Weird networking issue

Chilbear · February 27, 2012, 04:10:07 PM

Any thoughts about someone connecting to your Mac by Bluetooth and then your machine is the wired one? Perhaps someone's phone/laptop is connected by Bluetooth? Do you have a wired VOIP connection?

Cut off the incoming ISP connection to the router and set if the other machine drops (then outside connected) vs inside perhaps?

For sure time to reset the network and password.

Nick Burns · February 27, 2012, 04:16:30 PM

Quote from: t-pat on February 27, 2012, 03:34:44 PMI have one computer at home that won't do anything but wep with my setup (2 linksys wireless routers running DD-WRT firmware and bridged to give coverage throughout the house and to the garage). Easy enough to lock people out if you can count how many wireless devices you have at home, just set max clients to that number. Or if you wanna really limit who can connect, do MAC filtering as you say, with that there's not really any problem that I can see.

It's your gear and your comfort level, so it's none of my business. Securing these type of devices, however, is my business at work. The problem with your scenario is you're in the clear, I can passive sniff your network, obtain both your mac addresses (in addition to all of your keystrokes), spoof either one if at any time either of these devices are off, use a man in the middle if they're on, or I could beat one out of the election when you reboot your router.

These things I'm talking about are trivial, any kid a quarter my age could do them (faster than me probably) with readily available tools / guides / zero skills.

The only secure computer is one that's not connected and buried 20 feet underground in a concrete tomb. The best we can do is use the layers we're afforded. I shouldn't say "I would never", because I have run WPA unhappily past it's prime until I was given a better hand me down router with WPA2 because I'm cheap and can't stand to retire working gear. But I had plenty of other measures in place to negate this risk. You could buy a USB wifi stick for pretty cheap these days that had WPA2 for your older device.

You should use all of the layers available to you:

WPA2 AES <- WPA2 TKIP <- WPA TKIP <- WEP

MAC address filtering

Long and Strong SSID (makes it harder to decrypt traffic)

Limit devices fed to your number of devices

UPnP off

Nick Burns · February 27, 2012, 04:17:58 PM

Quote from: Chilbear on February 27, 2012, 04:10:07 PMAny thoughts about someone connecting to your Mac by Bluetooth and then your machine is the wired one? Perhaps someone's phone/laptop is connected by Bluetooth? Do you have a wired VOIP connection?

Cut off the incoming ISP connection to the router and set if the other machine drops (then outside connected) vs inside perhaps?

For sure time to reset the network and password.

Good advice, isolate and conquer.

Joe · February 27, 2012, 04:20:56 PM

Quote from: Chilbear on February 27, 2012, 04:10:07 PMAny thoughts about someone connecting to your Mac by Bluetooth and then your machine is the wired one? Perhaps someone's phone/laptop is connected by Bluetooth? Do you have a wired VOIP connection?

Cut off the incoming ISP connection to the router and set if the other machine drops (then outside connected) vs inside perhaps?

For sure time to reset the network and password.

No VOIP connection. Bluetooth is not on. On the Mac or any other computer. ICS (Internet Connection Sharing) sharing is also turned off on all computers.

I don't have any login info to reset. There is no password required by my ISP. It's just on all the time.

Also it drops from the connection list frequently when the internet connection is active but always comes back so shutting off access to my ISP won' really help because I won't know if it's because I cutoff access to my ISP or if it's just when the connection disappears for awhile. I know there is nothing inside the house named jonijackson though.

DigiCorn · February 27, 2012, 04:26:32 PM

Try not using "password" as your WEP key. And no, "password1" isn't any better.

Nick Burns · February 27, 2012, 04:38:18 PM

I would step out of the logical assumption world. Don't assume it's wired, turn your wireless off and see what happens. If you see the connection somewhat persistent when not utilizing internet, pull the internet port from the router and see if it drops. You may have to involve your isp on this one. It could be bleeding through.

I pulled my hair out up at work years ago trying to figure out where 10.0.0.x numbers were coming from on my network, our cable modem wasn't using this range on either side and neither were we. Turned out it was their gear upstream bleeding in and to this day I have to keep filters in place to keep these ip addresses off our network.

