Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Check for Apple Extreme Neighbors Snooping?
- Thread starter dbales
- Start date
- Sort by reaction score
You could set up a cron job to do a snmpwalk of your airport to dump out the IP to MAC table, every so often, maybe to an email :-
mac:~ Andy$ snmpwalk -c public 172.16.1.1 IP-MIB::ipNetToMediaPhysAddress
IP-MIB::ipNetToMediaPhysAddress.9.172.16.1.50 = STRING: 20:c9:d0:8f:be:51
IP-MIB::ipNetToMediaPhysAddress.9.172.16.1.52 = STRING: 7c:c5:37:6b:48:c1
IP-MIB::ipNetToMediaPhysAddress.9.172.16.1.53 = STRING: 64:20:c:2a:14:3e
IP-MIB::ipNetToMediaPhysAddress.9.172.16.1.57 = STRING: 58:55:ca:1a:bc:23
IP-MIB::ipNetToMediaPhysAddress.9.172.16.1.254 = STRING: 0:13:b6:8:18:b2
mac:~ Andy$
BTW the read-only SNMP password is public, it should work if you replace 172.16.1.1 to your airport internal IP address.
Also addresses will drop out this table, i'm not sure how long Apple network devices keep their ARP entries.
mac:~ Andy$ snmpwalk -c public 172.16.1.1 IP-MIB::ipNetToMediaPhysAddress
IP-MIB::ipNetToMediaPhysAddress.9.172.16.1.50 = STRING: 20:c9:d0:8f:be:51
IP-MIB::ipNetToMediaPhysAddress.9.172.16.1.52 = STRING: 7c:c5:37:6b:48:c1
IP-MIB::ipNetToMediaPhysAddress.9.172.16.1.53 = STRING: 64:20:c:2a:14:3e
IP-MIB::ipNetToMediaPhysAddress.9.172.16.1.57 = STRING: 58:55:ca:1a:bc:23
IP-MIB::ipNetToMediaPhysAddress.9.172.16.1.254 = STRING: 0:13:b6:8:18:b2
mac:~ Andy$
BTW the read-only SNMP password is public, it should work if you replace 172.16.1.1 to your airport internal IP address.
Also addresses will drop out this table, i'm not sure how long Apple network devices keep their ARP entries.
Pointless really, if they could connect to your wireless network without an IP address and snoop for arp packets and then assign a fixed IP address in the same subnet.
All your doing here is limiting your DHCP scope, which probably causes you more issues.
After setting my IP to 1.1.1.1 :-
mac:~ Andy$ sudo tcpdump -i en1 arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 65535 bytes
23:05:05.285623 ARP, Request who-has 172.16.1.57 tell 172.16.1.57, length 28
^C
1 packets captured
32 packets received by filter
0 packets dropped by kernel
mac:~ Andy$
Last edited:
The only reason to use static is if you want to know what address each device has easily. It's not a way of securing.
TBH, you can't expect that much of a consumer access point. If you're really that paranoid, just don't use wireless. But, I imagine somebody who really worked for such an organization wouldn't attract attention to themselves on a forum as you have
.
The only reason to use static is if you want to know what address each device has easily. It's not a way of securing.
TBH, you can't expect that much of a consumer access point. If you're really that paranoid, just don't use wireless. But, I imagine somebody who really worked for such an organization wouldn't attract attention to themselves on a forum as you have
I'm not the OP BTW
That looks like the output from netstat to me, do a "man -t netstat | open -f -a Preview" to see the man page in Preview.
Where you see 74.125.225.164:80 ESTABLISHED it means your mac is connected to google using port 80 which is http.
The addresses with a : in are IPv6 addresses
Torrent Leach Tastic BTW
Last edited:
It sounds like ethernet is the best bet. The reason you read that connecting direct to the modem is an issue, is because in such a setup you no longer have your hardware firewall. Instead, connect to your Airport Extreme via ethernet, and disable Wi-Fi.
When it comes to data security, no matter what security you use, your data is still being broadcast with a radio. It's not a trivial thing, but it's still possible. If it's that essential, then the only solution is to go wired.
