Unauthorized wireless access

By tardcart ·
I have someone accessing my corporate network and I need to figure out what to do to stop/catch this guy.

I changed my WPA key yesterday and he's back on today. I attempted to block his mac address, but he appears to be spoofing it.

Any suggestions other than completely changing my wireless configuration on a daily basis?

Is there any tool I can use to to track down where this guy is connecting from so I can kick his ***?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -


by unhappyuser In reply to Unauthorized wireless acc ...

What are the security settings for the wireless unit? Have you changed the admin username and password or is it still the default?


Collapse -


by tardcart In reply to Settings

I use an Apple Airport Extreme and two Airport Express devices extending the network. I have them password protected have WPA setup and SSID turned off.

It turns out Angry IP Scanner was feeding me false information. The computer it was calling "BILL1" was actually my wife's MacBook Pro. I had checked every non-domain machine but didn't think to check hers. It reported all of the other Macs correctly so I forgot about hers. That was until this morning after reconfiguring my wireless with a different SSID, turning off broadcast, making a new ridiculously complex WPA PSK and seeing BILL1 back on my network.

I'm still not sure why when I denied her mac address on the router she still got in and why her mac address is showing up differently on my 2003 DHCP server, but I'm less worried about that than someone war-driving and trying to break in.

Three days of pulling my hair out aside, my wireless network and company data are more secure than they were before so I guess it was justified stress. And, I need to find something besides Angry IP Scanner to probe my network.

Collapse -

Never underestimate the damage your spouse can do..... :)

by robo_dev In reply to Well...

"you mean the red oil warning light on the car instrument panel does not mean it's time for an oil change???" :)

Collapse -

Don't get me started...

by christianshiflet In reply to Never underestimate the d ...

about the picture in front of the thermostat guage! "Why does my car smell hot after I drive it?" Not all Hondas last forever.

Collapse -

:) been there, done that

by robo_dev In reply to Don't get me started...
Collapse -

Is all gas the same???

by Todd Bennett In reply to Never underestimate the d ...

You mean its NOT OK to put regular gas in a 2 cycle engine???

Collapse -

My older sister had a 67 Saab that was a 2-cycle engine

by robo_dev In reply to Is all gas the same???

She would ask for a fill-up and tell the attendant to put a quart of oil in the gas tank, which was what you did on those cars.

When one guy gave her the 'sweetie' lecture on engine oil, she popped the hood and told him to find the oil filler cap and dipstick on the engine (there is none, of course).

Collapse -

Come on

by tardcart In reply to Never underestimate the d ...

It wasn't her fault... This time. She's actually one of the best user I deal with. She had the same XP laptop for 5 years and never screwed it up. The only time I ever had to rienstall whas when the drive finally went bad. ****, I can't keep a XP install that long.

Collapse -

The Angry Zebra lied to you? Whoa!

by seanferd In reply to Well...

I'd say you should report it to the devs.

Have you tried a different IP scanner (several come up in a search) or Nessus, nmap, wireshark, etc.? I see a War IP Scanner, sounds serious. Let's go warcarting!

Collapse -

It looks like

by tardcart In reply to The Angry Zebra lied to y ...

I need to check the scavenge schedule on my DNS server.

A co-worker brought in a PC this morning for some work my sysadmin had build for him a while ago named...BILL1.

One of my HP thin clients was showing up as something other than HP+mac address as it's name a couple of weeks ago. That should have tipped me off that something wasn't right in DNS land. I sat there scratching my head for hours trying to figure out how the user managed to change the name of the thin client when they have no access to the control panel and the device can't even be renamed.

I need more sleep.

Related Discussions

Related Forums