Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Multiple Connection Attempts to Home Wireless Network

From: Guru4u Support <support () guru4u co uk>
Date: Thu, 05 Jan 2006 21:18:30 +0000

Hi folks,

I would appreciate some thoughts on this.
I am running a small home network with a D-Link DGL-4300 router. I have MAC Address filtering enabled (both for wireless and wired clients) and I have two clients that connect wirelessly, one being a PSP and the other an XBOX 360. As a side note for more information I have changed the SSID name, enabled SPI and use WPA security, the network is also set to visible.
My question is this, over the last few days i have noted in my router's logs that a wireless client with an unauthorized MAC address is trying to connect but being blocked. OK no so big a deal if it was a one off or maybe occasionally but it is becoming more frequent and over the past couple of days its been happening for the best part of each day and stopping in the evening. 

example of my log below:

[INFO] Mon Jan 02 15:50:07 2006 Previous message repeated 12 times
[INFO] Mon Jan 02 15:50:04 2006 Access denied to wireless system with MAC address 000C76C94*** 
[INFO] Mon Jan 02 15:50:04 2006 Previous message repeated 20 times
[INFO] Mon Jan 02 15:46:34 2006 Access denied to wireless system with MAC address 000C76C94*** 
[INFO] Mon Jan 02 15:46:34 2006 Previous message repeated 20 times
[INFO] Mon Jan 02 15:43:02 2006 Access denied to wireless system with MAC address 000C76C94*** 
[INFO] Mon Jan 02 15:43:02 2006 Previous message repeated 20 times
[INFO] Mon Jan 02 15:37:11 2006 Access denied to wireless system with MAC address 000C76C94*** 
[INFO] Mon Jan 02 15:37:11 2006 Previous message repeated 20 times
[INFO] Mon Jan 02 15:32:28 2006 Access denied to wireless system with MAC address 000C76C94***
These attempts seem to come mostly in the afternoon and recently seem to hit in 5 minute bursts.
I can only detect two other wireless networks in range. One is completely unsecured (i didnt connect but my PSP showed it as having no security) now that network has been secured and the other is secured with WEP. I have no other wireless kit so it isnt something im my house.
I have also seen a few access denied to my LAN with various IP MAC addresses, don't think this is related though.
[INFO] Sun Jan 01 14:38:34 2006 Access denied to LAN system with MAC address EA1C1F677*** Does this sound like a hacking attempt or just another network or wireless client been setup incorrectly or left on scanning for available connection points? It seems like something scanning for another network repeatedly? 

Thanks in advance,

Ed

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. 
http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: