Strange device attached to wireless network

G

Guest

Guest
Archived from groups: alt.internet.wireless (More info?)

Hi,

I have a Netgear WGR614 router (frmware 1.12), with my laptop and my DLink
USB adaptor (for the TiVo) attached to the network. I use MAC filtering,
WEP, and I turned off broadcasting the SSID of my network. This morning I
checked the router for attached devices, and found an extra one! Checking
the computers under my Microsoft Windows Network showed nothing new. After
killing the wireless access point of the router, the extra device
disappeared, but so did my laptop and TiVo connection. This leads to two
questions:

1) how can I find out more information about rogue devices attached to my
network?, and
2) what else do I have to do to keep rogue devices off my network?

Thanks
 
G

Guest

Guest
Archived from groups: alt.internet.wireless (More info?)

On Thu, 26 Aug 2004 09:43:59 -0500, "Lisa" <spamstopper@herplace.com>
wrote:

>I have a Netgear WGR614 router (frmware 1.12), with my laptop and my DLink
>USB adaptor (for the TiVo) attached to the network. I use MAC filtering,
>WEP, and I turned off broadcasting the SSID of my network.

>This morning I
>checked the router for attached devices, and found an extra one!

So much for MAC address filtering. If properly setup, it should only
allow associations by listed MAC addresses. Are you *SURE* that you
have MAC address filtering enabled and functioning? Did you scribble
down the MAC address? The first 3 pairs of numbers can determine the
manufacturer which might help identify the culprit.

>Checking
>the computers under my Microsoft Windows Network showed nothing new. After
>killing the wireless access point of the router, the extra device
>disappeared, but so did my laptop and TiVo connection. This leads to two
>questions:

>1) how can I find out more information about rogue devices attached to my
>network?, and

About all that could be determined is the manufacturer.
Unfortunately, that can be easily spoofed. Without direction a
direction finder or some transmitter hunting equipment, there's no way
to find the source.

>2) what else do I have to do to keep rogue devices off my network?

Fix whatever went wrong with the MAC address filter. Test it with a
borrowed laptop to be sure. Enable WEP or preferably WPA.


--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558
 
G

Guest

Guest
Archived from groups: alt.internet.wireless (More info?)

"Lisa" <spamstopper@herplace.com> wrote in news:RICdnQD0GMavarDcRVn-
sw@eatel.net:

> 1) how can I find out more information about rogue devices attached to my
> network?

Not much - you maybe able to use a Network scanning tool to gather more
information about the machine (possibly open ports, MAC address, OS type,
Machine name)

> 2) what else do I have to do to keep rogue devices off my network?

Upgrade your router to one that supports WPA. Most new Wirless G routers
support WPA. WPA is much more secure than WEP encryption.

--
Lucas Tam (REMOVEnntp@rogers.com)
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/
 
G

Guest

Guest
Archived from groups: alt.internet.wireless (More info?)

Might do a search for & install AirSnare on the wireless laptop.
Mainly alarms if an unauthorized MAC enters the LAN.
It may show you what URL that rouge mac is connected to.

I had a rouge,,, turned out to be mine. Routers here have their own two
MAC's, Wireless and Wired. One router here has three MAC's.

"Lisa" <spamstopper@herplace.com> wrote in message
news:RICdnQD0GMavarDcRVn-sw@eatel.net...
> Hi,
>
> I have a Netgear WGR614 router (frmware 1.12), with my laptop and my DLink
> USB adaptor (for the TiVo) attached to the network. I use MAC filtering,
> WEP, and I turned off broadcasting the SSID of my network. This morning I
> checked the router for attached devices, and found an extra one! Checking
> the computers under my Microsoft Windows Network showed nothing new.
After
> killing the wireless access point of the router, the extra device
> disappeared, but so did my laptop and TiVo connection. This leads to two
> questions:
>
> 1) how can I find out more information about rogue devices attached to my
> network?, and
> 2) what else do I have to do to keep rogue devices off my network?
>
> Thanks
>
>
 
G

Guest

Guest
Archived from groups: alt.internet.wireless (More info?)

Thanks to all for the suggestions. I'm beginning to suspect poor security
"features" with the Netgear router. I set up NetStumbler on my laptop, and
even though I turned off SSID broadcast, I was able to find the network with
NetStumbler. Quite a disappointment. While I don't keep state secrets on
my network, I think a little paranoia doesn't hurt in this case.


