Check for Apple Extreme Neighbors Snooping?

[calderone]

Quote:

Originally Posted by QuarterSwede

Not if he's working for or a contractor for the DOD. That'd be perfectly normal. Only one person I know who works as a contractor for DOD, and I know a lot, isn't all that concerned about personal data and that's because there are only a few people in the world that has the knowledge he does so he's not afraid of being fired over a polygraph like the rest are.

To the OP, don't use MAC filtering for security purposes. Not only is it extremely insecure it could actually cause you issues without causing the spoofer any. A good secure WPA2 password, maybe even longer than you have, will take someone longer to crack than they'll live.

If you're paranoid, ethernet is the only way to go. Hackers would have to have physical access somewhere along the chain or hack into your firewall instead at that point. It doesn't matter if it's plugged straight into the modem or through a router in your house.


That's a good idea actually.

Intruder sets static IP, done.

[NogbadTheBad]

You could set up a cron job to do a snmpwalk of your airport to dump out the IP to MAC table, every so often, maybe to an email :-

mac:~ Andy$ snmpwalk -c public 172.16.1.1 IP-MIB::ipNetToMediaPhysAddress
IP-MIB::ipNetToMediaPhysAddress.9.172.16.1.50 = STRING: 20:c9:d0:8f:be:51
IP-MIB::ipNetToMediaPhysAddress.9.172.16.1.52 = STRING: 7c:c5:37:6b:48:c1
IP-MIB::ipNetToMediaPhysAddress.9.172.16.1.53 = STRING: 64:20:c:2a:14:3e
IP-MIB::ipNetToMediaPhysAddress.9.172.16.1.57 = STRING: 58:55:ca:1a:bc:23
IP-MIB::ipNetToMediaPhysAddress.9.172.16.1.254 = STRING: 0:13:b6:8:18:b2
mac:~ Andy$

BTW the read-only SNMP password is public, it should work if you replace 172.16.1.1 to your airport internal IP address.

Also addresses will drop out this table, i'm not sure how long Apple network devices keep their ARP entries.

[NogbadTheBad]

Quote:

Originally Posted by mmomega

You could also set a pre-determined amount of IP addresses to be allowed to connect.
I use the 10.0.1.x to make it easier to keep track of than 192.168.254.x.

Say you will only ever have 5 devices connected to the router ever.
You can set static IP addresses for each device.
Allow IP's from 10.0.1.2 - 10.0.1.6

Pointless really, if they could connect to your wireless network without an IP address and snoop for arp packets and then assign a fixed IP address in the same subnet.

All your doing here is limiting your DHCP scope, which probably causes you more issues.

After setting my IP to 1.1.1.1 :-

mac:~ Andy$ sudo tcpdump -i en1 arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 65535 bytes
23:05:05.285623 ARP, Request who-has 172.16.1.57 tell 172.16.1.57, length 28
^C
1 packets captured
32 packets received by filter
0 packets dropped by kernel
mac:~ Andy$

[Brian Y]

Quote:

Originally Posted by NogbadTheBad

Pointless really, if they could connect to your wireless network without an IP address and snoop for arp packets and then assign a fixed IP address in the same subnet.

All your doing here is limiting your DHCP scope, which probably causes you more issues.

The only reason to use static is if you want to know what address each device has easily. It's not a way of securing.

TBH, you can't expect that much of a consumer access point. If you're really that paranoid, just don't use wireless. But, I imagine somebody who really worked for such an organization wouldn't attract attention to themselves on a forum as you have .

[NogbadTheBad]

Quote:

Originally Posted by bma

The only reason to use static is if you want to know what address each device has easily. It's not a way of securing.

TBH, you can't expect that much of a consumer access point. If you're really that paranoid, just don't use wireless. But, I imagine somebody who really worked for such an organization wouldn't attract attention to themselves on a forum as you have .

I'm not the OP BTW

[NogbadTheBad]

Quote:

Originally Posted by dbales

Does this mean anything to anyone?

Thx.

Image

----------



Thank you. I'll find that and do it. I'm going to reboot my Extreme, make new Network names and p/w's, disable the Guest account, and then hide my network.

That looks like the output from netstat to me, do a "man -t netstat | open -f -a Preview" to see the man page in Preview.

Where you see 74.125.225.164:80 ESTABLISHED it means your mac is connected to google using port 80 which is http.

The addresses with a : in are IPv6 addresses

Torrent Leach Tastic BTW

[el-John-o]

It sounds like ethernet is the best bet. The reason you read that connecting direct to the modem is an issue, is because in such a setup you no longer have your hardware firewall. Instead, connect to your Airport Extreme via ethernet, and disable Wi-Fi.

When it comes to data security, no matter what security you use, your data is still being broadcast with a radio. It's not a trivial thing, but it's still possible. If it's that essential, then the only solution is to go wired.

[majkom]

Quote:

Originally Posted by el-John-o

It sounds like ethernet is the best bet. The reason you read that connecting direct to the modem is an issue, is because in such a setup you no longer have your hardware firewall. Instead, connect to your Airport Extreme via ethernet, and disable Wi-Fi.

When it comes to data security, no matter what security you use, your data is still being broadcast with a radio. It's not a trivial thing, but it's still possible. If it's that essential, then the only solution is to go wired.

