Page 1 of 2 12 LastLast
Results 1 to 16 of 17

Thread: Kinda scary... DHCP leases reveal tons of other people :(

  1. #1
    Senior Member
    Join Date
    Sep 2005
    Posts
    587
    Thanks
    7
    Thanked
    7 times in 7 posts

    Kinda scary... DHCP leases reveal tons of other people :(

    Hi, I just recently went into the DHCP thing and saw all the people that have IP leases. This is really shocking because most of these computers are NOT on my network and I have no idea who they are...

    Are they hackors, or do you think these are people who are picking up the wireless access point? I have no neighbors in range, but there is a street about 200 feet away where sometimes cars sit if the traffic light is red.

    Do you think that is where they are comming from?
    Please help, thanks!


  2. #2
    Member
    Join Date
    Feb 2006
    Posts
    57
    Thanks
    0
    Thanked
    0 times in 0 posts
    Do you have any sort of security on your wireless network? WEP, WPA...etc
    I must say i have had wireless for nearly two years, and have been fortunate not to have have an intruder until last week, but easily sorted it with MAC Address filtering.
    Matt

  3. #3
    Senior Member
    Join Date
    Jan 2006
    Posts
    318
    Thanks
    0
    Thanked
    0 times in 0 posts
    Bear in mind that some of these could be people passing by with PDA's etc or they could be using wireless kit with high gain antenna's fitted... Its quite possible you ar being picked up beyond the range you think is possible.

    Secure your network!

    1) Turn off DHCP on your router unless you REALLY need it (assign statics instead).
    2) Change your IP range to something more obscure (less likely to be guessed at such as 192.168.171.xxx or 10.99.207.xxx).
    3) Turn on WEP or WPA.
    4) You can also tell your router not to broadcast its SSID (but then you may have trouble with some wireless kit not finding your network).

    Google for more
    AMD X2 @ 2.6Ghz, X1800XL @ 540/600

  4. #4
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,168
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts
    DHCP isn't really a security risk. I wouldn't turn it off.

    Turn on WPA, if your access point dosen't support it, don't use it. (without some kind of hardware firewall with authentification.... but that gets complex).

    Then if possible, add MAC addresses one by one. sorted
    throw new ArgumentException (String, String, Exception)

  5. #5
    UKMuFFiN
    Guest
    Hack them back





    sorry, not very helpful i know, but yeh, you didnt mention what security you have in place.

  6. #6
    Senior Member
    Join Date
    May 2006
    Posts
    251
    Thanks
    0
    Thanked
    6 times in 6 posts
    It is pretty likely that most of those were people waiting in their cars and briefly attempting to join you Wireless. Looks like thats the case as they all grabbed their leases on different days and at different times. The only one that would concern me is the 'XXXXX', unless you intended to wardrive there is no reason to name a machine something as anonymous.

    As said above securing the wireless AP seems like the best course of action. DCHP is secure, well like everything else, as secure as the user makes it. Static IPs are troublesome and not particularly secure to anyone who knows what they are doing (and I dont just mean people guessing).

  7. #7
    Senior Member
    Join Date
    Jan 2006
    Posts
    318
    Thanks
    0
    Thanked
    0 times in 0 posts
    There is nothing troublesome about static IP's... The only reason for disabling DHCP is to stop casual passers by picking up an IP so quickly. Combine that with a change of IP range to something less obvious and unless they are sat outside for more than 3 minutes they wont have really had time to setup a connection...

    Hacking people back isn't a good idea either (no offence Muffin!).

    MAC address filtering will discourage a lot of casual connection attempts as will hiding your SSID. However the only thing that will stop the majority of WIFI bandwidth thieves is using WPA.

    See here: http://www.practicallynetworked.com/...ess_secure.htm for a nice simple guide.
    AMD X2 @ 2.6Ghz, X1800XL @ 540/600

  8. #8
    Senior Member
    Join Date
    Sep 2005
    Posts
    587
    Thanks
    7
    Thanked
    7 times in 7 posts
    Okay thanks guys... I suppose I should have gave some more information:

    - DHCP on the router is disabled
    - DHCP is comming from the server running Win 2K3 Server
    - The "wireless access point" is nothing more than a wireless linksys router used as a switch by plugging it into the main router via one of its normal ports and not using its uplink port

    How do I filter by MAC address? Make a MAC reservation for everyone on the network and then creating a IP distribution exclusion that covers the whole scope? Or is there another way?

    About WPA... since I am using my wireless router as a switch, there is no HTTP interface to get to the security settings. If I plug it in like a normal router, then change security settings, then plug it back in as a switch configuration, will the WPA still work?

    Any advice you can give is great! Thanks
    Last edited by latrosicarius; 02-09-2006 at 07:32 PM.

