We're having a problem with our home network. Our setup/background is as follows:
--One desktop, one laptop, and one TiVo are networked via a D-Link DI-524 wireless router. Also have a printer connected to the desktop which the laptop is able to use.
--Desktop is wired directly into the router, laptop is wireless, TiVo is wired via two Netgear XE102 Ethernet Bridges (secured with passwords/encryption).
--Router is locked down: no SSID broadcast, MAC filters in place, WPA encryption with a 64-random-character passcode enabled. DCHP dynamic server is set to give out only three IP addresses (desktop, laptop, TiVo).
--Both computers are up to date on Windows patches and antivirus defs, and are firewalled with ZoneAlarm.
--We live in an apartment building with four direct neighbors (one above, one below, and two on the sides).
Long story short -
We think someone may have gotten onto our home network by spoofing our TiVo's MAC address. Our internet was running extremely slow, and when I checked our router's logs, I saw that there was a strange wireless PC connected to our network (with a MAC address not in our allow list). When I checked the DCHP server status, it showed that a device called "unknown" had an IP address assigned to it and it had the same MAC address as the TiVo. (The TiVo is always called, well, TiVo, so I knew something fishy was going on.)
I unplugged the TiVo's network bridge, but the wireless intruder still was showing up on our logs but couldn't seem to connect since I took away his/her port of entry (the TiVo's MAC). It also seems to be tied to my laptop, because when I disable my wireless connection on the laptop and leave only our desktop connected, the wireless intruder does not appear. But the second I enable my wireless connection, it reappears. I don't even have to be connected to the network; I just have to have the connection enabled.
What I'd like to know is, what really happened here, and how can I prevent it from happening again? I thought I'd taken all the necessary precautions in securing our network.
Also, should I be concerned for the files on my hard drive, or for my internet traffic? I do some online banking on my laptop, which I thought would be fairly safe behind the WPA, the site's SSL, and my firewall/antivirus. Sensitive files (like all of our financial stuff) are on an encrypted volume using TrueCrypt (behind a bajillion-character random password).
There are at least 2-3 unsecured wireless networks in my building (plus a few more WEP/WPA networks), so there are plenty of easy targets for free internet. This leads me to believe that if there is indeed some hacker in my building, that they are either doing this for the thrill of breaking all my barriers, or they are truly interested in my activity.
Any ideas, thoughts, or advice would be greatly appreciated! I can also give more info if you need it to better understand the situation.
--One desktop, one laptop, and one TiVo are networked via a D-Link DI-524 wireless router. Also have a printer connected to the desktop which the laptop is able to use.
--Desktop is wired directly into the router, laptop is wireless, TiVo is wired via two Netgear XE102 Ethernet Bridges (secured with passwords/encryption).
--Router is locked down: no SSID broadcast, MAC filters in place, WPA encryption with a 64-random-character passcode enabled. DCHP dynamic server is set to give out only three IP addresses (desktop, laptop, TiVo).
--Both computers are up to date on Windows patches and antivirus defs, and are firewalled with ZoneAlarm.
--We live in an apartment building with four direct neighbors (one above, one below, and two on the sides).
Long story short -
We think someone may have gotten onto our home network by spoofing our TiVo's MAC address. Our internet was running extremely slow, and when I checked our router's logs, I saw that there was a strange wireless PC connected to our network (with a MAC address not in our allow list). When I checked the DCHP server status, it showed that a device called "unknown" had an IP address assigned to it and it had the same MAC address as the TiVo. (The TiVo is always called, well, TiVo, so I knew something fishy was going on.)
I unplugged the TiVo's network bridge, but the wireless intruder still was showing up on our logs but couldn't seem to connect since I took away his/her port of entry (the TiVo's MAC). It also seems to be tied to my laptop, because when I disable my wireless connection on the laptop and leave only our desktop connected, the wireless intruder does not appear. But the second I enable my wireless connection, it reappears. I don't even have to be connected to the network; I just have to have the connection enabled.
What I'd like to know is, what really happened here, and how can I prevent it from happening again? I thought I'd taken all the necessary precautions in securing our network.
Also, should I be concerned for the files on my hard drive, or for my internet traffic? I do some online banking on my laptop, which I thought would be fairly safe behind the WPA, the site's SSL, and my firewall/antivirus. Sensitive files (like all of our financial stuff) are on an encrypted volume using TrueCrypt (behind a bajillion-character random password).
There are at least 2-3 unsecured wireless networks in my building (plus a few more WEP/WPA networks), so there are plenty of easy targets for free internet. This leads me to believe that if there is indeed some hacker in my building, that they are either doing this for the thrill of breaking all my barriers, or they are truly interested in my activity.
Any ideas, thoughts, or advice would be greatly appreciated! I can also give more info if you need it to better understand the situation.