networking - How to improve my router settings and stop these access attempts to my network

04
2013-08

D. Veloper

I have a network at home. ISP modem connects to my router which connects to my computers and laptops. When I look into my router logs I see a load of blocked access attempts. I was wondering if I can stop people from trying to access my wireless network. (My router does not have the ability to power down to decreased its range)

Please check these logs and my router settings below and I hope you can tell me what I can do to stop this. Also I am wondering if this is the work of one person.

Also I am wondering if I can improve my router settings, what do you guys think?

I have a 3Com OfficeConnect router with the latest updates. My router settings:

I don't use the default password. (duh)
I don't use the regular ip-address but my own.
I use a .248 subnet so I can use 5 hosts as the 6th is my router and the first is my network address. Good for my two computers and my two laptops, room for one additional host if needed.
I have fixed a few of my DHCP client ip addresses. (is that good?)
Gateway's DHCP Server is enabled.
My SSID is a latin word I chose and I don't broadcast this name. (although I heard people can still notice my network with specific software as the network is existing)
I use WPA encryption with a pre-shared passphrase.
I enabled connection control which only allows my laptops MAC addresses to connect to the gateway.
When a request from the Internet is not directed to a virtual server it is blocked.
Url filter disabled and no pc privileges.
Pings from internet are disabled and remote administration is also off.

Here is are my logs from the past 24 hours, I omitted my own successful logins.

2009/11/07 23:49:36 : Blocked access attempt from 64.34.14.35
2009/11/08 00:26:43 : Blocked access attempt from 94.231.57.9
2009/11/08 00:49:38 : Blocked access attempt from 209.85.227.105
2009/11/08 00:49:41 : Blocked access attempt from 209.85.229.99
2009/11/08 00:51:25 : Blocked access attempt from 209.85.227.105
2009/11/08 10:54:33 : Blocked access attempt from 94.211.26.19
2009/11/08 11:05:00 : Blocked access attempt from 211.100.229.252
2009/11/08 14:35:08 : Blocked access attempt from 209.85.229.104
2009/11/08 14:36:05 : Blocked access attempt from 209.85.227.105
2009/11/08 14:56:46 : Blocked access attempt from 121.166.196.244

Answers

David Pearce

It sounds as if you have all bases covered. Regardless of your security settings on your network, you can never stop attempts to access it. It is only when those attempts aren't blocked and are successful you should start considering the security of your network.

Just one little tid-bit of helpful information…

I enabled connection control which only allows my laptops MAC addresses to connect to the gateway.

MAC address filtering (which is what this is) is so incredibly easy to by-pass. These days, faking your MAC address is very trivial and you should never rely solely on MAC filtering.

Crash893

you could try lowering the power of your wifi to more tightly match the physical office space your are servicing. no need to blast it into a public lobby or out onto the street if those are your employees anyway.

maybe setup a hunnypot ap that goes no where but if anyone connects to it youll know you had a breach of some sort.

Related Answers

Stephen Jennings

Many consumer routers won't let you change the IP address to something that's not on the local subnet. Are you sure the IP address is not 192.168.1.46?

If the address is indeed 192.168.100.46, then you can temporarily access it by adding a second IP address to your computer. Assuming you are using Windows, the steps are:

Go to Start → Run and type "control netconnections".
Find your local area connection, right-click it and select "Properties".
In the selection box, highlight "Internet Protocol" (version 4 if you have the option). Press "Properties".
Verify that "Use the following IP address" is selected, then click "Advanced".
In the IP Addresses section, add a new IP address 192.168.100.50 and use subnet mask 255.255.255.0.
Hit OK and close out of all these dialog boxes.
Now you should be able to open http://192.168.100.46 in your web browser.

If, in step 4, it is set to "Obtain an IP address automatically", then you'll need to change it to "Use the following IP address" and put in whatever your current IP address, subnet mask, and default gateway are. You can get this information by opening command prompt and typing "ipconfig". Then, you should be able to click Advanced and add a second IP address.

Thomas

Assuming you are using the DHCP from your other router to set the IP address of the PC you are attempting to access the WAP with, you will be on a different network.

Your DHCP router's IP address: 192.168.0.1
Your PC's IP address: 192.168.0.x
Your WAP's IP address: 192.168.100.46

(Network portion of IP address is italicised)

Assuming the use of a standard Class C subnet mask in all cases (255.255.255.0), your PC will not be on the same network as your WAP.

You can:
Change the IP of your PC to 192.168.100.47
or
Change the IP of your WAP to, say, 192.168.0.2 (and create a static entry in your DHCP settings of your DHCP router, to prevent this address being given out to other devices)

I've kind of lost my train of thought here but hopefully that should help.

Diago

reset the router to factory default, so you can access it again, now you want to use 192.168.100.46 as static WAN IP and not local IP. choose a local IP address from a fifferent range (e.g. 192.168.101.1)

nik

Change your local machine subnet to 255.255.0.0.
It is probably set as 255.255.254.0.

You could do this temporarily or change the DHCP to allocate with that subnet.
Everything else will continue to work and you will have the changed 192.168.100.x IP reachable on local network too.

Home

networking - How to improve my router settings and stop these access attempts to my network