Who is this theif stealing my wireless bandwidth?

Yes I know I can set up a WEP or WAP code that will secure my wireless router. However, before I do that, I want to know who is using my wireless router to get to the Internet.

I am in a remote area (over a mile to the closest neighbor) and there are no other wireless access points showing up when I search for another Wi-Fi network.

However, once or twice a day when I look at the DHCP table I see another computer has connected to my router. (I assume they have located themselves somewhere nearby and then they connect to my wireless router.) It is always the same Computer Name, IP address, and MAC address listed in the table (in addition to mine).

I can ping this computer by it's Name and/or by it's current assigned IP address, so I know they are active and connected. But when I use the "Search For Computers..." in "My Network Places" using the computer's Name or IP address the only answer I get is "Search is complete. there are no results to display."

My questions:

Assuming that they have file sharing and other similar services turned on, how does the bandwith theif "hide" there computer from the "Search For Computers..." in My Network Places?

Or, is there another method, other than ping, to find who owns this computer by using the MAC or IP address?

And, If they can hide from me, what method can I use to "hide" my computer from them? I guessing they are able to "break into my machine" if they can log onto my local network and see it, right?

Thanks, bva7
Who is Participating?
sirbountyConnect With a Mentor Commented:
If you think it's a malicious intent, then I'd strongly suggest you implement some security now.

Yes, there are potentially ways to 'hack' into the remote PC, but I don't believe those items can be posted on this forum.  Besides, even if you were to get into this user's system, find out who it was, and track them down and ask them to stop - you're still wide open for anyone else to repeat the process...

But then again - who goes hiking with their laptop? :^)
What's the ip address that's being used?  What's the Computer name?

You can setup your router to 'only' give out IP addresses to 'your' MAC address(es).  You can also limit your DHCP addresses to the precise number of systems you're using.  Or, you can simply use static IP addresses and eliminate someone from getting on, easily, by acquiring a lease assignment.  They could still potentially 'guess' your network range, however.

Essentially, you either let them use your network, or you lock it down with security (and take the 'security' overhead hit).
Getting onto your network doesn't guarantee they can hack into your system, but obviously it's the first hurdle out of the way...

As for hiding their computer - they could have their browser service disabled to accomplish that.  You could do the same on your system.  Blackviper used to have a great site for disabling unneeded services - it's not out there anymore, but there are cached copies, like this one http://www.student.dtu.dk/~s011527/blackviper/service411sp2.htm, floating around...

Good luck!
bva7Author Commented:

I already know all of the "tricks" you have mentioned to keep out this theif. And I downloaded all of BlackViper's and the Elder Geek's stuff long ago...but I really want to know who this is? I'm not a hacker so I don't know any of the tricks used to "log" onto the mystery computer. I assume there are some only because I've heard/read of so many times that it does happen.

As for the IP address it is always the "next" one in the list of available addresses like (most of the time). It only changes by one digit if one of my computers has been offline for a few days.

The computer name is a number like those default names used on HP laptops "3045 6549." I assume that it is an HP laptop because we have an older one that came from HP with a similar computer name.

BTW, there is a public hiking trail that is a few hundred yards from my house so I assume this person frequents this trail and is using my wireless when they can get a siginal.

Thanks for the suggestions, bva7

KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

LindyMoffConnect With a Mentor Commented:
Well, you might just want to set up a packet capture to grab data transmitted by your visitor.  Then you can analyze it with Ethereal (www.wireshark.org) or Ntop (www.ntop.org).

If they haven't altered their MAC address, you can tell what make of wireless card they're using, and with nmap (www.insecure.org) you could probably profile their computer to find out what OS they're using and potentially find open / insecure ports on their machine (though if they're smart, they'll know you're scanning them with nmap).
Oh, by the way... if you're concerned about "busting" an offender on your network, it's very difficult to use methods like I described to bring charges against anyone in court.  If you're thinking about collecting evidence for a legal case, I'd call a professional.  It's a lot less work and money to just lock down your system to prevent any further abuse.
Rich RumbleSecurity SamuraiCommented:
A firewall will keep you from seeing them via network neighborhood, windows firewall by default allows ping in, and also file sharing ports, however those are easily turned off, or they might be using a Linux machine or other OS that doesn't use M$ file sharing. A firewall will keep them from breaking into you own pc, but filtering their mac is overall a better scenerio.
To locate them you need to triangulate their position, typically 3 laptops or mobile computers can be used to hone in on them, or if they are stationary one LT can do it. You can get wifi access from a long way off with the proper antennea and line of sight(yagi) will add significantly to the range with an antenna. If your using a booster, and or an antenna and they are doing the same they could actually be miles away especially with line of sight.
Block their mac, allow only your mac(s), turn on WPA etc... set it and forget it.
mahe2000Connect With a Mentor Commented:
you can find who this guyis  buy getting closer to him... you can use net stumbler (www.netstumbler.com/) to see when the signal of your neighbour is getting stronger so you can find him fisically (you will need a laptop to do this)
Scott CSenior Systems EnginerCommented:
I would just put security on your router and call it a day.

