Hi, I just recently went into the DHCP thing and saw all the people that have IP leases. This is really shocking because most of these computers are NOT on my network and I have no idea who they are...
Are they hackors, or do you think these are people who are picking up the wireless access point? I have no neighbors in range, but there is a street about 200 feet away where sometimes cars sit if the traffic light is red.
Do you think that is where they are comming from?
Please help, thanks!
Do you have any sort of security on your wireless network? WEP, WPA...etc
I must say i have had wireless for nearly two years, and have been fortunate not to have have an intruder until last week, but easily sorted it with MAC Address filtering.
Matt
Bear in mind that some of these could be people passing by with PDA's etc or they could be using wireless kit with high gain antenna's fitted... Its quite possible you ar being picked up beyond the range you think is possible.
Secure your network!
1) Turn off DHCP on your router unless you REALLY need it (assign statics instead).
2) Change your IP range to something more obscure (less likely to be guessed at such as 192.168.171.xxx or 10.99.207.xxx).
3) Turn on WEP or WPA.
4) You can also tell your router not to broadcast its SSID (but then you may have trouble with some wireless kit not finding your network).
Google for more
AMD X2 @ 2.6Ghz, X1800XL @ 540/600
DHCP isn't really a security risk. I wouldn't turn it off.
Turn on WPA, if your access point dosen't support it, don't use it. (without some kind of hardware firewall with authentification.... but that gets complex).
Then if possible, add MAC addresses one by one. sorted
throw new ArgumentException (String, String, Exception)
Hack them back
sorry, not very helpful i know, but yeh, you didnt mention what security you have in place.
It is pretty likely that most of those were people waiting in their cars and briefly attempting to join you Wireless. Looks like thats the case as they all grabbed their leases on different days and at different times. The only one that would concern me is the 'XXXXX', unless you intended to wardrive there is no reason to name a machine something as anonymous.
As said above securing the wireless AP seems like the best course of action. DCHP is secure, well like everything else, as secure as the user makes it. Static IPs are troublesome and not particularly secure to anyone who knows what they are doing (and I dont just mean people guessing).
There is nothing troublesome about static IP's... The only reason for disabling DHCP is to stop casual passers by picking up an IP so quickly. Combine that with a change of IP range to something less obvious and unless they are sat outside for more than 3 minutes they wont have really had time to setup a connection...
Hacking people back isn't a good idea either (no offence Muffin!).
MAC address filtering will discourage a lot of casual connection attempts as will hiding your SSID. However the only thing that will stop the majority of WIFI bandwidth thieves is using WPA.
See here: http://www.practicallynetworked.com/...ess_secure.htm for a nice simple guide.
AMD X2 @ 2.6Ghz, X1800XL @ 540/600
Okay thanks guys... I suppose I should have gave some more information:
- DHCP on the router is disabled
- DHCP is comming from the server running Win 2K3 Server
- The "wireless access point" is nothing more than a wireless linksys router used as a switch by plugging it into the main router via one of its normal ports and not using its uplink port
How do I filter by MAC address? Make a MAC reservation for everyone on the network and then creating a IP distribution exclusion that covers the whole scope? Or is there another way?
About WPA... since I am using my wireless router as a switch, there is no HTTP interface to get to the security settings. If I plug it in like a normal router, then change security settings, then plug it back in as a switch configuration, will the WPA still work?
Any advice you can give is great! Thanks
Last edited by latrosicarius; 02-09-2006 at 07:32 PM.
Please tell me this netowrk is personal and not a network for a business you support.
Secondly - get WEP/WPA running on your access point and lappy's/pda's NOW!
"In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."
Your WAP support RADIUS authentication?
one nice way of doing it would be to restrict your DHCP scope on the server and require DHCP reservatiosn by MAC address. That combined with setting up a little Wireless Security on your AP should do the trick.
my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net
look at the server name , server.homnet.local doesn't conjure up visions of an enterpriseOriginally Posted by badass
In short if you leave an AP open , nowadays , expect people to piggyback it - from phones , PDA's , PSP's etc
my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net
How long do they stay active for?
Surely you can tell if it's long term users or people walking by?
Looks like the entry for 192.168.0.153 is a TiVo box, doubt that someone would carry that around in their car (though it might be your own). Wireless range can be extended greatly with a directional antenna (which can be made from a Pringles tube), so I wouldn't rely on range for security.
Yes lol, this is for home. I am not nearly knowledgable enough to do this for a business... plus, I have no certifications or anything
Ok will do
Thanks, Moby. What I did was make a reservation for everyone on the network, and just make an exclusion range for the entire scope. I didn't find a specific option to "filter by MAC address", but I think that's what I'm doing
I believe they stay active for the duration of the lease, but I didnt confirm that b/c I just realized they were there recently. They do pop up pretty frequently... like, I'll delete them all and press refresh ten minutes later, and there will be another one. This leads me to belive that people just have their laptops on as they are driving by my house or waiting at the stoplight.
Yes, that's my TiVo. I made a reservation for it and everything is working properly. I looked up on the net and it said that my TiVo was compatable with WEP.... well at least its better than nothing.
Last edited by latrosicarius; 04-09-2006 at 04:54 AM.
The MAC address filtering that I believe we were on about would be found in your wireless AP (probably) lol
Glad you have it sorted.
AMD X2 @ 2.6Ghz, X1800XL @ 540/600
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
