Go Back   Computer Forums > General Computing > Networking | DNS
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 03-23-2013, 12:15 PM   #11
In Runtime
 
Join Date: Feb 2013
Location: UK
Posts: 156
Default Re: Someone is stealing my internet.

I appreciate I don't know about the devices in your home but I'm surprised that you'd even see POWER-PC coming up under net view because I believe (I'm not a windows person) that is restricted to computers in the same workgroup? - please correct me on this if it isn't. To test, change your workgroup from the default (HOME/WORKGROUP depending on OS) and see if it disappears.

I am assuming you don't have an old MAC anywhere in your house as this will likely be called POWER-PC by default.

-------- Assuming the above makes no difference and your access point has been compromised - see below.


Quote:
Originally Posted by Scubadivingpoop View Post
Thanks turned on my Mac Address filtering, hopefully this stops unwanted people from stealing my internet.
Firstly, MAC address filtering won't stop anyone getting on your network - it takes seconds for someone to 'snif' the air traffic and capture some packets. Even though they wouldn't be able to decrypt their payload (IP layer upwards), they would be able to see all the MAC addresses involved because that is how devices 'listening' to wifi know whether the packet is intended for them or not - choosing to ignore it if it isn't is just a courtesy (which anyone trying to steal your internet will not grant you!) - once you have a valid MAC address that is allowed to send traffic over your wireless network then you just 'spoof' that address on your device and you're in.

Secondly, and arguably more importantly -

I'd be very surprised if someone managed to break into your access point if it has (and always had) WPA2 AES security enabled, you have to have an 8-character passphrase for that as a minimum - but hopefully yours was longer and was non-trivial to guess. Assuming that is the case I would probably do some more investigating.

i.e.

1) Disable mac filtering if you already enabled it

2) Change the security back down to WEP with the same key (as you're assuming they've cracked this) - this is for a reason I'll go on to in a second

3) Wait for them to reconnect to the access point and, preferably before they do - while they're there - and after they're gone, have a packet capture running on a space machine**

4) Open the packet capture in wireshark (you can use this to actually do the capturing too - industry standard free tool, Wireshark Go deep.) and analyse the data to ascertain a) how they got in b) what they were looking for? c) what did they do/take? and d) did they cover up anything as they left?

5) Since you switched back to WEP earlier, you will be able to see the payloads for all of their traffic - using WPA 1/2 each client gets its own encryption key and then you'd have to break their key (which you won't do easily) to see what was going on - fortunately, WEP uses the same key for all encryption (hence why it is TRIVIALLY easy to break nowadays)

I imagine all this sounds pretty complicated, and to be honest if you're not a networking professional it is - so if you don't really know how to go about doing the above (or have experience with wireshark) either find a friend/colleague who does know about it - or follow the notes in the ** section below.

Hope that helps.


** ideally you don't want to generate any of your own traffic during this time to make subsequent analysis easier, but if they're good enough to break into your AP in the first place then a) they'll probably notice and b) they'll probably be much better at this than you (no offence) so you'll have to fully secure your router and make passwords at least 16 characters, preferably of random character sequences.
__________________

_michaelm is offline   Reply With Quote
Old 03-23-2013, 07:51 PM   #12
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Re: Someone is stealing my internet.

Hey guys CMD is a internal command to use locally in the OS. It's not a router command.
I see all kinds of garbage on my systems workgroup read out. If you have sharing turned off in all respects, you're fairly safe. All it is, is your wireless card is picking up a signal from a system near by that has the same workgroup name as yours. It would be a safe bet to assume yours and thiers are the default workgroup.
Showing up in the workgroup readout is not a router problem. Change your workgroup name and they'll go away.
__________________

setishock is offline   Reply With Quote
Old 03-23-2013, 09:58 PM   #13
In Runtime
 
lhamil64's Avatar
 
Join Date: Jan 2007
Posts: 398
Default Re: Someone is stealing my internet.

Quote:
Originally Posted by setishock View Post
Hey guys CMD is a internal command to use locally in the OS. It's not a router command.
I see all kinds of garbage on my systems workgroup read out. If you have sharing turned off in all respects, you're fairly safe. All it is, is your wireless card is picking up a signal from a system near by that has the same workgroup name as yours. It would be a safe bet to assume yours and thiers are the default workgroup.
Showing up in the workgroup readout is not a router problem. Change your workgroup name and they'll go away.
In order to have the other PC show up though, wouldn't they still need to be connected to the same network? Even if you're in range of two wireless networks with the same workgroup name, it would only show the machines on the workgroup you're currently connected to, right?
__________________
--Lee
Website/Blog: http://lhamil64.wordpress.com
lhamil64 is offline   Reply With Quote
Old 03-23-2013, 10:59 PM   #14
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Re: Someone is stealing my internet.

You would think so and I may be mistaken but my G7 monitors the hotel network and has to be connected to that (wireless). Meanwhile my desk rig is on my U-Verse network (hardwired). I can see the laptop on my desk rig and the desktop on my G7.
When I click on home group I get a (my name) on (name of my computer) has created a home group on the network. At the bottom I get 2 buttons > join now and cancel.
If that's what he's seeing it's harmless. Like I said if he changes the home group name they'll go away. It's if he's on the default home group name and the other person is too then he'll see that message.
setishock is offline   Reply With Quote
Old 03-24-2013, 04:55 AM   #15
In Runtime
 
Join Date: Feb 2013
Location: UK
Posts: 156
Default Re: Someone is stealing my internet.

Quote:
Originally Posted by setishock View Post
Hey guys CMD is a internal command to use locally in the OS. It's not a router command.
I see all kinds of garbage on my systems workgroup read out. If you have sharing turned off in all respects, you're fairly safe. All it is, is your wireless card is picking up a signal from a system near by that has the same workgroup name as yours. It would be a safe bet to assume yours and thiers are the default workgroup.
Showing up in the workgroup readout is not a router problem. Change your workgroup name and they'll go away.
As I implied above, this sounds much more plausible to me. Thanks for the windows insight - not my area of expertise.

Quote:
Originally Posted by setishock View Post
You would think so and I may be mistaken but my G7 monitors the hotel network and has to be connected to that (wireless). Meanwhile my desk rig is on my U-Verse network (hardwired). I can see the laptop on my desk rig and the desktop on my G7.
When I click on home group I get a (my name) on (name of my computer) has created a home group on the network. At the bottom I get 2 buttons > join now and cancel.
If that's what he's seeing it's harmless. Like I said if he changes the home group name they'll go away. It's if he's on the default home group name and the other person is too then he'll see that message.
That has windows 'feature' written all over it.. sad really.
_michaelm is offline   Reply With Quote
Old 03-24-2013, 11:42 AM   #16
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Re: Someone is stealing my internet.

Here's some food for thought. Is there a service you can disable that controls the group function? Hmm...
setishock is offline   Reply With Quote
Old 03-24-2013, 02:21 PM   #17
In Runtime
 
Join Date: Feb 2013
Location: UK
Posts: 156
Default Re: Someone is stealing my internet.

Quote:
Originally Posted by setishock View Post
Here's some food for thought. Is there a service you can disable that controls the group function? Hmm...
Almost certainly - there are a number of services which relate to the workgroups (thinking back to XP here btw), but if any of those were disabled I wouldn't count on the rest of the network behaving as expected.
_michaelm is offline   Reply With Quote
Old 03-24-2013, 05:35 PM   #18
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Re: Someone is stealing my internet.

True. I'm giving some serious thought to jumping ship and going over to Knoppix 7.
__________________

setishock is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 07:55 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0