network hacked; advice please

Well, it would appear somebody has broken onto your wireless LAN (I am presuming that's what you describe by DLink G WAP). Presumably "Dave" is the culprit. Frankly, if you have your security correctly established, I can't see why "Dave" would bother to crack your WLAN unless he's incredibly bored or extremely cheap. WLAN with proper security installed, is difficult but not impossible to crack. Mostly time-consuming. I hardly see setting up "Davesgamehouse" as being worth the effort.

However, it could be just the opposite, your system is picking up Dave's who hasn't bothered to enable any security. Hard to tell from what you've related.

And, of course, there's always the potential its an inside job. Setting up a workgroup from inside is simple enough.

First of all, you need to figure out what security you actually have enabled. I don't like to cast aspersions, especially at someone I know only as your "Network Guy" but its possible you don't have any security set up or its set up wrong. If I am wrong on this, a thousand pardons to your NG, I mean no offense.

If indeed your WLAN has the full security measures enabled, there's not a lot more you can do. But like I said, Wireless is basically not that secure, it can be compromised by virtually anyone with substantial skill, means, time and determination. But generally, its not worth it just to fool around, unless you are dealing with a sociopath.

One thing is the culprit is most likely within a 100 yards of your system, probably less. Or it was a drive-by attack. This is called "war-driving". Have you noticed a car or van constantly parked nearby that didn't used to be? If so, maybe take a look in the windows. Or has someone moved in near your offices lately? What's around your offices? You may be able to find "Dave" and let him know you are on to him and could have some voluteers help him voluntarily see the errors of his ways. Or perhaps not so voluntarily.

If you find your system's security is not fully enabled, you will want to do so immediately. First of all, change the admin and other screen names and passwords. The admin name and passwords should then be known only to yourself and your Network Guy (have you considered the possibility this may be "Dave"? Again, no offense intended, just being real). Then enable WEP with 128-bit. If your system has it, enable WPA. And lastly, enable MAC address filtering. If you have any other security, enable it all. All of these are relatively simple to do, though they can be frustrating at times. With all enabled, "Dave" should be able to find much better things to do with his spare time. If you identify "Dave" as a neighbor and are unable to convince him to leave your system alone, perhaps you can re-configure your physical setup to cut down on his access, place your transmitters so there's good solid walls between them and "Dave", maybe even set up a foil screen in his direction to block him out. Or you could take matters into your own hands and give "Dave" a bit of his own medicine. Two can play.

In any case, it would behoove you to educate yourself on the issues. Check out:
The Ars Technica article on Wireless Security, http://arstechnica.com/paedia/w/wire...802.11b-1.html
Here's another good site with lots of information though its a bit more technical:
http://www.drizzle.com/~aboba/IEEE/
and here's some more: http://www.wlana.org/learn/security.htm,
http://www.wi-fiplanet.com/tutorials...le.php/1545731
http://www.nwfusion.com/research/2002/0506ilabwlan.html
http://www.net-security.org/article.php?id=354
http://www.practicallynetworked.com/...s_security.htm
http://www.pcmag.com/article2/0,4149,1276349,00.asp

As you can see from some of the dates on some of these, WLAN is not a new issue.

There are plenty more. Just google on WLAN Security, WEP, WPA, EAP, etc.

But in most cases, changing your SSID, shutting off broadcasting, changing your admin and user names and passwords (and keeping those secure, especially those with admin authority), enabling WEP, WPA, and any other security measures, plus using MAC address filtering should keep you fairly secure. Monitoring your surrounds can also help.

Lastly, you need to do a full spring cleaning of your entire system. Who knows what "Dave" may have installed on your machines? If you can do a system restore with XP, do so to before the problem appeared. Take a ghost or secure whatever data you have accumulated since it started onto CD or DVD so you can sanitize it later as well as have evidence to give the authorities should you find "Dave" and want to press charges. Then do a full sweep with Adaware, SpyHunter, a Registry Cleaner and anything else you can figure out. Hopefully that will find anything "Dave" may have left behind. While doing this, make sure the LAN is down and the machines are unconnected so you aren't just chasing the problem around and around. Then set sharing rights on all machines and drives and sensitive folders and install passwords. Again, keep those secure.

If you are lucky, "Dave" will have been just a passing problem. If not, like I noted above, he's got to be within a limited radius and you could conceivably find him. If so, remember to report him/her/it to the authorities and definitely press charges.

Lastly, its possible "Dave" didn't come in over the air waves. Its possible "Dave" broke in via the internet connection. I can't see why he would then set up a domain on your wireless, but maybe he's really bored and was just trying to see what he could do. You may want to review your existing firewalls and perhaps upgrade them. But I would bet "Dave" is an air pirate, not coming in off the internet.

