Re: home network someone is screwing with it


"Tinshark" <greer451@xxxxxxxxxxx> wrote in message
news:EI%uf.4328$ZA5.849@xxxxxxxxxxxxx
>I recently added wireless to my home network. I just want to share
>internet access to some wireless devices in my home. I haven't even
>started sharing files. Someone is messing with me already. I have two
>hard wired computers and the wireless is turned on for xbox live, tivo, and
>one laptop. So because of tivo I originally set up wep 128, as you all
>know, since that's the most you can do with tivo. Also had mac filters on.
>(yes i know, not that secure but it's a little home network for crying out
>loud.) About a month into using everything, security log of the router
>shows foreign ip address logged on. Spoofed one of the mac addresses. I
>installed a program called mywifizone and right off the bat it begins
>blocking someone trying to get on the wireless with different ip addresses
>and spoofed macs. I assume it won't take them long to figure out a way
>around this.

> Meanwhile I install air defense on the laptop and checking the logs
> later, it tells me that my laptop was redirected and connected to a non
> preferred ssid several times during the day.

If the laptop is being controlled, then there is a program on the machine a
backdoor or a root tool kit possibly that's allowing the hacker to have
control of the machine.

You can use the tool and start looking if this is an NT based O/S you're
talking about. There are other RootKitRevalers too.

http://www.sysinternals.com/Utilities/RootkitRevealer.html

Also you can read the information in the link and the tools used to spot
things on the machine.

Long
http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html

Short
http://tinyurl.com/klw1


> My kids had Warcraft up and the alert box doesn't pop up when they are
> gaming. We don't use the laptop for anything other than school reports,
> school research, gaming, etc. but I assume someone can get to the wired
> network through the wireless,right?

If they can get an IP from your wireless network, they can access the
machines on the wire too if the machines are not protected.

>So here is the thing. I am very newbie, just have begun reading everything
>I can get my hands on. I would like to seperate the wireless and wired
>networks. I can not find anything that tells me how to do this. DMZ? Two
>routers?

Would static ips help? If someone can recommend a book that would
> walk me through it that would be great too. I just want anyone trying to
> get to the wired through the wireless to be stopped.

You could use static IP(s) on the machines and with a personal FW on the
machines only allowing traffic between the machines by setting rules with
the FW(s) for those static IP(s), which will block all other LAN IP(s) on
your network that could be used by someone.

>
> So for now, I turn wpa on when we use the laptop and the xbox, and I turn
> wep on briefly, when I want to transfer some tv over to the media center
> pc. Then I just shut it all off when we aren't using anything. I could
> live with this if I didn't have to reset the xbox every time and that
> sucks.
>
> Also, netstumbler says I have an ad hoc network. I have everything set up
> for infrastructure so I don't know what that is about either.
>

You could disable the DHCP server on the router which will stop the casual
hacker but this hacker maybe smart enough to obtain an IP from your network
anyway.

If the O/S on the machines are NT based such as XP, then go to the O/S and
secure it/harden it to attack as much as possible. Take note on using the
Authenticated User Group on Shares, which means the user on another machine
must have an account set-up on the machine that has the share so that the
user can access the share.

http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm

Someone else will help you on separating the wire and wireless and other
security measures you can implement.

Duane :)



.

Relevant Pages

  • Re: One Users My Documents no longer redirected.
    ... even connect to the network at all because it's a PITA. ... So I would think that a wireless 54 mbps connection would be ... one laptop, and try it for a day or two to see what happens. ... active directory OU as the other users whose redirection works? ...
    (microsoft.public.windows.server.sbs)
  • [NMRC Advisory] Microsoft Windows Wireless Exposure on Laptops
    ... Application: Wireless Network Connection ... This advisory documents an anomaly involving Microsoft's Wireless Network ... If a laptop connects to an ad-hoc network it can later start ... This is known as a Link-Local address, and by default Link-Local is turned on on all Windows platforms on all interfaces, including wireless interfaces. ...
    (Bugtraq)
  • Re: One Users My Documents no longer redirected.
    ... So I would think that a wireless 54 mbps connection would be good ... laptop, and try it for a day or two to see what happens. ... client PCs will log into the network without a user login. ... active directory OU as the other users whose redirection works? ...
    (microsoft.public.windows.server.sbs)
  • Re: Linksys WRT54G acts like a dumb hub, no DHCP or wireless capabilities
    ... laptop and the PC would lose connection with the router. ... Well, the results are the same: I can connect to the wireless network, ... but after about 10 minutes I will lose connection with the router. ...
    (alt.internet.wireless)
  • Re: Sharing access denied -Too confused or stupid to figure out sh
    ... I could run it from laptop through network. ... USB for wireless broadband is attached to PC1 ... It is Not clear to ne your current Network topology and how the local ...
    (microsoft.public.windowsxp.network_web)
Loading