| reply to DragonLore
Re: identifying devices on my wireless network Ports 137 and 138 are windows NetBIOS, port 1900 is upnp, and port 58967 could be anything.
Can you "intensive scan" that IP with nmap / zenmap »nmap.org/ and paste the results?
--
Scott Brown Consulting |
|
| I'm going to try to reply to everything, so forgive me if I miss something.
Scott, I downloaded nmap (which I used to have but couldn't figure out how to use), and ran an intense scan on 192.168.0.169. In the midst of the long results I saw this: "Skipping OS Scan against 192.168.0.169 because it doesn't work against your own machine (localhost)". But my IP address is .132! I also noticed a line that listed an iPhone, which I do not nor have ever owned.
Hellfire, that coffer.com link is awesome! Thanks! It ID'd my unknown MAC address as Dell - again, could be my computer. I'll make a list of all my devices' MAC addresses later today, when I have the time, for future reference. I didn't understand what you said about ARP tables. I used to use MAC filtering, but a few years back, someone (perhaps in this forum, can't remember) told me it was passe, and easy to bypass. I do have WPA2 enabled with "both" kinds of encryption.
Back to Scott, WiFiGuard is alerting me as I type this message that the .169 device has a MAC address of 00 etc. So is .169 my own computer? Why isn't it showing up at .132? If it's unresolved, how do we resolve it, or figure out if it's falsified? Maybe you need that log...
Just a few more notes:
1) I've had the power set at 40% since getting this modem about a year ago, because I don't want my signal broadcasting all over the neighborhood, and this morning I dropped it down to 20%, which still seems to be working fine.
2) My husband rebooted, and the yellow exclamation point went away, so we are live and connected without the WPS button enabled.
3) One of the things I did last night was to hide my SSID. I used to have it hidden all the time, until we got more active with multiple devices, and it was easier to broadcast it. Because of connection issues last night & this morning, I re-set it back to broadcast, but I'd like to work toward getting everything working with it hidden.
4) Once an unauthorized device has gotten access to the network, is there any way to get it off without changing the password?
5) Oh - I forgot to mention I use Privoxy - will that skew all of this?
If you still want the results of the intensive scan, I'll post them. |
|
| How about just the output of ipconfig /all from a command prompt.
--
Scott Brown Consulting |
|
| |
|
|
|
| Well, you're not .169.
WiFiGuard could be reporting you stale information. Try an alternative like NirSoft WNetWatcher.
--
Scott Brown Consulting |
|
| Yes, I had previously run ipconfig to ID myself.
WNetWatcher also shows both .132 and .169, which first showed up last night. It's persistently been there today. The Abo device is my DVD player. |
|
| reply to sbconslt
I rebooted (something I rarely do these days), and the unidentified device has not (yet) returned... |
|
| If you are really unable to rule out the (more likely) explanation that .169 is one of your own clients, your avenue of recourse is as you mentioned to change the passphrase.
--
Scott Brown Consulting |
|
| you could try blocking the IP and then see if your computer can connect afterwards...
However... as a wise man once repeated and repeated and repeated .... Consistently and Frequently changing your passphrase (to a more complex and unrelated topic with each change) can only make your connection safer and harder to crack. |
|
| reply to sbconslt
Scott, at this point the explanation I'm leaning toward is that it was my own computer, three-way ID'd as .132, .169, and with the 0000... MAC address. I'm also thinking that this phenomena was somehow generated by my tweaking the modem settings because it was immediately after this that the device(s) showed up. We live in a quiet neighborhood with few neighbors, and the likelihood of one of them hacking into my network is slim. Still, seeing two unidentified devices on one's network is unsettling!
downclick, you are preaching to the choir about passwords!  As the sole IT person in my small office, I in turn preach this message which mostly falls on deaf ears. Having studied the various techniques for the creation of difficult-to-crack passwords and considering the number of passwords I have (about 200), I have arrived at a compromise which works for me - I use a memorable passphrase which contains upper & lower case letters, numbers, and symbols, with additional letters to identify each website. This allows me to log on to most websites without opening my password manager (I don't believe a single secure passphrase combo works everywhere because of the different requirements websites have for passwords; e.g. some won't accept symbols & some only allow 8 characters). I don't change the passphrase more than once every year or two because of the volume of places it needs to be changed. This system has worked well for me for a long time.
...So I guess I'll wait and see what develops - or hopefully doesn't - on my network. And in the meantime, I'll change the passphrase just to be on the safe side, and go ahead and set up the MAC filters and try beefing up the modem's security settings, which I so far haven't found to my liking, but also haven't understood some of the options. Funny how we're provided with equipment which has the potential of being quite secure, but not given user guides which clearly outline and define what the options are and how to use them...
Thanks to all you guys for your help! |
|
