somebody trying to steal my wifi?

i like turtles

so i use WPA-PSK2 security enabled, and had my SSID broadcast turned OFF. twice today on my router log i noticed sequences like the following (from unrecognized mac address):

[INFO] Sat Jul 25 15:23:04 2009 home11: Wireless system with MAC address 0xxxxxxxxxxx disconnected for reason: Received Deauthentication
[WARN] Sat Jul 25 15:22:06 2009 xxxx was assigned the IP address of 192.168.0.196.
[INFO] Sat Jul 25 15:22:06 2009 home11: Wireless system with MAC address 0xxxxxxxx secured and linked
[INFO] Sat Jul 25 15:22:06 2009 home11: Wireless system with MAC address 0xxxxxxxx associated


from what i can tell, this means they successfully got into my network then voluntarily disconnected soon after. my passkey is a series of letters and numbers that i'm pretty sure nobody would guess.

i tried to replicate this process by entering my own network and i noticed that when i successfully got in, it actually gave me the following sequence, which includes the BOLDED notification which was NOT present during the earlier intrustions. does this mean that the intruder never actually got in?


[INFO] Sat Jul 25 15:23:04 2009 home11: Wireless system with MAC address 0xxxxxxxxxxx disconnected for reason: Received Deauthentication
[INFO] Sat Jul 25 15:22:30 2009 Allowed configuration authentication by IP address 192.168.0.196
[WARN] Sat Jul 25 15:22:06 2009 A network computer (home) was assigned the IP address of 192.168.0.196.
[INFO] Sat Jul 25 15:22:06 2009 home11: Wireless system with MAC address 0xxxxxxxx secured and linked
[INFO] Sat Jul 25 15:22:06 2009 home11: Wireless system with MAC address 0xxxxxxxx associated


any ideas?

 

I'M AN IDIOT! i just remember i used my wireless printer twice today lol

 

You made me laugh +REP

 

It seems that your printer is out to steal your NBR login... or maybe it has already.

 

LOL

I needed the laugh- thanks! Sounds like something I would have done too

 

All she wants is your attention. let's take a closer look at your signature.

"dv7t-1270|W7U-64|P8600 2.4GHz|4GB RAM|9600mGT|320GB|AGN+Bluetooth|LightScribe Blu-Ray|24" ViewSonic 1080p LCD|HP Bluetooth Stereo Headphones|HP QuickDock|MS5000 BT Mouse|HP 2.1 50w Speakers|HP Elite Wireless Keyboard|Notepal Infinite Cooler| and some other crap"

you listed her as "some other crap." it all make sense now.

 

I would assign your printer a fixed IP outside of your DHCP range. Then it would not show up on your dhcp logs.

Now unless your pass key is >20 chrs it can be broken almost as easy as WEP with the correct tools. I would recommend you to switch over to WPA(2) AES with the key random generated using all printable chr with a length min 20 chr. I use Home of Gibson Research Corporation random key generator and just copy to a notepad. Then copy and paste so it works the first time. Also turn back on SSID. Being hidden does not really hide it if there is any traffic flowing. The WPA works best with SSID open being broadcasted.

If your pc are old before XP it may not support WPA, the same can be said about the older routers.

As a rule any key you can remember is not a very strong key.

 

You could have sparked an FBI investigation only to find out that your printer was the perpetrator. I guess you can't be too careful nowadays though.

 

yah, let's all pull the trigger on panic and suspicion before we check or understand our own setups.....

 

solved.

this does not appear to be sound advice, but ok...



[INFO] Mon May 24 01:53:08 2010 Administrator logout

ok, who is "Administrator"? and if he logged out that must mean he was once logged in.. dun dun DUN.