dude....yesterday night..i found out that some one was using my wireless connection..
i use a wireless dlink router, 128 bit wep encryption...but no mac address filtering..
way i found out, it showed me on itunes that 1 user is connected..
and i cant see him using samba,,,so he is using a mac most probly..
so the question is....how can i communicate with that person...assuming he is using a mac..?
thanks

128 wep hmm. its takes about 1 day to crack ad 128 bit wep encryption unless s/he is a lucky punk, so that probably means s/he is your neighbor. check your router menu's for the dhcp clients. you will get is his ip address. as for sending him a message, if he is on a mac i don't think you will be able to to. the best chance is for the person to be using windows and have windows messenger enabled then you could send them a message through there (this assume you actually own a pc). basically what you should do is now update your firmware on your router, changes all passwords and keys. the person change crack 128 bit wep so the only course of action is to use WPA encryption. there is two types one using a radius server and one without. since you don't have a radius server use the one without. a firmware update should let your router support wpa (hopefull). be sure to update your airport software. early on there was issue with airport extreme and wpa. it was *very* annonying. if wep is only chance make sure you are using strong truely random keys. this will make it harder to crack. www.apple.com/download i believe there is a wep key generator and on download.com there is on too. also check your router logins regularly and change your keys and password regularly.

hmm..thanks for the advice dude...
here's what i came up as to why wep is not secure (http://www.usethesource.com/articles/01/08/10/1517228.shtml)

edit: there is a program airSnort...and it does exactly whats said in the above link..its for Linux i think...

With my Airport Base Station I use WPA, MAC Address filtering, only give out 1 IP address, and don't broadcast my SSID. See if you can do something similar. I doubt you'll have much problem after that.

With my Airport Base Station I use WPA, Mac Address filtering, only give out 1 IP address, and don't broadcast my SSID. See if you can do something similar. I doubt you'll have much problem after that.

THE best way to protect yourself is MAC filtering, which will not allow anyone else to connect to your router unless you add their MAC address (or they some how gain knowledge of your MAC address, then copy it to their machine).

the best way is a combination of everything you can find cause it's not that hard to forge a MAC address.

Let's suppose that he's using windows (97% of the world is), here's how to send him a message. If you want him off, send him threats, if you want to know who he is, then tell him to come and knock on your door, then change your WEP password until you set something better up.

http://www.macosxhints.com/article.php?story=20031204021659307&query=smb+message

Just noticed that you had presumed that he was using a mac...One way that I've communicated with people who are listening to my shared music is to change the name of my music to messages that I want him to see. It sometimes takes a while, but then he will get the message and respond in some way. Same deal as above with what you send him.

If he's using a Mac, how 'bout this silly way to send him a message? Record your message as an audio file and make it the only song in your shared iTunes library. When he connects for some free music, he'll hear your message loud and clear!

he is using Linux...i m almost sure about it..airsnort, kismet or wepcrack...
all require monitor support for the wireless card..currently only linux allows that..

If you turn on Rendezvous support in iChat, won't it show you all iChat users connected to your network with Renzdesvous activated? If this person is using iChat and has Rendezvous support turned on, it might be another way to check.

I don't think that he is using Linux, because he would not have been able to connect to your shared music, only people with Mac and Windows can do that. You can find out if he is using a Mac like so...

Download Rendezvous Browser http://www.versiontracker.com/dyn/moreinfo/macosx/21622

Open up Rendezvous browser and open the "local" part if it's closed.
Go to Mac OS X duplicate suppression, and you should see your computer, plus however many other Macs you have. If there is one too many, then he is using a Mac, otherwise he's using windows.

I don't think that he is using Linux, because he would not have been able to connect to your shared music, only people with Mac and Windows can do that. You can find out if he is using a Mac like so...

