Has my wireless networked been hacked?

Discussion in 'macOS' started by garjog, Jul 27, 2008.

  1. garjog macrumors newbie

    Joined:
    Jul 21, 2008
    Location:
    Kirkland WA
    #1
    On another forum I asked for help in securing my wireless network. I was advised to go to Apple support and read an article on how to set up a wireless network.

    Using Leopard, I have a wireless connection that accesses Internet. I am using an Airplus Xtreme router. My wife's PC computer uses the same router, but we do not share files. I have WEP password protection.

    When I go to the Airport Utility (as per the support instructions), it says it can't locate any Apple Wireless devices, so I can't open it. I assume that is because my D-Link wireless is not an Apple device?

    I have configured the firewall to be stealth and my data is encrypted though System Security.

    Here is my problem:

    1. On the Airport Icon page, I have two wireless networks that I can access. One is named Gary (made for me by a consultant who came to my house to set up my wireless connection for my old PC.) The other network appears as Linksys. I can access either of these networks using my password. When I am in Gary, both networks do not have a padlock icon next to them.

    According to System Pro-filer The Linksys address is 192.168.1.109 and the Gary network address is 192.168.0.100.

    Questions: could I have been using my neighbor's network by accident?

    When I bought the Mac the salesman said just turn it on and it will locate the nearest connection, so I assumed that Linksys was my network and used it for several months. (After checking today, it accepts my password to get in the Linksys network.)

    However, last week when doing a Clamxav virus check, I openned Shared Users file for a scan (my computer is set not to share files with another computer), but suddenly I noticed the name of my neighbor' son as a shared computer. (It listed his first and last name.)

    When I clicked on that shared file name, it said "Internet connection lost." Then the name disappeared and never returned.

    This is potentially serious because my neighbor's son is also my student and if he hacked into my computer, he could have access to all of my exams.

    What is going on here?

    I have spent the last week reading about sniffing, changed my passwords and trying to harden my wireless connection. I looked closely at the Activity Monitor, but can't seem to see any program that seems strange.

    What should I do?
     
  2. TuffLuffJimmy macrumors G3

    TuffLuffJimmy

    Joined:
    Apr 6, 2007
    Location:
    Portland, OR
    #2
    I doubt you've been hacked. Why don't you just password protect your router with the software that came with it? (you may have to use a WinPC to do this)
     
  3. tdhurst macrumors 68040

    tdhurst

    Joined:
    Dec 27, 2003
    Location:
    Portland, OR
    #3
    Uh...

    Dude, just hire the kid next door to do it for you.

    Linksys routers are accessed by typing in 192.168.1.1 or 192.168.0.1 in Safari. The web setup is available there, provided you know the router (yes, it's most likely different than your network password) login info.

    Airport setup utility is for apple's airport extreme or express routers, not linksys or netgear or anything else.
     
  4. saminsocks macrumors regular

    Joined:
    May 12, 2008
    #4
    Keeping the SSID (the name of your network) as Linksys or whatever the default is for your router is never a good idea. You should go into your router settings (based on the IP addresses you have for the routers, the Linksys' admin address is 192.168.1.1 and the Gary admin address is 192.168.0.1) and change it (and change the password to your router if you haven't already). Or even better, set your SSID so that it is not broadcasted. You can still connect to it by selecting "Other..." if you're using Airport and entering the SSID and type of security plus the password. This doesn't keep your network completely hidden, since people with programs like AirRadar can still see non-broadcasted networks, but it hides you from the average joe who happens to be in your neighborhood looking for wireless networks.

    WEP is also not very secure, so unless your wife has a wireless B adapter you should use WPA or WPA2. That is much more secure and it allows you to set your own password, instead of having to remember a WEP key.

    When you say you can access the networks using your password, when do you enter your password? If you use airport to connect to the network when you select the network it should prompt you for a password or key, depending on the type of security. Although if you've already connected to the network before it may not ask you for your password again. I'm just curious since you said there wasn't a padlock next to the network names, and that usually indicates the network is open. If you want to check to see if your network appears open you can download any of the free applications or programs from the Apple page that shows open networks. They will sometimes show more than what appears in Airport, and most of them will indicate what type of security is on each network.

