Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Who is this theif stealing my wireless bandwidth?

Posted on 2006-11-20
Medium Priority
Last Modified: 2009-07-29
Yes I know I can set up a WEP or WAP code that will secure my wireless router. However, before I do that, I want to know who is using my wireless router to get to the Internet.

I am in a remote area (over a mile to the closest neighbor) and there are no other wireless access points showing up when I search for another Wi-Fi network.

However, once or twice a day when I look at the DHCP table I see another computer has connected to my router. (I assume they have located themselves somewhere nearby and then they connect to my wireless router.) It is always the same Computer Name, IP address, and MAC address listed in the table (in addition to mine).

I can ping this computer by it's Name and/or by it's current assigned IP address, so I know they are active and connected. But when I use the "Search For Computers..." in "My Network Places" using the computer's Name or IP address the only answer I get is "Search is complete. there are no results to display."

My questions:

Assuming that they have file sharing and other similar services turned on, how does the bandwith theif "hide" there computer from the "Search For Computers..." in My Network Places?

Or, is there another method, other than ping, to find who owns this computer by using the MAC or IP address?

And, If they can hide from me, what method can I use to "hide" my computer from them? I guessing they are able to "break into my machine" if they can log onto my local network and see it, right?

Thanks, bva7
Question by:bva7
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +7
LVL 67

Expert Comment

ID: 17979691
What's the ip address that's being used?  What's the Computer name?

You can setup your router to 'only' give out IP addresses to 'your' MAC address(es).  You can also limit your DHCP addresses to the precise number of systems you're using.  Or, you can simply use static IP addresses and eliminate someone from getting on, easily, by acquiring a lease assignment.  They could still potentially 'guess' your network range, however.

Essentially, you either let them use your network, or you lock it down with security (and take the 'security' overhead hit).
Getting onto your network doesn't guarantee they can hack into your system, but obviously it's the first hurdle out of the way...

As for hiding their computer - they could have their browser service disabled to accomplish that.  You could do the same on your system.  Blackviper used to have a great site for disabling unneeded services - it's not out there anymore, but there are cached copies, like this one, floating around...

Good luck!

Author Comment

ID: 17979902

I already know all of the "tricks" you have mentioned to keep out this theif. And I downloaded all of BlackViper's and the Elder Geek's stuff long ago...but I really want to know who this is? I'm not a hacker so I don't know any of the tricks used to "log" onto the mystery computer. I assume there are some only because I've heard/read of so many times that it does happen.

As for the IP address it is always the "next" one in the list of available addresses like (most of the time). It only changes by one digit if one of my computers has been offline for a few days.

The computer name is a number like those default names used on HP laptops "3045 6549." I assume that it is an HP laptop because we have an older one that came from HP with a similar computer name.

BTW, there is a public hiking trail that is a few hundred yards from my house so I assume this person frequents this trail and is using my wireless when they can get a siginal.

Thanks for the suggestions, bva7

LVL 67

Accepted Solution

sirbounty earned 400 total points
ID: 17979988
If you think it's a malicious intent, then I'd strongly suggest you implement some security now.

Yes, there are potentially ways to 'hack' into the remote PC, but I don't believe those items can be posted on this forum.  Besides, even if you were to get into this user's system, find out who it was, and track them down and ask them to stop - you're still wide open for anyone else to repeat the process...

But then again - who goes hiking with their laptop? :^)
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Assisted Solution

LindyMoff earned 400 total points
ID: 17980208
Well, you might just want to set up a packet capture to grab data transmitted by your visitor.  Then you can analyze it with Ethereal ( or Ntop (

If they haven't altered their MAC address, you can tell what make of wireless card they're using, and with nmap ( you could probably profile their computer to find out what OS they're using and potentially find open / insecure ports on their machine (though if they're smart, they'll know you're scanning them with nmap).

Expert Comment

ID: 17980269
Oh, by the way... if you're concerned about "busting" an offender on your network, it's very difficult to use methods like I described to bring charges against anyone in court.  If you're thinking about collecting evidence for a legal case, I'd call a professional.  It's a lot less work and money to just lock down your system to prevent any further abuse.
LVL 38

Expert Comment

by:Rich Rumble
ID: 17980440
A firewall will keep you from seeing them via network neighborhood, windows firewall by default allows ping in, and also file sharing ports, however those are easily turned off, or they might be using a Linux machine or other OS that doesn't use M$ file sharing. A firewall will keep them from breaking into you own pc, but filtering their mac is overall a better scenerio.
To locate them you need to triangulate their position, typically 3 laptops or mobile computers can be used to hone in on them, or if they are stationary one LT can do it. You can get wifi access from a long way off with the proper antennea and line of sight(yagi) will add significantly to the range with an antenna. If your using a booster, and or an antenna and they are doing the same they could actually be miles away especially with line of sight.
Block their mac, allow only your mac(s), turn on WPA etc... set it and forget it.

