September 24th, 2004, 02:37 AM
unwanted wireless connection, what to do?
I have an unsecure wireless network here at my house. Looking at the DHCP log, I have a user connected to my network. The PC is active right now.I can ping it. What can I do to find out more about this connection?
September 24th, 2004, 02:41 AM
I would simply add a WEP key to your router, as well as MAC filtering. That would keep them off. If your router can handle it, there should be more info about both of those in the documentation.
September 24th, 2004, 03:21 AM
Even if it has just a shared key setting, that'd work too. Any security is better than none at all.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
September 24th, 2004, 03:36 AM
My best advice:
1. MAC Filtering
2. Static IP's (Disable DHCP)... Or alternately, you can set the DHCP server to only give out X number of addresses, where X is the number of machines that are supposed to be on it.
3. WEP (WPA if available)
Since he's on your private network... does that make it legal?
September 24th, 2004, 03:44 AM
What everybody else said is good, if you want to try and find out who it is try this command:
nbtstat -a ip-address
then look in the output, you may find the machine name and that could give away who it is (if it's a Windows/Samba box with out a firewall blocking the NetBIOS ports). You could all try:
net send ip-address "Who the **** are you?"
if they don't have their messenger service disabled.
September 24th, 2004, 04:03 AM
Actually, I would run a full nmap scan on the host, all ports, OS detection, identd, and all that.
Oh yeah.... Insane throttling. Should be fun.
Might hurt you're router though.
September 24th, 2004, 04:08 AM
If you want to do what Winston said, go to http://www.insecure.org/ and download Nmap, then use this command after you install (I think the syntax is right, some flags may be redundant):
nmap -O -A -P0 -T insane ip-address
September 24th, 2004, 05:00 AM
I would suggest that you secure your network. You take a risk when probing an unknown connection. And a connection on the same ap things can esculate rapidily should they notice you scanning them.
September 24th, 2004, 06:14 PM
Turn off the Beacon
Use MAC Addressing.
Change the password
Use WEP at 128bit
Change the channel
Franklin Werren at www.bagpipes.net
Yes I do play the Bagpipes!
And learning to Play the Bugle
September 24th, 2004, 11:29 PM
I agree with iron geek. Have a little fun before you decide to terminate thier connection...
My first question is have you noticed any malicious activity from this user? You might want to try running ettercap too. It will reveal a bunch more than DHCP log.
You call that a firewall !