Strange device attached to wireless network

Archived from groups: alt.internet.wireless (More info?)

Hi,

I have a Netgear WGR614 router (frmware 1.12), with my laptop and my DLink
USB adaptor (for the TiVo) attached to the network. I use MAC filtering,
WEP, and I turned off broadcasting the SSID of my network. This morning I
checked the router for attached devices, and found an extra one! Checking
the computers under my Microsoft Windows Network showed nothing new. After
killing the wireless access point of the router, the extra device
disappeared, but so did my laptop and TiVo connection. This leads to two
questions:

1) how can I find out more information about rogue devices attached to my
network?, and
2) what else do I have to do to keep rogue devices off my network?

Thanks
8 answers Last reply
More about strange device attached wireless network
  1. Archived from groups: alt.internet.wireless (More info?)

    On Thu, 26 Aug 2004 09:43:59 -0500, "Lisa" <spamstopper@herplace.com>
    wrote:

    >I have a Netgear WGR614 router (frmware 1.12), with my laptop and my DLink
    >USB adaptor (for the TiVo) attached to the network. I use MAC filtering,
    >WEP, and I turned off broadcasting the SSID of my network.

    >This morning I
    >checked the router for attached devices, and found an extra one!

    So much for MAC address filtering. If properly setup, it should only
    allow associations by listed MAC addresses. Are you *SURE* that you
    have MAC address filtering enabled and functioning? Did you scribble
    down the MAC address? The first 3 pairs of numbers can determine the
    manufacturer which might help identify the culprit.

    >Checking
    >the computers under my Microsoft Windows Network showed nothing new. After
    >killing the wireless access point of the router, the extra device
    >disappeared, but so did my laptop and TiVo connection. This leads to two
    >questions:

    >1) how can I find out more information about rogue devices attached to my
    >network?, and

    About all that could be determined is the manufacturer.
    Unfortunately, that can be easily spoofed. Without direction a
    direction finder or some transmitter hunting equipment, there's no way
    to find the source.

    >2) what else do I have to do to keep rogue devices off my network?

    Fix whatever went wrong with the MAC address filter. Test it with a
    borrowed laptop to be sure. Enable WEP or preferably WPA.


    --
    Jeff Liebermann jeffl@comix.santa-cruz.ca.us
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 AE6KS 831-336-2558
  2. Archived from groups: alt.internet.wireless (More info?)

    "Lisa" <spamstopper@herplace.com> wrote in news:RICdnQD0GMavarDcRVn-
    sw@eatel.net:

    > 1) how can I find out more information about rogue devices attached to my
    > network?

    Not much - you maybe able to use a Network scanning tool to gather more
    information about the machine (possibly open ports, MAC address, OS type,
    Machine name)

    > 2) what else do I have to do to keep rogue devices off my network?

    Upgrade your router to one that supports WPA. Most new Wirless G routers
    support WPA. WPA is much more secure than WEP encryption.

    --
    Lucas Tam (REMOVEnntp@rogers.com)
    Please delete "REMOVE" from the e-mail address when replying.
    http://members.ebay.com/aboutme/coolspot18/
  3. Archived from groups: alt.internet.wireless (More info?)

    Might do a search for & install AirSnare on the wireless laptop.
    Mainly alarms if an unauthorized MAC enters the LAN.
    It may show you what URL that rouge mac is connected to.

    I had a rouge,,, turned out to be mine. Routers here have their own two
    MAC's, Wireless and Wired. One router here has three MAC's.

    "Lisa" <spamstopper@herplace.com> wrote in message
    news:RICdnQD0GMavarDcRVn-sw@eatel.net...
    > Hi,
    >
    > I have a Netgear WGR614 router (frmware 1.12), with my laptop and my DLink
    > USB adaptor (for the TiVo) attached to the network. I use MAC filtering,
    > WEP, and I turned off broadcasting the SSID of my network. This morning I
    > checked the router for attached devices, and found an extra one! Checking
    > the computers under my Microsoft Windows Network showed nothing new.
    After
    > killing the wireless access point of the router, the extra device
    > disappeared, but so did my laptop and TiVo connection. This leads to two
    > questions:
    >
    > 1) how can I find out more information about rogue devices attached to my
    > network?, and
    > 2) what else do I have to do to keep rogue devices off my network?
    >
    > Thanks
    >
    >
  4. Archived from groups: alt.internet.wireless (More info?)

    Thanks to all for the suggestions. I'm beginning to suspect poor security
    "features" with the Netgear router. I set up NetStumbler on my laptop, and
    even though I turned off SSID broadcast, I was able to find the network with
    NetStumbler. Quite a disappointment. While I don't keep state secrets on
    my network, I think a little paranoia doesn't hurt in this case.


