I think my neighbor tried to get into my network. . . Cool!!

s0ldier93

Limp Gawd
Joined
Nov 3, 2002
Messages
169
Ok, It's more cool that I noticed something was wrong than it was (may have been) actually happening.

I am studying CCNA, M$ Server 2k3, and Linux+, so I have 5 computers going doing different things. One (Bender, the old laptop) runs Look@LAN most of the time. Another (Motherbrain, the trusty old fileserver) never had the Symantec firewall disabled like I did with some used company computers I bought/was donated. And for some strange reason my laptop's (dell, run Net-stumbler sometimes) wireless would get onto the network, but not the ethernet plug . . .. . ??? I figured I can't let a little problem like that stop an up and coming network guy like me right?

After about 15 minutes of ping attempts, making sure it was connected, and reseting my modem and linksys WRT54G (fixed the problem), I noticed Motherbrain had one too many workgroups showing(I was doing homework). A look at Bender's L@L and I had a guest using my router. ????? WTF??? Laptop was on my router via and nice long WPA password. Net-stumbler picked up her router/network. Hell, I even got a look at her name in the "corp" workgroup with her first and last name conveniently assigned as the computer name. Did I mention I'm a part time Real Estate agent and got her address about a minute later? 3 town houses down and across the street, nice clear wifi shot. The end result is that I have turned off my wireless for now.

Anyway, I can't really imagine that this person hacked my router and network on a machine named after her on purpose(or can I?). Especially when there are two unprotected routers between us, and that's just on my side. So my question is, where did I go wrong with my WPA security? Or, how could that have happened accidentally? My router gave her an IP address. Maybe it was a hack?

I think I may go for the CCSP after the CCNA . . . . . I found the whole thing rather exciting. I do have a few screen shots from my laptop as I was trying to figure out what was going on if that would help.
 
MAC Filtering.
Restrict wireless access only to the MACs you specify.

The end result is she won't be able to connect, even if she DOES break your WPA...

You can also filter via IP address if you wish.

If your router is assigning DHCP addresses, only have it assign 5. You have 5 computers- it only needs to be assigning 5. This would prevent alot of people from getting on as well.

Is your wireless clients just G? Or a mix of B and G?
I personally like restricting that the best I can as well- either JUST B or JUST G. That way NICs only compatible with the other type (rare these days, I know) won't be able to use it, either.

Disable SSID broadcast. Knocks most people off as well. The problem is you will have to manually configure the network name though.

That should lock you down pretty well.
I personally think you didn't apply the settings, or just overlooked something... because nobody can crack WPA in 15 minutes. Especially home users. I am just guessing she booted up, Windows grabbed the first open network it could find, and she went from there.
 
MAC Filtering.
Restrict wireless access only to the MACs you specify.

The end result is she won't be able to connect, even if she DOES break your WPA...

MAC filtering doesn't help that much, it's actually quite simple to spoof a MAC you see on the network (which doesn't require cracking any encryption) and just spoof one you see that is allowed.
 
MAC filtering doesn't help that much, it's actually quite simple to spoof a MAC you see on the network (which doesn't require cracking any encryption) and just spoof one you see that is allowed.

Let's please not get into technicalities to just point fingers around...

We are talking about a neighbor. Not a Network Analyst.
 
MAC filtering is useless
So is turning off ssid broadcasting
I'd say that you should replace your current wpa password with a better one, get one from here.

Unfortuatly I can't think of many other ways of securing it further besides RADIUS which is nearly impenitrable, but a serious PIA to setup. I haven't had much experience securing post intrusion.
 
MAC Filtering.
Restrict wireless access only to the MACs you specify.
The end result is she won't be able to connect, even if she DOES break your WPA...



................................. right. So once the encryption is broken, what exactly would keep someone from seeing the MAC address of any other client on the network? Oh yeah, nothing. Change MAC on attacking machine and look there, MAC filtering is worthless, just as has been pointed out in countless posts on this board.
 
Let's please not get into technicalities to just point fingers around...

We are talking about a neighbor. Not a Network Analyst.

Who is to say the neighbor doesn't know how? I mean if they took the time to crack WPA, I'm pretty sure spoofing the MAC wouldn't come in too far behind, as even in windows that is a simple task.
 