Good luck and let us know what becomes of all this.

Nice write-up Marq'.

Might have been passing war-driver stopping off at the bar. Turned on his machine and saw your network. Figured to crack it just to pass the time while they passed some beer through their systems. If you are lucky, it'll be something like that.

But don't assume it's gone away. Definitely read up on stuff. The Ars article is a good primer. Ars is always interesting anyway and always a good source of information.

Find out from your NG what the address of your router is. Normally, that's http://192.168.0.1 but he may have changed that. You'll also need your admin name and password. If you can get in there, take a look around. Just don't change anything. And when you leave, use cancel.

You should also have a utility for your local wireless cards in each machine. Click on that and look for link information and/or configuration and/or encryption, that's where you would find out what if any security is enabled. In link information, you'd see SSID, that should be something other than Workgroup or something equally generic. In encryption you should see what Encryption mode is enabled if any.

Its difficult to get any more specific as a lot of it beyond this is proprietary and dependent on the brand.

Do let us know what you find out.

I like and dislike the fact that this subject got brought up.. for 2 reasons..

1) I have multiple connections to wireless routers at my apartment because no one was smart enough to secure them, so i limit their bandwidth so I can use it more for things like file sharing and playing online games, Im not there to do any damage or anything, which sounds like the case with your leecher, but you really should log onto your router and limit it to the specific mac addresses of the computers on your network, it works for me..

2) After posing as a student at baylor and getting an ID card with a made up but correct(how lucky, had a 1- 22,000 chance of getting it right) social security #, they were dumb enough to give me an ID card, so i took it and got clearance for my lappy to be logged on to most of their networks, and i enjoy free internet while im at baylor, but the best part is, sitting in the parking lot to the girls dorm and having their printers print out flyers and stuff to events that I sponsor.. It may not be the most legal thing, but no one seems to mind, and it seems the the students at baylor arent really smart enough to figure out how to stop me.. oh well, more fun for me :-)

-Evil Juggalo

Sure you aren't just checking the photos of themselves they are sending back and forth?

Just to add a little to this stuff about war driving. Tonight is the first night ive done such a thing and it gives a good feeling to the war driver. I am currently out in some neighborhood and I decided to take a look at the forums since I am already stealing some poor souls bandwith.

Shame on you Enderet.

Find any good stuff?

Just watch out for honey pots, there are more and more of those these days and you never know what you could run into. If its operated by someone really upset by bandwidth theft or someone hacking their system, you could end up with a seriously compromised machine. I've heard of really tenacious worms and viruses such spots send out in the guise of innocent data. You may not even know its coming in. Or they tag your MAC and then look for you later on the net, only to hack you to distraction. Remember, even the shark has parasites that can kill it.

No need to worry, I am not a war driver (if I can be considered one now) with benign intentions. The reason why I even went ahead with it was because I had to wait around for about 15 minutes in some neighborhood for a friend, but he was running late. I decided to take out my notebook and wow, 4 wireless networks detected. I hooked up to the one that lacked any sort of hinderances, and I was up and running online. I looked at a shared folder file, but there was nothing but word documents, which seemed to belong to a high schooler.

I then went around driving through the neighborhood and picked up at least 10 more connections, several of which had no form of protection at all. I will go ahead and be careful Marquis, I had no idea that such traps were set up for war drivers. All in all it was a real innocent experience, yet it was quite fun finding these connections by accident, since it helped me kill the 1 hour I had to wait there in my pickup.

What I think you will find most amazing is as you seem to be starting to realize, there are a zillion of them out there and the majority are totally unprotected. Even businesses that should know better, don't bother to take even the most minimal steps to secure their systems. Here in Honolulu a survey a couple of years ago found dozens and dozens of wireless networks downtown, most of them tied directly into wired networks with total access to everything. Nearly half had no protection at all. Less than a quarter had both changed their SSID and enabled WEP. Less than 5% had any serious defenses.

If you lived downtown (and lots of folks do) you would have no need of buying internet access, it'd be all around you. Probably more trouble with interference than anything else.

wow makes me feel stupid for paying 40.00 bucks a month just for cable internet...eh might as well surf the web the legal way

How do they tag your mac and get you on the net? MACs are only used in the machines broadcast domain.

As far as putting malicious code on your system when you think you are getting free bandwidth seems like the place to be. That would be good security. Make a router that only allows you to connect if your system gives up domain administration priveledges to it, and you get stuffed into a non administrative account.

There's your problem, why would anyone in their right mind use windows on their server, thats like telling a robber that a billionaires house is empty and he doesn't have any security. First thing you do, move to FreeBSD. Second thing you do is ban the IP's that hacked you. Third thing you do, shoot the guy that told you Windows would be great for a server.