Someone has connected to my internet

I have cable internet that's going through a router to two pc's, so my internet is very slow... A cable guy came and he changed the mac address but that didn't help much because 6 hours later my internet started slowing down again so i called them once more and they told me the same thing (different operator) - Someone has been "stealing" my internet, i scanned the two pc's for viruses, the antivirus didn't find any, so do you guys/girls have any suggestions? What should i do... A friend suggested changig the mac address but what the heck, if i have to change it every five-six hours then i'm screwed :(

I have cable internet that's going through a router to two pc's, so my internet is very slow... A cable guy came and he changed the mac address but that didn't help much because 6 hours later my internet started slowing down again so i called them once more and they told me the same thing (different operator) - Someone has been "stealing" my internet, i scanned the two pc's for viruses, the antivirus didn't find any, so do you guys/girls have any suggestions? What should i do... A friend suggested changig the mac address but what the heck, if i have to change it every five-six hours then i'm screwed :(

Blaminator1221

if someone is "stealing your internet" they must be connected to your home network like your two pc's are. this has nothing to do with there being a virus. this either requires a phyical network cable or more likely your router supports wireless networking which anyone close by enough can connect to if you don't secure your network. if the first is true, unplug the cable, if second is true secure your network asap!

[QUOTE="Blaminator1221"]

I have cable internet that's going through a router to two pc's, so my internet is very slow... A cable guy came and he changed the mac address but that didn't help much because 6 hours later my internet started slowing down again so i called them once more and they told me the same thing (different operator) - Someone has been "stealing" my internet, i scanned the two pc's for viruses, the antivirus didn't find any, so do you guys/girls have any suggestions? What should i do... A friend suggested changig the mac address but what the heck, if i have to change it every five-six hours then i'm screwed :(

SinfulPotato

if someone is "stealing your internet" they must be connected to your home network like your two pc's are. this has nothing to do with there being a virus. this either requires a phyical network cable or more likely your router supports wireless networking which anyone close by enough can connect to if you don't secure your network. if the first is true, unplug the cable, if second is true secure your network asap!

BLKR4330

Could be, i don't know... What i do know is that i had a fast connection for about 4-5 hours after the geniuses fixed it, then the connection slowed down again. I just did a speedtest and my speed is 4.18 - the normal is 11.5... Someone is obviously rerouting traffic, and it's not just that my connection is slow, it stutters too (don't know if that's the right word) For example: a youtube video starts loading and it stops somewhere on half, and it won't move even if you wait for hours. My msn disconnects all the time and so on...

I just checked the routing table list and there were three users and i have two pc's, two were eth1 and the third was eth0... Is eth0 the router?

if someone is "stealing your internet" they must be connected to your home network like your two pc's are. this has nothing to do with there being a virus. this either requires a phyical network cable or more likely your router supports wireless networking which anyone close by enough can connect to if you don't secure your network. if the first is true, unplug the cable, if second is true secure your network asap!

BLKR4330

incorrect you can get bogged down by DDoS attacks (look it up) or getting slammed with congestion by spyware sending stuff out

anyway first things first

another possibility is you have too many programs running in the background.. go down by your clock and close anything from the following list that may or may not apply to you:

skype, ventrilo, teamspeak, steam, gfwlM, live messenger, msn messenger, utorrent, bittorrent, bitcomet, frostwire, limewire, gamecomrade, gamespy arcade, any background operating anti-spyware tools, WoW downloader, IJJI reactor, playonline client, plaync client, and there are a couple others.. if they connect to the net event in any remote way shut em down right click and exit/quit. they can pile up after a while and really hurt your preformance. i would also delete all history and cookies from your web browser.

second of all id open up my computer and check your c:\ drive.. snoop around under program files and/or program fiels x86 as well as any temp files.. see if there is anything unexpected in there. dont immideately push delete but like post back if you find something out of place or off.

id also spyware search using malware bytes, and spybot.. see if you find anything. if not get an HJT (hijackthis)log and find someone online who can read them (my site of choice is http://forum.networktechs.com/) and see if they can point you in the right direction for removing unwanted baddies

[QUOTE="BLKR4330"]

if someone is "stealing your internet" they must be connected to your home network like your two pc's are. this has nothing to do with there being a virus. this either requires a phyical network cable or more likely your router supports wireless networking which anyone close by enough can connect to if you don't secure your network. if the first is true, unplug the cable, if second is true secure your network asap!

