If you can get an IP address like I did on my router logs,
you can run a "whois" command which will reverse IP check.
If it's coming from Apple, whois will tell you that.
Of course, most of the time "I" run it, the IP address
is coming from China, but even that can be spoofed with
VPN or some other means.
Sometimes there are two different places to look:
- the DHCP page will tell you CURRENT lease holders
- the log will often include "informational" messages
telling you when leases were assigned
The buffer available for a log may not be deep enough to "go back far
enough" to see some old events (depends on how much "traffic"
got injected into the log in the time since the lease was "logged").
Also, some devices allow you to specify which *types* of messages
you want to see in your log.
The actual lease holder is only of minor importance; it tells
you *what* device was targeted or involved in the exchange.
The actual nature of the transaction is still indeterminate;
it can be a legitimate application *or* an exploit running
(E.g., Philips has some high end color-adjustable LED light
bulbs that can be attacked, remotely. Would you think of
them as a likely "target" on your network? :> )
That's interesting. I didn't know routers kept logs. Did
you find that by logging in to the "control panel"?
I used to get a lot of attempts to get into my computer
when I had dialup. That mostly stopped with cable, though
I have caught my cable company, RCN, trying to get
in. I have no idea why. Apparently they just go around
snooping on customers, perhaps tracking how many
machines are at each address, or some such.
First, do you have a good, long password for
your router? You should. Maybe 20 characters.
You didn't mention what computers you have.
It's important to understand that most
Windows computers are full of holes. The default
configuration has numerous unsafe services running.
Many people now also enable remote Desktop
functionality for tech support. You should have a
firewall that blocks all incoming and asks permission
for all outgoing processes. (In many cases it's also
possible to block svchost from going out, which takes
care of most or all Microsoft spyware.)
Some may remember there was a problem with XP
in the early days. A service called Messenger (not
Windows Messenger) was running by default. It was
intended for sys admin people in corporations to be
able to pop up notices to employees on the network.
(Like "Don't forget: Company picnic on Saturday.")
It was being used to show people ads. The problem is
that Windows NT (2000/XP/Vista/7/8/10) is designed
to be a corporate workstation. It's a sieve, set up
with the assumption that the network is safe while
the users can't be trusted. If you want to set up
reasonable security see here:
You can use that site to adjust services. And get a
I don't know much about Playstation, but that's
a good example of increasing intrusion online. Online
services and spyware operating systems are changing
the norm. Most software is now designed to call home
without asking. A few years ago that was known as
spyware. Windows 10 is a new level of spyware. It
has a legal right to spy on virtually everything you do.
(I suspect Playstation is probably worse in that regard.)
At the same time, more people want more of those
services. Without selling out to Apple you can't get
all those nifty apps. Without selling out to Adobe you
can no longer use Photoshop without it spying on you.
The latest version is still installed on your computer,
but it's officially marketed as an online service. The
difference is not so much in the software but in the
fact that you have to accept it as spyware. MS Office
and many other programs are going the same way.
They want to steal your car and rent you a taxi.
So there may be different, conflicting concerns
for you. One concern is preventing malware/spyware
intrusion by strengthening your security. But then
there's also the issue of whether you're actually willing
and able to do that in the context of how you want
to use your connected devices. If you want to accept
and use online services then you must accept that
you're now in a shopping mall. The mall cameras,
marketing data collectors and security guards will be
watching. You're on their property, not your own.
On Wed, 23 Dec 2015 10:17:10 -0500, Mayayana wrote:
I don't know of *any* router that does *not* keep logs.
Usually they start at reboot time, and go on forever from there.
For my Netgear router, I log in and then go to:
Advanced > Administration > Logs
Cable should be the worst, as I understand it, since anyone
in your neighborhood on the same cable is essentially connected
to you as I understand it.
So, I'd be sure to have a router, but, as we all know, anyone
who knows what they're doing can get past our cheap routers.
The thing is that most routers don't allow a password greater
than 8 characters (from my experience). Sure, they'll *let*
you type a long password - but they'll take anything (or nothing)
after the first 8 characters.
Try it. That's how "my" router works.
Oh, I have everything. Windows. Linux. OS/X. iOS, Android.
Printers. And other devices (like the playstation).
| > First, do you have a good, long password for
| > your router? You should. Maybe 20 characters.
| The thing is that most routers don't allow a password greater
| than 8 characters (from my experience). Sure, they'll *let*
| you type a long password - but they'll take anything (or nothing)
| after the first 8 characters.
| Try it. That's how "my" router works.
