Nosey Housemate + Macbook wifi = I need your help/advice

Discussion in 'MacBook Pro' started by Digidesign, Feb 13, 2007.

  1. Digidesign macrumors 6502

    Jan 7, 2002
    (Not sure where to place this thread, so mods please move as needed)

    I have a Macbook that I do everything on (i.e., personal finances, emails, etc.) I also have one of the rudest, most obnoxious / nosey housemates you can imagine, who loves to boast about how he can sniff packets and hack networks. And yes, from time to time he'll talk about hacking into my computer (or trying to at least). The guy is a complete loser, but the housing situation cannot change at the moment, so I'm asking help from you guys about how I can protect my MacBook's wifi from the creep.

    The evidence:
    - Under OS X, no intrusions noted.
    - Under XP, ZoneAlarm keeps popping up with attempted intrusions coming from the home network. :rolleyes:

    The setup:
    - Macbook C2D connected via WEP 128-bit encrypted wifi.
    - Linksys wireless router with 4-port hub.
    - Mac Pro connected via Ethernet on the hub.
    - Creep's notebook connected via wifi.
    - Creep's desktop connected via ethernet.

    More info:
    - I own the router, and only I have access into the router setup.

    What can I do to protect my Macbook from the Creep?

    I know this isn't the Mac Pro forum, but if you have any advice to help with the Mac Pro (connected via Ethernet), that's much appreciated as well. If your advice is that this is too complicated to explain in this forum, that's cool too. Point me towards where I can learn and I'll do the hard work needed.
  2. Nevrsadie macrumors regular


    Oct 31, 2006
    Dark side of the monitor
    first I would get rid of the wep128 and go with wpa/wpa2, its alot more secure. Second i would verbally threaten him about the computer hacking. Something along the lines of ' you touch my mac I break you ba#!%.
  3. panoz7 macrumors 6502a


    Nov 21, 2005
    Raleigh, NC
    You could turn filevault on. That way even if he got in everything would be encrypted. I don't know much about security though, so even that might not be necessary, as I'm not even sure he could break in to begin with.
  4. Digidesign thread starter macrumors 6502

    Jan 7, 2002
    Excellent suggestions, thanks.

    I'm turning on FileVault tonight and will switch over to WPA/WPA2.
  5. Blubbert macrumors 6502

    Nov 1, 2006
    I wouldnt reccomend File Vault. I have heard several horror stories, where people lost data and such. Create a sparse disk image with encryption trough disk utility and place your sensitive files in it.
    EDIT: Also, if you havent already, turn on your firewall, and possibly even set it in stealth mode, where your computer doesnt acknowledge that it even exists.
  6. psingh01 macrumors 65816

    Apr 19, 2004
    Can you just setup your router to deny all access to any computer that doesn't match the two mac-addresses of your mac's? Then he'll have no more internet, wired or wireless :D
  7. Kopachris macrumors newbie

    Feb 12, 2007
    under your bed
    I saw this topic in the Forum spy and was going to say the exact same thing. That's what my dad did with our home network.
  8. xUKHCx Administrator emeritus


    Jan 15, 2006
    The Kop
    enable password screensaver option because he may try and get on your mac if you leave it for a bit. Make it a hot corner and just flick to it when you leave the mac.
  9. gauchogolfer macrumors 603


    Jan 28, 2005
    American Riviera
    If he's really a problem, you may consider a firmware password as well. This prevents him from shutting down your machine and rebooting in single-user mode and having administrator access to your machine. It's absolutely imperative that you don't lose this password, however, so it might not be worth it to you.

    As long as all of your firewall settings are normal factory defaults (i.e. no file sharing enabled) I'd think you're safe.
  10. operator macrumors regular

    Oct 29, 2006
    It would be funny if your roommate found this post thru hacking your machine! :p Nah, actually that wouldn't be very funny for you - I was just kidding.
  11. gauchogolfer macrumors 603


    Jan 28, 2005
    American Riviera
    If he installs a packet sniffer on the account, no amount of internal security will prevent him from accessing data that you transmit 'in the clear' over the network. The exception is visiting encrypted websites (like most banks), whose addresses begin with https rather than http. If you see that in the address window you should be ok, as that's the kind of thing they're designed to protect against.

    Also, if a roommate installed a packet sniffer in a shared network with me, I'd yank his access in a second, physically if need be. That is serious stuff.
  12. Apple Corps macrumors 68030

    Apr 26, 2003
    WPA2 Active

    I would NOT deploy File Vault

    File Sharing Off

    Firewall On

    Internet Sharing Off

    Password required when waking from sleep

    You will be very very very secure.
  13. Flowbee macrumors 68030


    Dec 27, 2002
    Alameda, CA
    For an extra bit of network security, you could connect through a VPN. I use Witopia personalVPN when I'm connecting to a public wireless network. Keeps packets safe from sniffers. Only $40 per year. They also offer a $10 per year wifi network security service called SecureMyWiFi. Fire up both of these services and your wireless network will be pretty rock-solid.
  14. holamiamigos macrumors 6502a

    Aug 10, 2006
  15. logandzwon macrumors 6502a

    Jan 9, 2007
    I don't mean to be a dick, but I see a lot of eager people here, but not any useful info on the matter.

    wpa wont make a difference, the ROOM MATE IS ON THE SAME WIRELESS NETWORK, he has access to the wireless keys!