ionusX

incorrect you can get bogged down by DDoS attacks (look it up) or getting slammed with congestion by spyware sending stuff out

anyway first things first

another possibility is you have too many programs running in the background.. go down by your clock and close anything from the following list that may or may not apply to you:

skype, ventrilo, teamspeak, steam, gfwlM, live messenger, msn messenger, utorrent, bittorrent, bitcomet, frostwire, limewire, gamecomrade, gamespy arcade, any background operating anti-spyware tools, WoW downloader, IJJI reactor, playonline client, plaync client, and there are a couple others.. if they connect to the net event in any remote way shut em down right click and exit/quit. they can pile up after a while and really hurt your preformance. i would also delete all history and cookies from your web browser.

second of all id open up my computer and check your c:\ drive.. snoop around under program files and/or program fiels x86 as well as any temp files.. see if there is anything unexpected in there. dont immideately push delete but like post back if you find something out of place or off.

id also spyware search using malware bytes, and spybot.. see if you find anything. if not get an HJT (hijackthis)log and find someone online who can read them (my site of choice is http://forum.networktechs.com/) and see if they can point you in the right direction for removing unwanted baddies

Google up a way to home in on the guy's signal then jump him and take his laptop. Adam_the_Nerd

why not just go into your router and limit the im addressing to its bare minimum.. i mean why have a /24 addressing scheme if only 17 are in use.. its called wastefulness

one time i was getting ddos'd and i simply dropped my addressing limit to 10 and removed the address he was suing.. presto chango.. no more him

hasnt bothered me since

[QUOTE="Adam_the_Nerd"]Google up a way to home in on the guy's signal then jump him and take his laptop. ionusX

why not just go into your router and limit the im addressing to its bare minimum.. i mean why have a /24 addressing scheme if only 17 are in use.. its called wastefulness

one time i was getting ddos'd and i simply dropped my addressing limit to 10 and removed the address he was suing.. presto chango.. no more him

hasnt bothered me since

He was probably using your connection to dl and torrent crap to free up his connection.

Honestly it seems to me you dont have good wireless security. What you should have is an encryption, an authentfication, and some other crap I cant remember right now. that would keep people from connection to your wifi and leeching off of you.

To test the theory of you having a leach what I would do is to turn off the Wireless altogether and see if the problem persists, if it stops then you have a leech probably, if it continues, well then you just completed one step in troubleshooting.

add a mac address filter to your router, hide your ssid, make sure you have wpa encryption.paullywog

Fairly simple solution, your hacker is a tool obviously if he needs a DHCP address. Turn of DHCP and assign a static IP, that should fix it.

no, no that wont do anything. Then he will just set his client to use a static ip. Thats the worst guise of security I have seen in awhile.KLONE360

Its better than what you mentioned, the stupid hacker is relying upon DHCP, and if you setup your router to allow only a specific IP, then your fine. We all know, you can't have the same IP on multiple PC's.

MAC addresses cannot be changed, they are a static address given to hardware via the manufacturer. You are probably thinking about the IP address which doesn't affect someone finding your network if your broadcasting your SSID (network name usually the default is your router model). You need to access your router settings page (use the routers IP in your web browser) and changed a number of settings. The obvious settings are your user name and password (make sure password includes numbers, upper case letters, lower case letters, disable SSID and enable WPA-2 security. If you want you can also disable people accesing you're network by blocking unwanted MAC addresses, but you will have to set your MAC address as an exception. Your speeds might be affected by your neighborhood as Cable internet speeds are affected by the usage and amount of people with cable internet because they give service to areas not to customers directly. You might want to try the alternative which is ADSL...it might not be as fast but its a direct signal to you're house so it may be more reliable. Skullsoldi3r

Havent heard of MAC Spoofing? its entirely possible to change your MAC address without much effort, a friend called google will help you there.

[QUOTE="Blaminator1221"]

I have cable internet that's going through a router to two pc's, so my internet is very slow... A cable guy came and he changed the mac address but that didn't help much because 6 hours later my internet started slowing down again so i called them once more and they told me the same thing (different operator) - Someone has been "stealing" my internet, i scanned the two pc's for viruses, the antivirus didn't find any, so do you guys/girls have any suggestions? What should i do... A friend suggested changig the mac address but what the heck, if i have to change it every five-six hours then i'm screwed :(

SinfulPotato

and a CUDA GPU? please explain more. :twisted:

Sorry about that TC, I couldn't help myself. :P

PS you are all bad, except me, I am wonderful.

