#1  
Old April 25th, 2012, 09:22 AM
Computer_User1 Computer_User1 is offline
Junior Member
NETGEAR Newbie
 
Join Date: Apr 2012
Posts: 52
Computer_User1 is on a distinguished road
Default WNR2000v2 Wireless Intruders?

I have a WNR2000v2 router. Just last night I've upgraded the firmware from 1.0.0.40_32.0.54NA to the latest 1.2.0.4_35.0.57NA. The update went successfully, and I noticed a few new features, such as the new IPv6 section, excellent.

Now, here is the problem. When I went to check my Attached Devices, I've noticed the new description "(Wireless intruders also show up here)" under Wireless Devices. At first, I saw only two devices, which I recognized by their MACs as my own PCs. After a click on the Refresh button, suddenly 3 more items showed up: with IPs I didn't recognize and outside my LAN's subnet; with MAC addresses I didn't recognize either; and with what seemed like programming codes showing up in the Device Name column.

I said to myself, uh oh, may be someone was trying to intrude my wireless network. So I immediately turn off the wireless radio on the router and continued networking in wire only. Obviously, that cleared all the wireless devices. After a while, I decided to turn the wireless back on for a test, so I did. At first, the wireless devices were just my two PCs. Not long later, the strange devices came back, this time with 5 items, with IPs and MACs differ from last time, and also with codes in the Device Name column. I then went for some reverse lookups for the strange IPs and MACs, but none of them came up as valid addresses.

Since then, I left my wireless radio off. Just a little background information before I continue to my questions. First, I am an IT professional, though networking is not really my field of trade, I am fairly knowledgeable regarding computer technology. Secondly, my wireless network employed WPA2 encryption, AP Isolation and MAC filtering, plus I've disabled the WPS Pin feature on the router to prevent intrusion vulnerability.

Now my questions:
1. I would like to ask Netgear, what exactly do you mean by "wireless intruders also show up here"? Is there more documentation on this feature?

2. Also what exactly can we do, if we see what seems to be intruders? As far as I know the Attached Devices section is read only, and we can't manually disable unwanted devices.

3. Is there anyone here ever experienced wireless intrusions, even with WPA2, AP Isolation, MAC filtering and WPS disabled?
Reply With Quote
  #2  
Old April 25th, 2012, 06:27 PM
jmizoguchi jmizoguchi is offline
Banned
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 0
jmizoguchi is an unknown quantity at this point
Default Re: WNR2000v2 Wireless Intruders?

there is WPS exploits so that could be.

you will find this above in the thread which were talked about early this year. google some
http://www.google.com/search?client=...UTF-8&oe=UTF-8
Reply With Quote
  #3  
Old April 27th, 2012, 08:22 AM
Computer_User1 Computer_User1 is offline
Junior Member
NETGEAR Newbie
 
Join Date: Apr 2012
Posts: 52
Computer_User1 is on a distinguished road
Default Re: WNR2000v2 Wireless Intruders?

Like I said, I've disabled the WPS Pin feature. Supposedly, that would disallow WPS exploit according to Netgear. http://support.netgear.com/app/answe...st-brute-force

Though, WPS is still on (supposedly only for push button method), even with Pin disabled. I am wondering if Netgear has the same bug as Linksys, where disabling the WPS (Pin) in the config GUI doesn't really disable it. Netgear should provide an option to just disable WPS completely. I don't use that feature any way, Pin or button!
Reply With Quote
  #4  
Old April 27th, 2012, 08:33 AM
Computer_User1 Computer_User1 is offline
Junior Member
NETGEAR Newbie
 
Join Date: Apr 2012
Posts: 52
Computer_User1 is on a distinguished road
Default Re: WNR2000v2 Wireless Intruders?

By the way, June, it seems more likely that the intruder was trying to do MAC spoofing on my network, rather than the WPS exploit. I am not 100% sure, though.
Reply With Quote
  #5  
Old April 27th, 2012, 08:45 AM
jmizoguchi jmizoguchi is offline
Banned
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 0
jmizoguchi is an unknown quantity at this point
Default Re: WNR2000v2 Wireless Intruders?

Contact support at my.netgear.com

Also this already discussed in the forum so search it though
Reply With Quote
  #6  
Old April 27th, 2012, 09:11 AM
jmizoguchi jmizoguchi is offline
Banned
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 0
jmizoguchi is an unknown quantity at this point
Default Re: WNR2000v2 Wireless Intruders?

Make sure you are using WPA2 encryption and also change the encryption in regular interval as well
Reply With Quote
  #7  
Old April 27th, 2012, 10:46 AM
Computer_User1 Computer_User1 is offline
Junior Member
NETGEAR Newbie
 
Join Date: Apr 2012
Posts: 52
Computer_User1 is on a distinguished road
Default Re: WNR2000v2 Wireless Intruders?

