Router giving out incorrect DHCP

[Guest2]

I think someone has plugged in a Buffalo Airstation router to our public internet in our building. My mates laptop and our phones are picking up 192.168.11.1 through DHCP instead of the proper 192.168.100.1 address. I can set static addresses on my phone and PC but my mate cant because his laptop is locked down by his work.

Is it possible to turn off the router some how? I can't browse to 192.168.11.1, when mates laptop comes up it asks for the username and password and we have tried root / *nothing* and admin / admin


192.168.100.1 - normal Draytek router

192.168.11.1 Buffalo airstation router giving out incorrect router address

 

[Reedy]

DDoS it?

Removing the power cable is probably the easiest. Unless you've got say a managed switch and can find where it is from there and shut down its port.

 

[Mr-White]

Use and abuse !

MW

 

[Reedy]

Or actually, if you exhaust the DHCP pool it has (some software will do this so you can then "become" the DHCP server. Use some more MAC addresses), it won't be able to give any more IPs out

 

[Guest2]

How do you DDos it?

My housemate was going to go knocking on every door in the building (~30) asking if anyone has plugged in a router - instead he will have to go into work all day tomorrow

 

[Guest2]

Use and abuse !

MW

please provide info and I will

 

[SoundsGood]

You could try taking all the available DHCP leases using metasploit/dhcp exhaustion module, or keep typing 'ipconfig /renew' until you get the right lease

 

[bremen1874]

inSIDDer on a laptop/tablet will easily narrow down the area of the building the router is in.

 

[Guest2]

I ran inSIDDer and this is what its turned up

 

[bremen1874]

If you change the view so it shows the signal strengths on a graph you should be able to walk around and see where the signal is strongest in realtime.

The Buffalo with the 2595 SSID looks like a likely candidate, it's not an apartment number by any chance is it? The other Buffalos with the the Bridge-Apts-nnnn SSIDs look like they belong.

 

[Guest2]

Yeh, I think you are correct - 2594 looks suspect

Can you put inSIDDer on an iPhone? I cant find an app for it - only my housemates laptop is locked down so cannot install inSIDDer (or change to static IP)

 

[Reedy]

There must be an iphone equivalent.

I know Android has WifiAnalyzer among others

 

[bremen1874]

It isn't available for iPhone but it is for android.

 

[bremen1874]

There must be an iphone equivalent.

I know Android has WifiAnalyzer among others

It is actually available for iPhone but you need a rooted handset.

 

[Reedy]

gj Apple

Bootable CD/usb stick (some linux distro. Backtrack or whatever) in your housemates laptop?

 

[Guest2]

192.168.100.11 can be used for me to get to the admin page of the router 192.168.11.1

I have installed network analyzer lite on my iPhone and it does pick up 192.168.100.11 in LAN scan but I cannot see signal strengths. Didn't bother paying £1.99 for the full thing

I have paid 69p for ping analyser and pinging 192.168.100.11 I can see average RTT, min max RTT, Jitter, Packet Loss and Line quality. I take it I just walk around my building until its the best quality now (highest line quality I presume

 

[Guest2]

Using my elite detective skills (wondering around with my phone looking at which wifi networks pick up and drop off) I think 2594 is on the floor above us. We'll knock on tomorrow bust their back door in

 

[Guest2]

My housemate went and knocked on two doors upstairs, one wasn't in. The other one said he looked as if he asked him if he was a member of the mafia and said something like "well shouldn't the one in the building give out the right one"