Assisted Solution

mahe2000 earned 400 total points
ID: 17982703
you can find who this guyis  buy getting closer to him... you can use net stumbler ( to see when the signal of your neighbour is getting stronger so you can find him fisically (you will need a laptop to do this)
LVL 32

Expert Comment

by:Scott C
ID: 17982955
I would just put security on your router and call it a day.

Tracking somebody down in the woods who is stealing internet access isn't worth getting shot over.

Who knows if this person has a gun or not?

And even if you track them down...what are you going to do/say?

Not worth it in my opinion.

Expert Comment

ID: 17989136

I have to take the sides of what I lot of people have said here.  This person has nothing better to do than to steal your bandwidth, then they are a loser.  Just secure your network...  or as my SAN manager would say... "Zip up your fly and stop flapping it in the wind!"  ;-D   Some routers will let you allocate only a certain amount of bandwidth to a specified MAC addy.  If you can do that, you could always take him down to 56k.  

I had a problem with a person trying to get into my Wireless about a year ago.  I am secured, but he was trying, and sitting right in front of my house while doing it.  The police were able to get the guy in this case.


Expert Comment

ID: 18005900
It is entirely possible (probable?) that a device with wireless connectivity is simply within reach of your network.  Many new phones now have wireless capabilities, as do PSPs...  These devices automatically connect to any open networks.

Author Comment

ID: 18009823
To all that have responded to this question, thanks.

I have been traveling the past few days and have had a few connection problems too, so I have not had a chance to follow-up on all your suggestions. However, I did find this URL that seems to offer some ideas that will help locate this individual...who is apparently using a PDA or similar device to steal bandwidth.

To all those who suggest that I lock down my Wi-Fi, I must refer you to my first sentence in my original question "Yes I know I can set up a WEP or WAP code that will secure my wireless router. However, before I do that, I want to know who is using my Wi-Fi to get to the Internet."

And I'm not afraid of this person and do not intend to confront them. I suspect they may be connected with the "law" as in police, forest ranger, DEA or most any of those types who would be using such a device in a remote local. You see, cell-phone service is skimpy in my area...and that may be the reason they may be using any open Wi-Fi for communication.

It is not that big of an issue...yet. I've got my computers locked down or disconnected from my LAN most of the time. I'm just curious, and thought there was a method of tracking down such characters. Apparently it is not that easy to get any information on bandwidth thieves. Not the smart ones anyway.

Again thanks for all the suggestions, bva7
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 400 total points
ID: 18011125
It's the wireless aspect that makes it hard to track, same issues folks such as the FCC struggled with for sometime to track down rouge radio stations, they developed specialized equipment to track down the signal. The paper you linked to is for rouge AP's not rouge wifi "vampires", your wireless router is the AP (commonly referred to as a WAP. The principals are still about the same however.
LVL 32

Assisted Solution

jhance earned 400 total points
ID: 18013914
Sounds like you're running an OPEN network.  Shame on you!  It's the same as leaving your doors unlocked AND putting out a sign that says "Come on in..."  It's entirely reasonable, in my opinion, to assume that an open network is open by design and that I'm welcome to use it.

WEP, while insecure, is at least a locked door and an unauthorized user must break the key.  That's not overly difficult but, and this is important, he must specifically break the key and can no longer claim that he believed it was an "open" and public WiFi access point.

WPA or WPA2 are significant more secure and I would recommend either one as a solution to your problem.  These are breakable (this has been demonstrated) but the time and resources needed are so great as to make other ways of hacking your network more attractive.

Take down your "come on in..." sign.  Lock your doors with a secure lock, and this problem will stop.
LVL 38

Expert Comment

by:Rich Rumble
ID: 18014059
Top security and cryptography expert Bruce Schneier leaves his wifi totally open, he uses IDS and firewalls, the IDS for keeping track of potential abusers, and the firewalls to keep folks off his lan. If someone starts hacking from your open WAP, and that activity gets traced down to your internet connection, without logging and or IDS it's going to be tougher to prove you did not do the attack yourself, you will be the suspect not some rouge bandwidth vampire...
LVL 11

Expert Comment

ID: 18194898
there is no real way to determine too much about the person using the machine.

if you know the user is using windows then using nbtstat -a <ipaddress> will tell you some of the netbios information about the computer.
if the person is lax about the secutiy then you could use WMI to attach to the computer and and get more computer information such as usernames etc, but this is assuming the person has left the default useraccounts intact then using the computer manager could give you some more information,

but i would suggest that you just forget about it and implement some security on the wireless network, and forget about it.

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
Check out what's been happening in the Experts Exchange community.
Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question