Neighbours wireless network available

Hi - we've recently noticed a "default" wireless network show up when we click "View Available Wireless Networks" on our WinXP pc - we can connect to this network and access the internet. The signal is strong. Is there anyway to identify where this is coming from so we can let them know that they are unsecure? I'd rather not have to knock on every neighbour's door :-)
georgep7Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

atkfrg56Commented:
You can locate the network 2 ways that I know of.

Get a strong Yagi directional antenna that has say 15 degrees of power and you can get the direction of the WAP. You can point the Yagi and follow the signal until you find the house it comes from. Be sure that the Yagi is not too powerful...do not let your signal go over 4 watts of power or you are in violation of the FCC and stuff.

You can get netstumbler which is a free tool at netstumbler.com and use it with a garmin GPS system and it will give exact coordinates of the WAP by walking/driving around your house. This is nice to pinpoint other WAPs in your area and set your WAP channel to something other than their channel to eliminate interference.
0
atkfrg56Commented:
Now that I think about it, if they dont already have their WAP secure its pretty much no hope for them. They would have to pay someone to do it, all the hassles and then upkeep. I set up some neighbors, but the retards reset their WAP and clear settings because the cable company tell them too...then all they need to do is reset cable modem.  

 Even if you use WEP encryption with 64 bit it takes 100mb of packets to crack the WEP key and for 128 bit it takes almost 1GB of data. Also, MAC address filtering is kinda crappy too, chances are you shut off your laptop sometime and then they can clone your MAC address. For my home network I use 128 bit WEP encryption and I turn off the WAP everytime I wont be using it within an hour. I also have a nifty utility that tells me how many MB of packets went through my interface, and when it reaches about 750MB I change the WEP key to be safe. Yes, it is a lot of work but it is worth it!
0
georgep7Author Commented:
Yes, I agree - and that's why I don't want to go knocking on doors, as I'm sure they'll ask me to come in and secure it for them. I thought if I could just pinpoint the house I could drop them an anonympous letter in their mailbox and then it's up to them if they do something about it. While I'm connected to their wireless network no way to determine the pc, email address, something?
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

rindiCommented:
If the signal is so strong it must be a neighbor really close, like right nextdoor, a floor up or down. Wlan signal usually deteriorates fast if you have to go through walls. The best signal is always in direct line of sight...

That being said, as long as the Wlan is only used to access the internet, and not as a lan, the security isn't that important. You could of course use their wlan to connect yourself to the internet, but that is about all. Your neighbors might not care too much about that, since thay probably use a flat rate anyway, so it doesn't matter if others use the same connection.

If on the other hand a lan is involved an unsecure wlan will allow others to eavesdrop and pick up info they shouldn't get...
0
atkfrg56Commented:
well...if you want to just want to "drop them an anonympous letter" then i guess you can connect to their network and do a "net send * hey buddy, your network is unsecure" on a command line. make sure you are on same workgroup, that helps out too. I doubt they are smart enoguh to disable messages.

you can also get their WAN ip if you connect via their router config interface or other methods via visiting websites (dslreports.com)...both while you are on their network, then you can report it to the cable company that they need help with security

if you want their email, you would have to put a packet sniffer on their network...that turns into a gray area because there is no laws specifically saying you cant wardrive or hack networks (no laws that I know of)...but you are stealing their packets. they way most courts look at it that i can see...if they do some security and you hack it then its worse than if they have no security and you hack it.

I like the idea of calling the cable company to take care of it the best aside from not doing anything about it, its simple and keep you out of trouble because of your intent. In my town there are about 150 WAPs and about 25 have full security on them while another 25 have some security featues. Its nice to care about a neighbor....but dont make it your full time job. Its just too much to go around to like 100 houses and secure their network. Its also too much to report the entire city to the cable company too.

0
atkfrg56Commented:
"That being said, as long as the Wlan is only used to access the internet, and not as a lan, the security isn't that important."

*sarcasm*
Yeah, I guess security isnt too important. Because if you enter ANY password into your webbrowser it just send it out into the air like a hub. Oh yeah, not to mention credit card numbers...no big deal if they do over an unencrpted WEP.  But the website has encrytpion of its own....well you have access to picking out *every* packet to and from the computer with the wireless. If you have all the packets, its just a matter of time before you crack them.

