• 0

[Help] Someone piggybacking on our wireless connection


Question

psyn

Hi Guys,

I've recently moved into a new place and am sharing the internet with a housemate who suspects someone is stealing our ADSL quota (we run on quota based internet here in australia, yes, tell me about it). Normally it wouldnt be an issue detecting and changing passwords and stuff but he's forgotten the password to the router and resetting it would probably get rid of the log files and any records of login details. He has a few suspicions as to who might be doing it but can't find any proof (and is not particularly great at computers and stuff).

Our router is an old one (only allows WEP) and i'm more than happy to get a new router and change it to WPA2. I'm guessing either someone has a hold onto the password or is simply cracking them using Aircrack or other similar tools. Is there any way I can verify if someone is using our wireless connection if i had physical access to their computers?

Cheers

Link to post
Share on other sites

22 answers to this question

Recommended Posts

  • 0
Marshall

What brand of router do you have? Access your routers web based configuration and you can easily see all connections.

Link to post
Share on other sites
  • 0
Piggy

Just get a new router and drop the whole detective deal. It's not worth the headache.

What brand of router do you have? Access your routers web based configuration and you can easily see all connections.

He doesn't have the password and wants to preserve the logs.

  • Like 1
Link to post
Share on other sites
  • 0
psyn

hey there,

thanks. would have done that if i could. unfortunately my housemate (who inherited the router and connection settings) doesnt have the password anymore. resetting the router would just erase any logs of any connection history.

Link to post
Share on other sites
  • 0
Pong

If you have physical access to their computer then just check which wireless networks it has passwords saved for, it its got yours then you can probably assume that its them using it.

You'd be better just getting a new router though, if you only have WEP you may as well not be using any encryption at all...

Link to post
Share on other sites
  • 0
nullie

You can get a packet sniffer and log all packets which may expose who else is on the network with you, just look for broadcast and other network traffic from unknown computers/devices...

Link to post
Share on other sites
  • 0
+M2Ys4U

WEP isn't worth using any more. Just get a new router which supports WPA2 and forget about the issue.

Link to post
Share on other sites
  • 0
alfaaqua

Hi Guys,

I've recently moved into a new place and am sharing the internet with a housemate who suspects someone is stealing our ADSL quota (we run on quota based internet here in australia, yes, tell me about it). Normally it wouldnt be an issue detecting and changing passwords and stuff but he's forgotten the password to the router and resetting it would probably get rid of the log files and any records of login details. He has a few suspicions as to who might be doing it but can't find any proof (and is not particularly great at computers and stuff).

Our router is an old one (only allows WEP) and i'm more than happy to get a new router and change it to WPA2. I'm guessing either someone has a hold onto the password or is simply cracking them using Aircrack or other similar tools. Is there any way I can verify if someone is using our wireless connection if i had physical access to their computers?

Cheers

Why do you want the logs? You just want to find out what it (device) is.........

Reset the router, trash it and get one that supports WPA2-AES.

Link to post
Share on other sites
  • 0
psyn

Just get a new router and drop the whole detective deal. It's not worth the headache.

He doesn't have the password and wants to preserve the logs.

yea. well the entire story is that my housemate had some virus issues before and his friend had apparently tried to help him troubleshoot. i was helping my housemate troubleshoot some other issues and noticed the program wirelesskeyview.exe hanging around and asked him if he relied on that to remember our WEP key. he said he had no idea what that program was doing there and had no clue what it was. a view of the last modified date of the exe file corresponds with the date the friend had came over to do some troubleshooting, hence the suspicion. upgrading the router's not a big deal, finding out if this friend had exploited the trust of my housemate is the agenda i guess. but thanks to all and your 2 cents on this. keep em coming if you have any ideas :)

Link to post
Share on other sites
  • 0
psyn

If you have physical access to their computer then just check which wireless networks it has passwords saved for, it its got yours then you can probably assume that its them using it.

You'd be better just getting a new router though, if you only have WEP you may as well not be using any encryption at all...

i would. thanks for that. just looking for any other backup plans. would be pretty easy to delete that wireless profile to cover up tracks though.

Link to post
Share on other sites
  • 0
Swiftie

Just like I thought, these do not work.

They would only work if the user happens to save the password using the browser. But obviously in this case if the username/password was already saved onto a machine then there would be no point in using any of these tools.

