Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Nosey Housemate + Macbook wifi = I need your help/advice

D

Digidesign

macrumors 6502
Original poster
Jan 7, 2002
448
52
(Not sure where to place this thread, so mods please move as needed)

I have a Macbook that I do everything on (i.e., personal finances, emails, etc.) I also have one of the rudest, most obnoxious / nosey housemates you can imagine, who loves to boast about how he can sniff packets and hack networks. And yes, from time to time he'll talk about hacking into my computer (or trying to at least). The guy is a complete loser, but the housing situation cannot change at the moment, so I'm asking help from you guys about how I can protect my MacBook's wifi from the creep.

The evidence:
- Under OS X, no intrusions noted.
- Under XP, ZoneAlarm keeps popping up with attempted intrusions coming from the home network. :rolleyes:

The setup:
- Macbook C2D connected via WEP 128-bit encrypted wifi.
- Linksys wireless router with 4-port hub.
- Mac Pro connected via Ethernet on the hub.
- Creep's notebook connected via wifi.
- Creep's desktop connected via ethernet.

More info:
- I own the router, and only I have access into the router setup.

Question:
What can I do to protect my Macbook from the Creep?

I know this isn't the Mac Pro forum, but if you have any advice to help with the Mac Pro (connected via Ethernet), that's much appreciated as well. If your advice is that this is too complicated to explain in this forum, that's cool too. Point me towards where I can learn and I'll do the hard work needed.
 
first I would get rid of the wep128 and go with wpa/wpa2, its alot more secure. Second i would verbally threaten him about the computer hacking. Something along the lines of ' you touch my mac I break you ba#!%.
 
You could turn filevault on. That way even if he got in everything would be encrypted. I don't know much about security though, so even that might not be necessary, as I'm not even sure he could break in to begin with.
 
Excellent suggestions, thanks.

I'm turning on FileVault tonight and will switch over to WPA/WPA2.
 
I wouldnt reccomend File Vault. I have heard several horror stories, where people lost data and such. Create a sparse disk image with encryption trough disk utility and place your sensitive files in it.
EDIT: Also, if you havent already, turn on your firewall, and possibly even set it in stealth mode, where your computer doesnt acknowledge that it even exists.
 
Can you just setup your router to deny all access to any computer that doesn't match the two mac-addresses of your mac's? Then he'll have no more internet, wired or wireless :D
 
psingh01 said:
Can you just setup your router to deny all access to any computer that doesn't match the two mac-addresses of your mac's? Then he'll have no more internet, wired or wireless :D
Click to expand...
I saw this topic in the Forum spy and was going to say the exact same thing. That's what my dad did with our home network.
 
enable password screensaver option because he may try and get on your mac if you leave it for a bit. Make it a hot corner and just flick to it when you leave the mac.
 
If he's really a problem, you may consider a firmware password as well. This prevents him from shutting down your machine and rebooting in single-user mode and having administrator access to your machine. It's absolutely imperative that you don't lose this password, however, so it might not be worth it to you.

As long as all of your firewall settings are normal factory defaults (i.e. no file sharing enabled) I'd think you're safe.
 
It would be funny if your roommate found this post thru hacking your machine! :p Nah, actually that wouldn't be very funny for you - I was just kidding.
 
If he installs a packet sniffer on the account, no amount of internal security will prevent him from accessing data that you transmit 'in the clear' over the network. The exception is visiting encrypted websites (like most banks), whose addresses begin with https rather than http. If you see that in the address window you should be ok, as that's the kind of thing they're designed to protect against.

Also, if a roommate installed a packet sniffer in a shared network with me, I'd yank his access in a second, physically if need be. That is serious stuff.
 
WPA2 Active

I would NOT deploy File Vault

File Sharing Off

Firewall On

Internet Sharing Off

Password required when waking from sleep

You will be very very very secure.
 
For an extra bit of network security, you could connect through a VPN. I use Witopia personalVPN when I'm connecting to a public wireless network. Keeps packets safe from sniffers. Only $40 per year. They also offer a $10 per year wifi network security service called SecureMyWiFi. Fire up both of these services and your wireless network will be pretty rock-solid.
 
I don't mean to be a dick, but I see a lot of eager people here, but not any useful info on the matter.

wpa wont make a difference, the ROOM MATE IS ON THE SAME WIRELESS NETWORK, he has access to the wireless keys!

