How do I know if someone is watching me on the same network?

Thanks everyone for taking the time to help me, I really appreciate it. :)

kegobeer said:

Wireshark only picks up wireless traffic. If you connect your computer via ethernet cable, your roommate can't snoop. If you want to keep wireless going, a good way to prevent snooping is to always connect to a website via SSL (ie: https).

Since you control the router, you could simply unplug the cable going to his room, and force him to use wireless. Install wireshark yourself and do a little snooping yourself.

Thanks for letting me know. Thats good to hear! Actually my new computer does not have a wireless card, which was a shame but Im next to the router so no problem. Anyway Im going to read about the https

haha, that would be funny but I wouldnt do that. Originally I had tried to because I thought it would be the easiest way to see if he is visiting the same sites I was but I gave up, it was to difficult to learn and I didnt feel comfortable doing something like that.

sandman said:

I would make sure that allow remote connections is unchecked under-- system advanced setting, also do not allow connection to this computer. Check your router logs also for ip addresses you do not recognize.When you say you are the only one who knows the login info is it the default info or new user name and password.

Thanks! I unchecked that.

The network was insecure when I first moved in so I set it up, I created the passwords for both the wireless and to log in. I only gave the wireless password out. I did email the landlord the passwords for both.

Jaime74656 said:

another thing you can do since you control the router is mac address filtering, yes it may only work for wireless but you can at least have peace of mind that there will be lower chance of anyone else using wireless to watch you, and set it up to block all and only allow your mac address. also if you got comodo personial fire wall put it in paranoid mode and go through and block all connections and only allow things you recognize/need to talk to your family/email or what ever you have to do on the web, and of course unplug the ethernet cable just enough so it looses connection to the router but appears to still be plugged in


other ideas will be posted as i think of them...


oh yea could always set your router to only allow him access to the internet at specific times of the day, if you really wanted to start getting evil set up a home built firewall like PFsense or ClearOS (I use clearOS) and get really restrictive with his/her connection...

Hey thanks! I dont use wireless anymore but I will definitely keep that in mind for the future.

haha did you mean loosen his connection to the router to confuse him? That would be so funny and I will probably do that if I find out he is watching, he can just connect to the wireless.

If he is watching, especially if its from when I moved in, I will probably refuse him access to the internet and tell the landlord to evict him or evict me.

WebMattR said:

Personally, I'd say just find a new room mate, or a new place to live. He sounds creepy. :P

However, given that rarely is that an ideal option, I'll provide a different avenue of approach:

Firstly, your router has four ports on the back, correct? If so, it's most likely a switch that's built in.
Switches, by their nature, do not share information to every port like an older hub would. He would, therefore, have to have some means of actively monitoring your usage. This would require either access to the router or your machine (i.e: something on your machine that sends him logs of your activity). I would change the password on the router, and check to see if your machine has any unidentified software.

Secondly, are you sure your paranoia is justified? I mean, if you post things to Facebook, or just leave your door open a lot, he'd know about them just as readily as if he was a creepy, creepy, awkward individual, wouldn't he? We can probably tell you how to figure out if he's monitoring you, but I'd say that it's most likely just a wierd concidence.

I wish it was easy! Arranging somewhere before when I moved from Europe was difficult and I couldnt be picky. Im never having roommates again lol.

I looked up the router (netgear wnr2000 v2) and these are the firewall specs. It does not seem old so Im guessing it has that feature. Ive actually just thought now, I used a transfer cable to transfer all my old user, files, ect to my new machine. So there could be something.

Routing/ Firewall Protocols
-tcp/ip
-dhcp
-network address translation (nat)

Firewall Featueres
-MAC address filtering
-URL filtering
-domain blocking, scheduling
-stateful packet inspecions (spi)

It seems then like everything is fine and with the comodo firewall I guess I should be good to go. One weird thing did pop up today with comodo and I attached a screen print below. At the time we both were home, no one else.

I wouldnt mind if I just used facebook and email, I guess I would mind just not a lot. The problem I have is that I work online and if someone is watching what I do they can easily replicate it. A couple things I do Im the only person doing them, which is probably my biggest concern.

He is definitely unusual, I dont want to say bad stuff about the guy unless he is watching.

mckillwashere said:

Check your computer for software like logmein, team viewer, or any other well known remote viewers. Does he have physical access to your machine? Have you changed your password lately?

None of those are on there. I had originally gone through the programs on 'processes' in the task manager and googled everything that I had not heard of. I am going to go through it later and check, I transferred my user, files, ect from my old computer. That was wireless so something could have made it across. The entire time I have thought the machine is new so he couldnt have got anything on.

He could come into my room but I always switch users if I go to the kitchen for coffee or food and if I go out the house I switch users and put the computer to sleep.

Jaime74656 said:

do you even lock your computer when you walk away?

Yea, I got into the habit of doing that a few years ago. Like above I always switch users when I go to the kitchen. I also always close my door.

Golden said:

Hi,

Once thing that hasn't yet been mentioned is whether you have any vulneabilities in your network ports.

Please go to ShieldsUp, click Proceed, and then run a scan using the ALL SERVICE PORTS option. Post the results here once its done.

