Someone is leaching our wireless network

[AlBDamned]

Despite basic WEP 40 security, someone is leaching our wireless network at home.

How do I go about protecting it? Using MAC addresses would be fine but I don't know how exactly?

We have one Mac PB, on Windows laptop and one windows desktop.

Also, is there anyway to identify the leach?

Thanks,

AL

Edit: Forgot to say, the router is a D-Link G604T

 

[efoto]

Despite basic WEP 40 security, someone is leaching our wireless network at home.

How do I go about protecting it? Using MAC addresses would be fine but I don't know how exactly?

We have one Mac PB, on Windows laptop and one windows desktop.

Also, is there anyway to identify the leach?

Thanks,

AL

Edit: Forgot to say, the router is a D-Link G604T

Get into the administrative page for the router (should be outlined in the documentation, but usually type //192.168.0.1 into the address bar) and login (again, usually "admin" and "password" accordingly, if you haven't changed these already).

Once you are in there, there should be a 'basics' tab for wireless, and an 'advanced' tab, or something like this (I'm speaking from mostly Netgear stuff). Anyway, somewhere around is a setting for 'enable MAC address verification'. You have to get the MAC addresses of all the computers you want to allow access (12 digit, colon separated pairs):

• System Preferences -> Network -> Airport -> Airport ID (for the Mac)
• Start -> Run -> "cmd" -> "ipconfig /all" -> look for the proper network device and match the MAC addy (for the PCs)

I hope this makes sense

Back in the router page, enter those MAC addresses into the appropriate fields and you should be all set. The router then does a MAC address match, then WEP key verification before allowing access to your network. If you router supports WPA-PSK keys, those are stronger and don't take that much longer to verify so you could consider using those if all of your systems support such a key. Make sure you change the password for logging into your router too, since the basic ''admin/password'' is used frequently and others can find the wifi signal, login, and add themselves (if MAC address verification isn't on).

As far as finding the culprit....there should also be a utility that shows who is connected to the router....but I'm not sure how that works with a D-Link router.

Let me know if this makes sense, and if it works. I can try to re-phrase and look further into it if you are having difficulties.

 

[freeny]

frequently change your password

 

[grapes911]

No way to really tell who. You could check your logs and get their MAC address, but that is about it.

WEP if very easily broken. It's like looking a door with a combination lock, but writing the combo on the door. It's locked, but it takes little effort to break. Take any 7th grader who knows somewhat about computers, give them a computer and google, and they'll be able to break your WEP in less than an hour.

Do you have some form of WPA? WPA is nearly impossible to break except by brute force. No consumer computer can break it in a timely manner (it would take hundreds of years on the average or something like that). Even the NSA says they can't break it, but who knows if they are telling the truth (nor does it matter, I doubt the NSA will be stealing you internet connection). If you use WPA, you will not need any other form of protection.

If you don't have WPA then do a couple of things:
1. Turn on MAC filtering. I can't tell you exactly where it will be in your router, so you may have to check the manual.
2. Limit the number of addresses your router gives out to exactly the number of computers you need.

 

[AlBDamned]

That all makes sense. Thank efoto. I'm going to try it now.

We have changed the admin/password a while back so we're still in control of the router itself.

We got alerted to it because our 2MB connection has gone down to 500kbits and the dsl light is always flashing even when all the comps here are switched off.

Thieving gets...

Will report back in a sec...

 

[Lord Blackadder]

I use 128-bit WEP at home, but I've been told by a couple software gurus that anybody with a PC and a couple hours to burn can crack it.

Maybe switching to WPA would be more secure?

 

[AlBDamned]

No way to really tell who. You could check your logs and get their MAC address, but that is about it.

WEP if very easily broken. It's like looking a door with a combination lock, but writing the combo on the door. It's locked, but it takes little effort to break. Take any 7th grader who knows somewhat about computers, give them a computer and google, and they'll be able to break your WEP in less than an hour.