When it comes to data security, no matter what security you use, your data is still being broadcast with a radio. It's not a trivial thing, but it's still possible. If it's that essential, then the only solution is to go wired.
So, does it mean that while connected via wifi, my mac is protected by AE firewall (and there is no need to turn on os x firewall?) whereas while connected via utp cable, mac is not protected by AE firewall (and os x firewall is a must?)? Do I get it right?
Don't disable the OS X firewall. Unless a firewall is causing some sort of issue, don't disable it. The Airport Extreme has a firewall IF it's setup in DHCP/NAT mode. If it's setup in bridge mode, the firewall is off. You can use both firewalls at the same time. Most routers have some form of a hardware firewall, which works in conjuction with your Operating Systems software firewall.
When your Mac is connected to the Airport Extreme, whether via ethernet or Wi-Fi, it's traffic runs through the AE firewall. When it is connected DIRECTLY to the modem, it does not benefit from the firewall of the Airport. Hence why you may have read it's better to use your router, instead of connecting to the modem directly. This still counts wired OR wireless.
So, to conclude, use BOTH firewalls (OSX and AE), and for best security, use Airport Utility to turn off Wi-Fi on the AE, and connect to it using ethernet. This eliminates the ability for someone nearby to access your network.
It may not be any of my business, but if it's that much of an issue law enforcement should probably get involved. You hinted at behaviors that sound like stalking or harassment, these individuals also seem to be in your immediate vicinity. I don't know the details or anything like that, but if you have people actively seeking YOU DIRECTLY to access your personal information without your consent, then you need to contact law enforcement. Unless I misunderstood you and you are just wanting 'general' security because you fear someone MIGHT be, but you don't have knowledge of it.
Bear in mind finding strange IP addresses is not unusual. People will always 'try'. There are plenty of cheap-o's out there trying to steal Wi-Fi, who will attempt to connect to your network using 'common' passwords. (Lots of cable companies set up Wi-Fi routers using the customers address or last name as the Wi-Fi password, so people may try those just to see if they 'get lucky'). They aren't trying to steal information, they are just trying to bum a free ride to the internet!
Another option, if you want to keep WiFi but be a bit more secure, is to disable SSID broadcasting in Airport utility. What this does, is makes most computers not see the SSID. (Using a piece of software, you still can, but it helps eliminate most free-wifi-lurkers). When you connect via Wi-Fi, you'll have to manually connect (On OS-X, click the Wi-Fi logo on the menubar and click 'join other network'). You can then type in the name of your network manually.
However, again, if security is a concern, disabling Wi-Fi is the way to go. Although there are still risks with ANY internet connected computer. If you or your employer have very sensitive data that you have at home, often it's best to keep and use that data on a non internet connected computer if at all possible.
Ditto.
I do part-time confidential consulting work for the government, and in my NDA I had to sign something stating I would not perform work over a WiFi connection. So my dedicated workstation is connected to my Time Machine via ethernet.
If it's as clandestine as you make it out to be, and if you have a waiver to work with TS material at home, then you should have been provided a firewall device and should have signed a form stating you would not use WiFi.
If your workstation is connected via ethernet but the box it's connected to (Time Capsule) has Wi-Fi enabled, what's the difference? Unless I'm missing something. But, it still means someone could wirelessly access your network and then the computer that you're working on (in a one in a million chance someone has the tools and skills to do so, and is within range. Using better Wi-Fi encryption keys can help with that!)
If security is of such paramount importance. It seems to me that you should be using much more secure equipment than an Airport Extreme. Say a Cisco router. I don't mean a rebranded Linksys Cisco Small Business model. Rather a real $1000+ model.
Then use whole disk hard drive encryption on your computer. Plus an aftermarket firewall on your laptop when on the go. I can't think of a good manufacturer.
Then use whole disk hard drive encryption on your computer. Plus an aftermarket firewall on your laptop when on the go. I can't think of a good manufacturer.
Perhaps I should've clarified. I turn off my WiFi network when performing my consulting work.