    You said you have your firewall set up. Do you have any of the sharing options enabled? If you haven't enabled any of those then even if your neighbor's son or someone else is on your network they won't have access to anything on your system. Your wife's system may be vulnerable, though. Apple closes all ports by default and only opens the ones you tell it to open. Windows does the opposite so some ports you don't want to have open may be exposed.

    Having said all that, I don't think you have much to worry about. And I think your hunch about not being on your network may be correct. In rereading your post you said you have a D-Link router. Do you also have a Linksys router? D-Link's admin address by default is 192.168.0.1, so that is most likely your Gary router. Your neighbor may be the one with the open network and you've just logged on to it all this time.

    Sorry I can't be helpful about getting your Airport Extreme settings set up. I haven't played around with those yet so I'm not sure how they communicate.
     
  5. garjog thread starter macrumors newbie

    Joined:
    Jul 21, 2008
    Location:
    Kirkland WA
    #5
    How to go to router setting?

    1. OK, but how do I open router setting? If I go to Utilities and open Airport it says it can't find Apple Wireless Deivices, so I can't open it. Should I use my wife's PC to get into the D-Link router? Any suggestions how to do that? (I know, I am clueless.)

    2. Yes, I am reading the WEP isn't secure and that I should use WPA, but I can't open my Airport utilities to make any changes. Guess I will have to read up on how to change from WEP to WPA.

    3. You say that maybe I was using my neighbors non secure network all this time. But, I went into my Key Chain to check my passwords and Gary and Linksys are listed as my networks. Is that right?

    4. Something weird happened this evening. The computer opens in Linksys, even though for the last few days I set it for Gary. I tried to move it back to Gary and it keeps saying that my WEP password in invalid. I tried several times. I thought that the WEP and the log on were the same? Where do I find my WEP password to check? They are not in the Key chain. The Linksys is listed as "none" for security, even though I added a password.

    5. Thanks for the suggestion about the free software that shows what networks are open. You say, "download any of the free applications or programs from the Apple page that shows open networks." Do you know the name of that software by chance?
     
  6. garjog thread starter macrumors newbie

    Joined:
    Jul 21, 2008
    Location:
    Kirkland WA
    #6
    Good to hear you don't think that I've been hacked.

    I am working on figuring out how to password protect my router.

    But, I wonder why I saw the name of my neighbor's son's computer listed as a shared user in Finder?

    How could that happen unless the kid got into my computer somehow?

    My computer was set not to share. Could that happen if I mistakenly got onto their network?

    Checking today it seems that the Linksys network is actually mine -- not my neighbors -- since it appears in my Key Chain.
     
  7. TuffLuffJimmy macrumors G3

    TuffLuffJimmy

    Joined:
    Apr 6, 2007
    Location:
    Portland, OR
    #7
    1. Yes, his computer may show up if you accidentally got on their network.

    2. Just because it's in your keychain doesn't mean it's yours... really that means nothing.
     
  8. ihabime macrumors 6502

    Joined:
    Jan 12, 2005
    #8
    I'm a bit confused, you mention the airport extreme router, but then also talk about a d-link and the linksys that might be your neighbors, which brand of router do you own?

    Linksys is the default name of all linksys brand routers, so if you don't own a linksys then yes you were on your neighbors network and that's why his sons computer showed up in shared.

    Once you've clarified which router you use someone may be able to help you with the settings.
     
  9. saminsocks macrumors regular

    Joined:
    May 12, 2008
    #9
    1. If you are on the Linksys network, open a browser window and type 192.168.1.1. By default the username is admin and the password is either blank or also admin, I forget which one. Try one and if it doesn't work try the other. Like ihabime said, though, 'Linksys' is the default name for a network on a Linksys router, and you haven't mentioned owning one, so I don't think that network is yours.