I tried it. I entered the first 13 characters. It didn't
let me in. I've never heard of an 8-char limit.
| > You didn't mention what computers you have.
| > Assuming Windows...
| Oh, I have everything. Windows. Linux. OS/X. iOS, Android.
| Printers. And other devices (like the playstation).
I don't see any scanning or contact in my logs,
but I also only use computers, with no networking,
and get informed by my firewall about unrequested
incoming. You may not have much option with
Playstation. I assume it's not under your control.
But you should have firewalls on your computers
that will drop incoming requests. (Though that's
one of the many shortcomings of Linux in my book.
Last I checked, Linux firewalls could stop incoming
but didn't monitor outgoing.)
| Are we talking about the ROUTER "admin" password?
| Or are we talking about the ESSID encryption passcode?
| They're different things.
| "I" was talking about the router admin password.
Yes. I don't know why people are making this
so complicated. There have been cases of
routers being hacked, sometimes because they're
set with default passwords that don't get
changed. Not a big issue. Just one thing to
make sure you have covered.
On Wed, 23 Dec 2015 09:20:13 -0700, Tony Hwang wrote:
I think you're talking about different things that have nothing
to do with each other.
AFAIK, WPA2 is the strongest "we" can generally get (being normal
homeowners and not corporations) on our routers.
For us, the PSK (pre-shared key) is the way "we" homeowners do
WPA2. It just is.
However, if we were a corporation, we could do more with WPA2
than pre-shared keys, which, I don't remember what it's called,
but it's some kind of rotating or assigned key that the IT
department of the company can manage (instead of the router).a
What you seem to be talking about is the difference between
various security options, such as:
* WPA-PSK [TKIP]
* WPA-PSK [AES]
* WPA-PSK [TKIP] + WPA-PSK [AES]
All of those above are WPA2/PSK.
There are several issues.
First, the SSID is effectively public. Even if you turn off SSID
broadcasts, it's trivial to detect your SSID. So, any sort of
access control you expect to gain from *hiding* it is laughable!
Likewise, making it "obscure" -- "sdsf0gl9k2345s0d" -- won't
buy you anything.
The administrator's password is used to access the configuration
parameters (usually via a web interface) in the router/appliance.
So, if it is guessable (e.g., left at the default setting),
then anyone determined to do so can access that page and
reconfigure the router to their goals. (details omitted, here).
Some routers also have provisions for *remote* administration.
I.e., they expose the web interface to the outside world so
some remote agency can manage the router on your behalf
(think "cable modem"). Leaving this access "enabled" exposes
more attack surface to "the outside"; folks you probably trust
a lot less than the ones sitting in your bedrooms, office, etc.!
The "shared secret" passkey is, in theory, confidential -- assuming
the router's configuration pages can't be accessed! However,
a determined adversary can get past this, as well. There are
(paid) services that will deliver you the secret passphrase for
some given "sniffed" traffic in 24 hours (48 if you want to
save a few dollars). As most folks don't change their passphrases
often (every day?), this is a viable attack vector (is your
stuff "worth" $X of someone else's money??)
If you have *physical* access to a device (router/appliance/PC/etc.)
then the bar is much lower. E.g., it's usually pretty trivial to
go poking around someone's "locked" PC.
Moral: don't put anything valuable anyplace folks can get to it!
Jeff Liebermann knows this stuff much better than I do, but here
is what he taught me.
WORSE THAN YOU SAID:
1. If you hide your SSID, then your laptop has to look for it on
purpose, which it dutifully does (that's how it finds it).
However, that also means that when you boot your laptop at
Starbucks, it *still* looks *first* for your hidden IP (because
your laptop has no idea you're at Starbucks yet). Only after
your laptop can no longer find the SSID it wanted first, does
the laptop look for *other* broadcast SSIDs.
Hence, you have *worse* privacy at a hotspot when you decide
to not broadcast your SSID at home.
MOSTLY TRUE WHAT YOU SAID:
2. Making your SSID obscure is critical if you want to stay out
of rainbow hash tables. Anyone who knows YOUR SSID already
can download a hash table that allows them to log into your
router using the SSID as a "salt".
So you really really really want to have a UNIQUE ESSID!
3. In addition, you don't want your unique ESSID to pinpoint
you, so don't name it after your last name or your address.
4. One more thing, the BSSID (i.e., the MAC address) of your
router is what Google puts into its database when that
spycar drives down your road. Short of putting up a sign
saying "private road", you can't stop them from driving
past your home and gathering your BSSID and those of your
One thing you can do is change your ESSID to have "_nomap"
on the end of it, which Google says they won't keep. Yes,
I know, they expect the entire world to opt out manually
that way, which is silly, but that's what they do.
