Unknown new network ?

  • Thread starter Thread starter Lorne
  • Start date Start date
L

Lorne

I do not know if this is a question for this group but if it is not please
advise me where to go.

I have a home peer to peer network through a D-Link wireless ADSL
router/modem. The router address is 192.168.0.0 and via ZoneAlarm I can see
this address in the internet zone under the firewall data together with the
range 192.168.2 to 5 as the trusted zone (these are my computer IP's) and
one other third party IP address also trusted that I use to play online
bridge.

When I booted this morning I was told zone alarm had found a new network and
added it to the list. When I checked the 192.168.0.0 address was gone and
replaced by one that started 199. (I forgot the rest as I panicked and
unplugged the cable + router immediately). After rebooting the router
everything was back to normal. I do not recognise 199 as the start of any
address that I know and it is certainly not my ISP which starts with 80.
There are no unusual alerts in the firewall log.

Can anybody tell me from the above information what happened? It appears
that somebody or something caused a change in the router IP address but
obviously not a permanent change as it reset when I unplugged it.

Is this just some electrical gremlin or was somebody trying to hack me?

Should I do anything about it?

McAfee and Spy Sweeper have found nothing.
 
I do not know if this is a question for this group but if it is not please
advise me where to go.

I have a home peer to peer network through a D-Link wireless ADSL
router/modem. The router address is 192.168.0.0 and via ZoneAlarm I can see
this address in the internet zone under the firewall data together with the
range 192.168.2 to 5 as the trusted zone (these are my computer IP's) and
one other third party IP address also trusted that I use to play online
bridge.

When I booted this morning I was told zone alarm had found a new network and
added it to the list. When I checked the 192.168.0.0 address was gone and
replaced by one that started 199. (I forgot the rest as I panicked and
unplugged the cable + router immediately). After rebooting the router
everything was back to normal. I do not recognise 199 as the start of any
address that I know and it is certainly not my ISP which starts with 80.
There are no unusual alerts in the firewall log.

Can anybody tell me from the above information what happened? It appears
that somebody or something caused a change in the router IP address but
obviously not a permanent change as it reset when I unplugged it.

Is this just some electrical gremlin or was somebody trying to hack me?

Should I do anything about it?

McAfee and Spy Sweeper have found nothing.
Click to expand...

Lorne,

What model D-Link is it?

Was it your computer (wirelessly connected), that you booted this morning?

My guess is that your computer tried to associate with another AP, maybe a
neighbors. Turn your router off some time, and see if your computer tries to re
associate with this unknown AP again.

If you find yourself trying to associate with an unknown AP:
1) Enable SSID broadcast.
2) Disable "Automatically connect to non-preferred networks".
<http://www.microsoft.com/technet/community/columns/cableguy/cg1102.mspx>

Or set your SSID to something distinctive, reboot your computer, and verify that
you're connecting to your AP by seeing what SSID you're associating with when
you boot.

You should have a DHCP Log on the router, that will list what devices get
addresses from the DHCP server, and when. See if your computer is listed in the
log.

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
 
It is the D-Link DSL604+ (a model only available in the UK I believe), but
my computer is wired into it - it is the other 3 that connect by wireless.
My computers IP address is in the DHCP table.

Not sure what SSID does but it is set to default (but I have got 128bit WEP
enabled).

Anyway I can't be trying to connect to another wireless network because my
desktop has no wireless capability. It has worked OK all day today however.

Lorne
 
It is the D-Link DSL604+ (a model only available in the UK I believe), but
my computer is wired into it - it is the other 3 that connect by wireless.
My computers IP address is in the DHCP table.

Not sure what SSID does but it is set to default (but I have got 128bit WEP
enabled).

Anyway I can't be trying to connect to another wireless network because my
desktop has no wireless capability. It has worked OK all day today however.

Lorne
Click to expand...

Lorne,

OK, your event (whatever happened) is probably not related directly to wireless
connectivity, but it could well be related to the wireless router.

Enabling WEP-128 is a start (though WEP can be broken, but we'll leave that as a
remote possibility), but there may be other changes to make.

The SSID is an identification that your router broadcasts, that let the wireless
computers identify it as your network, as opposed to one of the other wireless
neighbors. What if one of your neighbors also leaves the SSID on his router set
to default too?

Do you perchance have remote management enabled on the router? Many wardrivers
take a router with remote management enabled, for funs and games. Changing the
LAN settings to something unusual (such as 199.x.x.x) would be one cute way of
announcing their presence. If you have remote management enabled, disable it
immediately. Or at least change the management port, and use a very strong
password to protect it.

Please don't disable SSID broadcast. That's an illusionary protection, and some
wireless configurations need it. But please do change it to something unique,
though preferably not your name or address, or anything that might identify you
personally.

Please spend some time reading the router setup manual, particularly the section
dealing with security.

Here's a story about somebody's very stupid wireless neighbor. Don't expect all
wireless neighbors to be this stupid, or as benign as whoever played with your
router (if that's what happened).
<http://www.canoe.ca/NewsStand/LondonFreePress/News/2003/11/22/264890.html>.

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net
 
Back
Top