US Telco Support → Verizon → Verizon FiOS > [Networking] Blocking FiOS user

[Networking] Blocking FiOS user

Hi,

I have Verizon FiOS and want to block new internet devices from connecting. I have tried the MAC authentication where it blocks the MAC address of a certain person but thAt guy keeps creating a new MAC address using some app for his android phone. But the thing is I still want to have some other devices connected that are my home devices. Is there any way to prevent this person from connecting to the internet without a secondary password that is asked when connecting and can't be discoverable. Because I changed the password but this person goes into the connected device which already has the password saved and gets the password.

Please help! I need to block this person from changing his IP address and MAC address and stealing the password from my other devices and connecting to my internet.

[Networking] Re: Blocking FiOS user

Are you saying they are exploiting your wireless?

Yes. I just need to know a way where when the device tries to use internet it asks for a usernMe and password via the website (similar to college and university networks). This way the person can never get the password even when looking through the device.

Have you set a strong WPA2 WiFi passphrase? Also, instead of blacklisting MAC addresses, disallow all MAC addresses and whitelist only those that you use. He could still close one of your MAC addresses, but it's another way to slow'm down.

Another thing you can do is reduce the size of the DHCP pool down to the number of devices you have connected. That may slow him down, but won't totally keep him away if he starts to assign himself static addresses on your network.
--
- Bill

Thanks for the reply Bill. Yes have tried a secure and hard to guess password but still no luck. Also already tried whitelisting my devices but he cloned of there MAC addresses and was able to connect that way. What is this other way you speak of? My router is the one provided by Verizon (just got a newer mod replacement 2 weeks ago), actionec M1424WR. Thanks again.

When you say "password", do you mean the routers login password, or are you referring to the WiFi connect password (or, more properly, pass-phrase)?

If the former, then that's not going to keep someone from using the WiFi connection. The WiFi pass-phrase is the encryption key for the WiFi network connection. Under the WiFi configuration page, you should select the highest encryption capability available (usually WPA2), then set a complex pass-phrase for that. As stated by wmcbrine, WEP is the oldest and least secure encryption method and is easily cracked with available s/w tools.

As for the DHCP thing, under the LAN configuration section, you should find information about the DHCP (Dyanamic Host Configuration Protocol) feature, which assigns IP addresses to devices on your local LAN. There's usually a section that allows you to specify the starting ip address for the DHCP address pool and either the last address or the number of addresses you want to make available. I'm not familiar with the Actiontec router, so I don't know which it provides.
--
- Bill

Login to your router and turn the wireless off. (Wireless settings > Basic Settings > Select off > Save)

Change the admin password for the router. (Main > Change Login Username / password; or Advanced > Users > Administrator)

Change the SSID (network name) for your wireless. (Wireless Settings > Basic Settings)

Select WPA2 security (Wireless Settings > Advanced > Select WPA2 > Input a password of at least 16 characters)

Select AES only (Wireless Settings > Advanced > WPA2 > Select AES)

Turn the wireless back on. (Wireless Settings > Basic > Turn Wireless on)

You'll notice that all your wireless devices are no longer connected. His will be too.
--
Oh, Opera, what have you done?

MAC address filtering is useless and more of an annoyance for you when you actually want to add authorized devices. It sounds like you are running "WEP" for wireless security, which is easily crack-able. You need to change that to "WPA-2".

After doing what sivran says, after you change the SSID, also turn off the broadcasting of the SSID. This means that when you have a new device you will have to tell it what SSID to use instead of letting it find yours. I think this will foil your leech.

Given that finding "unbroadcast" SSIDs is trivial, turning off broadcasting is more trouble than it's worth.
--
Oh, Opera, what have you done?

I'd also turn down the TX power on the WLAN radio in the router too.. hopefully you can crank it low enough so that it doesn't provide him with decent speeds and he'll go elsewhere to get a usable connection.

or go and beat the shiet out of him hehe no just kidding but try all these suggestions by these guys.

Or one interesting thing you can try is have your router redirect to authenticate with a server I forgot how it's called I think radius it will cost you few bucks but might be worth it?

I'm wondering (after reading the whole thread up 'til now) if the OP isn't talking about the ROUTER password and NOT the WPA encryption passphrase.

If the person who is breaking into her wireless network is clever enough to somehow quickly obtain either the router P/W or the encryption phrase, then they must have a more basic, intimate access to the network (like through an STB that would list the encryption phrase on an Actiontec).

Something just doesn't seem right about how quickly the offender is getting access info or we're not getting the whole circumstance about this problem or it's not being described correctly.
--
Never raise your hands to your kids. It leaves your groin unprotected. -- Red Buttons

you need to go in router and disable the pin for push connect.
He has used weaver to crack the pin on your router you need to disabled outer pin.
Look up cracking router with weaver on youtube will explain it better.

If you want to use a username and password or basically user authentication in order for someone to use your wireless network, then the easiest way is use a "version" of RADIUS. Else wise, you could disable the DHCP server, and assign static IP addresses to your network, but this becomes very tedious since, you have to do this for every device you want connected to your network.

All of the above suggestions are useless if your router has a WPS pin as Path62 has suggested.

If the OP is using the Verizon-supplied router then WPS in a non-issue as they've never actually enabled it.

I just got Fios last week and it came with WPA2 already on as default.