Link to post
Share on other sites
  • 0
+BudMan

If you do not know the router password, then how and the hell do you expect to view the logs anyway?? So how are you going to show that he is on your network?? Either reset the router so you can gain access and change the password, prevent access from wireless to the router web ui, and if does not support wpa -- you can set wep again -- UNTIL you get a router that supports wpa or better yet wpa2 if your clients support that. Which I would suggest be very very soon, as mention already wep is not a valid security method anymore -- you sure do not need access to a machine so you can use keyviewer -- access to a wep network can be had in a few minutes with enough skill to follow a guide and know how to google ;)

If your wanting to catch him on your network.. And you dont even remember your WEP key, then just use that tool you have already the keyviewer find your wep key.. Reset the router and put that SSID and wep key back on.. So he will still be assessing your network if he used that tool before to find your key, etc. Now that can log onto the router you can view the new logs to see if he is getting on your network.

Link to post
Share on other sites
  • 0
Stetson

1) Reset the router

2) Set it up exactly like it was before, same broadcast name, same security type, same key

3) Keep an eye on the connected computers and connection logs until you get the info you want

4) Change the key

Link to post
Share on other sites
  • 0
psyn

If you do not know the router password, then how and the hell do you expect to view the logs anyway?? So how are you going to show that he is on your network?? Either reset the router so you can gain access and change the password, prevent access from wireless to the router web ui, and if does not support wpa -- you can set wep again -- UNTIL you get a router that supports wpa or better yet wpa2 if your clients support that. Which I would suggest be very very soon, as mention already wep is not a valid security method anymore -- you sure do not need access to a machine so you can use keyviewer -- access to a wep network can be had in a few minutes with enough skill to follow a guide and know how to google ;)

If your wanting to catch him on your network.. And you dont even remember your WEP key, then just use that tool you have already the keyviewer find your wep key.. Reset the router and put that SSID and wep key back on.. So he will still be assessing your network if he used that tool before to find your key, etc. Now that can log onto the router you can view the new logs to see if he is getting on your network.

thanks. i dont expect to get access to the logs.

Link to post
Share on other sites
  • 0
XerXis

use wireshark to see all the packets on your network, you can easily see how many computers are connected that way without touching your router :)

Link to post
Share on other sites
  • 0
GreenMartian

use wireshark to see all the packets on your network, you can easily see how many computers are connected that way without touching your router :)

I thought any decent router won't deliver packets not intended for you to your IP? :huh:

Link to post
Share on other sites
  • 0
cybertimber2008

I thought any decent router won't deliver packets not intended for you to your IP? :huh:

Computers tend to send little messages to see who else is around. ARP and Broadcast and Windows Sharing, etc.
Link to post
Share on other sites
  • 0
morphen

Just get a new router and drop the whole detective deal. It's not worth the headache.

He doesn't have the password and wants to preserve the logs.

I highly doubt an old wep-only router contains any logs of anything.

just reset and set a new key until you get a new router.

what does he want with the logs anyway? It's not like you can use it against him in a court or anything :p

Link to post
Share on other sites
  • 0
+BudMan

"I thought any decent router won't deliver packets not intended for you to your IP?"

Does not have to be even a decent router - normally know you want see traffic unless its to your specific ip, but as stated there will be broadcast traffic, arps, multicast, etc. so sure you will most likely see something from them sooner or later if you watch long enough.

As to the logs -- yeah they are pretty much going to suck, but you could view the dhcp log/entries -- which is why I would just reset it and put the same ssid and key back on it.. Until you have purchased something that will do wpa, so say tuesday ;)

Link to post
Share on other sites
  • 0
Qumahlin

Who cares about the logs? If you think someone is doing it, they are going to continue doing it even after you reset the router, so you will have a fresh set of logs to play detective with..

Link to post
Share on other sites
  • 0
psyn

Thanks for all the thoughts guys! I'll probably launch Airmon on Backtrack (does kismet perform the same function?) to do a scan and see if anyone's connected to the network. I just thought if there were an easier way to verify on the physical computer, it would be easier to prove the guy's guilt.

Will be upgrading to a new router definitely although the detective in me wants to pinpoint if it is indeed the 'friend' who had sniffed out the wireless key while fooling around with my housemate's computer (friends these days huh).

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.