This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Someone plugging into my router via the lan connector downstairs. How do I find out

0

Hi,

I am a Newbe to Wireshark. I live in a shared house, with a another Tenant's guest causing problems.

Alto of targeted Adds are streaming onto my PC from illegal Gambling Betting Websites. Only one person I know has a serious gambling problem and they are a guest of another Tenant.

Is there a way I can get proof they are plugging into my router via the lan connector downstairs, when I cannot watch them in person. I access router only by Wifi from another room.

I already blocked their Laptop's Ip address via wifi already, when I could get the name of their PC (MAC id).

I think they are also connecting via and Android device, but I have no way of knowing which device belongs to who, only my own. And I cannot block them one by one to find out(wish I could !).

If I change the password they have a way of getting it again, via a Rouge Tenant. I need to permanently block devices on Router, via unique IDs.

Thanks

asked 14 Mar '17, 13:16

S%20Parxz's gravatar image

S Parxz
6113
accept rate: 0%

edited 15 Mar '17, 10:51

packethunter's gravatar image

packethunter
2.1k71548


2 Answers:

1

Hello S Parxz

Just to verify the situation:

  • Multiple users share one Internet connection
  • You are receiving unwanted adds on your PC

To publish these adds on your PC by connecting a system to your system is technically possible. The love-my-neighbor toolkit does this out-of-the-box (for tech-savvy people, at least). Since you mentioned a shared house I would expect a decent amount of laughter, mocking questions or angry stares whenever that toolkit is in use.

I have investigated similar issues on a number of occasions. In more than 99.5% of cases the unwanted apps were caused by software on the victim PC (that would be yours).

In all of these cases the user tried to download some desired and legitimate program from a software portal or download site. Unfortunately the installer was bundled to deliver, what anti virus companies call "PUA" or "PUP" (Potentially Unwanted Application or Potentially Unwanted Program).

The PUAs were installed, before the desired application. One case even involved a copy of Wireshark, that was hosted on a shady web site. Since the desired application will be installed, the user hardly notices the extra stuff.

One form of PUA is a browser hijacker. The adds can be caused by a plugin to your browser, by a separate program, or by a combination of both. I have encountered PUAs with the capability to download more programs and install them as a service, thus compromising the whole computer.

I strongly suggest the following steps:

  • Install all available updates for the operating system on your computer
  • Reinstall your workstation with a recent operating system, if you are using Windows XP or another outdated operating system
  • Patch all applications (Firefox, Chrome, Flash, Silverlight, PDF reader, office applications etc.)
  • Install a virus scanner and load the latest pattern files
  • Run a scan on your computer and rigorously kill anything that triggers the virus scanner
  • If you use Windows, run the Malicious Software Removal tool provided for free from Microsoft.
  • Be vigilant when downloading software from a web site: Always deny the little extras that might be offered by the installer
  • Always stay away from programs that claim to fix any kind of problem, speed up your PC, or perform other tricks
  • Never run programs that will fix any kind of problem or tune your software.

If in doubt involve an IT specialist to get your system cleaned. A reinstallation might be your best way out.

Good hunting

answered 15 Mar '17, 10:46

packethunter's gravatar image

packethunter
2.1k71548
accept rate: 8%

0

LavaSoft's AdAware is good at finding out all kinds of malware.

The free version will only discover it after it's on your PC.

The paid version will keep it off of your PC in the first place.

Cheers,

answered 20 Mar '17, 23:27

wbenton's gravatar image

wbenton
29227
accept rate: 0%