I think someone else has access to my wireless network. What next?

5

I kust realized that some other PC is also getting assigned a IP address (DHCP Lease) from my modem. I am sure this is not one of the PCs in my home.

My modem was using WEP security. I know WEP is far less secure and WPA is better, but this actually is a borrowed modem, and I did not know that WEP was used.

I immediately did the following : On My Modem

  • Changed the encryption mode from WEP to WPA
  • Changed the password

After this I do not see the intruder PC on the DHCP list.

On my Mac:

  • Changed the permissions on the public folder to "everyone - no access"
  • Turned off "File Sharing" in System Preferences (But I would want to turn it back on sometime)

My mac is the one that is always on, Both the admin user and the user I normally use are password protected.

Is the above sufficient? Should I do something more?

Also, is WPA security sufficient? Should I take other steps?

Nivas

Posted 2011-08-28T09:09:44.663

Reputation: 609

Answers

4

WPA (if possible, with CCMP/AES, this may be presented to the end-user as WPA2) is sufficient, provided you have an unguessable password. I recommend using a password generator, or a short unguessable sentence. If all devices support it, disable TKIP.

As to the host systems on your network, check that neither is compromised. In theory, this works by either comparing their state with a known good state, or resetting them to a known good state. Since this is probably not feasible for a home user, monitor their connections (from a different system), and consider setting up privilege restrictions as you already did by changing you Mac's file sharing options.

You should also change the password of your router and all (email, facebook, ...) passwords that were transmitted without encryption.

phihag

Posted 2011-08-28T09:09:44.663

Reputation: 2 557

Thanks. I have done all. But I still somehow see the other machine (IP: 192.168.1.6) active, at least through Wireshark. Asked another question on that(superuser.com/questions/328968/…). Still, thanks. – Nivas – 2011-08-28T10:50:16.220

1

In general, I advice you against ever transmitting passwords or any other sensitive data unencrypted in wireless network. The possible attacker does not need to lease IP address to monitor your traffic, so you have no way of knowing if the data was compromised or not.

Because he leased IP address, most likely he just wanted to get access to the Internet. You should always configure any machines on WiFi so that they only reveal the services you could open to public network, because in terms of security, WiFi is public network.

WPA2 can make it reasonably, but not totally secure - if you need total security, draw wires.

Zds

Posted 2011-08-28T09:09:44.663

Reputation: 2 209

Thanks. I have done all. But I still somehow see the other machine (IP: 192.168.1.6) active, at least through Wireshark. Asked another question on that(superuser.com/questions/328968/…). Still, thanks. – Nivas – 2011-08-28T10:51:05.393

0

You're fine for now. I had the same thing, but I was nice and left my network open. The next step if you get more paranoid is to enable WPA2

Canadian Luke

Posted 2011-08-28T09:09:44.663

Reputation: 22 162

Asked: 2011-08-28T09:09:44.663

Viewed: 1 847 times

Active: 2011-08-28T09:40:50.857