mac and ip spoofing..please help !!

perry081064 · 17 Dec 2006 at 23:46

can anyone help?..
ive recently purchased a linksys wag54gs and all was setup within minutes.
now then, the reason i got this was so i could restrict my lads internet usage.
..within minutes i was able to set it up to block his internet usage via his mac address and ip.

within minutes my lad had got a spoofing proggy from off the net and had changed his ip and mac address giving him full access.

what can i do to stop access other than cutting the cable??

tolien · 17 Dec 2006 at 23:50

Do the opposite, restrict everything but a fixed list?

Kol · 17 Dec 2006 at 23:54

Have a word with him? In all seriousness, just as tolien suggested. The linksys allow you to permit ONLY a few select computers rather than restrict a select few. Maybe your best shot.

perry081064 · 18 Dec 2006 at 00:10

Mikol said:
Have a word with him? In all seriousness, just as tolien suggested. The linksys allow you to permit ONLY a few select computers rather than restrict a select few. Maybe your best shot.

to be honest, he did show me he could spoof rather than saying nothing, and he has said that he wouldnt carry on doing it.
however, thats not the point really, im more concerned that it can be accessed by any tom, dick or harry .

thanks tolien and mikol, ill take another look at the settings..but i couldnt remember seeing anything that only allowed a fixed list of pcs...im prob just being noob though.
any pointers are gratefully accepted though.

Kol · 18 Dec 2006 at 00:14

Ah, good lad. At least he told you. To be fair, I'm not entirely sure of your exact router, but if you login, there should be a tab called access restrictions. Make sure only you and whoever you want to access the internet are listed in the table of PCs and then click to allow access. Obviously it gives you options to set times etc. but just set those as all the time etc. or whatever.

perry081064 · 18 Dec 2006 at 00:18

Mikol said:
Ah, good lad. At least he told you. To be fair, I'm not entirely sure of your exact router, but if you login, there should be a tab called access restrictions. Make sure only you and whoever you want to access the internet are listed in the table of PCs and then click to allow access. Obviously it gives you options to set times etc. but just set those as all the time etc. or whatever.

ok..gonna check it out again now..will let you know soon how i got on.

router is the linksys wag54gs by the way.

tolien · 18 Dec 2006 at 00:26

You shouldn't be allowing anyone and everyone access in the first place - you did enable encryption on the wireless didn't you?

perry081064 · 18 Dec 2006 at 00:31

Mikol said:
Ah, good lad. At least he told you. To be fair, I'm not entirely sure of your exact router, but if you login, there should be a tab called access restrictions. Make sure only you and whoever you want to access the internet are listed in the table of PCs and then click to allow access. Obviously it gives you options to set times etc. but just set those as all the time etc. or whatever.

ok, ive just checked the settings.
i went into access restrictions, however, this is where i set it up to restrict him using ip and mac.
this only allows me to alter policies set on that ip or mac address..this does restrict him, but once he uses the spoofer, the router sees that new connection, but will give him full access becouse becouse there are no rules set for the new connection.
....there doesnt seem to be anywhere i can see that only allows a set number of pc's.

again, perhaps ive been at this too long and missing the obvious...if anyone can see what im missing , please advise.

Kol · 18 Dec 2006 at 00:35

Ah OK, silly me. I'll take a look at mine in the morning and see if I can figure anything out for you fellar. Cheers.

perry081064 · 18 Dec 2006 at 00:37

tolien said:
You shouldn't be allowing anyone and everyone access in the first place - you did enable encryption on the wireless didn't you?

yes, wpa ...and tested that it was configured properly by checking on the lappy.
the other 3 pcs ..mine, the wifes , the lad, and the 2 daughters pc (they share) , are all ethernet connected.

the wireless side was then switched off via the router after that becouse it isnt used that much so i only enable it when needed.

perry081064 · 18 Dec 2006 at 00:42

Mikol said:
Ah OK, silly me. I'll take a look at mine in the morning and see if I can figure anything out for you fellar. Cheers.

many thanks for all the help.

to be honest, its my 3rd router so im used to them.
been building pcs and setting up net connections for folks for years too , but this is the first time ive had to deal with spoofing so its a new area for me.

any help is apprieciated so please keep the suggestions coming

thanks all

Avalon · 18 Dec 2006 at 11:47

*edit* ignore me I just checked and it doesn't

perry081064 · 18 Dec 2006 at 18:51

UPDATE:

after a lot of head scratching , i think i may have found a solution.
i noticed my lads mac was still not the original one, the proggy he had used had changed the mac but not reverted back to the original one.

so i set the router to only allow 4 ip adresses out of 50 (we use 4 pcs), then he used his proggy to revert to his original mac ..and then he was blocked out .
i then deleted his spoofed mac from the router allowing a free slot.
once he rebooted his pc, the router saw the original mac and filled the remaining slot.

on trying to re spoof the mac or ip, he lost connection.

dont know if there will be a way to overcome this one, ill just have to wait and see......thanks everyone for the help!!.

Avalon · 18 Dec 2006 at 18:56

In theory all he has to do is spoof one of the allowed MAC's (ideally when the real PC is off) but he's better off learning that the hard way.

Curiosityx · 18 Dec 2006 at 19:00

Why dont you just confront him, if he refuses not too comply remove the cable or even worse his Pc all together, why are you going through all the hassel of MAC filtering and IP address assignment.

perry081064 · 18 Dec 2006 at 23:21

Curiosityx said:
Why dont you just confront him, if he refuses not too comply remove the cable or even worse his Pc all together, why are you going through all the hassel of MAC filtering and IP address assignment.

that side of it has already been covered.
I got this router to restrict his usage, having seen me spend money showed the lad i was serious about how much time he was spending on the net and he agreed to stick to the times i have laid down.

...however, in true teenage rebellion, he had to show me that if required , he could "bypass" the lockdown anyway.

he knows how far to push me though, so i cant see there being any more problems.

...i also think ive got away with him thinking theres no way of bypassing this way as he tried when all pcs were on , and couldnt get in......he then asked me to return his access rather than find another way......so shhhhhh everyone.