Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How to tell if neighbours accessing network/wifi

Y

Yumid

macrumors member
Original poster
May 11, 2014
59
3
Is there any way of detecting this? I have my firewall on and my network is password protected but for some reason my home page on chrome and my phone which are both connected to my network keep defaulting back to french. My neighbours are french haha, I know this is a stretch but it would make sense why every now and then my network starts taking up way more bandwidth and why my settings keep defaulting to french when I have nothing to do with french in my workflow.

Anyway. Anyway to find out if neighbours in your apartment are hacking your network? And if not, whats going on with my searches returning as french? Ive done everything I need to do in order to set my default language as english so its not that.

I also did a malwarebytes scan.
 
Even if they were hacking your network, your homepage isn't going to change because of it.
 
You should be able to look at your router and see all of the devices connected, and sometimes a little information about each device. How to do this (and the information about each device) varies by router.
 
As aristobrat says, your router's administration web access probably has a page that lists connected devices and perhaps even devices that have been but aren't currently connected.

There are also apps for Mac and iOS that will show such info. "Fing" for iOS is a free one.
 
Pakaku said:
Even if they were hacking your network, your homepage isn't going to change because of it.
Click to expand...
It would if they kept googling things in french and chrome would change my default to French. I was looking into why my searches kept coming back in french and the only way is if chrome gets used to you searching in french. I never have. And made sure my default was English. I'm not certain but it's the only connection to French I can make haha. I've been suspecting someone was using it and that adds to the coincidence at least
 
Unless they got access to your computer and phone, your home page should not change. What they do in their computer does not have anything to do with yours.
 
  • Like
Reactions: millerj123
Fancuku said:
Unless they got access to your computer and phone, your home page should not change. What they do in their computer does not have anything to do with yours.
Click to expand...
Maybe they do and they're just messing with me? I don't know. It's not like them using the network is the only option. I don't know what's going on. Because my phone is connected to WiFi snd it goes french too. So it's network relaTed. And I don't do anything in french. And my neighbour's happen to be french. I dunno what if anything is going on. I'm here trying to see if it's possible.
 
All devices that connect to the Internet have a MAC Address. You can look up how to find this for each of your devices, make a list, then look through the router connections and log if available. If you see one that doesn't belong to you, someone else is on your network.

Things they can do while just connected to your network:
  • Use the Internet on your dime
  • Reset your router password if you kept the defaults (typically admin/admin, admin/<blank>, admin/0000, 1234 etc.)
Chances of someone caring about breaking into a secured network over finding a free wi-fi spot, slim to none.

What they can't do:
  • Access your computer (without your computer name + username + password)
Now if they got that, I doubt they'd care so much as to change your homepage. If a Hacker cared that much about messing with you they'd probably look for your passwords document on your desktop or in documents. Maybe intimate pictures of your wife.

There are tools out there that allow a person to do all of this, however, it takes approximately 6 - 12 hours to break WPA2 Personal encryption. Then you have to try and find a username from a computer which isn't a small task unless they've been to your house. Then they have to either bruteforce your password or hash it, which can still take a long time. Depending on the strength of your password, realistically it could take anywhere from 1/2 a second for a single letter password, or a common password (12345) to 800 years (12-16 characters, not a dictionary word, or is a phrase).

The obvious choice here is that they are going to steal your Internet and that's about it, they won't care about your stuff unless they've been to your house and used your computer and snagged your password that you keep under your keyboard, stickied to your monitor, or laying on your desk.

As for your issue, you probably installed crapware with Java or Adobe Reader. They like to try and force things on you like McAfee, Norton, Ask Toolbar and search, Google Toolbar, Yahoo.... the list goes on and on making me less likely to use their products. Things like weatherbug and coupons might seem nice to have but in reality they are the top offenders for introducing malware and spyware on your computer next to online free games and illicit movie sites.

Depending on where you live your ISP might redirect you to a French website. I know for a while I was being directed to sites in the Netherlands when I live in North America. Perhaps the .com website changed recently and DNS hasn't propagated completely which pushed you to their .fr website. Chances are if you go to one your computer may try to help you by pushing you off to the .fr version of the website if one is available.
 
  • Like
Reactions: phrehdd
If you have a Mac use Lanscan and see if you can find odd connections.
 