For the wireless;
Basicly, sniffing wireles is more complex then sniffing ethernet data over a hub, but really hard either. Things like im passwords are encripted, however the actual conversations are not. As far web browsing, he'll beable to see where any https connections are going, but any of the actual data, it'll all be encripted. E-mail can use SSL or tls, but thats upto your provider to support, and you to set-up for each account.


For the desktops;
The linksys has a switch in it, not a hub, which means it the when you desktop talks to something on the internet none of the other devices on the network see any of those packets. No worries about his sniffing packets there.


Now, since the "creep" has physical access to your machines there are various levels of attacks. With Macs OF passwords are great for prevent unauthorized use of your machine. However they do not prevent him physicaly removing your harddisks and mounting them. Something like File Vault or a spare image will prevent access your files in that case.

Ofcourse that still leaves network bases attacks. I think the other posters were in the correct direction here, except I would not put your machine into steath mode. It'll be like issuing a challenge to him. Just make sure the sharing is off and the firewire is on.

Oh ya, and lock your machine when your not infront of it. honeslty, if I was him and wanted your stuff, I'd enable sharing or make me account or somethign the 30 secounds you were outta the room to pee or something...
 
logandzwon said:
I don't mean to be a dick, but I see a lot of eager people here, but not any useful info on the matter.
Click to expand...

I made the exact same open firmware recommendation earlier. I didn't think that she needed to worry about her roommate actually physically removing the harddrive, since that's not 'hacking', that's stealing.

Or, how about Flowbee's recommendation to use a private VPN to encrypt all outgoing traffic?

Calm down.
 
This isn't a networking issue, this is a social issue. You shouldn't need to put up with this crap in your own house.

Have a talk with this person. Tell them you really don't appreciate his hacking efforts. If he ends up being a total jerk, back up your data somewhere and take a sledgehammer to his PC. :D It will make you feel better!

OK, a little nuts, maybe just disable his access to the router (via mac address) until the guy decides he'd rather have internet access.
 
psingh01 said:
Can you just setup your router to deny all access to any computer that doesn't match the two mac-addresses of your mac's? Then he'll have no more internet, wired or wireless :D
Click to expand...

That would be my approach...

If he's not going to respect your privacy, take away his internet access and see how long he can tolerate that...

When he begs for it back tell him that the next time you catch any sort of internal network hacking you're going to lock him from the net permanently.

He'll either stop, or try again and then move out to find net access once you take it away. Either way, problem solved.

You might want to watch out for keyloggers too since he does have physical access to the machines.
 
you could always throw some metal shavings into his rig and wait to see him turn it on. POOF. j/k - I would either resolve the issue with the creep..or disable the internet. You could use a pair of hedge clippers. If it's in your name it's in your right. If he isn't on the lease and you are, kick him out. End of story. Then crap in his shoes.
 
I think that the (serious) suggestions above are good, although I too would avoid File Vault. I think that simply ensuring you always - always - go to the login window (enable Fast User Switching) when leaving, set the Macs to sleep relatively quickly and require password to wake up (in case you forget to log off), turn off sharing you don't need, block all but the ports you need (via the firewall), etc., you should be OK. I'd also follow Flowbee's links for more wireless security, and, if you file transfer between the Macs, use a secure protocol (like scp). A few other things:

First, I'd let him know that any invasion = you filing a police report. Period. Send him a written notice to that effect if you want, but that's job #1: if he breaks in, he's busted. Period. And they'll take his equipment to look for evidence.

Second, how old is this guy? Just curious as to how immature he is for his age.

Third: do you both pay for internet access, or how is that set up? If you pay for it, you could also consider the somewhat excessive measure of physically securing the router and modem in a lockable case. Get a lockable case, drill some holes for air and cable pass-through, and physically secure the router and modem so he can't mess with them.

Likewise, lock your MP so he can't open it up.
 
I don't know if you're still wanting suggestions, but I'd like a little bit more information to give more advice.

You say you own the router, but not if you pay for the internet. Do you? If so, I'd simply lock him out. Use a firmware/account password on your MacBook, deny him access to the network via Mac addressing, and that should resolve the majority of your problems. As much fun as hacking a WEP password is, having to fight for a network connection everytime will probably not be in his best interest. If he keeps trying, keep changing your encryption keys. It isn't that hard, and will probably drive him crazy.

Also, make sure your passwords are random letters (uppercase and lower), numbers, and characters, at least 8 characters long (longer if you can remember without writing them down). That makes trying to use brute force crackers almost impossible.
 
Stick his wireless MS Mouse in a sock and then proceed to beat him silly, while yelling "sniff this packet."
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back