I have an unsecure wireless network here at my house. Looking at the DHCP log, I have a user connected to my network. The PC is active right now.I can ping it. What can I do to find out more about this connection?
Printable View
I have an unsecure wireless network here at my house. Looking at the DHCP log, I have a user connected to my network. The PC is active right now.I can ping it. What can I do to find out more about this connection?
I would simply add a WEP key to your router, as well as MAC filtering. That would keep them off. If your router can handle it, there should be more info about both of those in the documentation.
Even if it has just a shared key setting, that'd work too. Any security is better than none at all.
My best advice:
1. MAC Filtering
2. Static IP's (Disable DHCP)... Or alternately, you can set the DHCP server to only give out X number of addresses, where X is the number of machines that are supposed to be on it.
3. WEP (WPA if available)
Since he's on your private network... does that make it legal?
What everybody else said is good, if you want to try and find out who it is try this command:
nbtstat -a ip-address
then look in the output, you may find the machine name and that could give away who it is (if it's a Windows/Samba box with out a firewall blocking the NetBIOS ports). You could all try:
net send ip-address "Who the **** are you?"
if they don't have their messenger service disabled.
Actually, I would run a full nmap scan on the host, all ports, OS detection, identd, and all that.
Oh yeah.... Insane throttling. Should be fun.
Might hurt you're router though.
If you want to do what Winston said, go to http://www.insecure.org/ and download Nmap, then use this command after you install (I think the syntax is right, some flags may be redundant):
nmap -O -A -P0 -T insane ip-address
I would suggest that you secure your network. You take a risk when probing an unknown connection. And a connection on the same ap things can esculate rapidily should they notice you scanning them.
Turn off the Beacon
Use MAC Addressing.
Change the password
Use WEP at 128bit
Change the channel
I agree with iron geek. Have a little fun before you decide to terminate thier connection...
My first question is have you noticed any malicious activity from this user? You might want to try running ettercap too. It will reveal a bunch more than DHCP log.
Shugart