Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

A stranger is connecting to my wireless network

W

wafflesnsegways

macrumors newbie
Original poster
May 7, 2008
3
0
I've got an old Airport Express, which looks kind of like the A/C brick and sits in a wall socket. It's got a WPA password which shouldn't be possible to guess.

Today, I opened up a finder window, and I saw "Brian Severson's Computer" in the sidebar. I don't know who this person is or how they connected to my network. WPA security can be broken through, but it sounds like it takes some determination. I live in a dense area, with a handful of open, if slow, wifi points around, so I'm concerned that someone is breaking onto my network because they want to do something illegal.

My question is: how do I keep them off? I've already changed the WPA password and turned on MAC address filtering. What else should I be doing? How can I know if they try again?
 
If you have turned on MAC adress filtering you should be fine. That means that only the computers with MAC adresses that you allow can get access.
 
instead of just securing with a password, you can make a whitelist of MAC addresses, so only you're computers can jump on. Have you tried checking the Airports client table, it would say there if someone is on. Change the password to, to something that isn't in the dictionary, os x has a fine password generator.
 
wafflesnsegways said:
...

My question is: how do I keep them off? I've already changed the WPA password and turned on MAC address filtering. What else should I be doing? How can I know if they try again?
Click to expand...

MAC address filtering should have solved your problem, but since you've already enabled it, I'd double check your allowable addresses, and delete any ones that arent yours. Also make sure you change your routers default password, to stop someone going in and adding themselves to your MAC list.
 
officerdick said:
instead of just securing with a password, you can make a whitelist of MAC addresses, so only you're computers can jump on. Have you tried checking the Airports client table, it would say there if someone is on. Change the password to, to something that isn't in the dictionary, os x has a fine password generator.
Click to expand...

MAC filtering may sound like a good and safe solution, however it's actually quite easy to 'spoof' the MAC address of a legitimate machine on you network.
So if someone is really up to no good, MAC filtering won't stop him.
 
if someone was good enough to get past your WPA password, make sure all your computers are locked up tight with firewalls and little snitch.

I don't know what type of housing you live in...

but if you're in an apartment (or share internet), and you have your airport set to DISTRIBUTE IP address, not as a bridge.

If its a bridge (i'm assuming your version does this), then the person's name will pop up because they're on your subnet...but not running off your airport.
 
As an added security measure you can also give your wireless network an obscure name and ensure that you do not broadcast it. This can be done using the Airport Utility and the 'Create a closed network' option.
 
i saw something somewhere you could set something up so anything that doesn't use a mac address you specify will have it's images inverted and/or blurred. It was so cool, if you can find it, it might deter intruders
 
NP3 said:
if someone was good enough to get past your WPA password, make sure all your computers are locked up tight with firewalls and little snitch.

I don't know what type of housing you live in...

but if you're in an apartment (or share internet), and you have your airport set to DISTRIBUTE IP address, not as a bridge.

If its a bridge (i'm assuming your version does this), then the person's name will pop up because they're on your subnet...but not running off your airport.
Click to expand...

No, we've got one cable modem with one airport express plugged into it.

I thought Little Snitch told you when apps on your computer tried to phone home. How would I use it here?

MacAodh said:
Stupid question, no one in your house has a second hand computer by any chance?
Click to expand...

Actually, someone does. But it would have shown up earlier, right? I'll double check, but I don't think this is what's going on.
 
wafflesnsegways said:
I've got an old Airport Express, which looks kind of like the A/C brick and sits in a wall socket. It's got a WPA password which shouldn't be possible to guess.

Today, I opened up a finder window, and I saw "Brian Severson's Computer" in the sidebar. I don't know who this person is or how they connected to my network. WPA security can be broken through, but it sounds like it takes some determination. I live in a dense area, with a handful of open, if slow, wifi points around, so I'm concerned that someone is breaking onto my network because they want to do something illegal.

My question is: how do I keep them off? I've already changed the WPA password and turned on MAC address filtering. What else should I be doing? How can I know if they try again?
Click to expand...