"Lisa" <spamstopper@herplace.com> wrote in message
news:RICdnQD0GMavarDcRVn-sw@eatel.net...
> Hi,
>
> I have a Netgear WGR614 router (frmware 1.12), with my laptop and my DLink
> USB adaptor (for the TiVo) attached to the network. I use MAC filtering,
> WEP, and I turned off broadcasting the SSID of my network. This morning I
> checked the router for attached devices, and found an extra one! Checking
> the computers under my Microsoft Windows Network showed nothing new.
After
> killing the wireless access point of the router, the extra device
> disappeared, but so did my laptop and TiVo connection. This leads to two
> questions:
>
> 1) how can I find out more information about rogue devices attached to my
> network?, and
> 2) what else do I have to do to keep rogue devices off my network?
>
> Thanks
>
>
 
G

Guest

Guest
Archived from groups: alt.internet.wireless (More info?)

You will see your network in netstumbler if you are connected to it.

Netstumbler will not show network name if you are not connected to it.

Nite Rider
"Lisa" <spamstopper@herplace.com> wrote in message
news:VNadnUwqNPZjCrPcRVn-oA@eatel.net...
> Thanks to all for the suggestions. I'm beginning to suspect poor security
> "features" with the Netgear router. I set up NetStumbler on my laptop,
and
> even though I turned off SSID broadcast, I was able to find the network
with
> NetStumbler. Quite a disappointment. While I don't keep state secrets
on
> my network, I think a little paranoia doesn't hurt in this case.
>
>
> "Lisa" <spamstopper@herplace.com> wrote in message
> news:RICdnQD0GMavarDcRVn-sw@eatel.net...
> > Hi,
> >
> > I have a Netgear WGR614 router (frmware 1.12), with my laptop and my
DLink
> > USB adaptor (for the TiVo) attached to the network. I use MAC
filtering,
> > WEP, and I turned off broadcasting the SSID of my network. This morning
I
> > checked the router for attached devices, and found an extra one!
Checking
> > the computers under my Microsoft Windows Network showed nothing new.
> After
> > killing the wireless access point of the router, the extra device
> > disappeared, but so did my laptop and TiVo connection. This leads to
two
> > questions:
> >
> > 1) how can I find out more information about rogue devices attached to
my
> > network?, and
> > 2) what else do I have to do to keep rogue devices off my network?
> >
> > Thanks
> >
> >
>
>
 
G

Guest

Guest
Archived from groups: alt.internet.wireless (More info?)

Taking a moment's reflection, Lisa mused:
|
| Thanks to all for the suggestions. I'm beginning to suspect poor security
| "features" with the Netgear router. I set up NetStumbler on my laptop,
| and even though I turned off SSID broadcast, I was able to find the
| network with NetStumbler. Quite a disappointment. While I don't keep
| state secrets on my network, I think a little paranoia doesn't hurt in
| this case.

If you were connected to the Netgear router at the time of running Net
Stumbler, that explains it. Try it unconnected ...

Also, if you have encryption enabled (as you should anyway ... WPA
preferably), there is no reason to disable SSID Broadcasting. As I just
posted in another thread:

1. You risk breaking connectivity and functionality of some wireless
components;

2. You risk a nearby neighbour setting up a wireless network on the same
channel you are using, and causing interference. If the neighbour also
disables SSID broadcasting, you may never learn why your performance is in
the tank;

3. Anyone who has the hardware/software to attempt cracking your
encryption, also has the ability to sniff your SSID/MAC Address whether it
is broadcast or not. So, when you disabled SSID Broadcast, you are only
hiding it from people who cannot crack your system anyway.
 

danr

Distinguished
Nov 16, 2003
286
0
18,780
Archived from groups: alt.internet.wireless (More info?)

Yes, find "airsnare". It will tell you the MAC address of the infiltrator.
It will sound an alarm when the Wi-Fi is being accessed by someone other
than the MAC addresses you tell airsnare to ignore. You can tell airsnare to
sound off for any MAC besides your main computer and router to see if your
being MAC spoofed. It also allows you to send a nasty message to the bad
guy. (but through messenger which might not be enabled on the foreign
computer)
It's FREE.

"bumtracks" <user@unknown.org> wrote in message
news:fLrXc.931$yP4.95@trnddc08...
Might do a search for & install AirSnare on the wireless laptop.
Mainly alarms if an unauthorized MAC enters the LAN.
It may show you what URL that rouge mac is connected to.