I have seen demonstrations of this being done from a windows domain login password, paypal.com and ebay.com logins/passwords and mail servers. Unless you have a WEP key that is not stale (been used too long, compromised) then your passwords are not secure and easy to obtain...use WEP and keep it freash!
0
rindiCommented:
atkfrg56, normally when you send passwords and other sensitive info over the internet, you are using a ssl connection, this means they are using encryption. If they are sent unencrypted, then there isn't any difference if you are sniffing those users via wireless or  by being connected to the internet by physical cable, you can still pick out every packet that way as well.
0
trickys77Commented:
I personally would have a bit of a "friendly hack".  I recently had a similar problem.

First thing you can do is a bit of sniffing.  Basically use a script kiddie tool do find out info about the computers on the network.  The number of computers that are using the connection might give you an indication.  (For example I live in a road full of students so if a large number of computers were connected then it would be reasonable to assume that it would be coming from a student house.  (Either that or everyone in the road is already using the network!!) Secondly this technique might provide information about the systems.  Users often name their computers after things that they can relate to, or even their name...this can be a big give away!!!

Truoble is if they have half a brain they will have a personal firewall installed.  In this case if you sniff your computer may be blocked for x amount of time (in which case change your MAC and IP then reconnect!).  Next thing I would try in this situation is try the default config pages.  These are usually 192.168.0.1 or something similar...but check a few popular wireless router manuals available on the net for these.  In these manuals it will also specifiy the default username and password...usually admin and (no password) or admin and admin.  Good bet that if they haven't used WEP they won't have changed the password.

Once your into this console you will be able to see what computers are connecting and hopefully a bit of info about who is who.

If you manage to get a name or if your lucky like I was and get an email address, it just a case or working out the house where they live......time to bribe the postie!!!

Hope this helps!!

Happy Hacking!
0
trickys77Commented:
Just thought aswell, if you log onto their network and browse to www.adslguide.org.uk and click on speed test and tick the detailed output, it will tell you who the ADSL provider is and the IP address.  Then its just a case of emailing the ADSL company with the date, time and IP and wireless info.
0
atkfrg56Commented:
rindi ,


" normally when you send passwords and other sensitive info over the internet, you are using a ssl connection, this means they are using encryption"
-yes, thats how stuff usually is encrypted over http

"If they are sent unencrypted, **then there isn't any difference if you are sniffing those users via wireless or  by being connected to the internet by physical cable**, you can still pick out every packet that way as well."
-have you ever tried to steal a full spectrum of packets from a **switch** leaving no history trail and being undetected? wireless hacking is like 1 million times easier, and novices can leave no trace.

a very huge difference in tactics and skills to hack wire over wireless. I admit I dont have the skills in hacking wired connection (other than my own which was hard enough to learn and test)...but when testing the wireless networks I secure, its cake to break them in time. Any kid with a laptop/wifi card can hack wireless nowadays within 1 week.
0
DeltaFixCommented:
georgep7,

If your up to the fun of wireless sluthing, which it sounds like you are... check out Netstumbler.  It is a freeware application that can be used for a number of different "applications".  

"What is NetStumbler?
    NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:
  # Verify that your network is set up the way you intended.
  # Find locations with poor coverage in your WLAN.
  # Detect other networks that may be causing interference on your network.
  # Detect unauthorized "rogue" access points in your workplace.
  # Help aim directional antennas for long-haul WLAN links.
  # Use it recreationally for WarDriving."

You may want to see if it will tell you (based on increasing signal strenght) which direction that access point is located.  Good Luck!  Get NetStumbler at (http://www.netstumbler.com/downloads/)

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
atkfrg56Commented:
wow, isnt that awesome now. I posted "netstumbler" in the first post...but yet I got no points or credit for it because its the "accepted answer"
0
georgep7Author Commented:
Sorry atkfrg56 :-( didn't see that in your original post - any way of changing my accepted answer?
0
atkfrg56Commented:
bah, i really dont care anymore. I think I am going to cancel my subscription here anyways because the help for extra tough questions sucks, then again maybe windows just sucks. thx though


http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21219537.html
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.