Unauthorized Network User

Discussion in 'Windows Desktop Systems' started by dreamworks, Oct 16, 2004.

  1. dreamworks

    dreamworks --== babyface ==--

    Messages:
    355
    Hi guys ..

    I setup a wireless network at home. It consist of a Linksys Wireless Broadband Router connected to an ADSL modem.

    There are 3 users in my network, namely myself using a notebook, and two of my housemates using PC.

    However, recently I caught this image on wireless router wireless access, there is another user, without a valid IP. The thing that I would like to find out is :-

    1) How did the user find and enter the network when I have disabled my Wireless SSID Broadcast, used WEP as security mode, and restrict access based on MAC address?
    2) Since the user is "in" the network, is he able to use the network resources like accessing the user machines, or using the internet access?

    I have included the file for your view, please let me know if there is anything further that I should do. Thanks.
     
  2. dreamworks

    dreamworks --== babyface ==--

    Messages:
    355
    Sorry .. forgot to attach the file. As you can see, the first line is my fixed IP and my notebook's MAC address. The second .. I don't know who and what is his access level.
     

    Attached Files:

  3. Stu

    Stu OSNN Junior Addict

    Messages:
    26
    Are both your flat mates PCs working properly (ie: they can access the internet, shared folders, shared printers, etc)? It could be that one of their PCs hasn't connected properly to the router and so hasn't been assigned an IP address.

    Apologies if you've already done this :)
     
  4. Mainframeguy

    Mainframeguy Debiant by way of Ubuntu Folding Team

    Messages:
    3,763
    Location:
    London, UK
    this really sounds weird - just to verify that MAC address is NOT one of yours?! I have no idea how this could happen!
     
  5. vern

    vern Dominus Political User Folding Team

    Messages:
    1,571
    Location:
    Minnesota, USA
    Mac address of the router perhaps?

    Routing within a network is also all done via MAC addresses. If the router doesn't have the MAC address in it's ARP table of a host it needs to deliver packets to, it will send out an ARP. This goes out to the broadcast MAC, with destination and source IPs of unknown ... or 0.0.0.0.
     
  6. dreamworks

    dreamworks --== babyface ==--

    Messages:
    355
    There are 3 users in the network originally .. myself (notebook) using a wireless card, 1st housemate (pc) using a wireless card, and 2nd housemate (pc) connected via network cable to the built-in switch. As you can see from the image, the IP 192.168.1.12 is myself, but the next guy, 0.0.0.0 is the authorized user. It is not my 1st housemate because his PC is already offline and not in use for now.

    I have no idea how this could happen as well .. I thought I have done sufficient to protect the network, but looks like it is not. :(
     
  7. dreamworks

    dreamworks --== babyface ==--

    Messages:
    355
    Checked the MAC of the router. Nope thats the router's MAC address .. definitely some outsider's MAC address.
     
  8. vern

    vern Dominus Political User Folding Team

    Messages:
    1,571
    Location:
    Minnesota, USA
    Probably is then, and he is probably in the process of getting an IP if you are setup to use DHCP. Your router probably didn't give him one if you have it set the way you say your wireless router is set up. Remember, it's wireless, and not wired ... they can attempt. You'll still be able to see the different protocols at work, but still be rejected.
     
  9. Mainframeguy

    Mainframeguy Debiant by way of Ubuntu Folding Team

    Messages:
    3,763
    Location:
    London, UK
    what vern said - maybe even an "innocent" attempt... my neighbour set his wi-fi up totally unprotected :eek: and I surfed his bandwidth in the Garden for an afternoon :cool: but then I printed out the network connection and wrote a note on the page to alert him - he went totally WEP about a week later and I know I cannot get in even if I did try...
     
  10. dreamworks

    dreamworks --== babyface ==--

    Messages:
    355
    So what we're saying here is that most likely the attempt is just from someone within the vincinity but unsuccessful and I shouldn't worry too much about it?

    There is another point though .. I disabled the DHCP on the router though.
     
  11. Mainer82

    Mainer82 Binary

    Messages:
    101
    Check the MAC addresses of all your clients, including the router and DSL modem.

    It's probably someone scanning for a WLAN or someone that has a WLAN on the same channel that is close to you. They are not getting into your network though.