MAC Attack (address that is)

Discussion in 'Tech Talk' started by Generalcarry, Mar 29, 2007.

  1. Generalcarry

    Generalcarry NRA Member

    Messages:
    1,544
    Likes Received:
    22
    Joined:
    Apr 25, 2004
    Location:
    Michigan
    I just had a "foreign" MAC address appear on my Internet Security (Trend Micro's PC-cillin) who finally hooked up on my linksys wireless G router. This guy(?) has been showing up for months and finally attached himself to my wireless.It had to be through the notebook because the others are hard wired. Can I identify him by his MAC address? It has to be a neighbor because of my location and times of attempted connect.
     
  2. HAVOC

    HAVOC Guest

    Messages:
    5,054
    Likes Received:
    0
    Joined:
    Jun 20, 1999
    If you have access to the MACs of all the suspects, then yes you could match it to the log in your router. Assuming he isn't spoofing, which is quite easy to do.

    The DHCP table and/or access log in your router should also have the hostname of the computer, that MAY have some ID hints in it.
     

  3. Blitzer

    Blitzer Cool Cat

    Messages:
    12,111
    Likes Received:
    3
    Joined:
    Jan 15, 2004
    Location:
    The communist's play ground of OHIO
    What is happening is bad JuJu as they could be doing very illegal stuff from your IP address! :shocked:

    Several things you can try.

    I.M.E.

    1) Lock the router to your laptop's MAC address
    1a) Add encryption to your wireless router and laptop's home configuration settings making it 128 bits (part of the 128 bits is a set prefix on all devices)

    2) Stop broadcasting your SSID from your wireless router

    3) Reduce the power output of your wireless base to allow only you to connect to it.

    4) Lock out the MAC address of the alien device

    5) You can try putting a piece of foil on a note book binder and placing that a foot away from the wireless base unit between it your neighbors home

    6) Get a directional antenna and point it into your home from the outside wall closest to a neighboring home
    6a) Put the wireless base unit in your basement near the wall closest to your neighbors house. Using the soil to block direct line of sight to the base unit

    7) Use your laptop and a sniffer program to locate the offending alien device and report theft of services to your ISP or local Police Detectives.

    8) Asking them to quit will normally result in total denial of their wrong doing

    I find that ZoneAlarm is offering their own secure 100mps "G" series Wireless router, with Check Point® security technology, for $149.95.
    Best wishes. :thumbsup: ;)
     
  4. Toyman

    Toyman

    Messages:
    2,600
    Likes Received:
    36
    Joined:
    May 6, 2003
    Location:
    West Michigan
    Redirect all of his traffic to a non-existent IP address.
     
  5. Patrick Graham

    Patrick Graham Footlong Jr.

    Messages:
    1,953
    Likes Received:
    1
    Joined:
    Sep 7, 2001
    Location:
    Kokomo Indiana
    If he's anything like my neighbor he's just going with the flow and probably doesn't even know he hasn't connected to his own wireless router..

    And.. if he's like my neighbor he doesn't even know his own wireless network has been down for days...
     
  6. Generalcarry

    Generalcarry NRA Member

    Messages:
    1,544
    Likes Received:
    22
    Joined:
    Apr 25, 2004
    Location:
    Michigan
    Well I just re-installed the the router and changed everything (passwords, profiles, WEP number, etc.) and going to see what happens.
    Thanks for the advice!
     
  7. HAVOC

    HAVOC Guest

    Messages:
    5,054
    Likes Received:
    0
    Joined:
    Jun 20, 1999
    OK, ditch the WEP. Use WPA or WPA2. That'll pretty well solve the problem.
     
  8. Generalcarry

    Generalcarry NRA Member

    Messages:
    1,544
    Likes Received:
    22
    Joined:
    Apr 25, 2004
    Location:
    Michigan
    Up front I'm saying I know little about routers, but I thought 128 bit was the way to go????
     
  9. Blitzer

    Blitzer Cool Cat

    Messages:
    12,111
    Likes Received:
    3
    Joined:
    Jan 15, 2004
    Location:
    The communist's play ground of OHIO
    Just saying there is unknown factors in everything we trust and 128bit encryption has a set prefix in it.

    WEP may be hard coded into the router but WPA or WPA2 could be implemented with software.
     
  10. Generalcarry

    Generalcarry NRA Member

    Messages:
    1,544
    Likes Received:
    22
    Joined:
    Apr 25, 2004
    Location:
    Michigan

    I don't understand what you are saying. Could you dumb it down?
     
  11. HAVOC

    HAVOC Guest

    Messages:
    5,054
    Likes Received:
    0
    Joined:
    Jun 20, 1999
    If it's all you have, WEP 128 is better than nothing. Just not very much. It's about like using a twisty tie to secure your back gate. Anyone who wants in and has close to a clue will get in. I think the the time to sniff the key is something like 26 seconds with easily available free software.

    If your router has the option for WPA or WPA2, use that. It's ~FAR~ more secure than any flavor of WEP.
     
  12. Generalcarry

    Generalcarry NRA Member

    Messages:
    1,544
    Likes Received:
    22
    Joined:
    Apr 25, 2004
    Location:
    Michigan
    Thanks! I have both and will switch over.
     
  13. Round Pounder

    Round Pounder Guest

    Messages:
    15
    Likes Received:
    0
    Joined:
    Mar 29, 2007
    You can go here:

    http://standards.ieee.org/regauth/oui/index.shtml

    and punch in the first six characters of the MAC address and figure out brand name. I know that doesn't sound like much, but it would be a start. If you want to get a little more sophisticated, you can try your hand at:

    www.wireshark.org

    This is an open-source protocol analyzer that lets you look at raw traffic. It takes some getting used to, but you can often find all kinds of tidbits and clues as to the traffic flying all around. My only disclaimer is that it's pretty hit-and-miss as far as "binding" to WiFi NICs, so it may or may not work. They sell a wireless USB device to overcome that little limitaiton, but that would be way over the top (it's about $300, if memory serves).

    Anyway, if you happen to know your neighbor has a Dell or an HP or something, it might be a good first clue...
     
  14. Generalcarry

    Generalcarry NRA Member

    Messages:
    1,544
    Likes Received:
    22
    Joined:
    Apr 25, 2004
    Location:
    Michigan
    Thanks, it's worth a shot, I mean a try! :)