I am using a DLink DI-624 rev. C router with 2.70 firmware at home.
There is one desktop PC wired to the router and two laptops in the
house that connect wirelessly. I also have a Dell Axim that I connect
wirelessly on occasion. The other day I noticed my log filling up with
many entries stating "Wireless PC Connected." This entry would show up
sometimes every 7 seconds, other times, over 4 minutes would elapse
before another entry. I rebooted the router (and lost my logs) but that
'wireless PC' would connect again within minutes. I had WEP encryption
running but I did not recognize the MAC address for this 'wireless PC'.
I have now enabled MAC filtering and only allowed the home PCs and Axim
access to the router. I will also change the WEP from 64 bit to 128 bit
and change the key. I cannot switch to WPA without cutting my Axim off
(it does not support WPA). Now that unidentified PC does not show up as
being connected. I had run Shields Up! before this and no ports were
open. My questions are:
1. This may be obvious, but did one of my neighbors manage to figure
out my WEP code and get into my network? I am assuming that since the
log said it was a wireless PC, it had to be someone within range of the
router.
2. Why the frequent connections? Was it possibly a poor connection and
the neighbor just kept connecting over and over?
3. I never saw any "DHCP lease IP ### to" information for the wireless
PC. I do see that when one of the authorized PCs logs on. What does
that mean? Did that help me in any way when the unauthorized PC logged
on (the fact that no DHCP was leased to the 'wireless pc')?
Sorry for the basic questions. Thanks for any help.
sehale wrote:
> I am using a DLink DI-624 rev. C router with 2.70 firmware at home.
> There is one desktop PC wired to the router and two laptops in the
> house that connect wirelessly. I also have a Dell Axim that I connect
> wirelessly on occasion. The other day I noticed my log filling up with
> many entries stating "Wireless PC Connected." This entry would show up
> sometimes every 7 seconds, other times, over 4 minutes would elapse
> before another entry. I rebooted the router (and lost my logs) but
> that 'wireless PC' would connect again within minutes. I had WEP
> encryption running but I did not recognize the MAC address for this
> 'wireless PC'. I have now enabled MAC filtering and only allowed the
> home PCs and Axim access to the router. I will also change the WEP
> from 64 bit to 128 bit and change the key. I cannot switch to WPA
> without cutting my Axim off (it does not support WPA). Now that
> unidentified PC does not show up as being connected. I had run
> Shields Up! before this and no ports were open. My questions are:
>
> 1. This may be obvious, but did one of my neighbors manage to figure
> out my WEP code and get into my network? I am assuming that since the
> log said it was a wireless PC, it had to be someone within range of
> the router.
> 2. Why the frequent connections? Was it possibly a poor connection and
> the neighbor just kept connecting over and over?
> 3. I never saw any "DHCP lease IP ### to" information for the wireless
> PC. I do see that when one of the authorized PCs logs on. What does
> that mean? Did that help me in any way when the unauthorized PC logged
> on (the fact that no DHCP was leased to the 'wireless pc')?
>
>
> Sorry for the basic questions. Thanks for any help.
It might have been entirely innocent. Some wireless cards, set up for
ad-hoc networking, will search on the strongest signal repeatedly. Your
Axim will do this while waiting for you to select a network if the radio
is turned; you can verify this in the wireless log. If you were hacked,
the foreign MAC address should have been reported in the router's DHCP
client table and in the MAC address filtering table (depending on the
router, not all have a dynamic MAC address table). A connection has to
first be made to begin negotiating with the router, so the fact of
connection is more or less innocuous, IMO, since there was no
authorization for an IP address (i.e., WEP worked).
You are caught behind the security curve, as I am, with expensive
devices that predate WPA. The only interim solution is to do as you did
to enhance network security.
Very interesting. Thank you for sharing your insights. I am obviously
no expert at this but I was wondering why there were so many attempts
with no DHCP request or lease. However, the MAC address indicated it
was a Cisco brand and I don't know of anything in the house with that.
I may bite the bullet and increase the security to WPA at the expense
of the Axim. Thanks again. I will monitor this and post back anything
else.
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
In <1130433353.062489.75320@g14g2000cwa.googlegroups. com> on 27 Oct 2005
10:15:53 -0700, "sehale" <sehale@comcast.net> wrote:
>I am using a DLink DI-624 rev. C router with 2.70 firmware at home.
