I suspect someone in my network connected to my computer today twice while my firewall was not working. Does this mean what I think it does, and what should I do from here?
Ok, so I live in a shared house with three others, and we have shared wireless internet provided by the letting company. Today I had an unsettling experience. I have a program on my computer called Xarp
. It's a program that logs any changes to the MAC address and IP of the gateway you're connecting to - a sort of simple tool to see if anyone tries to attempt a man in the middle attack by spoofing your MAC. I have the oldest version because the newer one won't successfully install on my computer for some reason or another.
Well, today I noticed with a start that the program was logging my computer as connected to two ip-macs, one the gateway, and the other... a mac I didn't recognize and an address in a range that indicated it was within my network. Eeek. I killed the connection and then within a few minutes it was connected again. I then saw with a sinking feeling that my firewall was not working. I don't think the other could have been connected for more than 2-3 minutes, but still.
Am I right in suspecting that one of the computers on my network connected to my computer while my firewall wasn't working? Is there any reason to believe that it was anything other than malicious? Or am I AHAHOMGAH...whipping myself into a noob induced paranoiac frenzy?
I have thought of three scenarios:
1. one of my housemates connected to my computer, which I doubt somehow. As far as I know, only two of my three housemates even have a computer - and they really don't seem like the black hat type. One is a 20ish girl, who seems too well adjusted to be some creeper, the other a sweet middle aged woman. She is a little on the snoopy side, but I cannot imagine her doing it. I asked her today if she has a laptop and she said she bought one the other day. In other conversations she has come across as a novice, and I believe her. The other - I don't think she has one, but you never know. I don’t really talk with her. I haven't said anything to any of them about it as yet. You know, there's nothing like accusing your housemates of hacking your computer to endear yourself to them! ;p
2. the network has been compromised, and some unknown person connected to me. One of my roommates sometimes has friends over without asking. She might have given the network pass to this person. Or someone guessed - realistically they could, it's not the default but pretty insecure. This has bothered me for a while but I don't have access to the network, so I can't change the password, and I thought that there was only a tiny chance that a psycho would try it. But I think I will ask the property manager to. Doing this though is going to inconvenience my housemates and maybe make me look like a paranoid crazy person.
3. There is some innocent explanation that I cannot think of because of ignorance.
So, my question is this: do you think my computer was connected to, and was it necessarily malicious? What should I do to get the network secured, and prevent it in the future - should I talk about my suspicions with my property manager, or just let it slide, and just vaguely ask the manager to change the password on safety concerns? I know if I was compromised I totally served myself up by not having noticed that my antivirus had stopped loading on startup for some reason, so I'm going to look at my security.
Running XP Home s3
Comodo Internet Security free (incl firewall)