Someone is leaching our wireless network

Discussion in 'Mac Basics and Help' started by AlBDamned, Dec 7, 2005.

  1. AlBDamned macrumors 68030

    AlBDamned

    Joined:
    Mar 14, 2005
    #1
    Despite basic WEP 40 security, someone is leaching our wireless network at home.

    How do I go about protecting it? Using MAC addresses would be fine but I don't know how exactly?

    We have one Mac PB, on Windows laptop and one windows desktop.

    Also, is there anyway to identify the leach?

    Thanks,

    AL

    Edit: Forgot to say, the router is a D-Link G604T
     
  2. efoto macrumors 68030

    Joined:
    Nov 16, 2004
    Location:
    Cloud 9 (-6)
    #2
    Get into the administrative page for the router (should be outlined in the documentation, but usually type //192.168.0.1 into the address bar) and login (again, usually "admin" and "password" accordingly, if you haven't changed these already).

    Once you are in there, there should be a 'basics' tab for wireless, and an 'advanced' tab, or something like this (I'm speaking from mostly Netgear stuff). Anyway, somewhere around is a setting for 'enable MAC address verification'. You have to get the MAC addresses of all the computers you want to allow access (12 digit, colon separated pairs):
    • System Preferences -> Network -> Airport -> Airport ID (for the Mac)
    • Start -> Run -> "cmd" -> "ipconfig /all" -> look for the proper network device and match the MAC addy (for the PCs)
    I hope this makes sense :eek:

    Back in the router page, enter those MAC addresses into the appropriate fields and you should be all set. The router then does a MAC address match, then WEP key verification before allowing access to your network. If you router supports WPA-PSK keys, those are stronger and don't take that much longer to verify so you could consider using those if all of your systems support such a key. Make sure you change the password for logging into your router too, since the basic ''admin/password'' is used frequently and others can find the wifi signal, login, and add themselves (if MAC address verification isn't on).

    As far as finding the culprit....there should also be a utility that shows who is connected to the router....but I'm not sure how that works with a D-Link router.

    Let me know if this makes sense, and if it works. I can try to re-phrase and look further into it if you are having difficulties.
     
  3. freeny macrumors 68020

    freeny

    Joined:
    Sep 27, 2005
    Location:
    Location: Location:
  4. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #4
    No way to really tell who. You could check your logs and get their MAC address, but that is about it.

    WEP if very easily broken. It's like looking a door with a combination lock, but writing the combo on the door. It's locked, but it takes little effort to break. Take any 7th grader who knows somewhat about computers, give them a computer and google, and they'll be able to break your WEP in less than an hour.

    Do you have some form of WPA? WPA is nearly impossible to break except by brute force. No consumer computer can break it in a timely manner (it would take hundreds of years on the average or something like that). Even the NSA says they can't break it, but who knows if they are telling the truth (nor does it matter, I doubt the NSA will be stealing you internet connection). If you use WPA, you will not need any other form of protection.

    If you don't have WPA then do a couple of things:
    1. Turn on MAC filtering. I can't tell you exactly where it will be in your router, so you may have to check the manual.
    2. Limit the number of addresses your router gives out to exactly the number of computers you need.
     
  5. AlBDamned thread starter macrumors 68030

    AlBDamned

    Joined:
    Mar 14, 2005
    #5
    That all makes sense. Thank efoto. I'm going to try it now.

    We have changed the admin/password a while back so we're still in control of the router itself.

    We got alerted to it because our 2MB connection has gone down to 500kbits and the dsl light is always flashing even when all the comps here are switched off.

    Thieving gets...

    Will report back in a sec...
     
  6. Lord Blackadder macrumors G5

    Lord Blackadder

    Joined:
    May 7, 2004
    Location:
    Sod off
    #6
    I use 128-bit WEP at home, but I've been told by a couple software gurus that anybody with a PC and a couple hours to burn can crack it.

    Maybe switching to WPA would be more secure?
     
  7. AlBDamned thread starter macrumors 68030

    AlBDamned

    Joined:
    Mar 14, 2005
    #7
    It's got WPA. Would that be the easiest option?

    What does all this mean?!

    Security: WPA
    Group Key Interval: 60

    Note: Group Key Interval is shared by all WPA options.

    802.1x Server IP Address:

    Port:

    Secret:

    PSK Hex Hex:
    PSK String String:
     
  8. martin1000 macrumors regular

    Joined:
    Apr 16, 2005
    Location:
    Washington, D.C.
    #8
    Other things to think about:

    Are your two windows pcs protected with Antivirus, Spyware, etc? Could it be that these two have been compromised by Malware, Spyware, etc.?

    Secondly, if the two PCs are protected, then the person surfing on your dime has got to be pretty close. (In my apartment, I see about 12 other wireless networks of which 3 are protected.)

    My 2 cents.
     
  9. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #9
    Definitely. While some people go overboard and turn on every protection they can find, it is unnecessary. WPA is so secure that even an advanced computer expert will not be able to break it. But...it is only as secure as the password you use. So don't use a stupid password like your name, address, etc.
     
  10. AlBDamned thread starter macrumors 68030

    AlBDamned

    Joined:
    Mar 14, 2005
    #10

    Apparently you can crack WEP with programs that gather enough of the password data through packets sent and received to the router.

    It's pretty easy. Up until know it's been ok but this new block of flats is now full so I guess there's someone in here with a little know-how. There are other unsecured wireless networks around but the signal is weak. Our's is super strength due to two big booster ariel so we can all get the signal in our rooms for faster downloading.
     