Download Rendezvous Browser http://www.versiontracker.com/dyn/moreinfo/macosx/21622

Open up Rendezvous browser and open the "local" part if it's closed.
Go to Mac OS X duplicate suppression, and you should see your computer, plus however many other Macs you have. If there is one too many, then he is using a Mac, otherwise he's using windows.
yah ..u r correct...itnues means windows or mac..but he may be has a partition, coz the hacking tools are for linux only...
and thanks for the neat tip for sending the message using smbclient..
now my question is, how can i get the netbiosname from the ip?

Just out of curiosity, were you broadcasting your SSID?

Just out of curiosity, were you broadcasting your SSID?
yup

Ok, got it. Here's how you can get his NetBIOS name from his IP address...it's complicated though.

First, if you send him a message, you will probably want him to be able to send you back one, so get this app: http://www.versiontracker.com/dyn/moreinfo/macosx/21240

Now we're ready to get his NetBIOS name:

1) Go here: http://www.inetcat.org/software/nbtscan.html and click at the top "Download NBTScan Sources"

2) When the source code has downloaded and expanded open up the terminal and put in "cd", space, then drag the source code folder into the window. The path name to the folder should appear after "cd". Hit return.

3) Now, in the same terminal window type "./configure" and hit return. Wait for it to finish scrolling all the text and status

4) When the scrolling has finished, type "make" and hit return

5) when that finishes scrolling type "sudo make install", at which point it will do one of two things:
a) If you have never done a "sudo" terminal command before, it will ask you if your system admin has had a talk with you (say yes) and ask for your admin password. When you type the letters won't show up, but it will take in what you type.
b) It will ask you for the admin password, put it in. Remember - when you type the letters won't show up, but it will register.

After putting in all the passwords that it asks for (if more than one), hit return.

6) You've compiled and installed the app, now to run it.

7) In the terminal, type "/usr/local/bin/nbtscan", space, then the hacker's IP address, then hit return

8) after a brief delay it should give you a read out containing his NetBIOS name.

There you go, I hope this helps! :)

If he's using a Mac, how 'bout this silly way to send him a message? Record your message as an audio file and make it the only song in your shared iTunes library. When he connects for some free music, he'll hear your message loud and clear!

Now that's a creative solution.

Even though someone can spoof a MAC address, with Address filtering (to only allow certain addresses) wouldn't it be tough to spoof the RIGHT MAC address?

THE best way to protect yourself is MAC filtering, which will not allow anyone else to connect to your router unless you add their MAC address (or they some how gain knowledge of your MAC address, then copy it to their machine).
Except that it is a piece of cake to spoof a MAC address. Download your favorite airport hacking utility, and it'll have a field for what MAC address you want to broadcast.

Since one can see the MAC addresses of whoever is on the network (ie, the hacker can see your laptop's airport card's MAC address), you can just enter the same one as one that's already on there. So it's an easy two step operation to get around MAC-based filtering.

Still, it's worth doing.

he is using Linux...i m almost sure about it..airsnort, kismet or wepcrack...
all require monitor support for the wireless card..currently only linux allows that..

Actually Airsnort is also for Windows XP Pro & PocketPC along with a kismet port to WinXP Pro not sure exact name but I did download it for future use. ;) .

when you use a wireless network in an area where more than a handful of people live then you have to expect stuff like this. some people really get their kicks stealing wifi.

these days my cable connection is geting up to 3 megabits/sec. so i've got plenty to share. In fact, in a ploy to get friends to move into the apartment above me, i've advertised 'free wireless internet' a'la me. probably not legal but i wont press charges!

it does concern me that someone can duplicate my own MAC address to use my connection. i've got 128bit wep, password, and MAC Address filtering. is there anyway to protect against this?

I have a 5mbit connection and I want it all because I pay for it all :)

If he's using a Mac, how 'bout this silly way to send him a message? Record your message as an audio file and make it the only song in your shared iTunes library. When he connects for some free music, he'll hear your message loud and clear! argh, you beat me to it :p

that MacXPop looks very nice, but where is the /usr/local/bin directory?

argh, you beat me to it :p

that MacXPop looks very nice, but where is the /usr/local/bin directory?