Do you have some form of WPA? WPA is nearly impossible to break except by brute force. No consumer computer can break it in a timely manner (it would take hundreds of years on the average or something like that). Even the NSA says they can't break it, but who knows if they are telling the truth (nor does it matter, I doubt the NSA will be stealing you internet connection). If you use WPA, you will not need any other form of protection.

If you don't have WPA then do a couple of things:
1. Turn on MAC filtering. I can't tell you exactly where it will be in your router, so you may have to check the manual.
2. Limit the number of addresses your router gives out to exactly the number of computers you need.

It's got WPA. Would that be the easiest option?

What does all this mean?!

Security: WPA
Group Key Interval: 60

Note: Group Key Interval is shared by all WPA options.

802.1x Server IP Address:

Port:

Secret:

PSK Hex Hex:
PSK String String:

 

[martin1000]

Other things to think about:

Are your two windows pcs protected with Antivirus, Spyware, etc? Could it be that these two have been compromised by Malware, Spyware, etc.?

Secondly, if the two PCs are protected, then the person surfing on your dime has got to be pretty close. (In my apartment, I see about 12 other wireless networks of which 3 are protected.)

My 2 cents.

 

[grapes911]

It's got WPA. Would that be the easiest option?

Definitely. While some people go overboard and turn on every protection they can find, it is unnecessary. WPA is so secure that even an advanced computer expert will not be able to break it. But...it is only as secure as the password you use. So don't use a stupid password like your name, address, etc.

 

[AlBDamned]

I use 128-bit WEP at home, but I've been told by a couple software gurus that anybody with a PC and a couple hours to burn can crack it.

Maybe switching to WPA would be more secure?

Apparently you can crack WEP with programs that gather enough of the password data through packets sent and received to the router.

It's pretty easy. Up until know it's been ok but this new block of flats is now full so I guess there's someone in here with a little know-how. There are other unsecured wireless networks around but the signal is weak. Our's is super strength due to two big booster ariel so we can all get the signal in our rooms for faster downloading.

 

[grapes911]

What does all this mean?!

Security: WPA
Group Key Interval: 60

Note: Group Key Interval is shared by all WPA options.

802.1x Server IP Address:

Port:

Secret:

PSK Hex Hex:
PSK String String:

The Group Key Interval, Server IP Address, Port, and Secret text boxes, and 802.1x are enterprise network specific and probably unneeded for you.

 

[AlBDamned]

Other things to think about:

Are your two windows pcs protected with Antivirus, Spyware, etc? Could it be that these two have been compromised by Malware, Spyware, etc.?

Secondly, if the two PCs are protected, then the person surfing on your dime has got to be pretty close. (In my apartment, I see about 12 other wireless networks of which 3 are protected.)

My 2 cents.

Both the PCs are ok. The connection is poor now even when they're fully switched off.

The Group Key Interval, Server IP Address, Port, and Secret text boxes, and 802.1x are enterprise network specific and probably unneeded for you.

Ok that's cool. Which one(s) do I need to fill in?

 

[grapes911]

Ok that's cool. Which one(s) do I need to fill in?

After you select WPA, the only thing you need to set is the Password.

Here is what mine looks like. I hope this helps some:

 

[efoto]

That all makes sense. Thank efoto. I'm going to try it now.

We have changed the admin/password a while back so we're still in control of the router itself.

We got alerted to it because our 2MB connection has gone down to 500kbits and the dsl light is always flashing even when all the comps here are switched off.

Thieving gets...

Will report back in a sec...

I'm glad that worked out and made sense. I was re-reading it and even I got confused

The WPA key should generate the same as a WEP key, but it generates under a different algorithm, much more secure. You can try just doing the WPA key (assuming all of your devices support that) but adding MAC verification doesn't take that much time or slow things down. It only verifies during the initial connection, then it's just the same once you are on so it won't decrease performance at all.

 

[AlBDamned]

Nuts...

I activated WPA using a password but now my PowerBook cannot connect to the network, only the Windows laptop will. Also, now I can't access the router on (192.168.1.1) on either machine.

Edit: actually, now the windows machine won't connect to it either, it just sticks on 'acquiring network address'...