I had a rouge,,, turned out to be mine. Routers here have their own two
MAC's, Wireless and Wired. One router here has three MAC's.

"Lisa" <spamstopper@herplace.com> wrote in message
news:RICdnQD0GMavarDcRVn-sw@eatel.net...
> Hi,
>
> I have a Netgear WGR614 router (frmware 1.12), with my laptop and my DLink
> USB adaptor (for the TiVo) attached to the network. I use MAC filtering,
> WEP, and I turned off broadcasting the SSID of my network. This morning I
> checked the router for attached devices, and found an extra one! Checking
> the computers under my Microsoft Windows Network showed nothing new.
After
> killing the wireless access point of the router, the extra device
> disappeared, but so did my laptop and TiVo connection. This leads to two
> questions:
>
> 1) how can I find out more information about rogue devices attached to my
> network?, and
> 2) what else do I have to do to keep rogue devices off my network?
>
> Thanks
>
>
 

Ryan

Distinguished
Mar 31, 2004
551
0
18,980
Archived from groups: alt.internet.wireless (More info?)

Change your admin password on the router to something complex if you
haven't done so already. If you already have, change it again. This
will ensure that nobody can gain access and add themselves to your MAC
filtered list. Also, change your WEP key. Are you using WPA? 128 bit
encryption? Change it to something new regardless.

Even if you're using 128 bit WEP encryption and not WPA, the perp.
would have to capture several gigs of data before cracking your key.
Chances are, the typical home user would have to keep the same key for
months on end before your key is cracked. Most users don't transmit
that much data even after several months.

I realize that you're not broadcasting your SID, still change that to
something complex also. There are available tools to find your network
even though your SID isn't being broadcast, but I still wouldn't make
it readily available like one poster suggested. You can look and see
what kind of speeds you're getting from your router. If there's ever a
decrease or performance issue, change the channel then.

Another thing I would do is to broadcast in G mode only. This will
eliminate anyone who may have an older 802.11b wirless card and make
them unable to connect. This is assuming of course that you yourself
don't have any B devices attached to your network.

Using WPA is the key. This fixes and solves many of WEP's weaknesses.
Are you running XP? If you're on a Windows 98 box you'll have to use a
3rd party app. like Funk or Meeting House.

Also, run a combination of the new Adaware SE and Spybot as these
programs find many of the popular key loggers. Maybe do that before
changing your admin password and WEP key to ensure that you aren't
being logged. There are many other apps. that you could Google that
will find loggers.

Recheck your MAC list too and ensure that the only machines being
allowed to connect are your own.


"DanR" <dhr22@sorrynospm.com> wrote in message news:<mTbYc.1414$8d1.197@newsread2.news.pas.earthlink.net>...
> Yes, find "airsnare". It will tell you the MAC address of the infiltrator.
> It will sound an alarm when the Wi-Fi is being accessed by someone other
> than the MAC addresses you tell airsnare to ignore. You can tell airsnare to
> sound off for any MAC besides your main computer and router to see if your
> being MAC spoofed. It also allows you to send a nasty message to the bad
> guy. (but through messenger which might not be enabled on the foreign
> computer)
> It's FREE.
>
> "bumtracks" <user@unknown.org> wrote in message
> news:fLrXc.931$yP4.95@trnddc08...
> Might do a search for & install AirSnare on the wireless laptop.
> Mainly alarms if an unauthorized MAC enters the LAN.
> It may show you what URL that rouge mac is connected to.
>
> I had a rouge,,, turned out to be mine. Routers here have their own two
> MAC's, Wireless and Wired. One router here has three MAC's.
>
> "Lisa" <spamstopper@herplace.com> wrote in message
> news:RICdnQD0GMavarDcRVn-sw@eatel.net...
> > Hi,
> >
> > I have a Netgear WGR614 router (frmware 1.12), with my laptop and my DLink
> > USB adaptor (for the TiVo) attached to the network. I use MAC filtering,
> > WEP, and I turned off broadcasting the SSID of my network. This morning I
> > checked the router for attached devices, and found an extra one! Checking
> > the computers under my Microsoft Windows Network showed nothing new.
> After
> > killing the wireless access point of the router, the extra device
> > disappeared, but so did my laptop and TiVo connection. This leads to two
> > questions:
> >
> > 1) how can I find out more information about rogue devices attached to my
> > network?, and
> > 2) what else do I have to do to keep rogue devices off my network?
> >
> > Thanks
> >
> >