How to tell if neighbours accessing network/wifi

Discussion in 'Mac Basics and Help' started by Yumid, Jun 8, 2016.

  1. Yumid macrumors member

    Joined:
    May 11, 2014
    #1
    Is there any way of detecting this? I have my firewall on and my network is password protected but for some reason my home page on chrome and my phone which are both connected to my network keep defaulting back to french. My neighbours are french haha, I know this is a stretch but it would make sense why every now and then my network starts taking up way more bandwidth and why my settings keep defaulting to french when I have nothing to do with french in my workflow.

    Anyway. Anyway to find out if neighbours in your apartment are hacking your network? And if not, whats going on with my searches returning as french? Ive done everything I need to do in order to set my default language as english so its not that.

    I also did a malwarebytes scan.
     
  2. Pakaku macrumors 68000

    Pakaku

    Joined:
    Aug 29, 2009
    #2
    Even if they were hacking your network, your homepage isn't going to change because of it.
     
  3. aristobrat macrumors G4

    Joined:
    Oct 14, 2005
    #3
    You should be able to look at your router and see all of the devices connected, and sometimes a little information about each device. How to do this (and the information about each device) varies by router.
     
  4. BrianBaughn macrumors 601

    BrianBaughn

    Joined:
    Feb 13, 2011
    Location:
    Baltimore, Maryland
    #4
    As aristobrat says, your router's administration web access probably has a page that lists connected devices and perhaps even devices that have been but aren't currently connected.

    There are also apps for Mac and iOS that will show such info. "Fing" for iOS is a free one.
     
  5. Yumid thread starter macrumors member

    Joined:
    May 11, 2014
    #5
    It would if they kept googling things in french and chrome would change my default to French. I was looking into why my searches kept coming back in french and the only way is if chrome gets used to you searching in french. I never have. And made sure my default was English. I'm not certain but it's the only connection to French I can make haha. I've been suspecting someone was using it and that adds to the coincidence at least
     
  6. Fancuku macrumors 6502a

    Fancuku

    Joined:
    Oct 8, 2015
    Location:
    PA, USA
    #6
    Unless they got access to your computer and phone, your home page should not change. What they do in their computer does not have anything to do with yours.
     
  7. Yumid thread starter macrumors member

    Joined:
    May 11, 2014
    #7
    Maybe they do and they're just messing with me? I don't know. It's not like them using the network is the only option. I don't know what's going on. Because my phone is connected to WiFi snd it goes french too. So it's network relaTed. And I don't do anything in french. And my neighbour's happen to be french. I dunno what if anything is going on. I'm here trying to see if it's possible.
     
  8. mildocjr macrumors 65816

    #8
    All devices that connect to the Internet have a MAC Address. You can look up how to find this for each of your devices, make a list, then look through the router connections and log if available. If you see one that doesn't belong to you, someone else is on your network.

    Things they can do while just connected to your network:
    • Use the Internet on your dime
    • Reset your router password if you kept the defaults (typically admin/admin, admin/<blank>, admin/0000, 1234 etc.)
    Chances of someone caring about breaking into a secured network over finding a free wi-fi spot, slim to none.

    What they can't do:
    • Access your computer (without your computer name + username + password)
    Now if they got that, I doubt they'd care so much as to change your homepage. If a Hacker cared that much about messing with you they'd probably look for your passwords document on your desktop or in documents. Maybe intimate pictures of your wife.

    There are tools out there that allow a person to do all of this, however, it takes approximately 6 - 12 hours to break WPA2 Personal encryption. Then you have to try and find a username from a computer which isn't a small task unless they've been to your house. Then they have to either bruteforce your password or hash it, which can still take a long time. Depending on the strength of your password, realistically it could take anywhere from 1/2 a second for a single letter password, or a common password (12345) to 800 years (12-16 characters, not a dictionary word, or is a phrase).

    The obvious choice here is that they are going to steal your Internet and that's about it, they won't care about your stuff unless they've been to your house and used your computer and snagged your password that you keep under your keyboard, stickied to your monitor, or laying on your desk.