Joe · February 27, 2012, 04:39:06 PM

Quote from: DigiCorn on February 27, 2012, 04:26:32 PMTry not using "password" as your WEP key. And no, "password1" isn't any better.

Again, it's not a wireless connection. And the password is not password or password1.

And now there is another wired connection called ANDROID_354455046075477 on the network.

Joe · February 27, 2012, 04:40:27 PM

Quote from: Nick Burns on February 27, 2012, 04:38:18 PMI would step out of the logical assumption world. Don't assume it's wired, turn your wireless off and see what happens. If you see the connection somewhat persistent when not utilizing internet, pull the internet port from the router and see if it drops. You may have to involve your isp on this one. It could be bleeding through.

I pulled my hair out up at work years ago trying to figure out where 10.0.0.x numbers were coming from on my network, our cable modem wasn't using this range on either side and neither were we. Turned out it was their gear upstream bleeding in and to this day I have to keep filters in place to keep these ip addresses off our network.

I'm inclined to agree at this point it's something coming from the ISP.

Joe · February 27, 2012, 05:13:36 PM

Quote from: Chilbear on February 27, 2012, 04:10:07 PMAny thoughts about someone connecting to your Mac by Bluetooth and then your machine is the wired one? Perhaps someone's phone/laptop is connected by Bluetooth? Do you have a wired VOIP connection?

Cut off the incoming ISP connection to the router and set if the other machine drops (then outside connected) vs inside perhaps?

For sure time to reset the network and password.

OK, I unplugged the wire from the ISP. I still had access to //jonijackson. I copied a couple of files to my PC with no internet connection. About 2 minutes later it fell off of the network and has not came back since. About 30 minutes now I guess. Could the files I copied have been in a cache somewhere that allowed me to copy them from the cache instead of the remote PC?

Nick Burns · February 27, 2012, 05:21:18 PM

Depends, there are cache settings on PC that may facilitate this, don't remember off the top of my head where those are set and whether they are the default.

Sounds more likely to me you have a usurper, and it doesn't have to be Joni, it could be Dolph tunneling through her box into your network.

Nick Burns · February 27, 2012, 05:27:03 PM

I just looked at a shared folder on my PC, caching is on by default, but it's default is to Manual, which means it's looking more like intrusion.

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/file_srv_cache_options.mspx?mfr=true

t-pat · February 27, 2012, 05:47:06 PM

I'm not about to get all paranoid about a kid hacking my home network and stealing my rhymes. I lock the doors at home but I don't have security bars, it's easy to pry open the side door and get in my basement too.

I'd be using something other than WEP but I have a wife, and those things just don't do what you want. Her laptop only does WEP, that's what we run. A usb dongle is't a good option for thaat POS, it's good money after bad and it would stick out and get busted off anyway, unless I got one of the short ones. One more thing to support and configure, and hear her bitch about when it doesn't connect, for whatever reason under the sun it would be because it's not WEP.

Joe · February 27, 2012, 05:53:13 PM

Quote from: Nick Burns on February 27, 2012, 05:21:18 PMDepends, there are cache settings on PC that may facilitate this, don't remember off the top of my head where those are set and whether they are the default.

Sounds more likely to me you have a usurper, and it doesn't have to be Joni, it could be Dolph tunneling through her box into your network.

Still hasn't came back since I unplugged from the ISP for about 5 minutes.

Joe · February 27, 2012, 05:55:41 PM

This is a new router. I was wrong about WEP. I used WEP on the previous router. This one doesn't even have WEP as an option. I am using WPA2-PSK (AES).

Nick Burns · February 27, 2012, 08:01:02 PM

Quote from: t-pat on February 27, 2012, 05:47:06 PMI'm not about to get all paranoid about a kid hacking my home network and stealing my rhymes. I lock the doors at home but I don't have security bars, it's easy to pry open the side door and get in my basement too.

I'd be using something other than WEP but I have a wife, and those things just don't do what you want. Her laptop only does WEP, that's what we run. A usb dongle is't a good option for thaat POS, it's good money after bad and it would stick out and get busted off anyway, unless I got one of the short ones. One more thing to support and configure, and hear her bitch about when it doesn't connect, for whatever reason under the sun it would be because it's not WEP.

Makes sense, gotta pass the WAF or you're toast.

News:

Weird networking issue