Neighbors on my WiFi? False Alarm?

This evening after I removed wireless encryption from our home network to accommodate our new XO laptop, I started reviewing the wireless router logs on our Airport Express router and access point to see if any previously unknown or unwelcome visitors were attached to and using our wireless network. Using the Airport Utility application on my Macbook (which is also available for Windows computers, incidentally) I was surprised to see three devices attached to our wireless network with assigned IP addresses. We should have just had TWO devices attached: my laptop and my son’s. The following image shows the current DHCP leases for our router, which are set to expire after 4 hours. An entry can remain in this list after a device is turned off, but the middle tab on this menu shows the currently attached wireless clients (by MAC address only, not IP address as in this menu) and it also showed three currently connected devices:

Before I detail this situation further, I would like to address the reasonable question “Why should I care if my neighbors are on my wifi connection?” Most likely, if your neighbor accesses the Internet through your connection nothing bad is going to happen. HOWEVER, in the event that person chooses to do something illegal and their web activity is traced back to your home IP address, law enforcement officials could reasonably come knocking on your door. That was one of many messages shared by Larry Boggess of the Oklahoma State Bureau of Investigation (OSBI) last week at a workshop on Internet Safety hosted by the Oklahoma Library Association. Protecting yourself from being blamed for the illegal online activities of others is one big reason to have secure encryption on your home wifi connection. Another reason is to prevent a hacker attack: If someone is able to attach their computer to your home wifi network, they can use software to “sniff” all the packets passing through your router to and from the Internet, and even intercept your usernames and passwords for websites that do not use SSL encryption (passwords sent in the clear.) Identity theft is a real issue and a growing problem everywhere. According to Oklahoma policeman Kenneth Tidwell, there were over 17,000 cases of identity theft in Oklahoma alone last year and that number is growing fast. Companies like LifeLock are NOT emulating “Chicken Little:” Identity theft is a REAL problem that is only getting worse as more and more transactions take place via the web.

When I saw what appeared to be an unknown device attached to our network, I suspected that a neighbor might have attached his/her computer to our wifi network. To get more information, I accessed the router logs in our Airport Express. I was distressed to see repeated attempts (apparently) to gain administrative access to either the router itself or a computer on our home network:

After I saw this abnormality, I restored the WPA2 password to our router/access point and restarted it. I was very surprised, however, to see the same three MAC addresses of wireless devices again appear in the status window.

As a result, I changed the SSID (network name) of our wifi network and made it a CLOSED network, which means it is hidden from most casual surfers looking for available wireless networks. I also changed the password. After making these changes, the unknown MAC address / wireless computer did NOT successfully reconnect to our network and obtain an IP address, but the mysterious “access denied” messages continued. Several Google searches for the words in the router log turned up this discussion page, which included users suggesting that by turning off the IPv6 configuration in the network system preference (control panel) this error message could be stopped. I turned off IPv6 on my computer, and this mysterious error log message did NOT recur. So…

I’m inclined to think this was a false alarm, in terms of thinking a neighbor had gained access to our home wifi network and was trying to hack into either our router or a computer on our network. It is strange, however, that a device with a different MAC address and its own IP address showed up in our router’s status page. I wish there was a GUI installation for MRTG, or a similar free application which does not require terminal commands to configure with an Airport Express on a network supporting all Mac clients. Router logs need to get MUCH easier to understand and use, IMHO. It’s important for home users to be able to utilize and interpret these, especially when it comes to monitoring the authorized and unauthorized use of a home Internet connection. Unfortunately OpenDNS (which we use at home) does not log information about MAC addresses and IP addresses connected to and utilizing your network. Perhaps this is functionality they could add as additional available statistics.

Do you utilize software or hardware tools to monitor access to your home wireless network? If there are simpler and better ways to do this, I’d love to know about them. It is still a mystery to me why a third wireless device was apparently attached to our network this evening. When I “pinged” the mysterious IP address, it returned packets like a “normal” computer would… I think:

Perhaps the IPv6 configuration setting on my computer caused another IP address to be assigned to my Macbook by the DHCP router? I don’t think this was the case, but it would be fairly amazing if one of our neighbors just happened to jump on our wifi network a few hours after I disabled encryption on it for the first time in over a year.

The big relief is that it doesn’t appear someone was trying to “hack” into our network from the outside– these log entries were apparently a result of a misconfiguration or glitch in the router software as it interacts with IPv6 packets.

Technorati Tags:
wifi, wireless, security, home, access, apple, airport, express, mrtg, intrusion

If you enjoyed this post and found it useful, subscribe to Wes’ free newsletter. Check out Wes’ video tutorial library, “Playing with Media.” Information about more ways to learn with Dr. Wesley Fryer are available on wesfryer.com/after.

On this day..

• Communicating with Elected State Representatives via Social Media – 2016
• A Transformed Political Culture in Oklahoma #transformOK #OklaEd – 2016
• Set Your Default YouTube Upload Channel – 2015
• Why Your School Needs a Scratch Club [VIDEO] – 2013
• Help My Son’s Debate Teacher Whose Home Was Destroyed by the Moore Tornado – 2013
• Scratch Camp in Edmond, Oklahoma: June 8-9, 2012 – 2012
• iPad Notetaking: NOT Impressed with PaperPort Notes App – 2012
• Passion Projects, Learning and Innovation – 2011
• Dropped iPad – 2010
• Why Storychasing is relevant for all educators – Contextual learning about copyright is important – 2009