Tracking somebody down in the woods who is stealing internet access isn't worth getting shot over.

Who knows if this person has a gun or not?

And even if you track them down...what are you going to do/say?

Not worth it in my opinion.

I have to take the sides of what I lot of people have said here.  This person has nothing better to do than to steal your bandwidth, then they are a loser.  Just secure your network...  or as my SAN manager would say... "Zip up your fly and stop flapping it in the wind!"  ;-D   Some routers will let you allocate only a certain amount of bandwidth to a specified MAC addy.  If you can do that, you could always take him down to 56k.  

I had a problem with a person trying to get into my Wireless about a year ago.  I am secured, but he was trying, and sitting right in front of my house while doing it.  The police were able to get the guy in this case.

It is entirely possible (probable?) that a device with wireless connectivity is simply within reach of your network.  Many new phones now have wireless capabilities, as do PSPs...  These devices automatically connect to any open networks.
bva7Author Commented:
To all that have responded to this question, thanks.

I have been traveling the past few days and have had a few connection problems too, so I have not had a chance to follow-up on all your suggestions. However, I did find this URL http://manageengine.adventnet.com/products/wifi-manager/rogue-detection-and-blocking-whitepaper.html that seems to offer some ideas that will help locate this individual...who is apparently using a PDA or similar device to steal bandwidth.

To all those who suggest that I lock down my Wi-Fi, I must refer you to my first sentence in my original question "Yes I know I can set up a WEP or WAP code that will secure my wireless router. However, before I do that, I want to know who is using my Wi-Fi to get to the Internet."

And I'm not afraid of this person and do not intend to confront them. I suspect they may be connected with the "law" as in police, forest ranger, DEA or most any of those types who would be using such a device in a remote local. You see, cell-phone service is skimpy in my area...and that may be the reason they may be using any open Wi-Fi for communication.

It is not that big of an issue...yet. I've got my computers locked down or disconnected from my LAN most of the time. I'm just curious, and thought there was a method of tracking down such characters. Apparently it is not that easy to get any information on bandwidth thieves. Not the smart ones anyway.

Again thanks for all the suggestions, bva7
Rich RumbleConnect With a Mentor Security SamuraiCommented:
It's the wireless aspect that makes it hard to track, same issues folks such as the FCC struggled with for sometime to track down rouge radio stations, they developed specialized equipment to track down the signal. The paper you linked to is for rouge AP's not rouge wifi "vampires", your wireless router is the AP (commonly referred to as a WAP. The principals are still about the same however.
jhanceConnect With a Mentor Commented:
Sounds like you're running an OPEN network.  Shame on you!  It's the same as leaving your doors unlocked AND putting out a sign that says "Come on in..."  It's entirely reasonable, in my opinion, to assume that an open network is open by design and that I'm welcome to use it.

WEP, while insecure, is at least a locked door and an unauthorized user must break the key.  That's not overly difficult but, and this is important, he must specifically break the key and can no longer claim that he believed it was an "open" and public WiFi access point.

WPA or WPA2 are significant more secure and I would recommend either one as a solution to your problem.  These are breakable (this has been demonstrated) but the time and resources needed are so great as to make other ways of hacking your network more attractive.

Take down your "come on in..." sign.  Lock your doors with a secure lock, and this problem will stop.
Rich RumbleSecurity SamuraiCommented:
Top security and cryptography expert Bruce Schneier leaves his wifi totally open, he uses IDS and firewalls, the IDS for keeping track of potential abusers, and the firewalls to keep folks off his lan. If someone starts hacking from your open WAP, and that activity gets traced down to your internet connection, without logging and or IDS it's going to be tougher to prove you did not do the attack yourself, you will be the suspect not some rouge bandwidth vampire...
there is no real way to determine too much about the person using the machine.

if you know the user is using windows then using nbtstat -a <ipaddress> will tell you some of the netbios information about the computer.
if the person is lax about the secutiy then you could use WMI to attach to the computer and and get more computer information such as usernames etc, but this is assuming the person has left the default useraccounts intact then using the computer manager could give you some more information,

but i would suggest that you just forget about it and implement some security on the wireless network, and forget about it.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.