Go knocking at the door of the person with said evidence. If the problem persists, I'd file a police report. Should the police not care, get the mafia? You might also want to change your WPA password daily. The incredibly poor encryption they continually build into wireless technologies is weak but you can still rotate keys before they have a likely chance of cracking the password.
 
Don't know about the US but here its illegal to use other peoples wireless even if its not encrypted.

I understand your frustration being a tech gay allowing some mom to break into your network. Must be some kind of glitch :) or maybe a hacker mom who doesnt know how to change her computer name ;)
 
everyone-
Thank you for all of the responces.

zacdl-
Thank you for all of the suggestions, I will employ them all tonite when I get home. I'm almost positive my WPA is (read: was) working. I have a buddy and an in-law that I let in whenever they come by. Having said that, I haven't changed the password in several months now.

dpgamer-
Thanks for the link. Damn. I'll have to have my wife's computer next to mine when adding one of those.

hokatichenci, gummianden, & Xipher-
I don't think I'll press charges just yet. I'm acually very interested in how she did it, and if it was intensional. My original problem (malfuntioning ethernet port) occured because the IP address started being used by her computer. I'm guessing another nieghbor would have just gone to bed and got back on in the morning.
 
You said you had "reset" your wrt54g....which meant for a short period of time it was running default. Which means SSID = Linksys, and no security. If this neighbors home LAN was running the same defaults on the same brand router...they could have latched onto yours a few times during that period you had reset the wrt..until you changed settings and applied them. I'd say long enough for your neighbor to pull and IP and have some network broadcasts.
 
YeOldeStonecat-

I didn't do factory reset (requiring holding the reset button for over 30 seconds). I just did a quick button press. One of my many checks was to make sure my setting were still there. That was this morning though. As of right now my wireless is still disabled.

edit: Just completely read your post. Is that possible if my security setting remained unchanged this morning?
 
Who is to say the neighbor doesn't know how? I mean if they took the time to crack WPA, I'm pretty sure spoofing the MAC wouldn't come in too far behind, as even in windows that is a simple task.
The keyword there is "Took the time".
If you read the OP, it says "Within 15 minutes".
You would have to be one darned good cracker to crack WPA in 15 minutes.
Plus, you wouldn't use a computername AS your real name.
Which is why this is most definately someone that just stumbled on it.

Don't know about the US but here its illegal to use other peoples wireless even if its not encrypted.
Its iffy. There is really no set law.
I think the going consensus is if it is opened, reachable in a public place (parking lot), you can use it.
If it is encrypted, obviously not.

I'm acually very interested in how she did it, and if it was intensional. My original problem (malfuntioning ethernet port) occured because the IP address started being used by her computer
I would just go talk to her. Take your screenshots with you so she knows what you are talking about, and ask her how she got on (She probably won't even know- as I said, just stumbled on it).
 
Ok i think its safe to say
A) She didnt do it on purpose. Maybe her kid learned something from google and is trying it out?
B) Its not bad knowing this information people are suggesting,so go with it.
C) I like to have three options but i couldnt think of one. So here it is.
 
You said you had "reset" your wrt54g....which meant for a short period of time it was running default. Which means SSID = Linksys, and no security. If this neighbors home LAN was running the same defaults on the same brand router...they could have latched onto yours a few times during that period you had reset the wrt..until you changed settings and applied them. I'd say long enough for your neighbor to pull and IP and have some network broadcasts.
Yep. I've had this happen.
 
Since you want to learn networking set up your network like this guy LOL

http://www.ex-parrot.com/~pete/upside-down-ternet.html

He redirects traffic not coming from his machines thru a squid proxy which can flip and blur images, redirect traffic to any site you wish etc..

change your ssid to something that will scare people from joining like trojan.downloader or Virusfactory etc.. lol
 
Since you want to learn networking set up your network like this guy LOL

http://www.ex-parrot.com/~pete/upside-down-ternet.html

He redirects traffic not coming from his machines thru a squid proxy which can flip and blur images, redirect traffic to any site you wish etc..

change your ssid to something that will scare people from joining like trojan.downloader or Virusfactory etc.. lol

Actually you don't even have to direct it through a proxy. You can just insert a few lines of code into your router (Depending what firmware you have- it could be either tricker or hard).
It IS rather cool- to screw with people.

But our goal is to get them off- not just mess with their heads.
 
let them re-connect then upload as much horse porn as you can to their PC. that will teach them to leech off of someone elses wifi.
 
Back
Top