It's not that he has access to your computer, but you have access to his. This could be occurring because he is on the same subnet as you with your ISP, he has file sharing turned on and he has no password protection.
 
merl1n said:
It's not that he has access to your computer, but you have access to his. This could be occurring because he is on the same subnet as you with your ISP, he has file sharing turned on and he has no password protection.
Click to expand...

Correct. I have this problem as well, situation being: I connect to my schools network when on campus and see connected Mac's. I then go home an connect to my own wifi with encryption, but I still see those Mac's. Sounds like he's not connecting to your network, instead you are seeing his open sharing Mac.
 
merl1n said:
It's not that he has access to your computer, but you have access to his. This could be occurring because he is on the same subnet as you with your ISP, he has file sharing turned on and he has no password protection.
Click to expand...

Yup. Leopard shows the names of computers it finds on the Finder window sidebar. It might not have even come from your network (in fact it probably didn't). At one point your laptop connected to another network -- say at school, work, the coffee shop, hotel, etc. -- and Leopard found that computer.

Reboot and I bet it'll go away, never to return.
 
Jiddick ExRex said:
If you have turned on MAC adress filtering you should be fine. That means that only the computers with MAC adresses that you allow can get access.
Click to expand...

If he can break WPA it'll be trivial to break MAC filtering...

soms said:
Correct. I have this problem as well, situation being: I connect to my schools network when on campus and see connected Mac's. I then go home an connect to my own wifi with encryption, but I still see those Mac's. Sounds like he's not connecting to your network, instead you are seeing his open sharing Mac.
Click to expand...

I've never seen that, but TBH its more likely than WPA being hacked.
 
wafflesnsegways said:
No, we've got one cable modem with one airport express plugged into it.

I thought Little Snitch told you when apps on your computer tried to phone home. How would I use it here?



Actually, someone does. But it would have shown up earlier, right? I'll double check, but I don't think this is what's going on.
Click to expand...

Its another layer of protection--little snitch watches outbound and inbound. So if 'brian' happened to get past your firewall and wanted to set up some sort of funky ftp, etc. file transfer, little snitch would pop up.

for example, I have little snitch set on my own machine with no rules regarding the open services--so for things like ftp, even though i have it set to allow password protected logins, it still tells me when they're happening. Color me paranoid *shrug*.
 
merl1n said:
It's not that he has access to your computer, but you have access to his. This could be occurring because he is on the same subnet as you with your ISP, he has file sharing turned on and he has no password protection.
Click to expand...

Next time, if you see the person, disconnect modem, then you'll know whether it's your ISP or your wifi.

But typically in these cases, it's typically a computer from one of your roommates.

A hacker will not announce their presence with Bonjour service on.
 
notjustjay said:
Yup. Leopard shows the names of computers it finds on the Finder window sidebar. It might not have even come from your network (in fact it probably didn't). At one point your laptop connected to another network -- say at school, work, the coffee shop, hotel, etc. -- and Leopard found that computer.

Reboot and I bet it'll go away, never to return.
Click to expand...

This sounds like the most likely explanation. Because really, with free wifi floating around my neighborhood, why would somebody bother? And why would they leave file sharing on?

Or it could have been someone who just wanted to see if he could do it.

Still, at the time, it was strange. My initial reaction was, "Holy crap! Something horrible is going on!"
 
wafflesnsegways said:
This sounds like the most likely explanation. Because really, with free wifi floating around my neighborhood, why would somebody bother? And why would they leave file sharing on?

Or it could have been someone who just wanted to see if he could do it.

Still, at the time, it was strange. My initial reaction was, "Holy crap! Something horrible is going on!"
Click to expand...

:D yea it kind of defeats the purpose if you leave evidence of who "hacked" your network. like someone said above, try restarting a few times and see if it goes away.
 
As has been stated, you see them, not necessarily them seeing you. Here's who I see from my hotel right now...
 

Attachments

  • Network.jpg
    Network.jpg
    86.5 KB · Views: 185
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back