Check for Apple Extreme Neighbors Snooping?

Have you tried enabling MAC access control?

It's almost certain that with the level of encryption you are using that none but the most determined of teenagers hanging around outside your place and running alphanumeric combinations would even get close to obtaining access. In short, I think your are perfectly safe.

I have a similar setup with an added AE in the bedroom....Encryption is as high as yours....Nobody can get in. I don't think you need to spend money on high level security software unless you live someplace where hacking is rife.

Turn off your guest network, and read up on MAC (your networks cards unique serial number) and enable it on the AirPort Extreme.

You can also install the older AirPort 5.6 app which will give you a better idea of what's connected.

It's worth doing the MAC thing, else you're going to have to shut off your WiFi and go wired Ethernet.

If you're that worried about others breaking into your wireless network, perhaps the only real option is to turn wireless OFF, and connect via Ethernet -- even with your laptops...

On top of MAC access control you could check to "hide your network".
This doesn't broadcast your WiFi name but you'll have to know the exact name to have a chance at connecting to it.
Basically hiding it in plain sight from the avg internet snooper.

There are still ways to find the network so you're essentially throwing some camouflage and hoping noone sees it but with passwords and MAC access control you should be just fine.

I'm intrigued
I'd love to know why you are having these issues

The AE has a setting under access control for MAC filtering. Easy.

If they are trying to steal confidential work data from you, maybe your employer should be securing your network

Okay, I'll stop prying
Just all seems very strange

If it is truly that clandestine and vital, there are surely better places to seek advice than a public Mac forum.

Go to
Airport Utility ->
Network ->
Check Enable Access Control ->
Click Timed Access Control ->
Under Wireless Clients, Click the + button ->
You should now notice a Description and MAC address bar.

Enter a description for the device connecting and it's MAC address.
Then under Wireless Access Time you may set an amount of time that each device can connect to your network.

I would use an even longer key than 16 characters, every extra character makes it harder (more time consuming) to crack.

dbales said:

I cannot post too much in regards to the "why's" due to the nature of my employer and the work I do there.

----------------------------------------------

Can't get into any detailed specifics on a public forum, due to the nature of my employer/employment. I know, clandestine, but it needs to be.

Click to expand...

No offense. But if you are using SOHO grade infrastructure components secured only by "WPA2 Personal" in your operations, its not as clandestine as you think it is or needs to be. No sensitive information operation would rely on consumer grade security to protect its information. Especially ones described as "clandestine".

And I'm surprised how many folks still think MAC filtering and SSID hiding are security measures. MAC address filtering and SSID hiding are NOT security measures. The only folks they keep out are users who are too disinterested to circumvent it, and those are not the one you need worry about. The most amateur of network hackers will overcome those measures in seconds. There are a multitude of GUI based utilities readily available (KISMAC for one) that will list in seconds every hidden network in my neighborhood.

And even though WPA2 is pretty damn secure it is not sufficient to protect sensitive information that would be described as "clandestine". You need to implement at least enterprise level wireless keying, solid enterprise firewall device, use secure VPN connectivity out over the internet to client/sister sites, and ensure you have reasonable tempest controls in place. IF you need to be "clandestine".

All that aside, you need not worry about log monitoring and advanced detection practices, WPA2 is plenty to secure your SOHO network from nosey neighbors

You could also set a pre-determined amount of IP addresses to be allowed to connect.
I use the 10.0.1.x to make it easier to keep track of than 192.168.254.x.

Say you will only ever have 5 devices connected to the router ever.
You can set static IP addresses for each device.
Allow IP's from 10.0.1.2 - 10.0.1.6
That on top of a hidden network and MAC access control with as long of a password as you can come up with (AlphaNumericCAPS&symbols) should make it quite difficult to gain access to your network.

northernbaldy said:

Okay, I'll stop prying
Just all seems very strange

Click to expand...

Not if he's working for or a contractor for the DOD. That'd be perfectly normal. Only one person I know who works as a contractor for DOD, and I know a lot, isn't all that concerned about personal data and that's because there are only a few people in the world that has the knowledge he does so he's not afraid of being fired over a polygraph like the rest are.

To the OP, don't use MAC filtering for security purposes. Not only is it extremely insecure it could actually cause you issues without causing the spoofer any. A good secure WPA2 password, maybe even longer than you have, will take someone longer to crack than they'll live.

If you're paranoid, ethernet is the only way to go. Hackers would have to have physical access somewhere along the chain or hack into your firewall instead at that point. It doesn't matter if it's plugged straight into the modem or through a router in your house.

mmomega said:

You could also set a pre-determined amount of IP addresses to be allowed to connect.
I use the 10.0.1.x to make it easier to keep track of than 192.168.254.x.

Say you will only ever have 5 devices connected to the router ever.
You can set static IP addresses for each device.
Allow IP's from 10.0.1.2 - 10.0.1.6

Click to expand...

That's a good idea actually.