    "Lisa" <spamstopper@herplace.com> wrote in message
    news:RICdnQD0GMavarDcRVn-sw@eatel.net...
    > Hi,
    >
    > I have a Netgear WGR614 router (frmware 1.12), with my laptop and my DLink
    > USB adaptor (for the TiVo) attached to the network. I use MAC filtering,
    > WEP, and I turned off broadcasting the SSID of my network. This morning I
    > checked the router for attached devices, and found an extra one! Checking
    > the computers under my Microsoft Windows Network showed nothing new.
    After
    > killing the wireless access point of the router, the extra device
    > disappeared, but so did my laptop and TiVo connection. This leads to two
    > questions:
    >
    > 1) how can I find out more information about rogue devices attached to my
    > network?, and
    > 2) what else do I have to do to keep rogue devices off my network?
    >
    > Thanks
    >
    >
  5. Archived from groups: alt.internet.wireless (More info?)

    You will see your network in netstumbler if you are connected to it.

    Netstumbler will not show network name if you are not connected to it.

    Nite Rider
    "Lisa" <spamstopper@herplace.com> wrote in message
    news:VNadnUwqNPZjCrPcRVn-oA@eatel.net...
    > Thanks to all for the suggestions. I'm beginning to suspect poor security
    > "features" with the Netgear router. I set up NetStumbler on my laptop,
    and
    > even though I turned off SSID broadcast, I was able to find the network
    with
    > NetStumbler. Quite a disappointment. While I don't keep state secrets
    on
    > my network, I think a little paranoia doesn't hurt in this case.
    >
    >
    > "Lisa" <spamstopper@herplace.com> wrote in message
    > news:RICdnQD0GMavarDcRVn-sw@eatel.net...
    > > Hi,
    > >
    > > I have a Netgear WGR614 router (frmware 1.12), with my laptop and my
    DLink
    > > USB adaptor (for the TiVo) attached to the network. I use MAC
    filtering,
    > > WEP, and I turned off broadcasting the SSID of my network. This morning
    I
    > > checked the router for attached devices, and found an extra one!
    Checking
    > > the computers under my Microsoft Windows Network showed nothing new.
    > After
    > > killing the wireless access point of the router, the extra device
    > > disappeared, but so did my laptop and TiVo connection. This leads to
    two
    > > questions:
    > >
    > > 1) how can I find out more information about rogue devices attached to
    my
    > > network?, and
    > > 2) what else do I have to do to keep rogue devices off my network?
    > >
    > > Thanks
    > >
    > >
    >
    >
  6. Archived from groups: alt.internet.wireless (More info?)

    Taking a moment's reflection, Lisa mused:
    |
    | Thanks to all for the suggestions. I'm beginning to suspect poor security
    | "features" with the Netgear router. I set up NetStumbler on my laptop,
    | and even though I turned off SSID broadcast, I was able to find the
    | network with NetStumbler. Quite a disappointment. While I don't keep
    | state secrets on my network, I think a little paranoia doesn't hurt in
    | this case.

    If you were connected to the Netgear router at the time of running Net
    Stumbler, that explains it. Try it unconnected ...

    Also, if you have encryption enabled (as you should anyway ... WPA
    preferably), there is no reason to disable SSID Broadcasting. As I just
    posted in another thread:

    1. You risk breaking connectivity and functionality of some wireless
    components;

    2. You risk a nearby neighbour setting up a wireless network on the same
    channel you are using, and causing interference. If the neighbour also
    disables SSID broadcasting, you may never learn why your performance is in
    the tank;

    3. Anyone who has the hardware/software to attempt cracking your
    encryption, also has the ability to sniff your SSID/MAC Address whether it
    is broadcast or not. So, when you disabled SSID Broadcast, you are only
    hiding it from people who cannot crack your system anyway.
  7. Archived from groups: alt.internet.wireless (More info?)

    Yes, find "airsnare". It will tell you the MAC address of the infiltrator.
    It will sound an alarm when the Wi-Fi is being accessed by someone other
    than the MAC addresses you tell airsnare to ignore. You can tell airsnare to
    sound off for any MAC besides your main computer and router to see if your
    being MAC spoofed. It also allows you to send a nasty message to the bad
    guy. (but through messenger which might not be enabled on the foreign
    computer)
    It's FREE.

    "bumtracks" <user@unknown.org> wrote in message
    news:fLrXc.931$yP4.95@trnddc08...
    Might do a search for & install AirSnare on the wireless laptop.
    Mainly alarms if an unauthorized MAC enters the LAN.
    It may show you what URL that rouge mac is connected to.