So, does it mean that while connected via wifi, my mac is protected by AE firewall (and there is no need to turn on os x firewall?) whereas while connected via utp cable, mac is not protected by AE firewall (and os x firewall is a must?)? Do I get it right?

[el-John-o]

Quote:

Originally Posted by majkom

So, does it mean that while connected via wifi, my mac is protected by AE firewall (and there is no need to turn on os x firewall?) whereas while connected via utp cable, mac is not protected by AE firewall (and os x firewall is a must?)? Do I get it right?

Don't disable the OS X firewall. Unless a firewall is causing some sort of issue, don't disable it. The Airport Extreme has a firewall IF it's setup in DHCP/NAT mode. If it's setup in bridge mode, the firewall is off. You can use both firewalls at the same time. Most routers have some form of a hardware firewall, which works in conjuction with your Operating Systems software firewall.

When your Mac is connected to the Airport Extreme, whether via ethernet or Wi-Fi, it's traffic runs through the AE firewall. When it is connected DIRECTLY to the modem, it does not benefit from the firewall of the Airport. Hence why you may have read it's better to use your router, instead of connecting to the modem directly. This still counts wired OR wireless.

So, to conclude, use BOTH firewalls (OSX and AE), and for best security, use Airport Utility to turn off Wi-Fi on the AE, and connect to it using ethernet. This eliminates the ability for someone nearby to access your network.

It may not be any of my business, but if it's that much of an issue law enforcement should probably get involved. You hinted at behaviors that sound like stalking or harassment, these individuals also seem to be in your immediate vicinity. I don't know the details or anything like that, but if you have people actively seeking YOU DIRECTLY to access your personal information without your consent, then you need to contact law enforcement. Unless I misunderstood you and you are just wanting 'general' security because you fear someone MIGHT be, but you don't have knowledge of it.

Bear in mind finding strange IP addresses is not unusual. People will always 'try'. There are plenty of cheap-o's out there trying to steal Wi-Fi, who will attempt to connect to your network using 'common' passwords. (Lots of cable companies set up Wi-Fi routers using the customers address or last name as the Wi-Fi password, so people may try those just to see if they 'get lucky'). They aren't trying to steal information, they are just trying to bum a free ride to the internet!

Another option, if you want to keep WiFi but be a bit more secure, is to disable SSID broadcasting in Airport utility. What this does, is makes most computers not see the SSID. (Using a piece of software, you still can, but it helps eliminate most free-wifi-lurkers). When you connect via Wi-Fi, you'll have to manually connect (On OS-X, click the Wi-Fi logo on the menubar and click 'join other network'). You can then type in the name of your network manually.

However, again, if security is a concern, disabling Wi-Fi is the way to go. Although there are still risks with ANY internet connected computer. If you or your employer have very sensitive data that you have at home, often it's best to keep and use that data on a non internet connected computer if at all possible.

[southerndoc]

Quote:

Originally Posted by Fishrrman

If you're that worried about others breaking into your wireless network, perhaps the only real option is to turn wireless OFF, and connect via Ethernet -- even with your laptops...

Ditto.

I do part-time confidential consulting work for the government, and in my NDA I had to sign something stating I would not perform work over a WiFi connection. So my dedicated workstation is connected to my Time Machine via ethernet.

If it's as clandestine as you make it out to be, and if you have a waiver to work with TS material at home, then you should have been provided a firewall device and should have signed a form stating you would not use WiFi.

[el-John-o]

Quote:

Originally Posted by southerndoc

Ditto.

I do part-time confidential consulting work for the government, and in my NDA I had to sign something stating I would not perform work over a WiFi connection. So my dedicated workstation is connected to my Time Machine via ethernet.

If it's as clandestine as you make it out to be, and if you have a waiver to work with TS material at home, then you should have been provided a firewall device and should have signed a form stating you would not use WiFi.

If your workstation is connected via ethernet but the box it's connected to (Time Capsule) has Wi-Fi enabled, what's the difference? Unless I'm missing something. But, it still means someone could wirelessly access your network and then the computer that you're working on (in a one in a million chance someone has the tools and skills to do so, and is within range. Using better Wi-Fi encryption keys can help with that!)

[davidoloan]

Quote:

Originally Posted by northernbaldy

I'm intrigued
I'd love to know why you are having these issues

Cause he is a secret agent.

[el-John-o]

Quote:

Originally Posted by davidoloan

Cause he is a secret agent.

http://youtu.be/6iaR3WO71j4

[velocityg4]

If security is of such paramount importance. It seems to me that you should be using much more secure equipment than an Airport Extreme. Say a Cisco router. I don't mean a rebranded Linksys Cisco Small Business model. Rather a real $1000+ model.

Then use whole disk hard drive encryption on your computer. Plus an aftermarket firewall on your laptop when on the go. I can't think of a good manufacturer.

[Ccrew]

Quote:

Originally Posted by brentsg

If it is truly that clandestine and vital, there are surely better places to seek advice than a public Mac forum.

Tinfoil hat might stop the problems too

[southerndoc]

Quote:

Originally Posted by el-John-o

If your workstation is connected via ethernet but the box it's connected to (Time Capsule) has Wi-Fi enabled, what's the difference? Unless I'm missing something. But, it still means someone could wirelessly access your network and then the computer that you're working on (in a one in a million chance someone has the tools and skills to do so, and is within range. Using better Wi-Fi encryption keys can help with that!)

Perhaps I should've clarified. I turn off my WiFi network when performing my consulting work.