  9. #9
    Senior Member
    Join Date
    Mar 2005
    Posts
    4,945
    Thanks
    171
    Thanked
    388 times in 315 posts
    • badass's system
      • Motherboard:
      • ASUS P8Z77-m pro
      • CPU:
      • Core i5 3570K
      • Memory:
      • 32GB
      • Storage:
      • 1TB Samsung 850 EVO, 2TB WD Green
      • Graphics card(s):
      • Radeon RX 580
      • PSU:
      • Corsair HX520W
      • Case:
      • Silverstone SG02-F
      • Operating System:
      • Windows 10 X64
      • Monitor(s):
      • Del U2311, LG226WTQ
      • Internet:
      • 80/20 FTTC
    Please tell me this netowrk is personal and not a network for a business you support.
    Secondly - get WEP/WPA running on your access point and lappy's/pda's NOW!
    "In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."

  10. #10
    Splash
    Guest
    Your WAP support RADIUS authentication?

  11. #11
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,665
    Thanks
    53
    Thanked
    384 times in 313 posts
    one nice way of doing it would be to restrict your DHCP scope on the server and require DHCP reservatiosn by MAC address. That combined with setting up a little Wireless Security on your AP should do the trick.
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  12. #12
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,665
    Thanks
    53
    Thanked
    384 times in 313 posts
    Quote Originally Posted by badass
    Please tell me this netowrk is personal and not a network for a business you support.
    Secondly - get WEP/WPA running on your access point and lappy's/pda's NOW!
    look at the server name , server.homnet.local doesn't conjure up visions of an enterprise

    In short if you leave an AP open , nowadays , expect people to piggyback it - from phones , PDA's , PSP's etc
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  13. #13
    HEXUS.bouncer Jonny's Avatar
    Join Date
    Apr 2005
    Location
    Gainsville, Rock City Uni: Newcastle
    Posts
    1,489
    Thanks
    0
    Thanked
    0 times in 0 posts
    How long do they stay active for?

    Surely you can tell if it's long term users or people walking by?

  14. #14
    Senior Member charleski's Avatar
    Join Date
    Jul 2006
    Posts
    1,586
    Thanks
    7
    Thanked
    52 times in 45 posts
    Quote Originally Posted by young_one
    It is pretty likely that most of those were people waiting in their cars and briefly attempting to join you Wireless.
    Looks like the entry for 192.168.0.153 is a TiVo box, doubt that someone would carry that around in their car (though it might be your own). Wireless range can be extended greatly with a directional antenna (which can be made from a Pringles tube), so I wouldn't rely on range for security.

  15. #15
    Senior Member
    Join Date
    Sep 2005
    Posts
    587
    Thanks
    7
    Thanked
    7 times in 7 posts
    Quote Originally Posted by badass
    Please tell me this netowrk is personal and not a network for a business you support.
    Yes lol, this is for home. I am not nearly knowledgable enough to do this for a business... plus, I have no certifications or anything

    Quote Originally Posted by badass
    Secondly - get WEP/WPA running on your access point and lappy's/pda's NOW!
    Ok will do

    Quote Originally Posted by Moby-Dick
    one nice way of doing it would be to restrict your DHCP scope on the server and require DHCP reservatiosn by MAC address. That combined with setting up a little Wireless Security on your AP should do the trick.
    Thanks, Moby. What I did was make a reservation for everyone on the network, and just make an exclusion range for the entire scope. I didn't find a specific option to "filter by MAC address", but I think that's what I'm doing

    Quote Originally Posted by Jonny
    How long do they stay active for?

    Surely you can tell if it's long term users or people walking by?
    I believe they stay active for the duration of the lease, but I didnt confirm that b/c I just realized they were there recently. They do pop up pretty frequently... like, I'll delete them all and press refresh ten minutes later, and there will be another one. This leads me to belive that people just have their laptops on as they are driving by my house or waiting at the stoplight.

    Quote Originally Posted by charleski
    Looks like the entry for 192.168.0.153 is a TiVo box, doubt that someone would carry that around in their car (though it might be your own). Wireless range can be extended greatly with a directional antenna (which can be made from a Pringles tube), so I wouldn't rely on range for security.
    Yes, that's my TiVo. I made a reservation for it and everything is working properly. I looked up on the net and it said that my TiVo was compatable with WEP , but not WPA .... well at least its better than nothing.
    Last edited by latrosicarius; 04-09-2006 at 04:54 AM.

  16. #16
    Senior Member
    Join Date
    Jan 2006
    Posts
    318
    Thanks
    0
    Thanked
    0 times in 0 posts
    The MAC address filtering that I believe we were on about would be found in your wireless AP (probably) lol

    Glad you have it sorted.

    AMD X2 @ 2.6Ghz, X1800XL @ 540/600

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Statistics for countrys
    By SilentDeath in forum General Discussion
    Replies: 5
    Last Post: 23-05-2005, 12:33 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •