Solved

Who is this theif stealing my wireless bandwidth?

Posted on 2006-11-20
17
4,400 Views
Last Modified: 2009-07-29
Yes I know I can set up a WEP or WAP code that will secure my wireless router. However, before I do that, I want to know who is using my wireless router to get to the Internet.

I am in a remote area (over a mile to the closest neighbor) and there are no other wireless access points showing up when I search for another Wi-Fi network.

However, once or twice a day when I look at the DHCP table I see another computer has connected to my router. (I assume they have located themselves somewhere nearby and then they connect to my wireless router.) It is always the same Computer Name, IP address, and MAC address listed in the table (in addition to mine).

I can ping this computer by it's Name and/or by it's current assigned IP address, so I know they are active and connected. But when I use the "Search For Computers..." in "My Network Places" using the computer's Name or IP address the only answer I get is "Search is complete. there are no results to display."

My questions:

Assuming that they have file sharing and other similar services turned on, how does the bandwith theif "hide" there computer from the "Search For Computers..." in My Network Places?

Or, is there another method, other than ping, to find who owns this computer by using the MAC or IP address?

And, If they can hide from me, what method can I use to "hide" my computer from them? I guessing they are able to "break into my machine" if they can log onto my local network and see it, right?

Thanks, bva7
0
Comment
Question by:bva7
  • 3
  • 2
  • 2
  • +7
17 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 17979691
What's the ip address that's being used?  What's the Computer name?

You can setup your router to 'only' give out IP addresses to 'your' MAC address(es).  You can also limit your DHCP addresses to the precise number of systems you're using.  Or, you can simply use static IP addresses and eliminate someone from getting on, easily, by acquiring a lease assignment.  They could still potentially 'guess' your network range, however.

Essentially, you either let them use your network, or you lock it down with security (and take the 'security' overhead hit).
Getting onto your network doesn't guarantee they can hack into your system, but obviously it's the first hurdle out of the way...

As for hiding their computer - they could have their browser service disabled to accomplish that.  You could do the same on your system.  Blackviper used to have a great site for disabling unneeded services - it's not out there anymore, but there are cached copies, like this one http://www.student.dtu.dk/~s011527/blackviper/service411sp2.htm, floating around...

Good luck!
0
 

Author Comment

by:bva7
ID: 17979902
sirbounty,

I already know all of the "tricks" you have mentioned to keep out this theif. And I downloaded all of BlackViper's and the Elder Geek's stuff long ago...but I really want to know who this is? I'm not a hacker so I don't know any of the tricks used to "log" onto the mystery computer. I assume there are some only because I've heard/read of so many times that it does happen.

As for the IP address it is always the "next" one in the list of available addresses like 192.168.1.102 (most of the time). It only changes by one digit if one of my computers has been offline for a few days.

The computer name is a number like those default names used on HP laptops "3045 6549." I assume that it is an HP laptop because we have an older one that came from HP with a similar computer name.

BTW, there is a public hiking trail that is a few hundred yards from my house so I assume this person frequents this trail and is using my wireless when they can get a siginal.

Thanks for the suggestions, bva7

0
 
LVL 67

Accepted Solution

by:
sirbounty earned 100 total points
ID: 17979988
If you think it's a malicious intent, then I'd strongly suggest you implement some security now.

Yes, there are potentially ways to 'hack' into the remote PC, but I don't believe those items can be posted on this forum.  Besides, even if you were to get into this user's system, find out who it was, and track them down and ask them to stop - you're still wide open for anyone else to repeat the process...

But then again - who goes hiking with their laptop? :^)
0
 
LVL 6

Assisted Solution

by:LindyMoff
LindyMoff earned 100 total points
ID: 17980208
Well, you might just want to set up a packet capture to grab data transmitted by your visitor.  Then you can analyze it with Ethereal (www.wireshark.org) or Ntop (www.ntop.org).

If they haven't altered their MAC address, you can tell what make of wireless card they're using, and with nmap (www.insecure.org) you could probably profile their computer to find out what OS they're using and potentially find open / insecure ports on their machine (though if they're smart, they'll know you're scanning them with nmap).
0
 
LVL 6

Expert Comment

by:LindyMoff
ID: 17980269
Oh, by the way... if you're concerned about "busting" an offender on your network, it's very difficult to use methods like I described to bring charges against anyone in court.  If you're thinking about collecting evidence for a legal case, I'd call a professional.  It's a lot less work and money to just lock down your system to prevent any further abuse.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17980440
A firewall will keep you from seeing them via network neighborhood, windows firewall by default allows ping in, and also file sharing ports, however those are easily turned off, or they might be using a Linux machine or other OS that doesn't use M$ file sharing. A firewall will keep them from breaking into you own pc, but filtering their mac is overall a better scenerio.
To locate them you need to triangulate their position, typically 3 laptops or mobile computers can be used to hone in on them, or if they are stationary one LT can do it. You can get wifi access from a long way off with the proper antennea and line of sight(yagi) will add significantly to the range with an antenna. If your using a booster, and or an antenna and they are doing the same they could actually be miles away especially with line of sight.
Block their mac, allow only your mac(s), turn on WPA etc... set it and forget it.
http://wardriving.com/antenna.php
-rich
0
 
LVL 3

Assisted Solution

by:mahe2000
mahe2000 earned 100 total points
ID: 17982703
you can find who this guyis  buy getting closer to him... you can use net stumbler (www.netstumbler.com/) to see when the signal of your neighbour is getting stronger so you can find him fisically (you will need a laptop to do this)
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 29

Expert Comment

by:ScottCha
ID: 17982955
I would just put security on your router and call it a day.

