Other users connecting to my router

permalink · #1 (**permalink**) 01-01-2007, 03:39 PM

Hi

I have noticed that at various times in the day, multiple machines are
connected to my router. I have recently set up WEP encryption and
thought it was working (my machine can't connect without my key) but I
still see more machines connected than I have... there are only 2
machines in the household but I get up to 3 wireless devices connected
according to the Netgear DG834G's admin console.... I have the device's
mac address but that's all... anyway of ensuring that people can't use
my connection? Am I missing some part of setting up security?

Thanks

i.

permalink · #2 (**permalink**) 01-01-2007, 05:29 PM

On Jan 1, 8:39 am, i...@goshorti.com wrote:
> I have noticed that at various times in the day, multiple machines are
> connected to my router. I have recently set up WEP encryption and
> thought it was working (my machine can't connect without my key) but I
> still see more machines connected than I have... there are only 2
> machines in the household but I get up to 3 wireless devices connected
> according to the Netgear DG834G's admin console.... I have the device's
> mac address but that's all... anyway of ensuring that people can't use
> my connection? Am I missing some part of setting up security?

WEP encryption isn't very good and is easily cracked. I suggest you
switch to WPA which offers better security.

What's happening is that you're seeing users connecting to your router,
but probably not obtaining an IP address. There's some page in your
DG834G which shows the IP addresses that have been issued by DHCP.
You'll probably find your own devices (those with a WEP key), but not
those that are shown to be "connected". Without an IP address, those
connections can't do anything. (No, assigning a statis IP address
isn't going to do anything. Keep reading).

The problem is that the router needs to allow literally any client to
first "connect" before it can exchange encryption keys, authenticate,
check the MAC address filter, and so on. What you'll see is the
initial connection, the clients MAC address, but that's all. Having
failed to exchange WEP keys, the entry just sits in the log, no traffic
moves, and no access to your LAN. It's kinda a chicken or egg problem.
The access point needs to allow a wireless connection before it can
reject the connection. What's happening is that some user has their
Windoze Wireless Zero Config setup to "connect to any available
wireless network" where it scans for random access points and
sequentially attempts to connect to any and all of them.

If you're paranoid, you can always add the mystery MAC address to the
MAC address filter blocked list.

permalink · #3 (**permalink**) 01-01-2007, 07:08 PM

"Jeff Liebermann" <jeffl@comix.santa-cruz.ca.us> wrote in message
news:1167676183.838521.287350@s34g2000cwa.googlegr oups.com...
> On Jan 1, 8:39 am, i...@goshorti.com wrote:
> > I have noticed that at various times in the day, multiple machines are
> > connected to my router. I have recently set up WEP encryption and
> > thought it was working (my machine can't connect without my key) but I
> > still see more machines connected than I have... there are only 2
> > machines in the household but I get up to 3 wireless devices connected
> > according to the Netgear DG834G's admin console.... I have the device's
> > mac address but that's all... anyway of ensuring that people can't use
> > my connection? Am I missing some part of setting up security?
>
> WEP encryption isn't very good and is easily cracked. I suggest you
> switch to WPA which offers better security.
>
> What's happening is that you're seeing users connecting to your router,
> but probably not obtaining an IP address. There's some page in your
> DG834G which shows the IP addresses that have been issued by DHCP.
> You'll probably find your own devices (those with a WEP key), but not
> those that are shown to be "connected". Without an IP address, those
> connections can't do anything. (No, assigning a statis IP address
> isn't going to do anything. Keep reading).
>
> The problem is that the router needs to allow literally any client to
> first "connect" before it can exchange encryption keys, authenticate,
> check the MAC address filter, and so on. What you'll see is the
> initial connection, the clients MAC address, but that's all. Having
> failed to exchange WEP keys, the entry just sits in the log, no traffic
> moves, and no access to your LAN. It's kinda a chicken or egg problem.
> The access point needs to allow a wireless connection before it can
> reject the connection. What's happening is that some user has their
> Windoze Wireless Zero Config setup to "connect to any available
> wireless network" where it scans for random access points and
> sequentially attempts to connect to any and all of them.
>
> If you're paranoid, you can always add the mystery MAC address to the
> MAC address filter blocked list.

Or if your router is capable. Just have your router allow the MAC addresses
of the computers in your home.
>

permalink · #4 (**permalink**) 01-02-2007, 08:26 AM

Thanks Jeff and Dana - much appreciated.

My paranoia is subsiding...

permalink · #5 (**permalink**) 01-03-2007, 01:11 PM

> Or if your router is capable. Just have your router allow the MAC
addresses
> of the computers in your home.

This offers a somewhat false sense of security and can be a problem later.
If you turn on MAC filtering and forget about it you'll have a devil of a
time trying to figure out why a replacement card isn't working. Or why a
guest can't use the network. That and if someone else wanted to steal
access all they have to do is listen to the wireless signals, see one of
your legitimate MAC addresses being broadcast and change their computer to
use that address. This adds a whole other layer of debugging hassles as
duplicate MAC addresses are a real no-no on networks. Best to switch to WPA
and leave it at that.

permalink · #6 (**permalink**) 01-03-2007, 04:40 PM

"Bill Kearney" <wkearney-99@hot-mail-com> hath wroth:

>> Or if your router is capable. Just have your router allow the MAC
>addresses
>> of the computers in your home.

>This offers a somewhat false sense of security and can be a problem later.
>If you turn on MAC filtering and forget about it you'll have a devil of a
>time trying to figure out why a replacement card isn't working. Or why a
>guest can't use the network. That and if someone else wanted to steal
>access all they have to do is listen to the wireless signals, see one of
>your legitimate MAC addresses being broadcast and change their computer to
>use that address. This adds a whole other layer of debugging hassles as
>duplicate MAC addresses are a real no-no on networks. Best to switch to WPA
>and leave it at that.

That's why I originally suggested that the MAC filter be used to
"block" the neighbors MAC address, and not use the more obvious
"allow" feature. However, it wasn't due to security or usability
issues. It's just the way I've found effective to controlling my
neighborhood wireless LAN. New machines appear and disappear all the
time. When skool is out, laptops and game machines arrive from
college. I don't want to deal with these individually. What I do is
monitor the traffic. If I see excessive traffic (usually a virus or
worm), or abuse (file sharing), then I just block the culprits MAC
address. They can of course change their MAC address and circumvent
the block, but so far, that hasn't happened.

--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558