    For the wireless;
    Basicly, sniffing wireles is more complex then sniffing ethernet data over a hub, but really hard either. Things like im passwords are encripted, however the actual conversations are not. As far web browsing, he'll beable to see where any https connections are going, but any of the actual data, it'll all be encripted. E-mail can use SSL or tls, but thats upto your provider to support, and you to set-up for each account.

    For the desktops;
    The linksys has a switch in it, not a hub, which means it the when you desktop talks to something on the internet none of the other devices on the network see any of those packets. No worries about his sniffing packets there.

    Now, since the "creep" has physical access to your machines there are various levels of attacks. With Macs OF passwords are great for prevent unauthorized use of your machine. However they do not prevent him physicaly removing your harddisks and mounting them. Something like File Vault or a spare image will prevent access your files in that case.

    Ofcourse that still leaves network bases attacks. I think the other posters were in the correct direction here, except I would not put your machine into steath mode. It'll be like issuing a challenge to him. Just make sure the sharing is off and the firewire is on.

    Oh ya, and lock your machine when your not infront of it. honeslty, if I was him and wanted your stuff, I'd enable sharing or make me account or somethign the 30 secounds you were outta the room to pee or something...
  16. gauchogolfer macrumors 603


    Jan 28, 2005
    American Riviera
    I made the exact same open firmware recommendation earlier. I didn't think that she needed to worry about her roommate actually physically removing the harddrive, since that's not 'hacking', that's stealing.

    Or, how about Flowbee's recommendation to use a private VPN to encrypt all outgoing traffic?

    Calm down.
  17. pilotError macrumors 68020


    Apr 12, 2006
    Long Island
    This isn't a networking issue, this is a social issue. You shouldn't need to put up with this crap in your own house.

    Have a talk with this person. Tell them you really don't appreciate his hacking efforts. If he ends up being a total jerk, back up your data somewhere and take a sledgehammer to his PC. :D It will make you feel better!

    OK, a little nuts, maybe just disable his access to the router (via mac address) until the guy decides he'd rather have internet access.
  18. princealfie macrumors 68030


    Mar 7, 2006
    Salt Lake City UT
    Install Vista on his PC and see if that will stop him :)

    At least he will get real confused.
  19. atszyman macrumors 68020


    Sep 16, 2003
    The Dallas 'burbs
    That would be my approach...

    If he's not going to respect your privacy, take away his internet access and see how long he can tolerate that...

    When he begs for it back tell him that the next time you catch any sort of internal network hacking you're going to lock him from the net permanently.

    He'll either stop, or try again and then move out to find net access once you take it away. Either way, problem solved.

    You might want to watch out for keyloggers too since he does have physical access to the machines.
  20. jimytheassassin macrumors member

    Jan 22, 2007
    Brooklyn, NY
    you could always throw some metal shavings into his rig and wait to see him turn it on. POOF. j/k - I would either resolve the issue with the creep..or disable the internet. You could use a pair of hedge clippers. If it's in your name it's in your right. If he isn't on the lease and you are, kick him out. End of story. Then crap in his shoes.
  21. jsw Moderator emeritus


    Mar 16, 2004
    Andover, MA
    I think that the (serious) suggestions above are good, although I too would avoid File Vault. I think that simply ensuring you always - always - go to the login window (enable Fast User Switching) when leaving, set the Macs to sleep relatively quickly and require password to wake up (in case you forget to log off), turn off sharing you don't need, block all but the ports you need (via the firewall), etc., you should be OK. I'd also follow Flowbee's links for more wireless security, and, if you file transfer between the Macs, use a secure protocol (like scp). A few other things:

    First, I'd let him know that any invasion = you filing a police report. Period. Send him a written notice to that effect if you want, but that's job #1: if he breaks in, he's busted. Period. And they'll take his equipment to look for evidence.

    Second, how old is this guy? Just curious as to how immature he is for his age.

    Third: do you both pay for internet access, or how is that set up? If you pay for it, you could also consider the somewhat excessive measure of physically securing the router and modem in a lockable case. Get a lockable case, drill some holes for air and cable pass-through, and physically secure the router and modem so he can't mess with them.

    Likewise, lock your MP so he can't open it up.
  22. richard4339 macrumors 6502a


    Sep 6, 2006
    I don't know if you're still wanting suggestions, but I'd like a little bit more information to give more advice.

    You say you own the router, but not if you pay for the internet. Do you? If so, I'd simply lock him out. Use a firmware/account password on your MacBook, deny him access to the network via Mac addressing, and that should resolve the majority of your problems. As much fun as hacking a WEP password is, having to fight for a network connection everytime will probably not be in his best interest. If he keeps trying, keep changing your encryption keys. It isn't that hard, and will probably drive him crazy.

    Also, make sure your passwords are random letters (uppercase and lower), numbers, and characters, at least 8 characters long (longer if you can remember without writing them down). That makes trying to use brute force crackers almost impossible.
  23. Sun Baked macrumors G5

    Sun Baked

    May 19, 2002
    Stick his wireless MS Mouse in a sock and then proceed to beat him silly, while yelling "sniff this packet."
  24. davidjearly macrumors 68020


    Sep 21, 2006
    Glasgow, Scotland
  25. djstarrock macrumors 6502a


    Nov 23, 2006
    UK, Scotland, Glasgow
    Try that one first that might work.

Share This Page