Re: Wireless Intruder Perhaps

"frankdowling1@xxxxxxxxx" <frankdowling1@xxxxxxxxx> hath wroth:

My son was recently accused by the " Bandwidth Department" of his ISP
for excessive bandwidth use a charge he disputes.
The Bandwidth used had a very high percentage of upload ratio which he
swears could not be his.

Right. Trust, but verify. Ask your son if he's running any type of
file sharing software such as Limewire, Bearshare, BitTorrent, etc. He
may also have become an inadvertent member of a bot-net, where his
machine is being controlled by some evil spammer on the internet. Much
of the outgoing traffic would be email spam.

The network consists a Network Everywhere / Linksys Router with 2
wireless adapters plus 1 wired networked computer.
The router is wide open with the encryption off.

That's dumb and an open invitation to have the neighbors borrow your
bandwidth. Turn on WPA encryption in your unspecified model Linksys
wireless router.

My son had concerns that wep would reduce the speed of the XBox online
wireless performance .

WEP and WPA will reduce his local wireless preformance about 5% to 15%
depending on model. Since the wireless is much faster than his
broadband connection, it won't have any effect on his online
preformance.

The network is composed of
1) the wired computer
2) a D-Link USB wireless adapter
3) an X-Box MN-740 wireless adapter

The DHCP client table lists 4 not 3 computers:

I'm suprised it doesn't list even more. When you have an unencrypted
open access point, you will see many "unauthorized" accidental
connections. Windoze XP Wireless Zero Config installs with "connect
to any available network" by default. It first connects, and then
warns the user that they're connecting to an unsecure network. It
doesn't matter what they answer as their MAC address has already been
added to the ARP table in your router. I open hot spots (i.e. coffee
shops), I see dozens of such connections as people drift in and out.

1) the wired computer 192.168.1.100
2) an adapter whose mac adress corresponds to the d-link and mac
adress matches the mac adress on the label 192.168.1.103
3) an adapter labelled MN-740 whose mac adress matches the mac address
on the label of the MN-740 Microsoft XBox wireless adapter
192.168.1.104
4) an adapter with a name of diffirent unrecognizable symbols
ip 192.168.1.102
the mac adress corresponds to a vendor / manufacturer of Microsoft
the mac address is 00-50-F2-F0-40-B2

could the Microsoft adapter be counted twice with a diffirent physical
mac adress ??
seems strange.
By the way the signal from the router is somewhat shielded as it is in
a concrete basement.
Any ideas ?

I assume the 00-50-F2-F0-40-B2 is the mystery MAC address.
http://standards.ieee.org/regauth/oui/oui.txt
Owned by Microsoft Corp. That makes it a game console or perhaps your
MN-740. Each device on his network has a MAC address. Take inventory
and see if anything matches. Note that your unspecified Linksys
router may have more than one different MAC addresses for the wired
and wireless interfaces.

Perhaps it would be best if you knew what was moving on the network.
If you unspecified model Linksys router supports logging (some do,
some don't), the install one of these and monitor:
http://www.sonic.net/wallwatcher/
http://home.comcast.net/~jay.deboer/airsnare/
http://svs.sv.funpic.de/

Anyway, I would:
1. Enable encryption.
2. Take inventory.
3. Remove or reconfigure the file sharing software.
4. Do some logging and monitoring.
--
Jeff Liebermann jeffl@xxxxxxxxxxxxxxxxxxxxxx
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
.

Relevant Pages

  • Re: Wireless Intruder Perhaps
    ... wireless adapters plus 1 wired networked computer. ... an X-Box MN-740 wireless adapter ... warns the user that they're connecting to an unsecure network. ... an adapter whose mac adress corresponds to the d-link and mac ...
    (alt.internet.wireless)
  • Re: mce and xbox lost connection
    ... With both the wireless adapter and the router in the system, ... only works on the xbox, if the pc is wired directly to the router. ...
    (microsoft.public.windows.mediacenter)
  • Re: secure network shows up unsecured?
    ... using a D-Link DI-524 wireless router ... machines, one is a MacBook with built in wireless adapter, the other is ... apartment...and instead opt for the unsecure network belonging to ... I've of course rebooted, also hit the reset button the router, powered ...
    (alt.internet.wireless)
  • Re: Internet Connection Drops Repeatedly
    ... between my desktop PC and my router which keeps dropping. ... connection fails I then have to unplug my wireless adapter (Netgear ... WG111T 108 Mbps Wireless USB 2.0 Adapter) from its USB socket, ... your Netgear router and the PC not close by? ...
    (alt.computer.security)
  • Re: routers
    ... > I'm thinking of replacing my old NETGEAR MR814 802.11b Wireless Router with ... > a new unit for gamingDo I need to get new wireless adapter or ... I use a Linksys WRT54G router with my broadband cable ... connection. ...
    (alt.internet.wireless)