Go Back   Computer Forums > General Computing > Networking | DNS
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 03-16-2013, 10:56 PM   #1
Beta Member
 
Join Date: Mar 2013
Location: US
Posts: 5
Default Someone is stealing my internet.

So i recently came up the CMD command net view to see who is using the internet, i would randomly check it to see if someone is actually using my wifi without my permission. So tonight when i tried it i noticed that there was a new device that i've never seen before named POWER-PC. How do i get rid of this guy. I dont know much about computers so im not exactly a wizard but can use some help.
__________________

__________________
Scubadivingpoop is offline   Reply With Quote
Old 03-17-2013, 02:35 AM   #2
Solid State Member
 
Join Date: Mar 2013
Location: United States
Posts: 15
Default Re: Someone is stealing my internet.

WEP is fairly easy to crack but WPA is more secure and WPA2 is solid. Just about all router support WPA2. Did you set up encyption when you set up your router? If not, go to your address bar and type in the URL: 192.168.0.1 which should take you to your router settings. leave the password field blank and go to wireless settings and create a password for your network. If you want even more control you can set up access control and speifically block your neighbor but that wouldnt really be necessary if you just create a network password. Let me know if that helps at all.
__________________

__________________
James99 is offline   Reply With Quote
Old 03-17-2013, 10:41 AM   #3
In Runtime
 
lhamil64's Avatar
 
Join Date: Jan 2007
Posts: 398
Default Re: Someone is stealing my internet.

Quote:
Originally Posted by James99 View Post
WEP is fairly easy to crack but WPA is more secure and WPA2 is solid. Just about all router support WPA2. Did you set up encyption when you set up your router? If not, go to your address bar and type in the URL: 192.168.0.1 which should take you to your router settings. leave the password field blank and go to wireless settings and create a password for your network. If you want even more control you can set up access control and speifically block your neighbor but that wouldnt really be necessary if you just create a network password. Let me know if that helps at all.
You are making too many assumptions about their router config.

OP: Your router's address might not be 192.168.0.1. To find it, open up cmd and type in "ipconfig /all" (without the quotes). Then look for the Default Gateway. That will be your router's IP address. Type that into your browser and it should bring you to the config page for your router. Then enter the username and password (it could be anything really, but the default is probably something like username: "admin", password:"admin" or a blank password. Try a few different combinations, and if you can't figure it out, you can either look in your router's manual or look online for it).

Once you've logged into your router's config page, definitely look for the security settings and make your password use WPA2 encryption if possible. If the highest encryption your router supports is WEP, then I'd recommend turning on MAC address filtering. MAC address filtering requires a little more work to connect new devices, but it prevents anything connecting that you haven't specifically allowed. If you can't increase your password's security, post back and someone can probably explain MAC filtering a little better.
__________________
--Lee
Website/Blog: https://lhamil64.wordpress.com
lhamil64 is offline   Reply With Quote
Old 03-17-2013, 10:05 PM   #4
Beta Member
 
Join Date: Mar 2013
Location: US
Posts: 5
Default Re: Someone is stealing my internet.

Actually i have my wireless SSID hidden with WEP2 AES password.
__________________
Scubadivingpoop is offline   Reply With Quote
Old 03-18-2013, 09:28 AM   #5
In Runtime
 
lhamil64's Avatar
 
Join Date: Jan 2007
Posts: 398
Default Re: Someone is stealing my internet.

Quote:
Originally Posted by Scubadivingpoop View Post
Actually i have my wireless SSID hidden with WEP2 AES password.
WEP2? Did you mean WPA2?

That's very strange that someone would take that much time to hack into your network then. Did you give anyone your SSID and password who could have connected another computer or anything?

If not, I would enable MAC address filtering and change the password.
__________________
--Lee
Website/Blog: https://lhamil64.wordpress.com
lhamil64 is offline   Reply With Quote
Old 03-18-2013, 12:08 PM   #6
Beta Member
 
Join Date: Mar 2013
Location: US
Posts: 5
Default Re: Someone is stealing my internet.

yah i meant WPA2, what is mac address filtering?
__________________
Scubadivingpoop is offline   Reply With Quote
Old 03-18-2013, 06:11 PM   #7
Solid State Member
 
Join Date: Mar 2013
Location: United States
Posts: 15
Default Re: Someone is stealing my internet.