To get to /usr/local/bin, press Cmd + Shift + G in the Finder, and type /usr/local/bin in the box that comes up. Sorry I didn't mention it earlier, I didn't download MacPopX, I just found it online and suggested it, but now that I downloaded it, I realised that you needed to know where to put it. :p

OutThere761:

Thanks for the detailed instructions.
But, I got an error when i run 'make' , so i was not able to compile it successfully..Have you got it working?

Thanks again

i can't get it either. anyone have any success with MacXPop?

Is there any WEP encrypton crackers such as Airsnort for OSX or does one One have to be running something like Yellow Dog Linux? Also could this hacker have cracked the WEP encryption with the Linux OS, Written it down, and then entered it into OSX?

Is there any WEP encrypton crackers such as Airsnort for OSX or does one One have to be running something like Yellow Dog Linux? Also could this hacker have cracked the WEP encryption with the Linux OS, Written it down, and then entered it into OSX?

heh

kismac is the kismet port to mac os x ;)
http://www.binaervarianz.de/projekte/programmieren/kismac/

please read what cards and functionality are supported. this is very important.

heh

kismac is the kismet port to mac os x ;)
http://www.binaervarianz.de/projekte/programmieren/kismac/

please read what cards and functionality are supported. this is very important.
yah,,kismac doesnt work with airport extreme,,just airport i guess..although it 'sniffes' the networks, but its not able to capture data packets..anyone has kisMAC working with airport extreme/???
thanks

No, but i'm waiting for them to get it working (KisMac with Airport extreme) !

From what I understand, the specs for the airport extreme card are a closely held secret, reason why they haven't figured out yet how to set it in passive promiscuous mode...

What about using a sniffer to see what traffic is going through ? Or even using nmap to find out what he is using (try the gui version : http://faktory.org/m/software/nmap/ ) - just scan the whole range of ip addresses that you use and find out what open ports there are on each active ip. Usually nmap can also tell you what type of os is running

I got an error when i run 'make' , so i was not able to compile it successfully.

you might need the Developer Tools installed to compile from source.

edit: deleted post

you might need the Developer Tools installed to compile from source.

Ohhhh! I never though of that...I've always had them installed since they came on my computer, and I use them, but I bet it needs them to compile. 95% sure that's the problem. The solution - install the dev. tools from the install CDs for your computer.

Cringley had some recent interesting articles about sharing wifi:
http://www.pbs.org/cringely/pulpit/pulpit20040108.html
and
http://www.pbs.org/cringely/pulpit/pulpit20040115.html

Thanks a lot fellows, for your helpful input...nmap is a neat software...
Thanks outThere761, sonofslism...it was indeed the developer tools..after installing it, the compilation was no problem..

cheers

I've heard you guys talking about it, but how do you set up Mac address filtering with Airport?

gcc is needed to complile things, and it comes with the Developer tools. :)

A little off topic, I was just doing a port scan and found I have port 445 open, which is listed as microsoft-ds. Does anyone else have this port open? I think it's for samba, but I can't be sure...

yah,,kismac doesnt work with airport extreme,,just airport i guess..although it 'sniffes' the networks, but its not able to capture data packets..anyone has kisMAC working with airport extreme/???
thanks

the last alpha build supports the airport extreme, that why i stated to read about the functionality carefully. the airport extreme is buggy at best, but sometimes it does work. wait for future builds, or for whenever the last alpha build gets updated.

the last alpha build supports the airport extreme, that why i stated to read about the functionality carefully. the airport extreme is buggy at best, but sometimes it does work. wait for future builds, or for whenever the last alpha build gets updated.
it supports airport extreme only in active mode..but thats no good to collect data packets..i can just see them whizzing by.. :)

If you are never far from the base station, you can reduce power to limit the radius from which others can effectively use your station. That is an easy way to prevent someone from getting in without dropping your datarate.

If you are never far from the base station, you can reduce power to limit the radius from which others can effectively use your station. That is an easy way to prevent someone from getting in without dropping your datarate.

i've been told this is done by reducing the Channel # ? is that true?