How to get rid of unknown connected people

[Aforek]

Hello, this morning, I just discovered ( and installed already ) " who's on my wifi  "  which seems pretty good

 

I have  looked at the MAC adress of the people whom I allow to share my wifi, but there are still two people who are here, and I don't know them

do you think my wifi is pirated ? 

 

I have a modem Edimax, I put inside a difficult password to find, and I have a ZET router, I found the adress, but I don't know what is , for the first time, the username and password, all the exemples I tried on the Internet don't work 

 

the router is ZET  ZXHN F601  ; do you think it's this one which has been pirated ? otherwise, with "who's on my wifi ", I have the Mac address and IP address of the two people ,  can it be useful ? 

 

I have discovered, speaking with my family in low, that somebody can easily read my password I gave them to connect my wifi ( I mean, the password I gave them to connect, not my modem password , of course ) ; have you heard it's easy to read a passwort in a smartphone ?

 I hope you can give me some clue to get rid of the two people     thanks 

[juehoe]

Change to password (often).

[Crossy]

Which wireless security mode are you using?

 

Change the password. Tell the people you want to know. Whitelist their MAC addresses.

OR

Watch how much bandwidth the "unknowns" using, if not excessive live and let live, don't forget there may be devices on your network that are not computers/phones (got a network printer?).

 

Most of our village know our password, I'm actually amazed how few "strangers" we see connected. With 200Mbps fibre a few freeloaders are no issue.

 

[Crossy]

Assuming you have a ZTE ZXHN F601 http://enterprise.zte.com.cn/en/products/network_lnfrastructure/broadband_access/xpon_olt/201406/t20140610_424776.html

 

It does not have WiFi, so you have a WiFi gateway/router/access point too, this is what you need to secure. Have a look on 192.168.1.1 or 192.168.1.254.

 

What other boxes do you have?

 

 

[Aforek]

1 hour ago, Crossy said:

Assuming you have a ZTE ZXHN F601 http://enterprise.zte.com.cn/en/products/network_lnfrastructure/broadband_access/xpon_olt/201406/t20140610_424776.html

 

It does not have WiFi, so you have a WiFi gateway/router/access point too, this is what you need to secure. Have a look on 192.168.1.1 or 192.168.1.254.

 

What other boxes do you have?

 

 

Thanks for the PDF; yes, I have a  modem Edimax, I can enter and configure it ; you say I must change the password ( it's a very complicate password , how did they find it ? )  They are near my house ? I think to forbid their Mac adress to enter , and change my modem password ; right ?  Thank you 

[kekalot]

if you have their mac address just block them yeah.. it should be in the options for Edimax.

if you have anything like smart TV or tablets it might be that too. you'll see if you block it and something stops working

[Daffy D]

Hi AFOREK

"Who's on my WiFi" did an earlier version with blocking option. Seems there was some problem with "infringement of human rights" or something so they stopped releasing the blocking option versions.

 

I use the blocking version and it works just fine. I have PM you a link if you want to try it.  

Slight hijack on this thread - sorry.

 

I've been using "Who's on my WiFi" for some time now and find it works well.

 

I have TOT fiber with a ZTE F600W modem with WiFi. went to pay the bill the other week and decided to up grade to their "Extreme Fiber plus 50/20 package for 750Bt" Great service by the time I got home already had the upgrade.

 

 

Thought that was that but next day the TOT engineers came round and installed a "Netis AC750 Dual Band Router" that connected to ZTE F600W through a LAN- WAN cable.

 

The "Netis AC750" seems to be a WiFi booster giving 2.4G and 5.G this works great getting good connections and good speeds on all WiFi gadgets.

 

Problem is "Who's on my WiFi" does not detect anything coming out from the "Netis AC750" either from WiFi or LAN connection. Any LAN connection in the original "ZTE F600W" modem still gets detected but as the WiFi from this has been replaced by the "Netis AC750" I'm not getting detections of any WiFi gadgets, so obviously can't see if unknowns are logging in.

 

Previously with just the "ZTE F600W modem" everything that was using the WiFi or LAN connection was detected so obviously "Who's on my WiFi" works in this case, just seems there must be some setting that needs to allow the Modem to see the Booster.

