[cuckooc]

I suspect my girlfriend's brother is doing some hacking activities in our network. I once saw him using Commview packet sniffer from his monitor when I walked by. And I can see there is always some snmp request from his computer in the router outgoing log. My ZA pro firewall always shows me an alert when he turn on his computer. The alert is something like this.

"ZoneAlarm Pro blocked traffic to port 4052 on your machine from port 1542 on a remote computer whose IP address is 192.168.1.105." (105 is his computer's internal ip)

I have asked him why there is so many broadcasting signal going out from his computer, but he refused to answer me. I knew he always hack into his classmate's computer by getting the password by looking over shoulder. I knew that he could not be trusted.

okay,let me first provide more information. There are totally 4 computers in the network. One is my desktop which I mostly used, one is my laptop, and one is my girlfriend's laptop. These 3 computers are in my bedroom. The 4th computer is his laptop, in the living room. All the computers are connected to linksys router WRT54G. The router is in my bedroom too. My desktop is using wired connection. All the others including his laptop are using wireless connection. My desktop , laptop and my gf's laptop are using Windows XP. These 3 computers are password protected and they can share file, and printer with each together. I 've set 3 different directories in my desktop which other 2 computers can look into and share. These 3 directories can only be accessed by specific usernames and password. These 3 computers formed a network with the same workgroup name. I have used ZA pro firewall in these 3 computers to block all other internal ip. All 3 computers are running Kaspersky Antivirus, ZA pro firewall and Spybot.

The router is using the official linksys fireware, and only I knew the password for the router. I have set the router can be only accessed by wired connection thru https. So theoretically, only my desktop can configure the router. Now, I have closed all the port on the router for his ip, 192.168.1.105. leaving only port 21, 53, 80 and 443 opened.
and I keep checking netstat and arp to see if there is any suspicious activities.

Since he is using the same router with us. What else can I do? is my computer safe now? I suspect that he knows which website I am visiting or he can read my MSN message. He is using packet sniffer, but does it really work in the network using router? What else he can do to get any data from my computer? and how can I prevent it?

[Advertisements]

Hey cuckooc -- welcome to G2G

It sounds to me like you have taken reasonable steps to secure your machines/network. The only detail I didn't see, which is relevant, is what type of wireless encryption (i.e. WEP, WPA, WPA2, etc.) are you using?

- Dan

[Dan]

Hey cuckooc -- welcome to G2G

It sounds to me like you have taken reasonable steps to secure your machines/network. The only detail I didn't see, which is relevant, is what type of wireless encryption (i.e. WEP, WPA, WPA2, etc.) are you using?

- Dan

[cuckooc]

Thanks for your reply, Dan. The wireless connection is using WPA-PSK AES encrytion. I manually enter the key. Since he need to use the same wireless network, I enter the key into his computer too. So, he would know the key if he use some software to reveal the key from his computer.

[Dan]

Unfortunately, wireless encryption will not provide a reasonable level of security from an internal threat; a basic packet sniffer will allow your girlfriends brother to see details in regards to web browsing, e-mail, IM chats, etc.

The best solution in your case would be to configure a VPN connection. If you login to your router's web interface, does it provide a "VPN Server" setup section? Certain routers do; the exact wording of the name may vary. Look for anything in regards to VPN. If you find such a section, please post the details on that page.

Thanks,
- Dan

[cuckooc]

He is using wireless connection and is still able to get information by packet sniffer even my desktop is wired connected to the router?

I can see there is "VPN passthrough" in the router web interface. There are 3 options under this page. They are IPSec passthru, PP2P passthru, and L2TP passthru. They are all set to disable.

[cuckooc]

other than packet sniffer, what other technique that he can hack into my network and computers? and how can I prevent it? is it better to connect all the computers into router by wired connection? Leaving him the only one using wireless only? I knew that he is not that good at computer. He is just a software user. The mastermind who teach him all the techniques is his elder brother. His elder brother seems to be an network expert working in IT industry, and he is in another country, so my main concern is his elder brother can connect to the laptop 192.168.1.105 by internet, and do some hacking activity inside our network.

[cuckooc]

other than packet sniffer, what other technique that he can hack into my network and computers? and how can I prevent it? is it better to connect all the computers into router by wired connection? Leaving him the only one using wireless only? I knew that he is not that good at computer. He is just a software user. The mastermind who teach him all the techniques is his elder brother. His elder brother seems to be an network expert working in IT industry, and he is in another country, so my main concern is his elder brother can connect to the laptop 192.168.1.105 by internet, and do some hacking activity inside our network.

[cuckooc]

other than packet sniffer, what other technique that he can hack into my network and computers? and how can I prevent it? is it better to connect all the computers into router by wired connection? Leaving him the only one using wireless only? I knew that he is not that good at computer. He is just a software user. The mastermind who teach him all the techniques is his elder brother. His elder brother seems to be an network expert working in IT industry, and he is in another country, so my main concern is his elder brother can connect to the laptop 192.168.1.105 by internet, and do some hacking activity inside our network.

[Dan]

He is using wireless connection and is still able to get information by packet sniffer even my desktop is wired connected to the router?

No, your wired machine is safe. It is only your wireless machines which are vulnerable, due to the nature of wireless broadcasting and pre-shared key (PSK) encryption.

and how can I prevent it? is it better to connect all the computers into router by wired connection? Leaving him the only one using wireless only?

Either creating a VPN connection for your machines, so that they use their own encryption methods, which your girlfriends brother would not be privy to, would resolve your wireless vulnerability. Alternately, as you mentioned, hard-wiring the machines to the router would also stop him from being able to sniff your packets (even if his machine is also hardwired). So long as your machines are all hardwired to a switch-based device (which your router is) he will not be able to view your data, from within your network.

The mastermind who teach him all the techniques is his elder brother. His elder brother seems to be an network expert working in IT industry, and he is in another country, so my main concern is his elder brother can connect to the laptop 192.168.1.105 by internet, and do some hacking activity inside our network.

He will not be able to connect to your network unless you open the appropriate ports for him in your router -- you should be safe from his interference, so long as he is external to your network.

- Dan

[cuckooc]

Thank you for your advice and your fast response, Dan. So, now I can relief. He will move out in June. So, I just needa wire all machine now and wait for him to move out.

[Dan]

You're welcome, cuckooc I'm glad I could help you maintain your privacy.