    As for your issue, you probably installed crapware with Java or Adobe Reader. They like to try and force things on you like McAfee, Norton, Ask Toolbar and search, Google Toolbar, Yahoo.... the list goes on and on making me less likely to use their products. Things like weatherbug and coupons might seem nice to have but in reality they are the top offenders for introducing malware and spyware on your computer next to online free games and illicit movie sites.

    Depending on where you live your ISP might redirect you to a French website. I know for a while I was being directed to sites in the Netherlands when I live in North America. Perhaps the .com website changed recently and DNS hasn't propagated completely which pushed you to their .fr website. Chances are if you go to one your computer may try to help you by pushing you off to the .fr version of the website if one is available.
     
  9. zone23 macrumors 68000

    Joined:
    May 10, 2012
    #9
    If you have a Mac use Lanscan and see if you can find odd connections.
     
  10. Peter Franks macrumors 65816

    Joined:
    Jun 9, 2011
    Location:
    London UK
    #10
    Talking of people using your WiFi, what if anything does it mean when the light on the router is going hell for leather at a rate of knots, but you're not even checking your emails, let alone downloading anything?
     
  11. mildocjr macrumors 65816

    #11
    The light blinks as packets are passed through, so if your computer is downloading updates in the background you'll see this behavior. Chances are Windows is calling home for updates, your Mac is receiving updated data from iCloud drive, OneDrive, or Dropbox might be checking for changes. All of this requires some talking. If you have a lot of devices on your network they like to check in and pass packets for network awareness (such as displaying network computers). Your router sends packets. The light doesn't blink only for TCP/IP http/s streams, it blinks for Syn/Ack connections, broadcast connections (not tv broadcasts) along with other things such as ICMP, SNMP, DNS resolution, DHCP, time service, and anything else that runs in the background without you needing to do something.

    You cannot make it conclusive until you do the digging. Lights blinking...I have a hacker! Maybe but most likely not. This is the computer version of the sky is falling story.
     
  12. Peter Franks macrumors 65816

    Joined:
    Jun 9, 2011
    Location:
    London UK
    #12
    Thanks, re: the fast flashing lights, this is behaviour when the Mac isn't even on. So it can only be the server doing the checks, not the Mac?
     
  13. mildocjr macrumors 65816

    #13
    If your Mac is not turned on how many other devices in your house do you have? Count your router.

    If you have a smart tv connected to your network, an game console, a mobile phone, or tablets. All of these could be talking by downloading updates, apps, background app refresh, etc... These all count towards that blinking light. Aside from that you'll still see that light flash periodically with the DNS servers so it knows where and how to reach the web. Also because some people were actually able to figure out the data you were sending by the blinking light especially on old mainframes, they put a variable pause in the light to count every other 1 or 5, in the case of the router it skips every few packets, so some don't even cause the router to light up.

    There is a lot of explanation to packet transfer and there have been books written on network data transfer, I'm not keen on going deep into the subject, but I'll tell you that you have a higher chance of getting your rarely used credit card number stolen than you do getting your wi-fi broken into because there is nothing in it for the other person. If they can afford a computer, they can afford Internet access at $15 a month.
     
  14. chown33, Jun 8, 2016
    Last edited: Jun 8, 2016

    chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #14
    To find out if neighbors are using your network, change the network password. Use something strong, and only use WPA2/AES.

    A router will usually have an info page that tells what IP addresses it's assigned via DNS, and maybe some info about the device. This depends on the exact router model. Since you didn't post a router model number, we can't tell you where to look on it.
     
  15. BeefCake 15 macrumors 65816

    BeefCake 15

    Joined:
    May 15, 2015
    Location:
    near Boston, MA
    #15
    Are you using a VPN, can it be accessing a French speaking country's IP?
     
  16. davidoloan macrumors 6502

    Joined:
    Apr 28, 2009
    #16
    In the UK, made up of 4 countries, the ISP British Telecom, which operates in all 4, assigns IP addresses that are not the geographical location of the devices, but other locations, usually in London. Websites, though many are sophisticated enough to work out the real location, think the devices on our network are in a different country.

    This has effects, like a TV station that people in our geographical location have a legal right to access, are denied access and forced to watch the "International" version.