  11. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #11
    The Group Key Interval, Server IP Address, Port, and Secret text boxes, and 802.1x are enterprise network specific and probably unneeded for you.
     
  12. AlBDamned thread starter macrumors 68030

    AlBDamned

    Joined:
    Mar 14, 2005
    #12

    Both the PCs are ok. The connection is poor now even when they're fully switched off.

    Ok that's cool. Which one(s) do I need to fill in?
     
  13. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #13
    After you select WPA, the only thing you need to set is the Password.

    Here is what mine looks like. I hope this helps some:
     

    Attached Files:

  14. efoto macrumors 68030

    Joined:
    Nov 16, 2004
    Location:
    Cloud 9 (-6)
    #14
    I'm glad that worked out and made sense. I was re-reading it and even I got confused :rolleyes:

    The WPA key should generate the same as a WEP key, but it generates under a different algorithm, much more secure. You can try just doing the WPA key (assuming all of your devices support that) but adding MAC verification doesn't take that much time or slow things down. It only verifies during the initial connection, then it's just the same once you are on so it won't decrease performance at all.
     
  15. AlBDamned thread starter macrumors 68030

    AlBDamned

    Joined:
    Mar 14, 2005
    #15
    Nuts...

    I activated WPA using a password but now my PowerBook cannot connect to the network, only the Windows laptop will. Also, now I can't access the router on (192.168.1.1) on either machine. :confused:

    Edit: actually, now the windows machine won't connect to it either, it just sticks on 'acquiring network address'...

    Could be re-set time.

    Lucky we have our neighbour's open connection ;)
     
  16. XNine macrumors 68040

    XNine

    Joined:
    Apr 7, 2005
    Location:
    Why are you wearing that stupid man suit?
    #16
    WEP is easy to packet sniff and then log in to.
    WPA is much, much harder and should be used with a stong, 16 character or longer password.

    When you log into the router, you may be able to find the MAC address of the person using your connection, and add them to the block list.
     
  17. Compile 'em all macrumors 601

    Compile 'em all

    Joined:
    Apr 6, 2005
    #17
    1. Use WPA encryption. I can break into ANY WEP encrypted WiFi network
    in around 30 mins with my two GNU/Linux boxen.
    2. Use Static IP addresses.
    3. Use MAC access lists.

    Good luck.
     
  18. Compile 'em all macrumors 601

    Compile 'em all

    Joined:
    Apr 6, 2005
    #18
    This can be easily beaten by changing your MAC address. Actually what you
    proposed here is one of the most common security mistakes, specially when
    configuring a firewall. You MUST always allow what you know and block
    EVERYTHING else. You MUST NOT allow EVERYTHING and block things you
    don't want.

    In our case here, he/she must allow only MAC addresses of his/her
    machines and block everything else. Of course, MAC access lists should not
    be the only security measure taken, but should be used in conjunction with
    others (Like WPA...etc.).

    For those interested, you can change your MAC address in OS X with the
    command "sudo ifconfig interface lladdr newMAC" and in GNU/
    Linux with the command "ifconfig interface hw ether interface".
    In GNU/Linux you have to bring down the interface before changing the
    MAC address (that's is "ifconfig interface down").
     
  19. rjphoto macrumors 6502a

    rjphoto

    Joined:
    Mar 7, 2005
    #19
    Give this a shot.

    (do you have the Airport icon o your menu bar?) If so, click on it, pull down to Internet Connection and enter your SSID and password there.

    For some reason at work and when I go to coffee shops that have passwords I have to enter it like that to get it to work.
     
  20. Compile 'em all macrumors 601

    Compile 'em all

    Joined:
    Apr 6, 2005
    #20
    So should we expect your neighboor to post a thread asking for advice
    because "Someone is leaching his wireless network" ? ;)
     
  21. AlBDamned thread starter macrumors 68030

    AlBDamned

    Joined:
    Mar 14, 2005
    #21
    Maybe...;)

    Because this was all getting messy and I was effectively locked out of my router, I reset it and reconfigured it as it takes 2 minutes.

    So, back at square 1, I went through the process of putting WPA on again and, once again, after I logged out, I couldn't join the network on the PB or the Windows machine.

    So, now we're back to no security.
     
  22. Danksi macrumors 68000

    Danksi

    Joined:
    Oct 3, 2005
    Location:
    Nelson, BC. Canada
    #22
    I didn't see anyone suggest switching off the 'SSID broadcast' - this may help as well, at least you're not broadcasting your existence to everyone.

    Change the SSID to something different once you do disable it though, as if someone is watching, they'll already know the existing SSID.
     
  23. Lacero macrumors 604

    Lacero

    Joined:
    Jan 20, 2005
    #23
    Just so everyone knows, I'm currently leeching off my neighbor's wi-fi signal. :D

    I also tried using WPA but my own PowerBook was unable to connect to my Linksys router. I'm using WEP 128-bit encryption, I think? Turned off SSID broadcast and changed my network name to something other than the default name of linksys.

    Here's to the Crazy Ones [​IMG]
     
  24. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #24
    It wasn't said because there are 100s of programs for every OS that take 2 seconds to find all available networks regardless if the SSID is being broadcast or not.
     
  25. Danksi macrumors 68000

    Danksi

    Joined:
    Oct 3, 2005
    Location:
    Nelson, BC. Canada
    #25
    oh ok. :eek:

    I just like the 'idea' of having a stealth-mode. ;)
     

Share This Page