games.
Or enable UPNP and don't forward anything, upnp should do it all for you.

Willbo · 31 Mar 2009 at 00:06

Cheers thanks, now the PS3 is sorted, just got to worry about this IP being forwarded issue after the intruder

Willbo · 31 Mar 2009 at 17:38

Read somewhere that it can take upto a month for anything to be done, and can be anything from a knock at your door or a warning letter according to bigredshark.

So far I havent reported the possible use of my wifi, do you think I should? And how can I proove it?