    I had a rouge,,, turned out to be mine. Routers here have their own two
    MAC's, Wireless and Wired. One router here has three MAC's.

    "Lisa" <spamstopper@herplace.com> wrote in message
    news:RICdnQD0GMavarDcRVn-sw@eatel.net...
    > Hi,
    >
    > I have a Netgear WGR614 router (frmware 1.12), with my laptop and my DLink
    > USB adaptor (for the TiVo) attached to the network. I use MAC filtering,
    > WEP, and I turned off broadcasting the SSID of my network. This morning I
    > checked the router for attached devices, and found an extra one! Checking
    > the computers under my Microsoft Windows Network showed nothing new.
    After
    > killing the wireless access point of the router, the extra device
    > disappeared, but so did my laptop and TiVo connection. This leads to two
    > questions:
    >
    > 1) how can I find out more information about rogue devices attached to my
    > network?, and
    > 2) what else do I have to do to keep rogue devices off my network?
    >
    > Thanks
    >
    >
  8. Archived from groups: alt.internet.wireless (More info?)

    Change your admin password on the router to something complex if you
    haven't done so already. If you already have, change it again. This
    will ensure that nobody can gain access and add themselves to your MAC
    filtered list. Also, change your WEP key. Are you using WPA? 128 bit
    encryption? Change it to something new regardless.

    Even if you're using 128 bit WEP encryption and not WPA, the perp.
    would have to capture several gigs of data before cracking your key.
    Chances are, the typical home user would have to keep the same key for
    months on end before your key is cracked. Most users don't transmit
    that much data even after several months.

    I realize that you're not broadcasting your SID, still change that to
    something complex also. There are available tools to find your network
    even though your SID isn't being broadcast, but I still wouldn't make
    it readily available like one poster suggested. You can look and see
    what kind of speeds you're getting from your router. If there's ever a
    decrease or performance issue, change the channel then.

    Another thing I would do is to broadcast in G mode only. This will
    eliminate anyone who may have an older 802.11b wirless card and make
    them unable to connect. This is assuming of course that you yourself
    don't have any B devices attached to your network.

    Using WPA is the key. This fixes and solves many of WEP's weaknesses.
    Are you running XP? If you're on a Windows 98 box you'll have to use a
    3rd party app. like Funk or Meeting House.

    Also, run a combination of the new Adaware SE and Spybot as these
    programs find many of the popular key loggers. Maybe do that before
    changing your admin password and WEP key to ensure that you aren't
    being logged. There are many other apps. that you could Google that
    will find loggers.

    Recheck your MAC list too and ensure that the only machines being
    allowed to connect are your own.


    "DanR" <dhr22@sorrynospm.com> wrote in message news:<mTbYc.1414$8d1.197@newsread2.news.pas.earthlink.net>...
    > Yes, find "airsnare". It will tell you the MAC address of the infiltrator.
    > It will sound an alarm when the Wi-Fi is being accessed by someone other
    > than the MAC addresses you tell airsnare to ignore. You can tell airsnare to
    > sound off for any MAC besides your main computer and router to see if your
    > being MAC spoofed. It also allows you to send a nasty message to the bad
    > guy. (but through messenger which might not be enabled on the foreign
    > computer)
    > It's FREE.
    >
    > "bumtracks" <user@unknown.org> wrote in message
    > news:fLrXc.931$yP4.95@trnddc08...
    > Might do a search for & install AirSnare on the wireless laptop.
    > Mainly alarms if an unauthorized MAC enters the LAN.
    > It may show you what URL that rouge mac is connected to.
    >
    > I had a rouge,,, turned out to be mine. Routers here have their own two
    > MAC's, Wireless and Wired. One router here has three MAC's.
    >
    > "Lisa" <spamstopper@herplace.com> wrote in message
    > news:RICdnQD0GMavarDcRVn-sw@eatel.net...
    > > Hi,
    > >
    > > I have a Netgear WGR614 router (frmware 1.12), with my laptop and my DLink
    > > USB adaptor (for the TiVo) attached to the network. I use MAC filtering,
    > > WEP, and I turned off broadcasting the SSID of my network. This morning I
    > > checked the router for attached devices, and found an extra one! Checking
    > > the computers under my Microsoft Windows Network showed nothing new.
    > After
    > > killing the wireless access point of the router, the extra device
    > > disappeared, but so did my laptop and TiVo connection. This leads to two
    > > questions:
    > >
    > > 1) how can I find out more information about rogue devices attached to my
    > > network?, and
    > > 2) what else do I have to do to keep rogue devices off my network?
    > >
    > > Thanks
    > >
    > >
Ask a new question

Read More

Routers Wireless Network Devices Wireless Networking