Go Back   Wireless and Wifi Forums > Other Networking > Security
Rogue DHCP clients

Rogue DHCP clients

Rogue DHCP clients. Discuss Rogue DHCP clients, on Wireless Forums.

Discuss network security, including IDS (Intrusion Detection System), firewalls and virus scanning.
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 03-18-2008, 08:06 PM
Junior Member
  
Join Date: Jul 2007
Posts: 3
Default Rogue DHCP clients
Hi,

I have a US Robotics ADSL2+ router, model number USR9111, set up working wirelessly to an XP desktop and a Vista Laptop, and also via an ethernet cable an original Xbox (not 360).

I didn't set up any security in the vain hope of gettign a Belkin wireless range extender to work. The range extender is shortly to appear on Ebay.

I belatedly went to set up a WPA password yesterday and noticed two worrying things on the status screen of my router homepage (192.168.2.1).

Firstly, under the 'security logs' section which claims to show attempts to access my network there was a long long entry. A sample is below (1).

Secondly, there are 7 DHCP clients listed (details below (2)).
I am happy with the 'tom' and 'lizlaptop' entries, as these are the names of my desktop and laptop. I assume that one of the others is the xbox, probably the 'w-0be3d686b9104' entry? But the other 4 are a bit worrying - Camilla-PC, shezza-PC, Jiri-PC and a blank one. These have persisted since I applied my WPA security.

Any suggestions on how to boot the rogues DHCP clients off? Is the security log anything I should worry about? Is WEP security 'better' than WPA security?

Thanks,
Tom




1 - Security log -

03/18/2008 11:50:29 **TCP FIN Scan** 192.168.2.7, 1347->> 216.239.59.104, 80 (from ATM1 Outbound)
03/18/2008 11:50:29 **TCP FIN Scan** 192.168.2.7, 1352->> 74.125.77.167, 80 (from ATM1 Outbound)
03/18/2008 11:50:29 **TCP FIN Scan** 192.168.2.7, 1353->> 207.211.65.18, 80 (from ATM1 Outbound)
03/18/2008 11:50:29 **TCP FIN Scan** 192.168.2.7, 1361->> 64.233.183.83, 443 (from ATM1 Outbound)
03/18/2008 11:43:28 **TCP FIN Scan** 192.168.2.7, 1249->> 74.125.77.167, 80 (from ATM1 Outbound)
03/18/2008 11:43:28 **TCP FIN Scan** 192.168.2.7, 1252->> 198.65.131.42, 80 (from ATM1 Outbound)
03/18/2008 11:40:29 192.168.2.7 login success
03/18/2008 11:40:21 sending ACK to 192.168.2.7
03/18/2008 11:40:21 sending OFFER to 192.168.2.7
03/18/2008 10:26:37 sending ACK to 192.168.2.9
03/18/2008 09:40:55 **TCP FIN Scan** 192.168.2.6, 49232->> 216.73.84.17, 80 (from ATM1 Outbound)
03/18/2008 09:40:55 **TCP FIN Scan** 192.168.2.6, 49297->> 62.41.80.80, 80 (from ATM1 Outbound)
03/18/2008 09:40:55 **TCP FIN Scan** 192.168.2.6, 49281->> 62.41.80.81, 80 (from ATM1 Outbound)
03/18/2008 09:40:55 **TCP FIN Scan** 192.168.2.6, 49279->> 213.200.110.71, 80 (from ATM1 Outbound)
03/18/2008 09:40:55 **TCP FIN Scan** 192.168.2.6, 49214->> 213.200.110.80, 80 (from ATM1 Outbound)
03/18/2008 09:40:55 **TCP FIN Scan** 192.168.2.6, 49271->> 78.33.6.11, 80 (from ATM1 Outbound)
03/18/2008 09:40:55 **TCP FIN Scan** 192.168.2.6, 49264->> 217.243.192.25, 80 (from ATM1 Outbound)
03/18/2008 09:40:55 **TCP FIN Scan** 192.168.2.6, 49263->> 78.33.6.75, 80 (from ATM1 Outbound)
03/18/2008 09:40:55 **TCP FIN Scan** 192.168.2.6, 49307->> 69.63.176.38, 80 (from ATM1 Outbound)
03/18/2008 09:40:55 **TCP FIN Scan** 192.168.2.6, 49209->> 213.200.110.79, 80 (from ATM1 Outbound)
03/18/2008 09:37:55 sending ACK to 192.168.2.6
03/18/2008 09:35:53 sending ACK to 192.168.2.6
03/18/2008 09:35:43 **TCP FIN Scan** 64.233.183.17, 443->> 192.168.2.6, 49191 (from ATM1 Inbound)
03/18/2008 09:34:11 sending ACK to 192.168.2.6
03/18/2008 09:33:09 sending ACK to 192.168.2.6
03/18/2008 09:14:34 NTP Date/Time updated.
03/18/2008 07:51:36 sending ACK to 192.168.2.6
03/18/2008 07:26:56 sending ACK to 192.168.2.6
03/18/2008 07:25:47 sending ACK to 192.168.2.6
03/18/2008 07:05:12 sending ACK to 192.168.2.6
03/18/2008 07:01:25 sending ACK to 192.168.2.6
03/18/2008 06:58:47 **SYN Flood to Host** 192.168.2.6, 49646->> 62.80.8.135, 80 (from ATM1 Outbound)
03/18/2008 06:58:46 sending ACK to 192.168.2.6
03/18/2008 06:47:26 sending ACK to 192.168.2.6
03/18/2008 06:46:27 sending ACK to 192.168.2.6
03/18/2008 06:42:27 sending ACK to 192.168.2.6
03/18/2008 06:36:55 **Vecna Scan** 192.168.2.6, 49213->>

2. DHCP clients

ip=192.168.2.2 mac=00-12-F0-E3-50-23 name=w-0be3d686b9104
ip=192.168.2.3 mac=00-13-E8-15-28-75 name=Jiri-PC
ip=192.168.2.5 mac=00-16-44-81-CB-F5 name=shezza-PC
ip=192.168.2.6 mac=00-C0-A8-D6-B2-E2 name=lizlaptop
ip=192.168.2.7 mac=00-19-E0-89-62-4E name=tom
ip=192.168.2.9 mac=00-50-F2-65-97-CB
ip=192.168.2.12 mac=00-C0-A8-DB-38-E1 name=Camilla-PC
Reply With Quote
Reply

« WPA-PSK key help | Lost WEP key and router documentation!! :( »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Possible DNS issue with connection of wireless clients to functionalwired network? raymuskett@yahoo.co.uk alt.internet.wireless 2 11-17-2007 07:02 PM
Re: DHCP doesn't give right IP Jeff Liebermann alt.internet.wireless 0 11-01-2007 08:38 PM
Discover Rogue Access Points with DHCP bdognet Security 0 10-06-2006 06:46 PM
WDS and DHCP woes... Luke122 alt.internet.wireless 8 10-03-2006 12:40 AM
shared wireless setup dhcp problems (long) jacobsbd@yahoo.com alt.internet.wireless 0 10-06-2005 09:06 PM


All times are GMT. The time now is 02:11 PM.

Contact Us - Wireless Support Forum - Archive - Top - Noodles' Blog - Health Forums - Bike Forums

Powered by vBulletin® Version 3.7.0
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0 RC4

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43