Talking of people using your WiFi, what if anything does it mean when the light on the router is going hell for leather at a rate of knots, but you're not even checking your emails, let alone downloading anything?
 
Peter Franks said:
Talking of people using your WiFi, what if anything does it mean when the light on the router is going hell for leather at a rate of knots, but you're not even checking your emails, let alone downloading anything?
Click to expand...

The light blinks as packets are passed through, so if your computer is downloading updates in the background you'll see this behavior. Chances are Windows is calling home for updates, your Mac is receiving updated data from iCloud drive, OneDrive, or Dropbox might be checking for changes. All of this requires some talking. If you have a lot of devices on your network they like to check in and pass packets for network awareness (such as displaying network computers). Your router sends packets. The light doesn't blink only for TCP/IP http/s streams, it blinks for Syn/Ack connections, broadcast connections (not tv broadcasts) along with other things such as ICMP, SNMP, DNS resolution, DHCP, time service, and anything else that runs in the background without you needing to do something.

You cannot make it conclusive until you do the digging. Lights blinking...I have a hacker! Maybe but most likely not. This is the computer version of the sky is falling story.
 
  • Like
Reactions: r0k and Peter Franks
Thanks, re: the fast flashing lights, this is behaviour when the Mac isn't even on. So it can only be the server doing the checks, not the Mac?
 
Peter Franks said:
Thanks, re: the fast flashing lights, this is behaviour when the Mac isn't even on. So it can only be the server doing the checks, not the Mac?
Click to expand...

If your Mac is not turned on how many other devices in your house do you have? Count your router.

If you have a smart tv connected to your network, an game console, a mobile phone, or tablets. All of these could be talking by downloading updates, apps, background app refresh, etc... These all count towards that blinking light. Aside from that you'll still see that light flash periodically with the DNS servers so it knows where and how to reach the web. Also because some people were actually able to figure out the data you were sending by the blinking light especially on old mainframes, they put a variable pause in the light to count every other 1 or 5, in the case of the router it skips every few packets, so some don't even cause the router to light up.

There is a lot of explanation to packet transfer and there have been books written on network data transfer, I'm not keen on going deep into the subject, but I'll tell you that you have a higher chance of getting your rarely used credit card number stolen than you do getting your wi-fi broken into because there is nothing in it for the other person. If they can afford a computer, they can afford Internet access at $15 a month.
 
  • Like
Reactions: Peter Franks
To find out if neighbors are using your network, change the network password. Use something strong, and only use WPA2/AES.

A router will usually have an info page that tells what IP addresses it's assigned via DNS, and maybe some info about the device. This depends on the exact router model. Since you didn't post a router model number, we can't tell you where to look on it.
 
Last edited:
In the UK, made up of 4 countries, the ISP British Telecom, which operates in all 4, assigns IP addresses that are not the geographical location of the devices, but other locations, usually in London. Websites, though many are sophisticated enough to work out the real location, think the devices on our network are in a different country.

This has effects, like a TV station that people in our geographical location have a legal right to access, are denied access and forced to watch the "International" version.

In the past weeks Apple can no longer work out the real location of devices on our network and keeps sending notifications to iPhones saying that someone in e.g. London is accessing our iCloud accounts. Resulting in changing account passwords etc before realising Apple can't figure out our device locations with the accuracy that web advertisers can.

This might not be your problem, but most likely your neighbours are not on your network.
 
Last edited:
If Google is your search engine, the problem is likely a Google glitch which makes Google think your computer is in France, or another French speaking area, like Quebec. This is a common problem with Google. Although I am in Canada, recently searches for things like hardware stores turned up locations in the U.K. I complained to Google, and although it took a few weeks, the problem was eventually resolved.

See: https://productforums.google.com/forum/#!topic/websearch/ZagOo2X7ozQ

It is very unlikely that this has anything to do with your neighbours, but if it will give you peace of mind, make sure your network is protected by WPA, not WEP, and change your password to a different strong password.
 
