Security Basics mailing list archives

RE: Multiple Connection Attempts to Home Wireless Network

From: "Huang, John, GCM" <John.Huang () rbsgc com>
Date: Thu, 12 Jan 2006 16:19:31 -0500

I wouldn't worry about it.

I live in a apartment building with probably 9-10 wireless channels in
used. My roommate just brought home a new laptop and it worked with
Internet right out of the box. He's computer illiterate and I didn't
help him setup to login to my secured wireless network. Turns out his
wireless NIC automatically tried to connect to every broadcasted channel
until it found one that worked.

Try turning off your router's broadcasting. 

-----Original Message-----
From: Burton Strauss [mailto:Burton () FelisCatus org] 
Sent: Thursday, January 05, 2006 5:38 PM
To: security-basics () securityfocus com
Cc: 'Guru4u Support'
Subject: RE: Multiple Connection Attempts to Home Wireless Network

That block of MAC addresses is registered to

00-0C-76   (hex)                MICRO-STAR INTERNATIONAL CO., LTD.
000C76     (base 16)            MICRO-STAR INTERNATIONAL CO., LTD.
                                No 69, Li-De Street, Jung-He City, Taipe
                                Taipei  
                                TAIWAN, REPUBLIC OF CHINA 

They're one of the inexpensive OEM manufacturers of computer gear (MSI -
http://www.msi.com.tw/).  So I'd GUESS it's somebody with a
misconfigured network card searching for you.  It could be somebody
bringing his/her laptop home and forgetting to turn off the wireless
they use @ work.

There isn't much you can do, as most OSes can (and usually are)
configured to be aggressive about connecting to any available network.
I wouldn't worry ... with WPA, you aren't 'available'.

-----Burton



-----Original Message-----
From: Guru4u Support [mailto:support () guru4u co uk]
Sent: Thursday, January 05, 2006 3:18 PM
To: security-basics () securityfocus com
Subject: Multiple Connection Attempts to Home Wireless Network


Hi folks,

I would appreciate some thoughts on this.

I am running a small  home network with a D-Link DGL-4300 router. I have
MAC
Address filtering enabled (both for wireless and wired clients) and I
have
two clients that connect wirelessly, one being a PSP and the other an
XBOX
360. As a side note for more information I have changed the SSID name,
enabled SPI and use WPA security, the network is also set to visible.

My question is this, over the last few days i have noted in my router's
logs
that a wireless client with an unauthorized MAC address is trying to
connect
but being blocked. OK no so big a deal if it was a one off or maybe
occasionally but it is becoming more frequent and over the past couple
of
days its been happening for the best part of each day and stopping in
the
evening.

example of my log below:

[INFO] Mon Jan 02 15:50:07 2006 Previous message repeated 12 times
[INFO]
Mon Jan 02 15:50:04 2006 Access denied to wireless system with MAC
address
000C76C94*** [INFO] Mon Jan 02 15:50:04 2006 Previous message repeated
20
times [INFO] Mon Jan 02 15:46:34 2006 Access denied to wireless system
with
MAC address 000C76C94*** [INFO] Mon Jan 02 15:46:34 2006 Previous
message
repeated 20 times [INFO] Mon Jan 02 15:43:02 2006 Access denied to
wireless
system with MAC address 000C76C94*** [INFO] Mon Jan 02 15:43:02 2006
Previous message repeated 20 times [INFO] Mon Jan 02 15:37:11 2006
Access
denied to wireless system with MAC address 000C76C94*** [INFO] Mon Jan
02
15:37:11 2006 Previous message repeated 20 times [INFO] Mon Jan 02
15:32:28
2006 Access denied to wireless system with MAC address 000C76C94***

These attempts seem to come mostly in the afternoon and recently seem to
hit
in 5 minute bursts.

I can only detect two other wireless networks in range. One is
completely
unsecured (i didnt connect but  my PSP showed it as having no
security) now that network has been secured and the other is secured
with
WEP. I have no other wireless kit so it isnt something im my house.

I have also seen a few access denied to my LAN with various IP MAC
addresses, don't think this is related though.

[INFO] Sun Jan 01 14:38:34 2006 Access denied to LAN system with MAC
address
EA1C1F677*** 

Does this sound like a hacking attempt or just another network or
wireless
client been setup incorrectly or left on scanning for available
connection
points? It seems like something scanning for another network repeatedly?

Thanks in advance,

Ed

------------------------------------------------------------------------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich
University program offers unparalleled Infosec management education and
the
case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity
Planning,
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
----


------------------------------------------------------------------------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting
experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity
Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
----




-----------------------------------------
********************************************************************

This e-mail is intended only for the addressee named above.
As this e-mail may contain confidential or privileged information,
if you are not the named addressee, you are not authorized
to retain, read, copy or disseminate this message or any part of it.

********************************************************************


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------

Current thread:

Multiple Connection Attempts to Home Wireless Network Guru4u Support (Jan 05)
- RE: Multiple Connection Attempts to Home Wireless Network Burton Strauss (Jan 05)
- <Possible follow-ups>
- Re: Multiple Connection Attempts to Home Wireless Network Guru4u Support (Jan 05)
  - RE: Multiple Connection Attempts to Home Wireless Network Corey Watts-Jones (Jan 06)
- RE: Multiple Connection Attempts to Home Wireless Network Huang, John, GCM (Jan 13)
  - Re: Multiple Connection Attempts to Home Wireless Network Guru4u Support (Jan 15)