Manufacturer MAC ID

I'm getting a rogue connection to my home wireless network:

Jul 12 08:12:41 hydra dhcpd: DHCPDISCOVER from 2d:00:44:xx:xx:xx via eth0:
network SEINERNET: no free leases

Anyone have a clue what manufacturer that belongs to? I'm guessing one of
my neighbors has latched on to my access point...

I've searched all of the standard refs, and that MAC address doesn't seem
to belong to any manufacturer. I suspect it may be a palm pilot or
something like that....

http://standards.ieee.org/regauth/oui/oui.txt doesn't even include any
matches for 2D-00-44.

Any ideas?

-Dondo

"Captain Dondo" <(E-Mail Removed)> wrote in
news(E-Mail Removed) om:

> I'm getting a rogue connection to my home wireless network:
>
> Jul 12 08:12:41 hydra dhcpd: DHCPDISCOVER from 2d:00:44:xx:xx:xx via
> eth0: network SEINERNET: no free leases
>
> Anyone have a clue what manufacturer that belongs to? I'm guessing
> one of my neighbors has latched on to my access point...
>
> I've searched all of the standard refs, and that MAC address doesn't
> seem to belong to any manufacturer. I suspect it may be a palm pilot
> or something like that....
>
> http://standards.ieee.org/regauth/oui/oui.txt doesn't even include any
> matches for 2D-00-44.
>

Most wifi cards allow hardware address (mac) to be changed by
`ifconfig <dev> hw ether <mac>' so it could even appear as
de:ad:ba:be:99.

You should, at least, make your home wireless network only to communicate
with mac addresses defined by you or use some kind of authentication
before allowing to go online.


P.Krumins
--
http://www.catb.org/~esr/faqs/smart-questions.html

On Sat, 12 Jul 2003 15:41:49 +0000, Peteris Krumins wrote:

> Most wifi cards allow hardware address (mac) to be changed by
> `ifconfig <dev> hw ether <mac>' so it could even appear as
> de:ad:ba:be:99.
>
> You should, at least, make your home wireless network only to communicate
> with mac addresses defined by you or use some kind of authentication
> before allowing to go online.

Well, I allow only known MACs to get IPs.... But at the moment, I am
having a heck of a time getting my clients and my AP to agree on WEP...
So everything is in the clear.

I am trying real hard to get WEP going, but it's a battle; my access point
only uses passphrases and the clients only use hex keys - and I have yet
to figure out how to put the two together...

--Dondo

In comp.os.linux.networking Captain Dondo <(E-Mail Removed)> wrote:
> On Sat, 12 Jul 2003 15:41:49 +0000, Peteris Krumins wrote:

>> Most wifi cards allow hardware address (mac) to be changed by
>> `ifconfig <dev> hw ether <mac>' so it could even appear as
>> de:ad:ba:be:99.
>>
>> You should, at least, make your home wireless network only to communicate
>> with mac addresses defined by you or use some kind of authentication
>> before allowing to go online.

> Well, I allow only known MACs to get IPs.... But at the moment, I am
> having a heck of a time getting my clients and my AP to agree on WEP...
> So everything is in the clear.

> I am trying real hard to get WEP going, but it's a battle; my access point
> only uses passphrases and the clients only use hex keys - and I have yet
> to figure out how to put the two together... > --Dondo

try a 25-40 NAT router if your wifi doesn't have one built in. --Loren

I see rogue connections occasionly on my network. How do you look up
their MAC? Are any other references besides standards.ieee.org? Even
if you find the manufacturer, will they tell you who it belongs to?