 

Any Ideas Welcome.

 

Edited June 19, 2017 by Daffy D
Forgot Attachments :(

[RichCor]

 

2 hours ago, Daffy D said:

TOT engineers came round and installed a "Netis AC750 Dual Band Router" that connected to ZTE F600W through a LAN- WAN cable.

The "Netis AC750" seems to be a WiFi booster giving 2.4G and 5.G this works great getting good connections and good speeds on all WiFi gadgets.

Problem is "Who's on my WiFi" does not detect anything coming out from the "Netis AC750" either from WiFi or LAN connection.

Unless there's 'some' network security setting enabled preventing it, you should be able to view all Netis AC750 network traffic.

Sounds potentially like the techs have set the Netis AC750 as a subnet to the ZTE F600W (so double-NAT configuration).

 

Ideally, the ZTE F600W is converted to BRIDGE MODE (almost completely disabling it except as a Fiber<>Ethernet converter) then ALL Device connection and interaction done through the Netis AC750 as the only functional router.

 

Optionally, the Netis AC750 can have it's DHCP Server disabled, connect LAN-LAN ports back to the fully enabled ZTE F600W and allow it to be the only Router on the network serving DHCP.

 

But it sounds like both routers have their DHCP servers enables, the ZTE seeing only its connected clients, and the Netis seeing only its connected clients (and under a possible double-NAT configuration).

 

You need to log into the Netis router web setup interface and see how it's configured, see if it's being given a WAN IP address and what LAN IP address it's utilizing.

[robblok]

Are you sure its people.. i mean a phone.. tablet.. even a network harddisk or usb drive get an IP adress... If indeed the password is hard i doubt its other people. But if you really account for all your devices.. sure it could be possible. TV boxes.. also get IP adressses.. some TV's too.. just a heads up.

[RichCor]

2 minutes ago, robblok said:

Are you sure its people..

Yea, I'm with you.

I'm more inclined to believe "Loose Lips Sink Ships"

 

Change the password.

If you really want to keep new device connections off your network, as already mentioned, enable MAC whitelisting in the router. WiFi authentication should then fail unless the connecting device's MAC address is part of the router's pre-approved list.

[robblok]

Just now, RichCor said:

Yea, I'm with you.

I'm more inclined to believe "Loose Lips Sink Ships"

 

Change the password.

If you really want to keep new device connections off your network, as already mentioned, enable MAC whitelisting in the router. WiFi authentication should then fail unless the connecting device's MAC address is part of the router's pre-approved list.

Sure, it could be people and if the password is spread then others could use it. However these people would have to live close by to pirate the signal. So it would have to be neighbors or something like that. 

 

Your suggestion is good MAC white-listing, however if someone comes to your home then you have some work to do to let them enter your network. 

 

I was just suggesting that it might have been devices the OP Did not account for like top boxes, network drives, TV's, maybe an network printer. Those kind of things. Unless of course he has good internet and his neighbors know and have passwords. But then its just resetting passwords and your done. 

 

MAC white-listing is good too and full-proof.. just a bit of work. 

[RichCor]

21 minutes ago, robblok said:

I was just suggesting that it might have been devices the OP Did not account for like top boxes, network drives, TV's, maybe an network printer. Those kind of things.

 

Trying to find the 'software' the OP was using to detect network devices.  I wondered if it accounted for the Router or WiFi devices themselves. And you're right, Ethernet direct-connect devices would also have their MAC addresses reported. 

 

Did a test install, and indeed it picked up my Main Router (non WiFi device), my ASUS WiFi router (configured as Access Point only), along with various connected WiFi devices.

 

OP, were those 'rogue' devices assigned IP addresses that are part of the routers DHCP IP 'pool'?

 

And this 'software' sounds a bit overkill. A simple IP Scanner would do the same thing.

 

Who’s On My WiFi

cloud software works through a detection agent. It’s easy to install and can be pre-configured to specific devices. This agent will run on your network to locally inventory and detect devices. The information gathered is then presented in a powerful analytics dashboard, giving you insight into session count, usage, devices, and more.
Pricing for business-to-business wireless monitoring starts at $950/year for single-location systems. For additional location options, we ask that you schedule a demo of the Who’s On My WiFi product. This will help our team uncover your organization’s specific needs and goals for wireless analytics.

