Some jerk trying to do something to our internet.

lordscrach

Some jerk trying to do something to our internet.

Now unfortunately I wasn't there so im only going on what my boss has told me happened, and he know nothing about computers. We have a little shop. With a really old computer system. 3 pc all win xp. an old wifi router. Our software is old so this is a "not broke, no need to replace, till and customer data base system"

Any way some bloke comes in and says he's moved into the apartments over the street and cant get the internet there. Wants to know if he can pay us to use ours. wanted to look at the router. Now I don't know if he got a look at it. Or a look at out pc's. im guessing he used his phone to scan for wifi networks. (how else would he know we have one) coz it is old I think it only has WEP security and the password is written on it.

Now I know that these apartments can have internet coz a while ago I looked into buying one. Also the router is so old and shit it doesn't even reach the upstarts office threw the floor, let alone the apartments about 100m away. Also there is a bar closer to him that has free wifi. So this is making me thing this guys plans are more nefarious.

Think he's trying to get the WEP password out of my boss so he can get a look at computers. But for what reason I cant work out.

Now I know WEP is supposed to be easy to crack if you have some know how and some equipment.

So anything I can do that is not going to cost any money to stop this guy, and any way of telling if and what this guy is trying to do.

Any ideas and suggestions welcome

Hevach

Your computers run on Windows XP, provided they are up to date they should support WPA insead of WEP (XP did not support this at launch, but SP1 supports WPA through a patch, SP2 supports WPA by default and WPA2 by a patch, and SP3 supports both). If the router does not support WPA, I'd strongly recommend replacing it - doing so will be far cheaper than replacing any of the computers, and considering the performance you get even a bargain bin or thrift store router would be at least as good and more secure, so you can take the cheapest one you can find shoved to the back of a shelf at Wal Mart and not pay more than $30.

It is possible to hack into WPA, but it's time consuming and most wifi hackers will just go elsewhere in search of an easier target before they spend hours or days trying to access a router that may not even get them anything for their time.

Enc

Immediately change your password setting to something not WEP.
If he accessed one of your computers, check it for malware.
Change the password every 30-60 days like every other business.
Upgrade your router (~$50) if you are having connectivity issues.
Tell that guy to get lost.

~gavel~

Foomy

I doubt the guy wants to steal any data you have on your computers. Just wants some free internet.

If he really wanted to steal something off your computers then it would be done without coming into your shop.

go spend $20 on a new router that supports wpa if yours doesn't.

bowen

It might be a good time to upgrade your infrastructure in general, as well.

RiemannLives

Note that WEP security is so bad that someone does not need your password to break into it with ease. There have been widely available tools to crack WEP in minutes on a home machine since nearly 10 years ago.

If this guy wasn't just looking to scam free internet access then he was after something other than your WEP password.

bowen

I think WPA is also fairly insecure compared to WPA2.

lordscrach

Ok so I've gone to the shop. Even though the router has WEP key written on it. The wifi security option on the router manager says wpa (2)& ( something else) presuming it's had a firmware update. Problem is I'm with a provider that will only allow routers bought threw them. Or they will offer no internet support and there cheapest router is £160. ( yep they are bastards)

I went into the router log and for today from about 2pm to now there are tons of enters saying something along the lines of A load of stuff I don't understand and then something that looks like an IP address and then incoming session stopped.

Is this him trying to acsess it. Or is it lolly to be someone in the office next door phone trying to connect coz they have the same make router or something

bowen

It might be, it could just be normal traffic.

a screenshot of the log might help

ceres

If I were you I would call someone local who does IT and network support to actually physically take a look at things and help you out. They can likely help you waaaaaay easier than we can, and they can give you an appropriate solution for your business and price range. If you're worried about the security of your network it is your absolute best bet.

Foomy

if it's running wpa2 then just change the password and you will be fine. The effort needed to crack into a wpa2 network is huge. and then don't write down the new password on a piece of paper or give it to strangers.

If your shop really has secrets that are worth all that effort then you really need to call in an IT security firm and get things sorted out.

lordscrach

Ok bit of an update. Not at the shop but I got staff to run a speed test ( as they where bitching net wouldn't work. Normally ping 35-60. 11-12mb down. 1mb up

They ran it 8 different times and it's basically

800 ping. 0.4 down. 1 up

Any ideas? Coincidence. Or has he done something

Darkewolfe

You need to hire an IT person.

Foomy

lordscrach wrote: »

Ok bit of an update. Not at the shop but I got staff to run a speed test ( as they where bitching net wouldn't work. Normally ping 35-60. 11-12mb down. 1mb up

They ran it 8 different times and it's basically

800 ping. 0.4 down. 1 up

Any ideas? Coincidence. Or has he done something

You need to change your password, the guy is most likely using your wifi whch was his purpose all along.

Shadowfire

Can you log into the router and see the client list? That way you can tell right away who's using the router.

Like others have mentioned, change the security setting to WPA2. If the router doesn't support WPA2, replace it. If you replace it, turn off WPS on the new router just to make sure it's not easy for someone who shouldn't to connect.

The ping and change in speed you're getting makes me think he's probably doing some file sharing on your network rather than something truly malicious like packet sniffing, but who knows (and who knows what sort of shit he could be sharing). I would absolutely shut that down for the time being until it can be upgraded.

DoctorArch

I agree with Shadowfire in that he is likely using your shop's router as a file server so he can download/upload torrents without any hammer coming down on him personally.

If you can't access the router's settings due to not knowing an admin password, I would just find the router's manual (should be trivial to find online), give the router a hard reset (push the little pinhole switch in the back), and set the router up fresh with WPA/WPA2.

Tofystedeth

Enc wrote: »

Change the password every 30-60 days like every other business.

If only.

azith28

If your computer system is that old and static, I presume you only have a few machines and that they do not change often. If that is the case, you may want to look into restricting your router by a specific MAC-ID list of your systems.

MichaelLC

Also maybe do something right away before your business gets a visit from the FBI and/or Chris Hanson.

Soggybiscuit

Do you have any reason for these computers to be on wifi? Can you easily string them together with a switch and some ethernet cable?

The easiest way to prevent intrusions through wifi is to simply not use it.