>There is one desktop PC wired to the router and two laptops in the
>house that connect wirelessly. I also have a Dell Axim that I connect
>wirelessly on occasion. The other day I noticed my log filling up with
>many entries stating "Wireless PC Connected." This entry would show up
>sometimes every 7 seconds, other times, over 4 minutes would elapse
>before another entry. I rebooted the router (and lost my logs) but that
>'wireless PC' would connect again within minutes. I had WEP encryption
>running but I did not recognize the MAC address for this 'wireless PC'.
>I have now enabled MAC filtering and only allowed the home PCs and Axim
>access to the router. I will also change the WEP from 64 bit to 128 bit
>and change the key. I cannot switch to WPA without cutting my Axim off
>(it does not support WPA). Now that unidentified PC does not show up as
>being connected. I had run Shields Up! before this and no ports were
>open. My questions are:
>
>1. This may be obvious, but did one of my neighbors manage to figure
>out my WEP code and get into my network? I am assuming that since the
>log said it was a wireless PC, it had to be someone within range of the
>router.
That's probably what happened. 64-bit WEP is laughably easy to crack.
>2. Why the frequent connections? Was it possibly a poor connection and
>the neighbor just kept connecting over and over?
Yes.
>3. I never saw any "DHCP lease IP ### to" information for the wireless
>PC. I do see that when one of the authorized PCs logs on. What does
>that mean? Did that help me in any way when the unauthorized PC logged
>on (the fact that no DHCP was leased to the 'wireless pc')?
The intruder may have a static configuration.
Switching to 128-bit WEP is better than nothing, but not much, and MAC address
filtering is pretty much worthless. I strongly advise upgrading the Axim and
everything else to WPA (with a long strong passphrase), and in the meantime
changing your WEP key frequently.
--
Best regards, HELP FOR CINGULAR GSM & SONY ERICSSON PHONES:
John Navas <http://navasgrp.home.att.net/#Cingular>
Very interesting. Thank you for sharing your insights. I am obviously
no expert at this but I was wondering why there were so many attempts
with no DHCP request or lease. However, the MAC address indicated it
was a Cisco brand and I don't know of anything in the house with that.
I may bite the bullet and increase the security to WPA at the expense
of the Axim. Thanks again. I will monitor this and post back anything
else.
Informational update: When I got home, I changed the WEP to 128 bit
encryption with a new passphrase. I then tried to connect my Axim to the
network while watching the router log. An entry appeared showing that a
wireless pc had connected (obviously not the unidentified one whose MAC
address I did not recognize). On the Axim, it showed me as connected to the
network, but I could not get onto the internet. I deleted the settings on
the Axim, put in the new WEP info, and connected again. This time the same
'wireless pc connected' message appeared in the router log which was
immediately followed by a DHCP lease entry and my Axim's name. That tells
my limited mind that perhaps Quaoar's opinion that the entries I saw
previously from the unknown computer were innocuous and did not actually get
all the way through. There were no other entries on the log since I added
the MAC filtering last night.
The Dell Axim is an x3i and in it's current state, is not capable of WPA
encryption. There is a discussion ongoing in the Aximsite forum about using
3rd party apps (Odyssey, etc.) for WPA capability but it has not been
confirmed yet.
Thanks again to all for the time and advice.
"sehale" <sehale@comcast.net> wrote in message
news:1130433353.062489.75320@g14g2000cwa.googlegro ups.com...
>I am using a DLink DI-624 rev. C router with 2.70 firmware at home.
> There is one desktop PC wired to the router and two laptops in the
> house that connect wirelessly. I also have a Dell Axim that I connect
> wirelessly on occasion. The other day I noticed my log filling up with
> many entries stating "Wireless PC Connected." This entry would show up
> sometimes every 7 seconds, other times, over 4 minutes would elapse
> before another entry. I rebooted the router (and lost my logs) but that
> 'wireless PC' would connect again within minutes. I had WEP encryption
> running but I did not recognize the MAC address for this 'wireless PC'.
> I have now enabled MAC filtering and only allowed the home PCs and Axim
> access to the router. I will also change the WEP from 64 bit to 128 bit
> and change the key. I cannot switch to WPA without cutting my Axim off
> (it does not support WPA). Now that unidentified PC does not show up as
> being connected. I had run Shields Up! before this and no ports were
> open. My questions are:
>
> 1. This may be obvious, but did one of my neighbors manage to figure
> out my WEP code and get into my network? I am assuming that since the
> log said it was a wireless PC, it had to be someone within range of the
> router.
> 2. Why the frequent connections? Was it possibly a poor connection and
> the neighbor just kept connecting over and over?