Tracking somebody down in the woods who is stealing internet access isn't worth getting shot over.

Who knows if this person has a gun or not?

And even if you track them down...what are you going to do/say?

Not worth it in my opinion.
0
 

Expert Comment

by:SRWright
ID: 17989136


I have to take the sides of what I lot of people have said here.  This person has nothing better to do than to steal your bandwidth, then they are a loser.  Just secure your network...  or as my SAN manager would say... "Zip up your fly and stop flapping it in the wind!"  ;-D   Some routers will let you allocate only a certain amount of bandwidth to a specified MAC addy.  If you can do that, you could always take him down to 56k.  

I had a problem with a person trying to get into my Wireless about a year ago.  I am secured, but he was trying, and sitting right in front of my house while doing it.  The police were able to get the guy in this case.

0
 
LVL 7

Expert Comment

by:killbrad
ID: 18005900
It is entirely possible (probable?) that a device with wireless connectivity is simply within reach of your network.  Many new phones now have wireless capabilities, as do PSPs...  These devices automatically connect to any open networks.
0
 

Author Comment

by:bva7
ID: 18009823
To all that have responded to this question, thanks.

I have been traveling the past few days and have had a few connection problems too, so I have not had a chance to follow-up on all your suggestions. However, I did find this URL http://manageengine.adventnet.com/products/wifi-manager/rogue-detection-and-blocking-whitepaper.html that seems to offer some ideas that will help locate this individual...who is apparently using a PDA or similar device to steal bandwidth.

To all those who suggest that I lock down my Wi-Fi, I must refer you to my first sentence in my original question "Yes I know I can set up a WEP or WAP code that will secure my wireless router. However, before I do that, I want to know who is using my Wi-Fi to get to the Internet."

And I'm not afraid of this person and do not intend to confront them. I suspect they may be connected with the "law" as in police, forest ranger, DEA or most any of those types who would be using such a device in a remote local. You see, cell-phone service is skimpy in my area...and that may be the reason they may be using any open Wi-Fi for communication.

It is not that big of an issue...yet. I've got my computers locked down or disconnected from my LAN most of the time. I'm just curious, and thought there was a method of tracking down such characters. Apparently it is not that easy to get any information on bandwidth thieves. Not the smart ones anyway.

Again thanks for all the suggestions, bva7
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 100 total points
ID: 18011125
It's the wireless aspect that makes it hard to track, same issues folks such as the FCC struggled with for sometime to track down rouge radio stations, they developed specialized equipment to track down the signal. The paper you linked to is for rouge AP's not rouge wifi "vampires", your wireless router is the AP (commonly referred to as a WAP. The principals are still about the same however.
-rich
0
 
LVL 32

Assisted Solution

by:jhance
jhance earned 100 total points
ID: 18013914
Sounds like you're running an OPEN network.  Shame on you!  It's the same as leaving your doors unlocked AND putting out a sign that says "Come on in..."  It's entirely reasonable, in my opinion, to assume that an open network is open by design and that I'm welcome to use it.

WEP, while insecure, is at least a locked door and an unauthorized user must break the key.  That's not overly difficult but, and this is important, he must specifically break the key and can no longer claim that he believed it was an "open" and public WiFi access point.

WPA or WPA2 are significant more secure and I would recommend either one as a solution to your problem.  These are breakable (this has been demonstrated) but the time and resources needed are so great as to make other ways of hacking your network more attractive.

Take down your "come on in..." sign.  Lock your doors with a secure lock, and this problem will stop.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 18014059
Top security and cryptography expert Bruce Schneier leaves his wifi totally open, he uses IDS and firewalls, the IDS for keeping track of potential abusers, and the firewalls to keep folks off his lan. If someone starts hacking from your open WAP, and that activity gets traced down to your internet connection, without logging and or IDS it's going to be tougher to prove you did not do the attack yourself, you will be the suspect not some rouge bandwidth vampire...
http://news.com.com/2100-1029_3-6088741.html
http://www.schneier.com/blog/archives/2006/06/schneier_asks_t.html
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=692881
http://www.schneier.com/blog/archives/2006/08/stealing_free_w.html
-rich
0
 
LVL 11

Expert Comment

by:Zanemwest
ID: 18194898
there is no real way to determine too much about the person using the machine.

if you know the user is using windows then using nbtstat -a <ipaddress> will tell you some of the netbios information about the computer.
if the person is lax about the secutiy then you could use WMI to attach to the computer and and get more computer information such as usernames etc, but this is assuming the person has left the default useraccounts intact then using the computer manager could give you some more information,

but i would suggest that you just forget about it and implement some security on the wireless network, and forget about it.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now