    In the past weeks Apple can no longer work out the real location of devices on our network and keeps sending notifications to iPhones saying that someone in e.g. London is accessing our iCloud accounts. Resulting in changing account passwords etc before realising Apple can't figure out our device locations with the accuracy that web advertisers can.

    This might not be your problem, but most likely your neighbours are not on your network.
     
  17. JohnDS macrumors 65816

    Joined:
    Oct 25, 2015
    #17
    If Google is your search engine, the problem is likely a Google glitch which makes Google think your computer is in France, or another French speaking area, like Quebec. This is a common problem with Google. Although I am in Canada, recently searches for things like hardware stores turned up locations in the U.K. I complained to Google, and although it took a few weeks, the problem was eventually resolved.

    See: https://productforums.google.com/forum/#!topic/websearch/ZagOo2X7ozQ

    It is very unlikely that this has anything to do with your neighbours, but if it will give you peace of mind, make sure your network is protected by WPA, not WEP, and change your password to a different strong password.
     
  18. Ulenspiegel macrumors 68030

    Ulenspiegel

    Joined:
    Nov 8, 2014
    Location:
    Land of Flanders and Elsewhere
    #18
  19. deany macrumors 68030

    deany

    Joined:
    Sep 16, 2012
    Location:
    North Wales
  20. mildocjr macrumors 65816

    #20
    With all that being said the only safe way to ensure that no one is using your router is to use direct Ethernet connections to all of your devices and turn off wi-fi. My dad had the fallacy that WPA2 was unbreakable over thanksgiving (lunch) to which I displayed his password in plain text by the end of the night. It only took about 6 hours.
     
  21. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #21
    https://en.wikipedia.org/wiki/Temporal_Key_Integrity_Protocol
    ... TKIP is no longer considered secure and was deprecated in the 2012 revision of the 802.11 standard.[1]

    That deprecation was 4 years ago.

    Details are important in security.
     
  22. mildocjr macrumors 65816

    #22
    Yep I'm actually talking about WPA2 being insecure. I won't post links here to any hacking sources, but I can tell you that WPA2 was cracked relatively quickly due to the way WPS works.

    The meat of WPS consists of an 8 number pin code. (Outlined here -
    http://download.microsoft.com/download/a/f/7/af7777e5-7dcd-4800-8a0a-b18336565f5b/WCN-Netspec.doc )

    Essentially you have 8 pieces which we can separate by M1, M2, ..., M8

    M1 - M4 is a 128 bit checksum that is validated against the AP. Every AP is different but there are some common values that are checked first, this is possibly the longest portion of the crack.

    Once the AP validates the first 4 numbers, the program saves this number and uses it to validate against the last 4 numbers.

    M5 - M7 is the next number you are checking with M8 being a checksum (so all the numbers have to validate).

    You end up with 10,000 (0000 - 9999) for the first part of the checksum, with the most common checked first. Then instead of having 10,000 for the second part, you really only have 1000 as you are checking 000 - 999 with a checksum value of 0-9.

    Once it has validated the one number in 11,000 or <= 11,000 packets sent it authenticates with the AP successfully and connects. Wi-Fi is now compromised. This took me 6 hours and the app states that it takes about 4 - 10 hours to break any WPS encryption.

    It has nothing to do with TKIP.
     
  23. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #23
    WPS is separate from WPA2. A system is only as strong as its weakest link.

    https://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup#Vulnerabilities
     
  24. mildocjr macrumors 65816

    #24
    I hear ya, but most routers out there just slap it on by default, WPS does have some defenses to try and block bruteforce attacks, but the programs are pretty smart and pause between tries with basic deep learning algorithms if you want to call it that, almost like calling a matchbox car an actual car.
     
  25. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #25
    Agreed.

    So the OP should turn off WPS, in addition to only using WPA2/AES. However, given that some wifi routers/APs will still accept WPS packets even though WPS is nominally turned off, it's still conceivable that some persistent neighbors can break in. The only solution in that case would be a different wifi router/AP, one that definitely turns off WPS, or to avoid wifi completely.
     

Share This Page