What you do is:

WPA2 AES on that badboy, no tkip.

Put any password that's 8 characters, nobody is going to screw with WPA2, and no, nobody is goign to grab out a CUDA GPU and try to crack it... why? BECAUSE IT TAKES WORK.

Also people who are saying disable DHCP, not only is that an inconvenience to yourself, it won't do anything, since it's class C, they have approximately ~100 to choose from, I mean they can pick anything from 2-254, but they are probably outside the DHCP range.

Disabling broadcasting, you can, it won't help that much, but I leave my profanity wifi names for every1 to see.

Mac blocking, this actually will make most people annoyed, and just get someone else's Internet. Yes it is easy to spoof, but then you are going to end up with mac collisions, it's better just to use WPA2 and go to sleep.

most routers come with a program . using it u can probly make the ip address of the unkonwn computer blocked. after that i would change ur wepkey

[QUOTE="SinfulPotato"][QUOTE="Blaminator1221"]

I have cable internet that's going through a router to two pc's, so my internet is very slow... A cable guy came and he changed the mac address but that didn't help much because 6 hours later my internet started slowing down again so i called them once more and they told me the same thing (different operator) - Someone has been "stealing" my internet, i scanned the two pc's for viruses, the antivirus didn't find any, so do you guys/girls have any suggestions? What should i do... A friend suggested changig the mac address but what the heck, if i have to change it every five-six hours then i'm screwed :(

acsam12304

and a CUDA GPU? please explain more. :twisted:

most routers come with a program . using it u can probly make the ip address of the unkonwn computer blocked. after that i would change ur wepkey

sinpkr

[QUOTE="sinpkr"]

most routers come with a program . using it u can probly make the ip address of the unkonwn computer blocked. after that i would change ur wepkey

JigglyWiggly_

i know

WEP is not very safe. people say change to WPKA or something like that. which people say is more safer?

[QUOTE="ionusX"]

[QUOTE="Adam_the_Nerd"]Google up a way to home in on the guy's signal then jump him and take his laptop. KLONE360

why not just go into your router and limit the im addressing to its bare minimum.. i mean why have a /24 addressing scheme if only 17 are in use.. its called wastefulness

one time i was getting ddos'd and i simply dropped my addressing limit to 10 and removed the address he was suing.. presto chango.. no more him

hasnt bothered me since

He was probably using your connection to dl and torrent crap to free up his connection.

Honestly it seems to me you dont have good wireless security. What you should have is an encryption, an authentfication, and some other crap I cant remember right now. that would keep people from connection to your wifi and leeching off of you.

To test the theory of you having a leach what I would do is to turn off the Wireless altogether and see if the problem persists, if it stops then you have a leech probably, if it continues, well then you just completed one step in troubleshooting.

well like my firewall on a client pc level was going bonkers and having a blocked connection every 15 minutes or so for like 2 days straight..

and packet sniffing saw normally unused ip addressing inside my ntwork being used and the source of the problems.. and finally i run static configurations..

i know what my addressig scheme does and doesnt contain

someone got into my network wirelessly and began assaulting my pc with pings and ping -r's

ddos attack is by definition congestion of someone connection till they disconnect or lose network integrity.

so i simply went bare minimum addressing and the problem stopped.

i dont argue with the results

who, how and why.. sorry could care less tbh

Who knows there could be something on your computer. Run Microsoft security E andmalwarebytes both in safe mode and see if they pick something up. Also try connecting another computer to the network that has a fresh install of an OS and see if the problem is still there. Make sure to disconnect the other computers and disable wifi.

So i reset all my router settings to 0 and i "spoofed" my mac address then and i called my operator and told him to update my connection... I changed the password and username and i think that my problem is solved, but i'll have to wait and see...

Yeah, go wired, its faster, and more secure, and NO HACKER can get into it without physically altering your connection! Just buy your ethernet cables from amazon.com, any retail store will hike the price up. (use CAT6 if it is over 50ft in length) Cost about the same as Cat5e.

Then if your ISP tries to say the same crap, (I know they like to get out of responsibility, I use to work for a couple)

Tell them that is not the problem because I have a completely wired connection.. So the problem is either gonna be something slowing your pc's down... Or the problem is going to be with the ISP being real cheap with replacing lines somewhere on the grid (that you are routed through) Which is a very high possibility.

