I appreciate I don't know about the devices in your home but I'm surprised that you'd even see POWER-PC coming up under net view because I believe (I'm not a windows person) that is restricted to computers in the same workgroup? - please correct me on this if it isn't. To test, change your workgroup from the default (HOME/WORKGROUP depending on OS) and see if it disappears.
I am assuming you don't have an old MAC anywhere in your house as this will likely be called POWER-PC by default.
-------- Assuming the above makes no difference and your access point has been compromised - see below.
Firstly, MAC address filtering won't stop anyone getting on your network - it takes seconds for someone to 'snif' the air traffic and capture some packets. Even though they wouldn't be able to decrypt their payload (IP layer upwards), they would be able to see all the MAC addresses involved because that is how devices 'listening' to wifi know whether the packet is intended for them or not - choosing to ignore it if it isn't is just a courtesy (which anyone trying to steal your internet will not grant you!) - once you have a valid MAC address that is allowed to send traffic over your wireless network then you just 'spoof' that address on your device and you're in.
Secondly, and arguably more importantly -
I'd be very surprised if someone managed to break into your access point if it has (and always had) WPA2 AES security enabled, you have to have an 8-character passphrase for that as a minimum - but hopefully yours was longer and was non-trivial to guess. Assuming that is the case I would probably do some more investigating.
i.e.
1) Disable mac filtering if you already enabled it
2) Change the security back down to WEP with the same key (as you're assuming they've cracked this) - this is for a reason I'll go on to in a second
3) Wait for them to reconnect to the access point and, preferably before they do - while they're there - and after they're gone, have a packet capture running on a space machine**
4) Open the packet capture in wireshark (you can use this to actually do the capturing too - industry standard free tool, Wireshark · Go deep.) and analyse the data to ascertain a) how they got in b) what they were looking for? c) what did they do/take? and d) did they cover up anything as they left?
5) Since you switched back to WEP earlier, you will be able to see the payloads for all of their traffic - using WPA 1/2 each client gets its own encryption key and then you'd have to break their key (which you won't do easily) to see what was going on - fortunately, WEP uses the same key for all encryption (hence why it is TRIVIALLY easy to break nowadays)
I imagine all this sounds pretty complicated, and to be honest if you're not a networking professional it is - so if you don't really know how to go about doing the above (or have experience with wireshark) either find a friend/colleague who does know about it - or follow the notes in the ** section below.
Hope that helps.
** ideally you don't want to generate any of your own traffic during this time to make subsequent analysis easier, but if they're good enough to break into your AP in the first place then a) they'll probably notice and b) they'll probably be much better at this than you (no offence) so you'll have to fully secure your router and make passwords at least 16 characters, preferably of random character sequences.
I am assuming you don't have an old MAC anywhere in your house as this will likely be called POWER-PC by default.
-------- Assuming the above makes no difference and your access point has been compromised - see below.
Thanks turned on my Mac Address filtering, hopefully this stops unwanted people from stealing my internet.
Firstly, MAC address filtering won't stop anyone getting on your network - it takes seconds for someone to 'snif' the air traffic and capture some packets. Even though they wouldn't be able to decrypt their payload (IP layer upwards), they would be able to see all the MAC addresses involved because that is how devices 'listening' to wifi know whether the packet is intended for them or not - choosing to ignore it if it isn't is just a courtesy (which anyone trying to steal your internet will not grant you!) - once you have a valid MAC address that is allowed to send traffic over your wireless network then you just 'spoof' that address on your device and you're in.
Secondly, and arguably more importantly -
I'd be very surprised if someone managed to break into your access point if it has (and always had) WPA2 AES security enabled, you have to have an 8-character passphrase for that as a minimum - but hopefully yours was longer and was non-trivial to guess. Assuming that is the case I would probably do some more investigating.
i.e.
1) Disable mac filtering if you already enabled it
2) Change the security back down to WEP with the same key (as you're assuming they've cracked this) - this is for a reason I'll go on to in a second
3) Wait for them to reconnect to the access point and, preferably before they do - while they're there - and after they're gone, have a packet capture running on a space machine**
4) Open the packet capture in wireshark (you can use this to actually do the capturing too - industry standard free tool, Wireshark · Go deep.) and analyse the data to ascertain a) how they got in b) what they were looking for? c) what did they do/take? and d) did they cover up anything as they left?
5) Since you switched back to WEP earlier, you will be able to see the payloads for all of their traffic - using WPA 1/2 each client gets its own encryption key and then you'd have to break their key (which you won't do easily) to see what was going on - fortunately, WEP uses the same key for all encryption (hence why it is TRIVIALLY easy to break nowadays)
I imagine all this sounds pretty complicated, and to be honest if you're not a networking professional it is - so if you don't really know how to go about doing the above (or have experience with wireshark) either find a friend/colleague who does know about it - or follow the notes in the ** section below.
Hope that helps.
** ideally you don't want to generate any of your own traffic during this time to make subsequent analysis easier, but if they're good enough to break into your AP in the first place then a) they'll probably notice and b) they'll probably be much better at this than you (no offence) so you'll have to fully secure your router and make passwords at least 16 characters, preferably of random character sequences.
Last edited: