How to deal with a bandwith hijacker

glam_racket · 09-05-2007, 23:33

Hi guys,

I'm relatively new at all this wireless router stuff, but after a few trial and errors, have been happily browsing away for a few months, no problems.

In the last week or so, a new family has moved in next door, that's when I noticed that my modem seemed to be unusually busy.

So, I went into the setup on my router (which admittedly wasn't very secure at all) and did all the things I should have done when I first installed it (change the password, enable WPA encryption, block SSID broadcast etc etc).

I enabled the MAC filter and blocked what I can only assume to be the hijacker's MAC address, as it showed in the DHCP client list (shown below)

192.168.2.5 gibbo-PC 00:18:de:d8:43:ef

I'm not called 'gibbo' and neither is any of my PCs

I also installed a piece of software called 'AirSnare' which alerts me to any unfriendly MAC addresses trying to log on.

This, eventually, brings me to my point!

I'm now getting DHCP requests from ffffffffffff on ip 255.255.255

Is this them trying to gain access still or something else?
And, what else, if anything, can I do to protect my precious bandwidth?

I know I've been a bit lax with security here!

Regards,
G Racket

09-05-2007, 23:41

No expert here but for the WEP sniffing attempts, the amount of WEP traffic decreases the time it takes to crack the passkey. It looks to me like an attempt to incease the wireless traffic.
As you are using WAP then shouldn't be a problem. A good long WAP key including non dictionary words decreases the likelihood of anyone cracking the passphrase.

handyman · 10-05-2007, 00:13

Should'nt mac access block stop all that. Even if they had the wep, wpa code they would still be unable to get anything.

glam_racket · 10-05-2007, 00:21

I'd like to think so Handyman, but if I can download software to show me MAC addresses on a network, so can the thief and I know they can be spoofed.

I guess I'm just after some reassurance that I'm doing everything right, now! lol

popper · 10-05-2007, 00:34

you didnt say what router you have but on top of whats already said, the simplest way is to block all MACs and stick to fixed IP addresses then just add in you machines MAC's and the fixed IP and that will usually stop them.

Gareth · 10-05-2007, 00:41

Yep, you're doing all you can. To be honest, as you seem to be aware, hiding SSID and filtering MACs only stops the very casual offender... having a strong WPA key is your best line of defence. The stronger it is, the longer it'd take to crack.

If you're feeling up to it, you could go to extremes and have a WPA Radius server, or you could use 802.1x authentication with EAP, but this is massive overkill and completely unnecessary.

glam_racket · 10-05-2007, 00:43

It's a Belkin F5D7231-4 (version 1212uk)

I'm almost certain I'm not being 'broken into' now.

I can't help but feel violated though!

Gareth · 10-05-2007, 00:45

If you want to get your revenge, open it back up and follow the advice given here... http://www.ex-parrot.com/~pete/upside-down-ternet.html

glam_racket · 10-05-2007, 00:53

Thanks for all the replies, I feel I will sleep a little easier (and wiser!) now.

Raistlin · 10-05-2007, 06:18

You're doing all you can to secure your connection.

If you really wanted to have some fun you could always let them back in, sniff al the packets of data that their sending/receiving, and then have some fun with it.

Eventually you'd get the passwords for all their email accounts, their web accounts (shopping, banking, forums, etc), a good list of all the sites they visit (dodgy or otherwise). You could really go to town.

You could even substitutue packets that he's requested for packets that you want him to have - theoretically sending him anything you like (even some nicely mal-formed packets of data).

Just be aware that he could be doing the same to you though.

papa smurf · 10-05-2007, 07:39

i would let them know your onto them,descreetly of course, and warn my neighbours[the good ones]that theres a t leaf about

10-05-2007, 08:07

Your secure now leave it at that. You should have been secure in the first place. I wouldnt confront your neighbour who prob only stole your bandwidth until his/her internet is set up as you say they only just moved in. I prob would have searched for an unsecure network too just to get me online until im sorted. You never know everybody needs good neightbours,cuz thats when neighbours become good friends

superbiatch · 10-05-2007, 09:35

Quote:

Originally Posted by zinglebarb

Your secure now leave it at that. You should have been secure in the first place. I wouldnt confront your neighbour who prob only stole your bandwidth until his/her internet is set up as you say they only just moved in. I prob would have searched for an unsecure network too just to get me online until im sorted. You never know everybody needs good neightbours,cuz thats when neighbours become good friends

I agree with Zingle (i sung it there with you!).

Raistlin · 10-05-2007, 09:38

So.....

I' ve just moved in next door and haven't had a chance to get to Tesco and buy some bread, milk, coffee, etc.

Whilst I'm admiring my new back garden I notice that you have a left a window open at the back of your house, and decide to climb in and help myself to some refreshments (probably helping myself to some biscuits while I'm there).

That's ok isn't it?

10-05-2007, 09:49

lol Dude your stretching the boundaries. Of course its not right but is it worth falling out with new neighbours over? This could be the start of something neighbours from hell like best to keep stum. Also there is lack of proof its them its all circumstancial evidence chances are it is but without proof you cant confront really