These ISPs want to charge top dollar for internet whilst having a crappy infrastructure.

Fairly simple solution, your hacker is a tool obviously if he needs a DHCP address. Turn of DHCP and assign a static IP, that should fix it.

GTR12

and a CUDA GPU? please explain more. :twisted:

acsam12304

Any cellphones, consoles or handhelds in the house that use Wifi? That'll account for the extra address.fm_coyote

This is actually what I was going to suggest first. I have about 8-10 computers at home running at any given time between physical machines. My DCHP server reports close to 20 leases. This isn't because someone is stealing my internet, but rather because every single device and NIC in my house has its own MAC address and as such gets its own lease. This can include:

• My wife's iPod
• My iPhone
• My iPad
• My Wii
• My PS3
• A 360 with a wireless NIC
• My PSP
• My DS
• Network capable DVRs or Blu-Ray players

The point is nearly everything uses a network these days. Even if you take the same computer and plug it in via wired NIC while you are troubleshooting wireless then you've just pulled another IP address. I would first look at peak versus non-peak hours (especially with a cable ISP). You should take statements like "someone is stealing your internet" from the cable technician with a grain of salt because sometimes those guys will fall back on the explination that takes the responsibility for the problem off of the cable company when they can't figure out the problem themselves. I ran into this with my cable provider about 5-6 years ago. Their network was basically crap and they tried to blame everything they could on my side (router, PC, viruses, wiring, etc). In every case I was "guilty until proven innocent" and had to demonstrate why each of the things they suggested was wrong with my setup couldn't possibly be the cause.

Sure, all the other wifi security stuff applies too. Use WPA2 with a strong password. Hiding SSIDs doesn't do crap. Turning off DHCP or shrinking your subnet is also useless. MAC filtering helps but isn't foolproof because Windows since XP has allowed raw access to the TCP/IP stack allowing the OS to easily spoof MACs, etc, etc. The only really secure method is to do what large enterprises do and set up a wireless authentication server of some sort and use client certificates, but you can't do that with just a $50 Netgear.

The more security you implement, the more administrative headache you create for yourself. MAC address filtering means you need to manually add the MAC of every NIC you want to use on the wireless network. WPA means you can't use certain types of devices that may not support it online (The DS for example won't play games over a WPA secured wireless network). Client certs means that no devices outside of PCs and some smartphones will ever be able to use your network.

The -first- thing you should do is verify whether or not someone is actually getting onto your network. A single unrecognized IP does not represent proof of this unless you absolutely KNOW that there is nothing else in your house that could possibly be set up on the wired or wireless network AND you also know that you haven't connected a single computer to the network using more than one type of connection.

Occam's razor FTW. :)

-Byshop

The -first- thing you should do is verify whether or not someone is actually getting onto your network.

Byshop

Easiest way to do this is turn off Wifi the next time you see slowdown. If the slowdown persists, you have eliminated hackers as the culprit.

-Byshop

[QUOTE="Byshop"]

The -first- thing you should do is verify whether or not someone is actually getting onto your network.

Byshop

Easiest way to do this is turn off Wifi the next time you see slowdown. If the slowdown persists, you have eliminated hackers as the culprit.

-Byshop

The only other way is that someone connected to my cable but we checked the conjunction box and yup, you guessed it, no one had connected to my cable... So there is no way someone is actually rerouting traffic.

I think they're lying to me, i mean i did everything i was supposed to and my internet is still slow. I did a speedtest and it's 4.8, it's supposed to be 10 :@ Anyway i'm done bothering with this, i called them, their crew of "geniuses" will come tomorrow if they don't fix i'll get a new isp...

OutB4 I go nuts and kill my PC. Some of you people have no clue what your talking about, a few have a slight clue and I think me and jiggly are the only ones who really know anything. Static Ip config. Srsly what do you think that will do. I just cant believe some of you people have computers.KLONE360

Sorry about that TC, I couldn't help myself. :P

PS you are all bad, except me, I am wonderful.

What you do is:

WPA2 AES on that badboy, no tkip.

Put any password that's 8 characters, nobody is going to screw with WPA2, and no, nobody is goign to grab out a CUDA GPU and try to crack it... why? BECAUSE IT TAKES WORK.

Also people who are saying disable DHCP, not only is that an inconvenience to yourself, it won't do anything, since it's class C, they have approximately ~100 to choose from, I mean they can pick anything from 2-254, but they are probably outside the DHCP range.