Regards,
Golden

Thanks. These are the results...



test results

GRC Port Authority Report created on UTC: 2011-03-24 at 01:15:48

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

Two weird things.

I assume the 192.168.1.6 is the dchp? Anyway there is a active connection under 'system' then 'TCP'. The soures is me (192.168.1.6) and the destination is 192.168.1.255. I have blocked up to 253, last picture shows what I mean.



This is the weird thing that popped up today. We were the only people at home at the time. Another computer has the same ip as mine!



These are my settings, I set these a day or two ago...

If you think someone is watching I would disable all forms of sharing and networking that you do not absolutely need, and make services like remote assistance etc are shut off then get a firewall like zone alarm and go to shields up... google shields up and it will allow you to run some tests on your pc and to proof it in several ways... and yes I am pretty sure there is away to block IP addresses from your computer... but I suggest you google to be sure. If you are only one who can log in to the router and modem settings must be away you can make sure no one has access to you. Good luck!

severedsolo said:

Looks like for some reason your computer needs 254-255 to access the internet, no idea why but it shouldn't be a problem, leave the block off, it looks like your roommate is using DCHP.

At the time I did this I noticed I my roommate was 192.168.1.4 and Ive just gone to double check I have the settings right and he is now 192.168.1.2. Is that just by chance or could he have changed it?

That sounds like he has reset the connection and DCHP has given him a different address, perfectly normal, and is the behaviour I would expect to see.

My current settings, I used IPv4. Is that ok? Should I also add ipv6

Ipv4 is fine, as that is the protocol your router is using, (hence the 192.168 etc.) If it was using IPv6 then it would look like the entry for "Tunneling Adapter" in your Ipconfig.

Could the 'remote device source' be my firewall?

I would say it almost certainly is, why it's talking to 192.168.1.255 I don't know, but that's probably something to do with your router, leave well alone I say.

I didnt understand what you mean by setting up in Windows.

Don't worry about it, that's the wrong way to do it anyway It's best you don't know.

That's about all I can help with, that will at least stop unauthorised connections, if that's what he is doing. I would seriously recommend changing the default router password too, if you still have it set up.

Sorry for not getting back, I had a very busy weekend catching up on work. Everything seems to be ok! Thanks again for your help

knk17forever said:

If you think someone is watching I would disable all forms of sharing and networking that you do not absolutely need, and make services like remote assistance etc are shut off then get a firewall like zone alarm and go to shields up... google shields up and it will allow you to run some tests on your pc and to proof it in several ways... and yes I am pretty sure there is away to block IP addresses from your computer... but I suggest you google to be sure. If you are only one who can log in to the router and modem settings must be away you can make sure no one has access to you. Good luck!

Thanks, Ive done most of this thanks to all the helpful people on this forum!

Thanks everyone that helped me! You guys rock!

Hi there,

Firstly please read this http://wiki.openwrt.org/oldwiki/Open.../TelnetConsole
Some Netgear routers run a telnet daemon which can be accessed from any computer on its local subnet after unlocking it. Easy to do and gives anyone on your network shell access. Although your router is not in the list, you will have to test it to confirm.

I'm in similar situation to you, Live in a house where all share the wireless password. I have control of the router, I work from home building and updating websites plus providing support, I was quite worried about a flatmate using a tool like backtrack 4 to monitor everything I do thus gaining passwords to all my clients web sites.

Virgin ISP provided a d-link dir-615 so I flashed this with DD-WRT firmware. This changed to 615 in to a very powerful little beast. The firmware allowed me to setup a virtual wireless network, on its own subnet, different name and password. So now the router pushes out two wireless networks, one for the house and one for me.
Backtrack has a hard time cracking wpa2, basically it has to brute force it. So a good wireless password and now im secure.
I added one or two recommended firewall rules to stop flatmates on the 192.168 subnet accessing my 10.0.0.1 subnet and turned on AP isolation, which stop clients from talking to each other, job done.

You can flash your router with the dd-wrt firmware it's compatible but I wouldn't recommend it. After reading the ddwrt forums some have bricked their device. It seems the netgear is a bit fiddly to flash.
I would recommend you buy a 615 from ebay, thanks to virgin there are loads of them and cheap too, £5-10 dead easy to flash.
The firmware is the nuts for our type of multi-user environment, I banned torrents to the middle of the night so not to effect anyone or bandwidth limits and set up QOS and made browsing and ftp priority so if 3 of my mates are watching movies it don't effect the rest of us.
One of my flat mates kept downloading spyware, I got sick or sorting it out for him so I banned his MAC from downloading exe's. No more spyware.
It's really extensive what you can do, I definitely recommend it.
www.dd-wrt.com | Unleash Your Router

Good luck.
David.

On a side note to stop torrents dead in most routers is really easy if the router has Website Blocking by Keyword, sometimes called parental control.
Just add the 3 keywords - tracker / announce / d1:ad2
The last one stops dht torrents
Most forums talk about blocking ports but that can cause other problems, just block the trackers. And all tracker urls I have seen have the announce keyword.