    If you are on the Gary router, open a browser window and type 192.168.0.1. I'm almost certain username is admin and password is blank for that one.

    As long as you connected to a router (generally by being connected to that network) you can access the router settings.


    2. Airport is only used to make connections to networks. You change your security settings by accessing the router settings. You'll have to look around to find exactly where the settings are, but usually there is a section for wireless and then a subsection for security. There you can change your security from WEP to WPA or WPA2.

    3. Your keychain just keeps track of your permissions and passwords. It's kind of like cookies for programs. It doesn't mean it's your network, it just means you've been there and it remembers it. I have keychain entries for lots of networks, since I often take my MBP to friends' houses.

    4. WEP requires you to enter a long key it generates that's a random string of characters. I believe it's possible to choose your own key now, but I haven't dealt with WEP in a long time so I'm not certain about that. If you don't know what the WEP key is you will have to use the computer that's physically connected to the router and go into the settings to check the key. Or better yet, just change it while you're there. Sometimes passwords get forgotten. I have to enter mine in every now and again. I'm not really sure why that is. It defaulted back to Linksys because you were unable to get on Gary.

    5. I currently use AirRadar. It offers a lot more information than you need, but you'll be able to see what you need to see. There is also a widget called AirPort Radar that is pretty similar, but condensed, obviously, since it's a widget. Either of those would be good. I don't remember the names of the other ones I used to use.

    As for your neighbor showing up in Finder, it would be because he has file sharing enabled. That has nothing to do with your settings, and just because you can see him doesn't mean he can see you. I have playlist sharing turned off in iTunes but I am still able to see shared playlists if I'm on a public network. The same is true with computers with file sharing. It sounds like he at least has some security set, since you couldn't get into his files. Sometimes I'm tempted to leave Windows users a text file that tells them how to secure their system since I'm often able to gain access to pretty much everything. But that's neither here nor there.
     
  10. garjog thread starter macrumors newbie

    Joined:
    Jul 21, 2008
    Location:
    Kirkland WA
    #10
    AirPlus Xtreme

    Thanks. The name of my D-link router is Airplus Xtreme. (I don't think that I said that I am in Airport Extreme. Only that my Mac computer internet connection is called Airport. So, my Apply computer has something called Airport with an Airport icon, but my router is D-link. Somehow it works.
     
  11. garjog thread starter macrumors newbie

    Joined:
    Jul 21, 2008
    Location:
    Kirkland WA
    #11
    Helpful

    Great. This is helpful and answers a lot of my questions.

    I went into my network security file on my Mac and changed from WEP to WPA as you suggest. )I changed it for both the Gary network and the Linksys network.)

    I understand that just because Linksys shows up on my Keychain doens't mean it is my network.

    I remembered my password for Gary and got back into it and it seems to be working fine.

    It seems that the reason my neighbor's son name showed up was because I was in a public network and that seeing his name does not mean he had access to my files. (Remember, just because you are paranoid, doesn't mean that they are not really after you /sarcasm off.)

    You show how to get into my router by typing 192.168.1.1 in the address box once in my network. I tried that, but it is asking me for a user name and password and I tried every combination that I could think of and couldn't get it open.

    Question: I still haven't tried to get into the router through my wife's PC that doesn't use wireless. Should I try that? Any suggestions on what to do if I don't know the user name and password?
     
  12. CanadaRAM macrumors G5

    CanadaRAM

    Joined:
    Oct 11, 2004
    Location:
    On the Left Coast - Victoria BC Canada
    #12
    Err... assuming the D-Link device is yours and you don't own a Linksys device... you were hacking your neighbor's network, not the other way around. Don't be changing their Linksys settings...

    The Apple Airport configuration utility is only for Apple branded routers.

    IIRC, When you type 192.168.1.1 you are trying to configure your neighbor's Linksys router, your D-Link is on 192.168.0.1

    Please, this is a RTM moment here. Get out your D-Link manuals and read up to understand what you are doing before you make any (more) embarrassing errors.
     

Share This Page