Disabling broadcasting, you can, it won't help that much, but I leave my profanity wifi names for every1 to see.

Mac blocking, this actually will make most people annoyed, and just get someone else's Internet. Yes it is easy to spoof, but then you are going to end up with mac collisions, it's better just to use WPA2 and go to sleep.

JigglyWiggly_

Didn't congress just pass a law that required ISP's that offered "boardband" to provide "brondband" speeds?

Didn't congress just pass a law that required ISP's that offered "boardband" to provide "brondband" speeds?

SinfulPotato

I don't think the mac address has anything to do with this because i changed it for the third time, there is no way someone is so persistent that he "hacked" it three times in less than a week. Besides when a cable guy came a few days ago he unplugged the internet cable from the router and connected it directly to the pc and it was still slow, so no one is stealing from my router.

The only other way is that someone connected to my cable but we checked the conjunction box and yup, you guessed it, no one had connected to my cable... So there is no way someone is actually rerouting traffic.

I think they're lying to me, i mean i did everything i was supposed to and my internet is still slow. I did a speedtest and it's 4.8, it's supposed to be 10 :@ Anyway i'm done bothering with this, i called them, their crew of "geniuses" will come tomorrow if they don't fix i'll get a new isp...

Blaminator1221

Yeah, this is pretty much what I was thinking which is why I suggested what I did. All this discussion of wireless security is interesting but largely acedemic since we never really verified if a security breach was indeed your particular issue. I've helped out a lot of people who have though they were the victim of a wifi-thief and more often than not their acutal problem was far less interesting than someone cracking a WEP key.

As for the cable company, I don't think they are "lying" per se, but rather they are blaming what they think is the problem based on a typical lack of troubleshooting experience. Cable technicians are typically just that: cable technicians. Not necessarily PC technicians. They don't understand networking but they understand how to run cable, test signal strength and troubleshoot the kind of problems you would associate with cable television. When I upgraded my house to a business class connection with Comcast, the technician who came out was a pretty bright guy but he didn't understand the more PC oriented aspects of what he was configuring.

I had an issue where my old cable modem was a striaght modem and the external IP address was pulled from Comcast by my freebsd firewall. The new business class modem was a gateway that pulled the external IP address for me and there was no way to disable that. This was a huge bummer for me since my freebsd box supports uPNP and typically the uPNP server needs to sit on a public IP. The technician explained that I couldn't pass the exteranl IP address to the internal box using the business class gateway they offer (which was true) and that the only way to fix it was to buy a block of 5 external IPs ($10 a month extra) and assign one to the freebsd router. I fixed the problem by DMZ-ing the freebsd machine from the gateway which passed all my port forwarding and allowed uPNP to work. He wasn't conning me, he just didn't know that was an option.

If you have the ability to switch ISPs, that's not a bad way to go. For me, this wasn't an option so I suffered with crap speed for years until they improved their network.

-Byshop

[QUOTE="GTR12"]

Fairly simple solution, your hacker is a tool obviously if he needs a DHCP address. Turn of DHCP and assign a static IP, that should fix it.

markop2003

I doubt he/she would know what that even is (talking about the hacker). I even doubt itsa hacker, probably some kid with a new laptop trying to have a bit of fun.

[QUOTE="JigglyWiggly_"]

Sorry about that TC, I couldn't help myself. :P

PS you are all bad, except me, I am wonderful.

What you do is:

WPA2 AES on that badboy, no tkip.

Put any password that's 8 characters, nobody is going to screw with WPA2, and no, nobody is goign to grab out a CUDA GPU and try to crack it... why? BECAUSE IT TAKES WORK.

Also people who are saying disable DHCP, not only is that an inconvenience to yourself, it won't do anything, since it's class C, they have approximately ~100 to choose from, I mean they can pick anything from 2-254, but they are probably outside the DHCP range.

Disabling broadcasting, you can, it won't help that much, but I leave my profanity wifi names for every1 to see.

Mac blocking, this actually will make most people annoyed, and just get someone else's Internet. Yes it is easy to spoof, but then you are going to end up with mac collisions, it's better just to use WPA2 and go to sleep.

Blaminator1221

How are they stealing your internet if it's not wireless?JigglyWiggly_

This is why you ask questions to validate the root cause before suggesting solutions. :)

-Byshop