Could be re-set time.

Lucky we have our neighbour's open connection

 

[XNine]

WEP is easy to packet sniff and then log in to.
WPA is much, much harder and should be used with a stong, 16 character or longer password.

When you log into the router, you may be able to find the MAC address of the person using your connection, and add them to the block list.

 

[Compile 'em all]

Despite basic WEP 40 security, someone is leaching our wireless network at home.

How do I go about protecting it? Using MAC addresses would be fine but I don't know how exactly?

We have one Mac PB, on Windows laptop and one windows desktop.

Also, is there anyway to identify the leach?

Thanks,

AL

Edit: Forgot to say, the router is a D-Link G604T

1. Use WPA encryption. I can break into ANY WEP encrypted WiFi network
in around 30 mins with my two GNU/Linux boxen.
2. Use Static IP addresses.
3. Use MAC access lists.

Good luck.

 

[Compile 'em all]

When you log into the router, you may be able to find the MAC address of the person using your connection, and add them to the block list.

This can be easily beaten by changing your MAC address. Actually what you
proposed here is one of the most common security mistakes, specially when
configuring a firewall. You MUST always allow what you know and block
EVERYTHING else. You MUST NOT allow EVERYTHING and block things you
don't want.

In our case here, he/she must allow only MAC addresses of his/her
machines and block everything else. Of course, MAC access lists should not
be the only security measure taken, but should be used in conjunction with
others (Like WPA...etc.).

For those interested, you can change your MAC address in OS X with the
command "sudo ifconfig interface lladdr newMAC" and in GNU/
Linux with the command "ifconfig interface hw ether interface".
In GNU/Linux you have to bring down the interface before changing the
MAC address (that's is "ifconfig interface down").

 

[rjphoto]

Nuts...

I activated WPA using a password but now my PowerBook cannot connect to the network, only the Windows laptop will. Also, now I can't access the router on (192.168.1.1) on either machine.

Edit: actually, now the windows machine won't connect to it either, it just sticks on 'acquiring network address'...

Could be re-set time.

Lucky we have our neighbour's open connection

Give this a shot.

(do you have the Airport icon o your menu bar?) If so, click on it, pull down to Internet Connection and enter your SSID and password there.

For some reason at work and when I go to coffee shops that have passwords I have to enter it like that to get it to work.

 

[Compile 'em all]

Lucky we have our neighbour's open connection

So should we expect your neighboor to post a thread asking for advice
because "Someone is leaching his wireless network" ?

 

[AlBDamned]

So should we expect your neighboor to post a thread asking for advice
because "Someone is leaching his wireless network" ?

Maybe...

Because this was all getting messy and I was effectively locked out of my router, I reset it and reconfigured it as it takes 2 minutes.

So, back at square 1, I went through the process of putting WPA on again and, once again, after I logged out, I couldn't join the network on the PB or the Windows machine.

So, now we're back to no security.

 

[Danksi]

I didn't see anyone suggest switching off the 'SSID broadcast' - this may help as well, at least you're not broadcasting your existence to everyone.

Change the SSID to something different once you do disable it though, as if someone is watching, they'll already know the existing SSID.

 

[Lacero]

Just so everyone knows, I'm currently leeching off my neighbor's wi-fi signal.

I also tried using WPA but my own PowerBook was unable to connect to my Linksys router. I'm using WEP 128-bit encryption, I think? Turned off SSID broadcast and changed my network name to something other than the default name of linksys.

Here's to the Crazy Ones ​

 

[grapes911]

I didn't see anyone suggest switching off the 'SSID broadcast' - this may help as well, at least you're not broadcasting your existence to everyone.

It wasn't said because there are 100s of programs for every OS that take 2 seconds to find all available networks regardless if the SSID is being broadcast or not.

 

[Danksi]

It wasn't said because there are 100s of programs for every OS that take 2 seconds to find all available networks regardless if the SSID is being broadcast or not.

oh ok.

I just like the 'idea' of having a stealth-mode.