home network someone is screwing with it

I recently added wireless to my home network. I just want to share internet access to some wireless devices in my home. I haven't even started sharing files. Someone is messing with me already. I have two hard wired computers and the wireless is turned on for xbox live, tivo, and one laptop. So because of tivo I originally set up wep 128, as you all know, since that's the most you can do with tivo. Also had mac filters on. (yes i know, not that secure but it's a little home network for crying out loud.) About a month into using everything, security log of the router shows foreign ip address logged on. Spoofed one of the mac addresses. I installed a program called mywifizone and right off the bat it begins blocking someone trying to get on the wireless with different ip addresses and spoofed macs. I assume it won't take them long to figure out a way around this. Meanwhile I install air defense on the laptop and checking the logs later, it tells me that my laptop was redirected and connected to a non preferred ssid several times during the day. My kids had Warcraft up and the alert box doesn't pop up when they are gaming. We don't use the laptop for anything other than school reports, school research, gaming, etc. but I assume someone can get to the wired network through the wireless,right? So here is the thing. I am very newbie, just have begun reading everything I can get my hands on. I would like to seperate the wireless and wired networks. I can not find anything that tells me how to do this. DMZ? Two routers? Would static ips help? If someone can recommend a book that would walk me through it that would be great too. I just want anyone trying to get to the wired through the wireless to be stopped.

So for now, I turn wpa on when we use the laptop and the xbox, and I turn wep on briefly, when I want to transfer some tv over to the media center pc. Then I just shut it all off when we aren't using anything. I could live with this if I didn't have to reset the xbox every time and that sucks.

Also, netstumbler says I have an ad hoc network. I have everything set up for infrastructure so I don't know what that is about either.

Thanks for any insight into the situation.

Lisa

Reply to
Tinshark
Loading thread data ...

On a Linksys WRT54G (pre version 5), you can load DD-WRT free firmware.

In the router's menu, there is a selection to have each wireless client not see eachother (I don't have the router available now to give you the exact text).

Then, follow the instructions at the following URL to seperate the LAN and WLAN (actually for now, follow the newsgroup posting listed at the top of this WIKI article, since the WIKI article itself hasn't been fully updated).

formatting link

What I used to do, is connect a wired router to the wireless router .. so that the NAT of the wired router "protects" the wired PCs.

Many stores have WRT54G's for $40 after rebate -- but make sure that you do not get a versi> > I would like to seperate the wireless and wired networks.

Reply to
danr_18

formatting link

Reply to
Tinshark

I recommend a host-based router and firewall for separating the wireless network from the wired, but unless you are good with Unix, configuration would be mind-boggling. You would also be required to employ static or dynamic routing on the wired LAN. Possibly, you could find an appropriate dedicated hardware firewall, but you would still need to be proficient in firewall configuration to use it properly.

Reply to
Dom

Now, there's a solution I can endorse.

Reply to
Dom

If the laptop is being controlled, then there is a program on the machine a backdoor or a root tool kit possibly that's allowing the hacker to have control of the machine.

You can use the tool and start looking if this is an NT based O/S you're talking about. There are other RootKitRevalers too.

formatting link
Also you can read the information in the link and the tools used to spot things on the machine.

Long

formatting link
Short
formatting link

If they can get an IP from your wireless network, they can access the machines on the wire too if the machines are not protected.

Would static ips help? If someone can recommend a book that would

You could use static IP(s) on the machines and with a personal FW on the machines only allowing traffic between the machines by setting rules with the FW(s) for those static IP(s), which will block all other LAN IP(s) on your network that could be used by someone.

You could disable the DHCP server on the router which will stop the casual hacker but this hacker maybe smart enough to obtain an IP from your network anyway.

If the O/S on the machines are NT based such as XP, then go to the O/S and secure it/harden it to attack as much as possible. Take note on using the Authenticated User Group on Shares, which means the user on another machine must have an account set-up on the machine that has the share so that the user can access the share.

formatting link
Someone else will help you on separating the wire and wireless and other security measures you can implement.

Duane :)

Reply to
Duane Arnold

Thank you to both of you. I have a wired and a wireless router and this was what I was going to attempt to do. I've found some pretty good instructions to walk me through it all so I'll see how it goes.

Reply to
Tinshark

It shouldn't be so difficult as to require instructions. I see only one pitfall concerning addressing.

modem__[wan]wireless-router[lan]__[wan]wired-router[lan]__

The networks connected to wired-router must be logically discrete. In other words, they may not use the same address space.

Reply to
Dom

formatting link
formatting link

Reply to
emtech

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.