The MAC address is the physical address of a computer (stored on the network interface card) that stays the same for each specific computer. MAC filtering tells the router what specific computers can connect to your network and blocks out anyone else who tries. You just have to go to your router settings, find mac filtering, and enter your mac address and the mac addresses of any other computers you want to allow on your network. To find your computers MAC address type in "ipconfig/all" in your command prompt and look for where it says "physical address". Just copy the number down in filtering list and you're good to go! Like lee said though I'd still change your password
__________________
James99 is offline   Reply With Quote
Old 03-18-2013, 06:43 PM   #8
Beta Member
 
Join Date: Mar 2013
Location: US
Posts: 5
Default Re: Someone is stealing my internet.

Thanks turned on my Mac Address filtering, hopefully this stops unwanted people from stealing my internet.
__________________
Scubadivingpoop is offline   Reply With Quote
Old 03-18-2013, 07:01 PM   #9
Fully Optimized
 
OhSnapWord's Avatar
 
Join Date: Jan 2012
Location: USA
Posts: 1,853
Default Re: Someone is stealing my internet.

Stupid question, did you change the admin password on your router? This password is different from the WPA key. Also, do not make them the same.
__________________
FX-8350 @ 4.7 cooled by H80, 32GB Mushkin Enhanced Blackline 2133, Asus Sabertooth 990FX, 2x Radeon HD 7850 2GB in X-fire, 500GB Samsung 850 Evo, 4TB Seagate, 3TB WD Black, 2x 1TB WD RED in RAID 0
OhSnapWord is offline   Reply With Quote
Old 03-18-2013, 07:15 PM   #10
Beta Member
 
Join Date: Mar 2013
Location: US
Posts: 5
Default Re: Someone is stealing my internet.

Yah changed the login and password for the router and also have a different wireless SSID and password
__________________
Scubadivingpoop is offline   Reply With Quote
Old 03-23-2013, 11:15 AM   #11
In Runtime
 
Join Date: Feb 2013
Location: UK
Posts: 156
Default Re: Someone is stealing my internet.

I appreciate I don't know about the devices in your home but I'm surprised that you'd even see POWER-PC coming up under net view because I believe (I'm not a windows person) that is restricted to computers in the same workgroup? - please correct me on this if it isn't. To test, change your workgroup from the default (HOME/WORKGROUP depending on OS) and see if it disappears.

I am assuming you don't have an old MAC anywhere in your house as this will likely be called POWER-PC by default.

-------- Assuming the above makes no difference and your access point has been compromised - see below.


Quote:
Originally Posted by Scubadivingpoop View Post
Thanks turned on my Mac Address filtering, hopefully this stops unwanted people from stealing my internet.
Firstly, MAC address filtering won't stop anyone getting on your network - it takes seconds for someone to 'snif' the air traffic and capture some packets. Even though they wouldn't be able to decrypt their payload (IP layer upwards), they would be able to see all the MAC addresses involved because that is how devices 'listening' to wifi know whether the packet is intended for them or not - choosing to ignore it if it isn't is just a courtesy (which anyone trying to steal your internet will not grant you!) - once you have a valid MAC address that is allowed to send traffic over your wireless network then you just 'spoof' that address on your device and you're in.

Secondly, and arguably more importantly -

I'd be very surprised if someone managed to break into your access point if it has (and always had) WPA2 AES security enabled, you have to have an 8-character passphrase for that as a minimum - but hopefully yours was longer and was non-trivial to guess. Assuming that is the case I would probably do some more investigating.

i.e.

1) Disable mac filtering if you already enabled it

2) Change the security back down to WEP with the same key (as you're assuming they've cracked this) - this is for a reason I'll go on to in a second

3) Wait for them to reconnect to the access point and, preferably before they do - while they're there - and after they're gone, have a packet capture running on a space machine**

4) Open the packet capture in wireshark (you can use this to actually do the capturing too - industry standard free tool, Wireshark Go deep.) and analyse the data to ascertain a) how they got in b) what they were looking for? c) what did they do/take? and d) did they cover up anything as they left?

5) Since you switched back to WEP earlier, you will be able to see the payloads for all of their traffic - using WPA 1/2 each client gets its own encryption key and then you'd have to break their key (which you won't do easily) to see what was going on - fortunately, WEP uses the same key for all encryption (hence why it is TRIVIALLY easy to break nowadays)

I imagine all this sounds pretty complicated, and to be honest if you're not a networking professional it is - so if you don't really know how to go about doing the above (or have experience with wireshark) either find a friend/colleague who does know about it - or follow the notes in the ** section below.

Hope that helps.


** ideally you don't want to generate any of your own traffic during this time to make subsequent analysis easier, but if they're good enough to break into your AP in the first place then a) they'll probably notice and b) they'll probably be much better at this than you (no offence) so you'll have to fully secure your router and make passwords at least 16 characters, preferably of random character sequences.
__________________
_michaelm is offline   Reply With Quote
Old 03-23-2013, 06:51 PM   #12
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Re: Someone is stealing my internet.