 

[robblok]

1 minute ago, RichCor said:

 

Trying to find the 'software' the OP was using to detect network devices.  I wondered if it accounted for the Router or WiFi devices themselves. And you're right, Ethernet direct-connect devices would also have their MAC addresses reported. 

 

Did a test install, and indeed it picked up my Main Router (non WiFi device), my ASUS WiFi router (configured as Access Point only), along with various connected WiFi devices.

 

OP, were those 'rogue' devices assigned IP addresses that are part of the routers DHCP IP 'pool'?

 

And this 'software' sounds a bit overkill. A simple IP Scanner would do the same thing.

 

Who’s On My WiFi

cloud software works through a detection agent. It’s easy to install and can be pre-configured to specific devices. This agent will run on your network to locally inventory and detect devices. The information gathered is then presented in a powerful analytics dashboard, giving you insight into session count, usage, devices, and more.
Pricing for business-to-business wireless monitoring starts at $950/year for single-location systems. For additional location options, we ask that you schedule a demo of the Who’s On My WiFi product. This will help our team uncover your organization’s specific needs and goals for wireless analytics.

 

My router itself has the functionality to see who are on my network so i never really needed software for it. Just amazed a bit at first at how many devices were connected. But with a bit of thinking (and descriptions / names given) i identified them all. Its just that there are far more then you initially think there are. 

[Daffy D]

3 hours ago, RichCor said:

 

Unless there's 'some' network security setting enabled preventing it, you should be able to view all Netis AC750 network traffic.

Sounds potentially like the techs have set the Netis AC750 as a subnet to the ZTE F600W (so double-NAT configuration).

 

Ideally, the ZTE F600W is converted to BRIDGE MODE (almost completely disabling it except as a Fiber<>Ethernet converter) then ALL Device connection and interaction done through the Netis AC750 as the only functional router.

 

Optionally, the Netis AC750 can have it's DHCP Server disabled, connect LAN-LAN ports back to the fully enabled ZTE F600W and allow it to be the only Router on the network serving DHCP.

 

But it sounds like both routers have their DHCP servers enables, the ZTE seeing only its connected clients, and the Netis seeing only its connected clients (and under a possible double-NAT configuration).

 

You need to log into the Netis router web setup interface and see how it's configured, see if it's being given a WAN IP address and what LAN IP address it's utilizing.

Thanks "RichCor" will have a go this evening to see what the settings are. One point is that I now need the LAN ports from both units to be usable. The TOT Techi did say all the LAN ports on both unit are Same-Same, which they are they all work just not showing on "Who's on my WiFi"

 

Back to the OP, as others have said everything that has LAN connection or WiFi in the area will show up on "Who's on my WiFi" Phones, tablets, TV boxes, smart TV including your own computer and the modem, anything with an IP address.  

 

At one time I had about a dozen things show up. Identifying them all was a nightmare. Had to turn everything off and then turn on one at a time do a scan to identify what it was. Luckily only have to do it once.  

[elfpattaya]

Why don't you try Advanced IP scanner, I found it better than Who's on my WiFi.

And you don't have to install it, only run it.

 

https://www.advanced-ip-scanner.com/

Edited June 19, 2017 by elfpattaya
Put in link

[JaseTheBass]

Or you could try the Fing app

Sent from my SM-T815Y using Tapatalk

[Aforek]

On 19/06/2017 at 11:25 AM, Daffy D said:

Hi AFOREK

"Who's on my WiFi" did an earlier version with blocking option. Seems there was some problem with "infringement of human rights" or something so they stopped releasing the blocking option versions.

 

I use the blocking version and it works just fine. I have PM you a link if you want to try it.  

Slight hijack on this thread - sorry.

 

I've been using "Who's on my WiFi" for some time now and find it works well.

 

I have TOT fiber with a ZTE F600W modem with WiFi. went to pay the bill the other week and decided to up grade to their "Extreme Fiber plus 50/20 package for 750Bt" Great service by the time I got home already had the upgrade.