Please reply in alt.internet.wireless.
Thx!
-MiTY

On Sat, 12 Jul 2003 08:33:53 -0400, "Captain Dondo"
<(E-Mail Removed)> wrote:

>I'm getting a rogue connection to my home wireless network:
>
>Jul 12 08:12:41 hydra dhcpd: DHCPDISCOVER from 2d:00:44:xx:xx:xx via eth0:
>network SEINERNET: no free leases
>
>Anyone have a clue what manufacturer that belongs to? I'm guessing one of
>my neighbors has latched on to my access point...
>
>I've searched all of the standard refs, and that MAC address doesn't seem
>to belong to any manufacturer. I suspect it may be a palm pilot or
>something like that....
>
>http://standards.ieee.org/regauth/oui/oui.txt doesn't even include any
>matches for 2D-00-44.
>
>Any ideas?
>
>-Dondo
>

On Sun, 13 Jul 2003 10:38:28 +0100, David Taylor wrote:

> There are plenty of references but why get hung up over it? Seriously,
> if your network is secure then attempts are not a problem are they?
>
> Same issue if you get a wrong phone number call your house? Do you care
> who they are, where they live?
>
> David.

Well, I know all my neighbors and they're good people. If they're
accessing my AP, that means possibly I'm screwing up their network. As
their cumulative computer expertise is a lot smaller than mine, I figure
it's my responsibility to make sure that we're all "getting along" - or at
least to tell them what's going on so they don't take their system in for
repair or something....

I think it's the difference between a small town and a big apartment
complex....

-Dondo

Try AirSnare.... this will give the MAC addresses of all devices.

Guy
"MrMitt" <(E-Mail Removed)> wrote in message
news:b9563f8a5dd2f3795463d98fca3704a8@TeraNews...
> I see rogue connections occasionly on my network. How do you look up
> their MAC? Are any other references besides standards.ieee.org? Even
> if you find the manufacturer, will they tell you who it belongs to?
>
> Please reply in alt.internet.wireless.
> Thx!
> -MiTY
>
> On Sat, 12 Jul 2003 08:33:53 -0400, "Captain Dondo"
> <(E-Mail Removed)> wrote:
>
> >I'm getting a rogue connection to my home wireless network:
> >
> >Jul 12 08:12:41 hydra dhcpd: DHCPDISCOVER from 2d:00:44:xx:xx:xx via
eth0:
> >network SEINERNET: no free leases
> >
> >Anyone have a clue what manufacturer that belongs to? I'm guessing one
of
> >my neighbors has latched on to my access point...
> >
> >I've searched all of the standard refs, and that MAC address doesn't seem
> >to belong to any manufacturer. I suspect it may be a palm pilot or
> >something like that....
> >
> >http://standards.ieee.org/regauth/oui/oui.txt doesn't even include any
> >matches for 2D-00-44.
> >
> >Any ideas?
> >
> >-Dondo
> >
>

"Captain Dondo" <(E-Mail Removed)> wrote in message
news(E-Mail Removed) om...
> I'm getting a rogue connection to my home wireless network:
>
> Jul 12 08:12:41 hydra dhcpd: DHCPDISCOVER from 2d:00:44:xx:xx:xx via eth0:
> network SEINERNET: no free leases
>
> Anyone have a clue what manufacturer that belongs to? I'm guessing one of
> my neighbors has latched on to my access point...
>
> I've searched all of the standard refs, and that MAC address doesn't seem
> to belong to any manufacturer. I suspect it may be a palm pilot or
> something like that....
>
> http://standards.ieee.org/regauth/oui/oui.txt doesn't even include any
> matches for 2D-00-44.

If you decode that address in binary, then the least sig bit in the 1st byte
is 1 - this makes it a multicast address.

Try looking up 2C-00-44 - but using a multicast source address usually means
either ignorance from whoever used manual settings, or the device has a poor
contact / damaged address (maybe stored in EEPROM) - either way other bits
may be misread
>
> Any ideas?

Turn up the wick on security - WEP, non default SSID, no SSID broadcast and
so on. If it is just accidental then it will go away completely - if not it
may come back once the user finds you again.
>
> -Dondo
--
Regards

Stephen Hope - remove xx from email to reply

> accessing my AP, that means possibly I'm screwing up their network. As
> their cumulative computer expertise is a lot smaller than mine, I figure
> it's my responsibility to make sure that we're all "getting along" - or at

Ok but if you have WEP and MAC filtering turned on, how are they going
to be accessing your AP?

David.