1. Home
  2. Wireless Networking
  3. Wireless Intruder Perhaps

Wireless Intruder Perhaps

My son was recently accused by the " Bandwidth Department" of his ISP for excessive bandwidth use a charge he disputes. The Bandwidth used had a very high percentage of upload ratio which he swears could not be his. The network consists a Network Everywhere / Linksys Router with 2 wireless adapters plus 1 wired networked computer. The router is wide open with the encryption off. My son had concerns that wep would reduce the speed of the XBox online wireless performance .

The network is composed of

1) the wired computer 2) a D-Link USB wireless adapter 3) an X-Box MN-740 wireless adapter

The DHCP client table lists 4 not 3 computers:

1) the wired computer 192.168.1.100 2) an adapter whose mac adress corresponds to the d-link and mac adress matches the mac adress on the label 192.168.1.103 3) an adapter labelled MN-740 whose mac adress matches the mac address on the label of the MN-740 Microsoft XBox wireless adapter 192.168.1.104 4) an adapter with a name of diffirent unrecognizable symbols ip 192.168.1.102 the mac adress corresponds to a vendor / manufacturer of Microsoft the mac address is 00-50-F2-F0-40-B2

could the Microsoft adapter be counted twice with a diffirent physical mac adress ?? seems strange. By the way the signal from the router is somewhat shielded as it is in a concrete basement. Any ideas ?

Reply to
frankdowling1
Loading thread data ...

WEP isn't going to affect gaming performance. Unless you are being a nice guy and you want to let your neighbors share your broadband connection, I would enable WEP.

Mike Schumann

Reply to
Mike Schumann

Mike, I would asssume that a diffirent mac adress would indicate a physically seperate adapter from the Xbox known gaming adapter. Is there any way from the mac of zeroing down on the model / type of microsoft adapter in this case ?

Mike Schumann wrote:

Reply to
frankdowling1

Yeah, each MAC assigned to a device has part of its MAC make-up that indicates who the manufacture of the device is. You'll have to search Google on how to make that determination of MAC's the belong to a manufacture.

Each device such as a router, NIC, modem or any device of that nature will have the MAC physically stamped on it so that you can make a comparison as to what MAC's are in the DHCP table on the router against physical MAC's on the devices that you see.

If the MAC is not physically on a device on your network showing in the DHCP table for those devices that communicating through the router, then it's not a device that's part of your network.

If the Linksys router has logging, then you should enable it and use something like Wallwatcher or KIWI Syslog Daemon (both) free to review traffic to and from the router by IP, as someone can also use a static IP on your router and that will not be in the DHCP table and join your network, since it was not issued by the DHCP server on the router.

If the router doesn't have traffic logging abilities, then you're flying blind is the bottom line.

The link may help you a little bit.

formatting link
Duane :)

Reply to
Duane Arnold

" snipped-for-privacy@yahoo.com" hath wroth:

Right. Trust, but verify. Ask your son if he's running any type of file sharing software such as Limewire, Bearshare, BitTorrent, etc. He may also have become an inadvertent member of a bot-net, where his machine is being controlled by some evil spammer on the internet. Much of the outgoing traffic would be email spam.

That's dumb and an open invitation to have the neighbors borrow your bandwidth. Turn on WPA encryption in your unspecified model Linksys wireless router.

WEP and WPA will reduce his local wireless preformance about 5% to 15% depending on model. Since the wireless is much faster than his broadband connection, it won't have any effect on his online preformance.

I'm suprised it doesn't list even more. When you have an unencrypted open access point, you will see many "unauthorized" accidental connections. Windoze XP Wireless Zero Config installs with "connect to any available network" by default. It first connects, and then warns the user that they're connecting to an unsecure network. It doesn't matter what they answer as their MAC address has already been added to the ARP table in your router. I open hot spots (i.e. coffee shops), I see dozens of such connections as people drift in and out.

I assume the 00-50-F2-F0-40-B2 is the mystery MAC address.

formatting link
by Microsoft Corp. That makes it a game console or perhaps your MN-740. Each device on his network has a MAC address. Take inventory and see if anything matches. Note that your unspecified Linksys router may have more than one different MAC addresses for the wired and wireless interfaces.

Perhaps it would be best if you knew what was moving on the network. If you unspecified model Linksys router supports logging (some do, some don't), the install one of these and monitor:

formatting link
formatting link
formatting link
Anyway, I would:

  1. Enable encryption.
  2. Take inventory.
  3. Remove or reconfigure the file sharing software.
  4. Do some logging and monitoring.
Reply to
Jeff Liebermann

4 is interesting. I noticed in my enterprise that the IT people would "log and monitor" only after an intrusion or anomily happened to the network. You want to record the behavior of the network while it is in good shape so that when it goes awry, you can spot the difference immediately. - Bob F.
Reply to
Bob Furtaw

Exactly - my SMC has three, one for the wired, one for the WAN and one for the WLAN interfaces. The XBox adapter may well have two.

Quick test: unplug the xbox, reboot your router, and see whats still in the ARP table.

Mark McIntyre

Reply to
Mark McIntyre
4) an adapter with a name of diffirent unrecognizable symbols

Whats the MAC address of the Xbox its self?

The Xbox has an ethernet port so it has its own MAC.

Reply to
Cliff Hartle

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.