Security Basics mailing list archives
RE: Multiple Connection Attempts to Home Wireless Network
From: "Huang, John, GCM" <John.Huang () rbsgc com>
Date: Thu, 12 Jan 2006 16:19:31 -0500
I wouldn't worry about it. I live in a apartment building with probably 9-10 wireless channels in used. My roommate just brought home a new laptop and it worked with Internet right out of the box. He's computer illiterate and I didn't help him setup to login to my secured wireless network. Turns out his wireless NIC automatically tried to connect to every broadcasted channel until it found one that worked. Try turning off your router's broadcasting. -----Original Message----- From: Burton Strauss [mailto:Burton () FelisCatus org] Sent: Thursday, January 05, 2006 5:38 PM To: security-basics () securityfocus com Cc: 'Guru4u Support' Subject: RE: Multiple Connection Attempts to Home Wireless Network That block of MAC addresses is registered to 00-0C-76 (hex) MICRO-STAR INTERNATIONAL CO., LTD. 000C76 (base 16) MICRO-STAR INTERNATIONAL CO., LTD. No 69, Li-De Street, Jung-He City, Taipe Taipei TAIWAN, REPUBLIC OF CHINA They're one of the inexpensive OEM manufacturers of computer gear (MSI - http://www.msi.com.tw/). So I'd GUESS it's somebody with a misconfigured network card searching for you. It could be somebody bringing his/her laptop home and forgetting to turn off the wireless they use @ work. There isn't much you can do, as most OSes can (and usually are) configured to be aggressive about connecting to any available network. I wouldn't worry ... with WPA, you aren't 'available'. -----Burton -----Original Message----- From: Guru4u Support [mailto:support () guru4u co uk] Sent: Thursday, January 05, 2006 3:18 PM To: security-basics () securityfocus com Subject: Multiple Connection Attempts to Home Wireless Network Hi folks, I would appreciate some thoughts on this. I am running a small home network with a D-Link DGL-4300 router. I have MAC Address filtering enabled (both for wireless and wired clients) and I have two clients that connect wirelessly, one being a PSP and the other an XBOX 360. As a side note for more information I have changed the SSID name, enabled SPI and use WPA security, the network is also set to visible. My question is this, over the last few days i have noted in my router's logs that a wireless client with an unauthorized MAC address is trying to connect but being blocked. OK no so big a deal if it was a one off or maybe occasionally but it is becoming more frequent and over the past couple of days its been happening for the best part of each day and stopping in the evening. example of my log below: [INFO] Mon Jan 02 15:50:07 2006 Previous message repeated 12 times [INFO] Mon Jan 02 15:50:04 2006 Access denied to wireless system with MAC address 000C76C94*** [INFO] Mon Jan 02 15:50:04 2006 Previous message repeated 20 times [INFO] Mon Jan 02 15:46:34 2006 Access denied to wireless system with MAC address 000C76C94*** [INFO] Mon Jan 02 15:46:34 2006 Previous message repeated 20 times [INFO] Mon Jan 02 15:43:02 2006 Access denied to wireless system with MAC address 000C76C94*** [INFO] Mon Jan 02 15:43:02 2006 Previous message repeated 20 times [INFO] Mon Jan 02 15:37:11 2006 Access denied to wireless system with MAC address 000C76C94*** [INFO] Mon Jan 02 15:37:11 2006 Previous message repeated 20 times [INFO] Mon Jan 02 15:32:28 2006 Access denied to wireless system with MAC address 000C76C94*** These attempts seem to come mostly in the afternoon and recently seem to hit in 5 minute bursts. I can only detect two other wireless networks in range. One is completely unsecured (i didnt connect but my PSP showed it as having no security) now that network has been secured and the other is secured with WEP. I have no other wireless kit so it isnt something im my house. I have also seen a few access denied to my LAN with various IP MAC addresses, don't think this is related though. [INFO] Sun Jan 01 14:38:34 2006 Access denied to LAN system with MAC address EA1C1F677*** Does this sound like a hacking attempt or just another network or wireless client been setup incorrectly or left on scanning for available connection points? It seems like something scanning for another network repeatedly? Thanks in advance, Ed ------------------------------------------------------------------------ --- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ ---- ------------------------------------------------------------------------ --- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ ---- ----------------------------------------- ******************************************************************** This e-mail is intended only for the addressee named above. As this e-mail may contain confidential or privileged information, if you are not the named addressee, you are not authorized to retain, read, copy or disseminate this message or any part of it. ******************************************************************** --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ----------------------------------------------------------------------------
Current thread:
- Multiple Connection Attempts to Home Wireless Network Guru4u Support (Jan 05)
- RE: Multiple Connection Attempts to Home Wireless Network Burton Strauss (Jan 05)
- <Possible follow-ups>
- Re: Multiple Connection Attempts to Home Wireless Network Guru4u Support (Jan 05)
- RE: Multiple Connection Attempts to Home Wireless Network Corey Watts-Jones (Jan 06)
- RE: Multiple Connection Attempts to Home Wireless Network Huang, John, GCM (Jan 13)
- Re: Multiple Connection Attempts to Home Wireless Network Guru4u Support (Jan 15)