 

 

Thought that was that but next day the TOT engineers came round and installed a "Netis AC750 Dual Band Router" that connected to ZTE F600W through a LAN- WAN cable.

 

The "Netis AC750" seems to be a WiFi booster giving 2.4G and 5.G this works great getting good connections and good speeds on all WiFi gadgets.

 

Problem is "Who's on my WiFi" does not detect anything coming out from the "Netis AC750" either from WiFi or LAN connection. Any LAN connection in the original "ZTE F600W" modem still gets detected but as the WiFi from this has been replaced by the "Netis AC750" I'm not getting detections of any WiFi gadgets, so obviously can't see if unknowns are logging in.

 

Previously with just the "ZTE F600W modem" everything that was using the WiFi or LAN connection was detected so obviously "Who's on my WiFi" works in this case, just seems there must be some setting that needs to allow the Modem to see the Booster.

 

 

First, Daffy , thanks for the message, I" ll  have a try 

 

second,  in my home  no connected objects like Tv, printers etc ... only notebooks and smarphones, 13 devices in all 

I have noted all the MAC adresses of my people ", so if  a stranger comes, I know him as " unknown " immediately 

I have also changed my modem password ( very difficult one ) and the network password  for the devices

in my Edimax modem, I have not yet found how to block " black list " with MAC address to block 

 

and to finish, I must say that TOT is very good, efficient and nice people 

this morning, they came  to my house ( one hour after my call ) to do something on my Internet connection , and in the same time  they have upgraded my connection from 50/15 to 80/20 for the same price ( 802.50 with taxes ) , they were even ready to give me 100 , but my modem can't receive more that 80 mbs 

Edited June 20, 2017 by Aforek

[Daffy D]

On ‎6‎/‎19‎/‎2017 at 2:00 PM, RichCor said:

You need to log into the Netis router web setup interface and see how it's configured, see if it's being given a WAN IP address and what LAN IP address it's utilizing.

Don't really know what I'm looking for but did find this:-

    

 

 

Edited June 20, 2017 by Daffy D

[Daffy D]

4 hours ago, Aforek said:

I must say that TOT is very good, efficient and nice people 

Yes, I have always found TOT and their engineers very helpful and efficient.

Can never understand all the negative post on here about them.

 

[RichCor]

56 minutes ago, Daffy D said:

Don't really know what I'm looking for but did find this:-

 

Yea, I think this is enough to diagnose Daffy D's issue.

 

Your network routers are currently connected as:

TOT Fiber Gateway >>  

(WAN)ZTE F600W modem with WiFi (LAN)

DHCP SERVER : Enabled
LAN IP Address: 192.168.0.1

LAN PORT  >>

>> (WAN PORT) Netis WF2710

DHCP SERVER: Enabled

LAN IP Address: 192.168.1.1

 

The network routers ideally should be connected and configures as:

TOT Fiber Gateway >>  

(WAN)ZTE F600W modem (LAN and WiFi)

DHCP SERVER : Enabled
LAN IP Address: 192.168.0.1

LAN PORT  >>

 

>> (LAN PORT) Netis WF2710  

DHCP SERVER: Disabled 

LAN IP Address: 192.168.0.2

 

...basically disabling the Netis 'router' functions and running it only as a WiFi Access Point mode.

 

To make these changes on the Netis,

1. connect to the Netis via Ethernet Port or WiFi
2. Disable the Netis DHCP Server, save changes
3. Change the Netis LAN IP Address to 192.168.1.2, save changes
4. Unplug the Ethernet cable from the Netis WAN port, and connect instead to the LAN port
5. Power Cycle / Reboot the Netis (power OFF then ON)

When you reconnect the Desktop or Laptop you should now have direct access to both routers simultaneously

192.168.0.1 is the ZTE

192.168.0.2 is the NETIS

 

  * Note: The NETIS may have a built-in Access Point Only option in the OPERATION MODE menu setting. The manual isn't clear.

** Note: Your text doesn't indicate the actual working LAN subnet of the ZTE router. The ZTE could be using 192.168.0.1 or 192.168.1.1 and you'll need to set the Netis internal LAN IP Address so the first three numbers match, and only the last number is different.