With all that being said the only safe way to ensure that no one is using your router is to use direct Ethernet connections to all of your devices and turn off wi-fi. My dad had the fallacy that WPA2 was unbreakable over thanksgiving (lunch) to which I displayed his password in plain text by the end of the night. It only took about 6 hours.
 
mildocjr said:
With all that being said the only safe way to ensure that no one is using your router is to use direct Ethernet connections to all of your devices and turn off wi-fi. My dad had the fallacy that WPA2 was unbreakable over thanksgiving (lunch) to which I displayed his password in plain text by the end of the night. It only took about 6 hours.
Click to expand...
https://en.wikipedia.org/wiki/Temporal_Key_Integrity_Protocol
... TKIP is no longer considered secure and was deprecated in the 2012 revision of the 802.11 standard.[1]

That deprecation was 4 years ago.

Details are important in security.
 
chown33 said:
https://en.wikipedia.org/wiki/Temporal_Key_Integrity_Protocol
... TKIP is no longer considered secure and was deprecated in the 2012 revision of the 802.11 standard.[1]

That deprecation was 4 years ago.

Details are important in security.
Click to expand...

Yep I'm actually talking about WPA2 being insecure. I won't post links here to any hacking sources, but I can tell you that WPA2 was cracked relatively quickly due to the way WPS works.

The meat of WPS consists of an 8 number pin code. (Outlined here -
http://download.microsoft.com/download/a/f/7/af7777e5-7dcd-4800-8a0a-b18336565f5b/WCN-Netspec.doc )

Essentially you have 8 pieces which we can separate by M1, M2, ..., M8

M1 - M4 is a 128 bit checksum that is validated against the AP. Every AP is different but there are some common values that are checked first, this is possibly the longest portion of the crack.

Once the AP validates the first 4 numbers, the program saves this number and uses it to validate against the last 4 numbers.

M5 - M7 is the next number you are checking with M8 being a checksum (so all the numbers have to validate).

You end up with 10,000 (0000 - 9999) for the first part of the checksum, with the most common checked first. Then instead of having 10,000 for the second part, you really only have 1000 as you are checking 000 - 999 with a checksum value of 0-9.

Once it has validated the one number in 11,000 or <= 11,000 packets sent it authenticates with the AP successfully and connects. Wi-Fi is now compromised. This took me 6 hours and the app states that it takes about 4 - 10 hours to break any WPS encryption.

It has nothing to do with TKIP.
 
  • Like
Reactions: hxlover904
mildocjr said:
Yep I'm actually talking about WPA2 being insecure. I won't post links here to any hacking sources, but I can tell you that WPA2 was cracked relatively quickly due to the way WPS works.

The meat of WPS consists of an 8 number pin code. (Outlined here -
http://download.microsoft.com/download/a/f/7/af7777e5-7dcd-4800-8a0a-b18336565f5b/WCN-Netspec.doc )

Essentially you have 8 pieces which we can separate by M1, M2, ..., M8

M1 - M4 is a 128 bit checksum that is validated against the AP. Every AP is different but there are some common values that are checked first, this is possibly the longest portion of the crack.

Once the AP validates the first 4 numbers, the program saves this number and uses it to validate against the last 4 numbers.

M5 - M7 is the next number you are checking with M8 being a checksum (so all the numbers have to validate).

You end up with 10,000 (0000 - 9999) for the first part of the checksum, with the most common checked first. Then instead of having 10,000 for the second part, you really only have 1000 as you are checking 000 - 999 with a checksum value of 0-9.

Once it has validated the one number in 11,000 or <= 11,000 packets sent it authenticates with the AP successfully and connects. Wi-Fi is now compromised. This took me 6 hours and the app states that it takes about 4 - 10 hours to break any WPS encryption.

It has nothing to do with TKIP.
Click to expand...
WPS is separate from WPA2. A system is only as strong as its weakest link.

https://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup#Vulnerabilities
 
mildocjr said:
I hear ya, but most routers out there just slap it on by default, WPS does have some defenses to try and block bruteforce attacks, but the programs are pretty smart and pause between tries with basic deep learning algorithms if you want to call it that, almost like calling a matchbox car an actual car.
Click to expand...
Agreed.

So the OP should turn off WPS, in addition to only using WPA2/AES. However, given that some wifi routers/APs will still accept WPS packets even though WPS is nominally turned off, it's still conceivable that some persistent neighbors can break in. The only solution in that case would be a different wifi router/AP, one that definitely turns off WPS, or to avoid wifi completely.
 
  • Like
Reactions: mildocjr
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back