Question

  • Creator
    Topic
  • #2158580

    Unauthorized wireless access

    Locked

    by tardcart ·

    I have someone accessing my corporate network and I need to figure out what to do to stop/catch this guy.

    I changed my WPA key yesterday and he’s back on today. I attempted to block his mac address, but he appears to be spoofing it.

    Any suggestions other than completely changing my wireless configuration on a daily basis?

    Is there any tool I can use to to track down where this guy is connecting from so I can kick his ass?

All Answers

  • Author
    Replies
    • #2938319

      Clarifications

      by tardcart ·

      In reply to Unauthorized wireless access

      Clarifications

    • #2938313

      Settings

      by unhappyuser ·

      In reply to Unauthorized wireless access

      What are the security settings for the wireless unit? Have you changed the admin username and password or is it still the default?

      EMD

      • #2938202

        Well…

        by tardcart ·

        In reply to Settings

        I use an Apple Airport Extreme and two Airport Express devices extending the network. I have them password protected have WPA setup and SSID turned off.

        It turns out Angry IP Scanner was feeding me false information. The computer it was calling “BILL1” was actually my wife’s MacBook Pro. I had checked every non-domain machine but didn’t think to check hers. It reported all of the other Macs correctly so I forgot about hers. That was until this morning after reconfiguring my wireless with a different SSID, turning off broadcast, making a new ridiculously complex WPA PSK and seeing BILL1 back on my network.

        I’m still not sure why when I denied her mac address on the router she still got in and why her mac address is showing up differently on my 2003 DHCP server, but I’m less worried about that than someone war-driving and trying to break in.

        Three days of pulling my hair out aside, my wireless network and company data are more secure than they were before so I guess it was justified stress. And, I need to find something besides Angry IP Scanner to probe my network.

        • #2938196

          Never underestimate the damage your spouse can do….. :)

          by robo_dev ·

          In reply to Well…

          “you mean the red oil warning light on the car instrument panel does not mean it’s time for an oil change???” 🙂

        • #2938194

          Don’t get me started…

          by pshiflet-24 ·

          In reply to Never underestimate the damage your spouse can do….. :)

          about the picture in front of the thermostat guage! “Why does my car smell hot after I drive it?” Not all Hondas last forever.

        • #2938189

          :) been there, done that

          by robo_dev ·

          In reply to Don’t get me started…

          v/

        • #2937034

          Is all gas the same???

          by todd bennett ·

          In reply to Never underestimate the damage your spouse can do….. :)

          You mean its NOT OK to put regular gas in a 2 cycle engine???

        • #2936784

          My older sister had a 67 Saab that was a 2-cycle engine

          by robo_dev ·

          In reply to Is all gas the same???

          She would ask for a fill-up and tell the attendant to put a quart of oil in the gas tank, which was what you did on those cars.

          When one guy gave her the ‘sweetie’ lecture on engine oil, she popped the hood and told him to find the oil filler cap and dipstick on the engine (there is none, of course).

        • #2936961

          Come on

          by tardcart ·

          In reply to Never underestimate the damage your spouse can do….. :)

          It wasn’t her fault… This time. She’s actually one of the best user I deal with. She had the same XP laptop for 5 years and never screwed it up. The only time I ever had to rienstall whas when the drive finally went bad. Hell, I can’t keep a XP install that long.

        • #2936951

          The Angry Zebra lied to you? Whoa!

          by seanferd ·

          In reply to Well…

          I’d say you should report it to the devs.

          Have you tried a different IP scanner (several come up in a search) or Nessus, nmap, wireshark, etc.? I see a War IP Scanner, sounds serious. Let’s go warcarting!

        • #2936803

          It looks like

          by tardcart ·

          In reply to The Angry Zebra lied to you? Whoa!

          I need to check the scavenge schedule on my DNS server.

          A co-worker brought in a PC this morning for some work my sysadmin had build for him a while ago named…BILL1.

          One of my HP thin clients was showing up as something other than HP+mac address as it’s name a couple of weeks ago. That should have tipped me off that something wasn’t right in DNS land. I sat there scratching my head for hours trying to figure out how the user managed to change the name of the thin client when they have no access to the control panel and the device can’t even be renamed.

          I need more sleep.

Viewing 1 reply thread