Is there a way to keep someone off my network?

I was looking at my admin panel for the router and saw a computer I don't recognise. I changed the password, reconnected my devices, and it's gone.

Well, it came back again today. It's very annoying, as google bases a lot of things (search suggestions, etc) based on your IP and I keep getting stupid suggestions.

I'm assuming it's one of my neighbors, I'm just not sure which.

I would just change the password, however whoever is doing it clearly has a way to get on secured wifi networks and that wouldn't be any help.

Neither of these answers helped me. They're probably spoofing their MAC or something.

My router is a D-Link DIR-655 Firmware v2 Router

Jon

Posted 2013-08-08T22:04:56.153

Reputation: 8 089

2Please provide the details of how your wireless router is currently "secured". E.G. How long is this "password"? Is the SSID broadcast? Which encryption is in use? – sawdust – 2013-08-08T22:21:04.197

@sawdust Good point. Disabling your SSID broadcast would help. Security through obscurity. – SLaG – 2013-08-08T22:26:19.320

@SLaG: Disabling SSID broadcast does pretty much nothing for security. Definitely if an attacker was breaking a wifi password a network with SSID broadcast disabled wouldn't pose a problem.

– ForeverWintr – 2013-08-08T22:49:09.023

@ForeverWintr That's true. If someone wanted in, they would have no trouble exposing a hidden SSID. But it would make you a smaller target in an area with other available networks. It's the same reason the shelf at eye level at a shop is premium real estate. Unless you're looking for something specific, you're more likely to get the item at eye level. Hiding your SSID is like being moved to the bottom shelf. This is a generalisation of course. :) – SLaG – 2013-08-08T22:59:13.147

Answers

If you're using WPA/WPA2 encryption, I didn't think that MAC spoofing circumvented that. A brute force password crack may get through if your password is too short or easy.

Note down the MAC of the suspect IP and change your password. If you see the device come back, compare the MAC. If it's the same, use a MAC access list or a static IP on the address and block all traffic for that IP.

If you changed your password once a week for a little while (a hassle I know), any benefits the user would gain from cracking the security would be outweighed by the time it takes to crack it. They'll probably just move on to someone else.

If you find that something suddenly isn't connecting, then that was the device you just kicked off.

Also ensure that you have the latest firmware, according to D-Link, the latest is v2.10.

The Google suggestions may be that you have malware on a device that just sends requests to Google.

SLaG

Posted 2013-08-08T22:04:56.153

Reputation: 530

If you have wpa2 configured with a strong passphrase its very unlikely somebody is cracking in. There is however a vulnerability present in WPS that is easily exploited with tools like reaver. (Google this)

I would be more inclined to say that the device you see is more than likely a device you own. Network printers, mobile devices, a local NAS etc.

There are so many devices that have networking capabilities its easy to overlook something as benign as a TV or perhaps your refrigerator. Hehe

Scandalist

Posted 2013-08-08T22:04:56.153

Reputation: 2 767