[sometimewoodworker]

Humm. While running the Netis in bridge mode does make life simple it does not make it secure.

 

1) if you have WEP passwords they can be cracked in 60 seconds.

2) use WPA or WPA2

3) if you want to be secure and you want other people to use your network connection, or if you have any IOT devices then you want 3 routers all with DHCP enabled. 

Router 1) network say 10.0.0.1 mask 255.255.255.0, : no WiFi enabled 

Router 2) connected to router 1 via Ethernet : network say 172.16.0.0  mask 255.255.255.0  WiFi enabled, WPA/WPA2 password 

Router 3) connected to router 1 via Ethernet:  network say 192.168.0.0 mask 255.255.255.0 WiFi enabled, WEP/WPA/WPA2 password 

 

Your private devices on the 172.16.0.0 network, computers and phones

 

Your IOT devices and any visitors on 192.168.0.0  network. Some IOT things will only accept a WEP password.

 

If you have that setup then anything on router 3 can't see or affect anything on router 2 so if something nasty crawls into an IOT device it will not get to your computers or phones

 

IOT = Internet Of Things including, but not limited to: light bulbs, refrigerators, weighing scales, Amazon Echo, Amazon Dot, Google Chrome cast, Apple TV, Smart TV etc.

Edited June 20, 2017 by sometimewoodworker

[RichCor]

18 minutes ago, sometimewoodworker said:

Humm. While running the Netis in bridge mode does make life simple it does not make it secure.

 

What's been discussed so far is the desire to unite all the users on the same network (for monitoring purposes).

I think what you're describing is a Double NAT, Triple Router configuration to isolate two subnets of users from one another.

 

The term "Bridge Mode" is usually reserved to describe setting devices into a 'passive' mode, or to disable normal router functionality (disable DHCP, NAT, FIREWALL) so that data medium is converted, but the data traffic passes unimpeded.

 

[seancbk]

On 6/18/2017 at 6:29 PM, Aforek said:

Thanks for the PDF; yes, I have a  modem Edimax, I can enter and configure it ; you say I must change the password ( it's a very complicate password , how did they find it ? )  They are near my house ? I think to forbid their Mac adress to enter , and change my modem password ; right ?  Thank you 

If someone has your password on their phone it is very easy for them to read it and pass it onto other people.

Some newer phones even have a share password function (my Xiaomei Mi Mix has this function).
 

[bangkokairportlink]

On 6/18/2017 at 5:16 PM, Crossy said:

Which wireless security mode are you using?

 

Change the password. Tell the people you want to know. Whitelist their MAC addresses.

OR

Watch how much bandwidth the "unknowns" using, if not excessive live and let live, don't forget there may be devices on your network that are not computers/phones (got a network printer?).

 

Most of our village know our password, I'm actually amazed how few "strangers" we see connected. With 200Mbps fibre a few freeloaders are no issue.

 

 

 

Not an issue until they use your wifi for defamation or to break another smart law that this country has ?

 

I would never let anyone that I cannot control use my wifi in this country !

 

I might be paranoiac but maybe some people in jail were not...

 

 

Edited June 20, 2017 by bangkokairportlink

[bangkokairportlink]

4 hours ago, Daffy D said:

Yes, I have always found TOT and their engineers very helpful and efficient.

Can never understand all the negative post on here about them.

 

 

Me too, very happy with TOT, a lot better than misters know nothing that 3bb often sends.

 

 

 

[just bob]

I named my wifi "mobile police surveillance unit 9" just to mess with their heads.

[Janner1]

if you know the email address and passwords of the two stranger using your bandwidth change their password that will screw them up for a while. 

Then as has been said change your own password and only tell the people who you want to know, the changes.

 

But be sure that they do not pass it to any one else.

 

It should also be possible to have separate passwords for your friends, if you do that you may quickly find out who is leaking deliberately or inadvertently the password info to others

Finally get yourself a cheap VPN for additional cover but don't give anyone the password for that, 

This will protect the you from prying eyes when you go on line, if you don't then yes prying eyes can see you if you are on the internet using the same network.