> 3. I never saw any "DHCP lease IP ### to" information for the wireless
> PC. I do see that when one of the authorized PCs logs on. What does
> that mean? Did that help me in any way when the unauthorized PC logged
> on (the fact that no DHCP was leased to the 'wireless pc')?
>
>
> Sorry for the basic questions. Thanks for any help.
>
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
In <3OydnSfmsNVH2_zeRVn-tA@comcast.com> on Thu, 27 Oct 2005 17:27:57 -0400,
"Shawn E. Hale" <SEHaleNOSPAM1@Comcast.net> wrote:
>Informational update: When I got home, I changed the WEP to 128 bit
>encryption with a new passphrase. I then tried to connect my Axim to the
>network while watching the router log. An entry appeared showing that a
>wireless pc had connected (obviously not the unidentified one whose MAC
>address I did not recognize). On the Axim, it showed me as connected to the
>network, but I could not get onto the internet. I deleted the settings on
>the Axim, put in the new WEP info, and connected again. This time the same
>'wireless pc connected' message appeared in the router log which was
>immediately followed by a DHCP lease entry and my Axim's name. That tells
>my limited mind that perhaps Quaoar's opinion that the entries I saw
>previously from the unknown computer were innocuous and did not actually get
>all the way through.
Not necessarily -- as noted in my prior response, the intruder could have a
static configuration.
>There were no other entries on the log since I added
>the MAC filtering last night.
I suggest you continue to keep an eye on it.
>The Dell Axim is an x3i and in it's current state, is not capable of WPA
>encryption. There is a discussion ongoing in the Aximsite forum about using
>3rd party apps (Odyssey, etc.) for WPA capability but it has not been
>confirmed yet.
>
>Thanks again to all for the time and advice.
>
>"sehale" <sehale@comcast.net> wrote in message
>news:1130433353.062489.75320@g14g2000cwa.googlegr oups.com...
>>I am using a DLink DI-624 rev. C router with 2.70 firmware at home.
>> There is one desktop PC wired to the router and two laptops in the
>> house that connect wirelessly. I also have a Dell Axim that I connect
>> wirelessly on occasion. The other day I noticed my log filling up with
>> many entries stating "Wireless PC Connected." This entry would show up
>> sometimes every 7 seconds, other times, over 4 minutes would elapse
>> before another entry. I rebooted the router (and lost my logs) but that
>> 'wireless PC' would connect again within minutes. I had WEP encryption
>> running but I did not recognize the MAC address for this 'wireless PC'.
>> I have now enabled MAC filtering and only allowed the home PCs and Axim
>> access to the router. I will also change the WEP from 64 bit to 128 bit
>> and change the key. I cannot switch to WPA without cutting my Axim off
>> (it does not support WPA). Now that unidentified PC does not show up as
>> being connected. I had run Shields Up! before this and no ports were
>> open. My questions are:
>>
>> 1. This may be obvious, but did one of my neighbors manage to figure
>> out my WEP code and get into my network? I am assuming that since the
>> log said it was a wireless PC, it had to be someone within range of the
>> router.
>> 2. Why the frequent connections? Was it possibly a poor connection and
>> the neighbor just kept connecting over and over?
>> 3. I never saw any "DHCP lease IP ### to" information for the wireless
>> PC. I do see that when one of the authorized PCs logs on. What does
>> that mean? Did that help me in any way when the unauthorized PC logged
>> on (the fact that no DHCP was leased to the 'wireless pc')?
>>
>>
>> Sorry for the basic questions. Thanks for any help.
>>
>
--
Best regards, HELP FOR CINGULAR GSM & SONY ERICSSON PHONES:
John Navas <http://navasgrp.home.att.net/#Cingular>
Jeff Liebermann wrote:
> On 27 Oct 2005 10:15:53 -0700, "sehale" <sehale@comcast.net> wrote:
>
>> I am using a DLink DI-624 rev. C router with 2.70 firmware at home.
>
> Good description.
>
>> I also have a Dell Axim that I connect
>> wirelessly on occasion.
>
> Bad description. What model Dell Axim?
>
> Some models have a built in WPA client. Others allow for add in
> software such as the Odessy client.
>
> http://www.uow.edu.au/its/wireless/guides/pda.pdf
> http://8help.osu.edu/2675.html
> http://www.funk.com/radius/wlan/wlan_c_radius.asp
The Axim X50v does come with Odyssey. Unfortunately, it also comes with
practically no useful information on setting it up so users ignore its
capabilities.
wireless PC connected to network connection 
Linear Mode