Will do, thanks!
Reply With Quote
  #8  
Old April 27th, 2012, 10:52 AM
jmizoguchi jmizoguchi is offline
Banned
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 0
jmizoguchi is an unknown quantity at this point
Default Re: WNR2000v2 Wireless Intruders?

if you only using "access list" in the router mac spoof will be bad but as long as if you use WPA2, it will be a long process to brute force so if you change in interval if you live in dense area will be good idea if you are really freaky about all this.

enjoy
Reply With Quote
  #9  
Old April 28th, 2012, 02:56 PM
fordem fordem is offline
Senior Member
NETGEAR Fanatic
 
Join Date: Nov 2006
Posts: 7,269
fordem is on a distinguished road
Default Re: WNR2000v2 Wireless Intruders?

First - the idea behind MAC spoofing is to change the MAC address of one device so that it has the same address as another - the alleged intruder would be changing the MAC address of his device to match one of your devices, to get past your MAC filtering

The fact that you are seeing a different MAC address clearly indicates that MAC spoofing is not taking place.

Now - MAC filtering actually works - it's easy to defeat (by MAC spoofing), which is why it's considered ineffective for security purposes, so, the fact that you are seeing different MAC addresses would indicate that either your MAC filtering is incorrectly setup - or - the devices are not attached via the wireless.

I can only guess at what Netgear had in mind by the statement "wireless intruders also show up here", (and if I had any say in it, I would have advised against it), for no other reason than there is no reliable way to detect intruders, and including such a statement will cause confusion - as is happening here.

The probability is that the MAC addresses you are seeing are devices you own and have simply forgotten you have connected - I suggest you make a list and cross them off one by one.

Smartphones,
Tablets - iPods, iPads,
Game consoles,
Smart TVs, streaming media devices.

It's pretty easy to miss a device or two.

Can WPA be hacked? Yes - a better question might be - are you worth hacking. Do you have something worth the time & trouble - only you can answer that question, but the answer for the average person is no - and if that's the case, then no one's going to go to that trouble to steal your internet bandwidth, not when they can go two or three houses away and find an open network.
__________________
Give a man a fish, feed him for a day
Teach a man to fish, feed him for life.
Reply With Quote
  #10  
Old April 30th, 2012, 11:40 AM
Computer_User1 Computer_User1 is offline
Junior Member
NETGEAR Newbie
 
Join Date: Apr 2012
Posts: 52
Computer_User1 is on a distinguished road
Default Re: WNR2000v2 Wireless Intruders?

I wish I would have took a screenshot of the weird attached devices, so everyone can easily see what I was talking about. There are two sections in the Attached Devices config screen: Wired Devices and Wireless Devices. The description "wireless intruders also show up here" is in the title of the wireless devices section only. The strange devices I saw were shown under the Wireless Devices section only. The devices disappeared as soon as I turned off the wireless radio. The devices (similar ones) re-appeared short time after I re-enabled the wireless radio. I, too, first suspected the devices were from the internet, rather than in the proximity of my wireless signal, but the observation above showed otherwise.

Quote:
Originally Posted by fordem View Post
First - the idea behind MAC spoofing is to change the MAC address of one device so that it has the same address as another - the alleged intruder would be changing the MAC address of his device to match one of your devices, to get past your MAC filtering...
I think, but not 100% sure, that the strange devices I saw were MAC spooling in progress, rather than already succeed. I think all the strange "devices" were really from the same device (be it a PC or a cellphone), with random generated IPs and MACs. The IPs were from different places in the world and the MACs were all non-existing (fake), as I checked. The Device Names were scrambled with random characters, as they seemed.

Quote:
Originally Posted by fordem View Post
I can only guess at what Netgear had in mind by the statement "wireless intruders also show up here", (and if I had any say in it, I would have advised against it), for no other reason than there is no reliable way to detect intruders, and including such a statement will cause confusion - as is happening here.
Absolutely agreed with you on that. It is a very confusing and ambiguous statement. There is no additional explanation / documentation on how exactly the intruder devices would appear, what exactly the user supposed to do if they saw intruder devices, and whether if this is just showing intruders being blocked (that the user is under no danger of intrusion).

Quote:
Originally Posted by fordem View Post
The probability is that the MAC addresses you are seeing are devices you own and have simply forgotten you have connected - I suggest you make a list and cross them off one by one...
No chance for that, only 2 of my computers were active wirelessly at the time.

Quote:
Originally Posted by fordem View Post
Can WPA be hacked? Yes - a better question might be - are you worth hacking. Do you have something worth the time & trouble - only you can answer that question, but the answer for the average person is no - and if that's the case, then no one's going to go to that trouble to steal your internet bandwidth, not when they can go two or three houses away and find an open network.
I wouldn't use a router that cost current price of only $17 refurbished, if this is for a business network and that there is valuable data to protect, would I? I agreed with your statement that no one would go through the trouble to steal bandwidth, if there are easier ones around. But that is until someone likes the challenge... as it seems to be the case here.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -8. The time now is 02:24 PM.