Good luck, just remember the best solution is one password that only you will ever know and the rest of your friends can get their own wifi modems

[Aforek]

7 hours ago, seancbk said:

If someone has your password on their phone it is very easy for them to read it and pass it onto other people.

Some newer phones even have a share password function (my Xiaomei Mi Mix has this function).
 

I told my friends not to tell other people, I think they understand now, I have changed my modem password ( very difficult to " crack" ), my phone password  and with " who's on mywifi " , I see that now, I have only " known people ", and I can block the unknown people if I see strangers

I don't like that people I don't know naviguate for free, and , as said above, you don't know what they do with your connection ( criticize government, king ... ) 

Edited June 20, 2017 by Aforek

[Grumpy Duck]

Wow, It seems to me a person willing to spend almost $80.00mo for some service to monitor settings on your router/modem/switch etc is crazy. Especially when It is reasonably simple to find who is using your WAN. A number of  years ago I took a basic networking class at a community college in Calif. I then started an "Ethical Hacking" class but had to drop after a couple weeks. I was familliar with several network hardware systems and all of them would identify all MAC accessing the network. We were provided a number of vulnerability software that we had to sign contracts not to copy one of these was for cracking passwords most "secure" passwords could be cracked within minutes, some in hours or days. I once created a password that would take 7 years to crack, but it used all 256 characters on a standard keyboard. DDWRT is a popular secure network software, which can be installed on most mid to high end hardware devices (that do not provide it as standard interface) I believe it is still free shareware. 

 

If you are concerned about some poor soul getting free access to your connection and it is not using significant bandwidth, or, more importantly concerned someone is using your network to access your files, you may check on line for security on sites such as  Lifehacker.com or howtogeek.com

 

another suggestion for your PC/Mac is good network security software personally i have good luck with Kaspersky Total Security, and MacAfee, but in an effort to idiotproof MacAfee they limited Customization. I strongly recommend AGAINST anything Symantic/Norton related. Yes, it is true Mac's are essentially more secure against attacks, but there are nasty people out there that know more about Macs than you or I. My cheap wife got a Mac so she wouldn't have to spend money on antivirus software, as a result her pc is in the shop several times a year, she will not admit why to me, but I suspect virus removal. 

[Daffy D]

11 hours ago, RichCor said:

 

Yea, I think this is enough to diagnose Daffy D's issue.

 

Your network routers are currently connected as:

TOT Fiber Gateway >>  

(WAN)ZTE F600W modem with WiFi (LAN)

DHCP SERVER : Enabled
LAN IP Address: 192.168.0.1

LAN PORT  >>

>> (WAN PORT) Netis WF2710

DHCP SERVER: Enabled

LAN IP Address: 192.168.1.1

 

The network routers ideally should be connected and configures as:

TOT Fiber Gateway >>  

(WAN)ZTE F600W modem (LAN and WiFi)

DHCP SERVER : Enabled
LAN IP Address: 192.168.0.1

LAN PORT  >>

 

>> (LAN PORT) Netis WF2710  

DHCP SERVER: Disabled 

LAN IP Address: 192.168.0.2

 

...basically disabling the Netis 'router' functions and running it only as a WiFi Access Point mode.

 

To make these changes on the Netis,

1. connect to the Netis via Ethernet Port or WiFi
2. Disable the Netis DHCP Server, save changes
3. Change the Netis LAN IP Address to 192.168.1.2, save changes
4. Unplug the Ethernet cable from the Netis WAN port, and connect instead to the LAN port
5. Power Cycle / Reboot the Netis (power OFF then ON)

When you reconnect the Desktop or Laptop you should now have direct access to both routers simultaneously

192.168.0.1 is the ZTE

192.168.0.2 is the NETIS

 

  * Note: The NETIS may have a built-in Access Point Only option in the OPERATION MODE menu setting. The manual isn't clear.

** Note: Your text doesn't indicate the actual working LAN subnet of the ZTE router. The ZTE could be using 192.168.0.1 or 192.168.1.1 and you'll need to set the Netis internal LAN IP Address so the first three numbers match, and only the last number is different.

Thanks for your detailed explanation.

Looks a bit complicated but will have a go at it later in the day.

 

Thanks