Otherwise, you'll need to change *both* your ESSID and
your BSSID (MAC address) periodically, so that Google
databases no longer have accurate records. (You can't
do anything about your stupid neighbors though, so,
you're already doomed.)
There are no free lunches. Said another way, there's no
such thing as "win/win".
Wireless makes life easier for users -- no cords, etc.
As such, it comes with a cost (privacy, vulnerability
to DoS, eavesdropping, etc.).
I have three wireless access points scattered around the
house (typically affixed to the ceilings in closets so
they are unobtrusive yet give me good coverage, if
needed). The radios in each are always "OFF". Every
machine, here, uses a hardwired network drop (I have
72 of them; 24 are "available" for devices/48 are
dedicated to specific devices -- and that doesn't count
the network switches *in* individual rooms that act
as port multipliers). They exist primarily for "guests"
who are willing to expose their traffic for the
convenience of not being tethered to a particular network
drop (though you can "plug in" virtually anywhere in
the house with a 10 ft patch cord!).
I have my own OUI so that gives me a bit of obscurity
but, by the same token, uniquely identifies *my* stuff!
(in the privacy world, you want to be COMMONPLACE,
*not* unique! :> )
I've given serious consideration to painting the interior
walls with aluminized paint to block "RF leakage" but
fear that may eventually result in a problem -- someone
trying to dial 911 from a cell phone and getting "no signal",
So, the wireless appliances that I've been developing
use proprietary protocols -- google can sniff away
and not be able to identify anything (other than
"something wacky happening in this vicinity"). Fortunately,
this isn't done to confound google but, rather, to offer
capabilities that existing protocols *don't* offer!
(As such, it's not a "wasted effort" but, rather, an
And Don't forget complexity (two transceivers, RF link, etc..) means
Wireless is a lot more complex than a few copper wires. More to go wrong.
That's why I know there's something wrong when people just say they want
WiFi for something like a desktop PC, printer, or DVR where wired is
nearly always a better choice.
1 day until the winter celebration (Friday December 25, 2015 12:00:00 AM
for 1 day).
Neighbor's alarm system is wireless. This, of course, makes sense
from the standpoint of the folks who want to sell the *service*
("Only $29.95/month -- in perpetuity!") and want to keep the
"cost of admission" (installation) low -- soas not to discourage
potential suckers ^H^H^H customers; stringing wire to every door
and window would quickly eat any profit they might glean in the
OK, so I'm sure (?) the system designers put some effort into
dealing with "loss of connectivity" -- i.e., if they don't get
a periodic "report" from each node, they probably err on the
side that there *might* be a break-in.
[The approach of sitting passively and waiting for a sensor to
signal an *exception* is too easily hacked; you want positive
confirmation that "all is well" in addition to "exception"
And, I'm sure they figure any "outages" in the normal course of events
are few and far between. "Noise" that they can ignore or absorb
as part of the cost of doing business...
So, what happens if someone sits out front in their vehicle and
jams the band these devices communicate over? (wouldn't be hard
to determine) Doesn't enter the property. Just sits nearby
and mucks with the operation of the system. Does it report an
intrusion attempt? Does it just set a flag for the homeowner
What happens if you do this every day? When does the nuisance
factor (assume the police are NOT notified of each of these
"alarms", just the homeowner) cause the homeowner to abandon
the system? I.e., an adversary has compromised their "investment"
without putting himself at risk...
I have a PLC modem that I use, in a pinch, to avoid running a
cable from <someplace> to <someplace else>. Plug the transceivers
into the wall socket "here" and "there"; plug the two devices into
the two transceivers and, magic! Exploit the power line to connect
A to B.
But, I'd never rely on it -- anymore than I'd rely on wireless.
(there are lots of limitations) It's not a "closed" system.
SSID blocking will still deter the 99% (or more) of people who don't
know how to detect it, or don't even know there's a network there.
Still, I don't consider it worthwhile (security / usability tradeoff),
and would not use it if better security is available.
2 days until the winter celebration (Friday December 25, 2015 12:00:00
AM for 1 day).
I find looking at SSID's that folks have chosen to be entertaining
(using my little WiFi sniffer mentioned elsewhere).
People don't think about the sorts of information they "leak" with these
My best friend in school had a license plate:
First Middle Last initial
BIRTH mONTH ddAY
Really? So, you want everyone to know who you are and your birthdate?
Give me a couple of tries and I can probably guess the year -- from
your appearance and other things you leak about yourself! :<
HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.