Hey guys CMD is a internal command to use locally in the OS. It's not a router command.
I see all kinds of garbage on my systems workgroup read out. If you have sharing turned off in all respects, you're fairly safe. All it is, is your wireless card is picking up a signal from a system near by that has the same workgroup name as yours. It would be a safe bet to assume yours and thiers are the default workgroup.
Showing up in the workgroup readout is not a router problem. Change your workgroup name and they'll go away.
__________________
setishock is offline   Reply With Quote
Old 03-23-2013, 08:58 PM   #13
In Runtime
 
lhamil64's Avatar
 
Join Date: Jan 2007
Posts: 398
Default Re: Someone is stealing my internet.

Quote:
Originally Posted by setishock View Post
Hey guys CMD is a internal command to use locally in the OS. It's not a router command.
I see all kinds of garbage on my systems workgroup read out. If you have sharing turned off in all respects, you're fairly safe. All it is, is your wireless card is picking up a signal from a system near by that has the same workgroup name as yours. It would be a safe bet to assume yours and thiers are the default workgroup.
Showing up in the workgroup readout is not a router problem. Change your workgroup name and they'll go away.
In order to have the other PC show up though, wouldn't they still need to be connected to the same network? Even if you're in range of two wireless networks with the same workgroup name, it would only show the machines on the workgroup you're currently connected to, right?
__________________
--Lee
Website/Blog: https://lhamil64.wordpress.com
lhamil64 is offline   Reply With Quote
Old 03-23-2013, 09:59 PM   #14
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Re: Someone is stealing my internet.

You would think so and I may be mistaken but my G7 monitors the hotel network and has to be connected to that (wireless). Meanwhile my desk rig is on my U-Verse network (hardwired). I can see the laptop on my desk rig and the desktop on my G7.
When I click on home group I get a (my name) on (name of my computer) has created a home group on the network. At the bottom I get 2 buttons > join now and cancel.
If that's what he's seeing it's harmless. Like I said if he changes the home group name they'll go away. It's if he's on the default home group name and the other person is too then he'll see that message.
__________________
setishock is offline   Reply With Quote
Old 03-24-2013, 03:55 AM   #15
In Runtime
 
Join Date: Feb 2013
Location: UK
Posts: 156
Default Re: Someone is stealing my internet.

Quote:
Originally Posted by setishock View Post
Hey guys CMD is a internal command to use locally in the OS. It's not a router command.
I see all kinds of garbage on my systems workgroup read out. If you have sharing turned off in all respects, you're fairly safe. All it is, is your wireless card is picking up a signal from a system near by that has the same workgroup name as yours. It would be a safe bet to assume yours and thiers are the default workgroup.
Showing up in the workgroup readout is not a router problem. Change your workgroup name and they'll go away.
As I implied above, this sounds much more plausible to me. Thanks for the windows insight - not my area of expertise.

Quote:
Originally Posted by setishock View Post
You would think so and I may be mistaken but my G7 monitors the hotel network and has to be connected to that (wireless). Meanwhile my desk rig is on my U-Verse network (hardwired). I can see the laptop on my desk rig and the desktop on my G7.
When I click on home group I get a (my name) on (name of my computer) has created a home group on the network. At the bottom I get 2 buttons > join now and cancel.
If that's what he's seeing it's harmless. Like I said if he changes the home group name they'll go away. It's if he's on the default home group name and the other person is too then he'll see that message.
That has windows 'feature' written all over it.. sad really.
__________________
_michaelm is offline   Reply With Quote
Old 03-24-2013, 10:42 AM   #16
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Re: Someone is stealing my internet.

Here's some food for thought. Is there a service you can disable that controls the group function? Hmm...
__________________
setishock is offline   Reply With Quote
Old 03-24-2013, 01:21 PM   #17
In Runtime
 
Join Date: Feb 2013
Location: UK
Posts: 156
Default Re: Someone is stealing my internet.

Quote:
Originally Posted by setishock View Post
Here's some food for thought. Is there a service you can disable that controls the group function? Hmm...
Almost certainly - there are a number of services which relate to the workgroups (thinking back to XP here btw), but if any of those were disabled I wouldn't count on the rest of the network behaving as expected.
__________________
_michaelm is offline   Reply With Quote
Old 03-24-2013, 04:35 PM   #18
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Re: Someone is stealing my internet.

True. I'm giving some serious thought to jumping ship and going over to Knoppix 7.
__________________

__________________
setishock is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 01:22 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0
×