Unknown computer connected to my encrypted WiFi network?

  • Thread starter Thread starter ah
  • Start date Start date
A

ah

Trend Micro warns me that an unknown computer is connected to my WiFi
network:
IP 192.168.1.1

MAC 00.16.AE.0B.3D.9A



I am wondering how this can happen as nobody knows my Network key.
 
Are you sure that is not the local LAN IP of your wireless router/access
point?

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
 
Yes, I am, because my router is a trusted device and its details are:
IP 192.168.0.1

Mac (BSSID) 00-09-5B-6C-6A-E8



--

ah
 
ah said:
Trend Micro warns me that an unknown computer is connected to my WiFi
network:
IP 192.168.1.1

MAC 00.16.AE.0B.3D.9A



I am wondering how this can happen as nobody knows my Network key.
Click to expand...

Check your router logs. You could also do ipconfig /all on each of the
"authorized" PCs to check their MAC addresses and assigned IPs (although
if your router is 192.168.0.1, presumably all of your own PCs have IPs
of 192.168.0.xxx).

What type of encryption are you using? WEP is rather easily broken
these days.
 
I checked my router log and found lots of UDP or TCP packets dropped and
administrator (myself) login successful... What else should I look for?

I think that I know all the IPs & MAC addresses of the authorised PCs.

I am using WEP. How can you break it? My key is very hard to imagine. I'd
like to use WPA but I don't know how to do because my router (Netgear
DG824M) only proposes me WEP.
 
ah said:
I checked my router log and found lots of UDP or TCP packets dropped and
administrator (myself) login successful... What else should I look for?

I think that I know all the IPs & MAC addresses of the authorised PCs.

I am using WEP. How can you break it? My key is very hard to imagine. I'd
like to use WPA but I don't know how to do because my router (Netgear
DG824M) only proposes me WEP.
Click to expand...
At least some routers have logs that show which machines are/have
connected, when, and for how long. You will have to read your router's
manual to see if yours has this capability and if so how to enable
it/access it.

The very first thing to do is to change your WEP key. Then run the
Trend Micro test again after you change the WEP key. Although WEP
encryption can be defeated, it takes a little time. If TM still reports
an intruder a short time after you change the key, I would suspect a
false positive.

If you stay with WEP (see below), get into the habit of changing your
WEP key frequently. It's (marginally) better than nothing, and it will
deal with the situation of someone getting your key the old-fashioned
way (by copying it from the piece of paper where you wrote it down
because its so complicated and difficult to remember).

Check to see if Netgear has a firmware update that will enable your
model router to use WPA. Of course, you will only be able to use WPA if
the wireless adapters in ALL of your PCs also support this.

As for WEP's insecurity WEP, see these articles (and note the dates):
http://www.securityfocus.com/infocus/1814
http://www.tomsnetworking.com/2005/05/10/how_to_crack_wep_/
 
You could run AirSnare to verify someone is actually intruding...

http://home.comcast.net/~jay.deboer/airsnare/

....and as noted by "Lem" upgrade to WPA if possible. Here the WPA key
generator I use to generate a 63-character random ASCII key...

http://www.kurtm.net/wpa-pskgen/

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
 
I re-tested and the "intruder" has disappeared.
way (by copying it from the piece of paper where you wrote it down because
its so complicated and difficult to remember). <<
Click to expand...
My key has never been written on any piece of paper.
model router to use WPA. <<
Click to expand...
I just upgraded my router's firmware to the last version (1.4 release 01)
but it still does not propose me WPA, only WEP.

Thank you for both links. Very interesting indeed.

I am surprised about this intruder because I am presently in the mountains
(the Alps), far from civilisation, with not many people around but of course
one person is enough.
 
I explored airsnare and thank you for this. Looks interesting. I re-ran
Trend Micro detection and the intruder has disappeared. Someone suspected
that it could be a false positive and that seems possible because I am in a
very isolated spot in the Alps.

I don't think that I can upgrade to WPA unless I change my router because I
just upgraded its firmware to the last version (1.4 release 01) but it still
does not propose me WPA, only WEP.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Are password protected WiFi networks secure? 3
Google location history and WiFi networks. 3
Limited or no connectivity 2
cant bind applications to network adapters/interfaces 1
Wifi connecting problem 6
DNS broken, new devices can't connect 2
How to connect to computer-to-computer network? 6
Sharing DSL connection via WiFi 1

Back
Top