NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

RSquirrel's avatar
RSquirrel
Aspirant
Jan 17, 2016
Solved

WN2500RP (Devices Served By)

I am in an condo complex, where an ancient router provides internet access (via wireless antenna on roof) to approximately 30 units. Unfortunately, it uses WEP encryption, everybody has its encryption key and it won't be upgraded in the foreseeable future. In an effort to improve the wireless signal (and enhance security), I added a Netgear WN2500RP extender and have configured it for WPA2-PSK encryption.

 

Since I still have concerns about on-line security, I have downloaded the "Wireless Network Watcher" application, to see what other devices are using the router and (hopefully) my extender. Typically with no filter, the application picks up 20 or so "devices/connections" on any given day. The list includes names like "Senao International Co., Ltd." (condo router), "NETGEAR INC." (my extender), "Gemtech Technology Co. Ltd." (my desktop NIC), PLUS these 'unrecognized devices': "Amped Wireless," "Liteon Technology," "Sony Corporation," "Apple" or "Apple, Inc." (multiple instances) and "Securifi Ltd." (multiple instances).

 

Today with no filter, it picked up 23 devices (no IP Address duplicates, but five of the MAC Addresses were duplicates - all five from the same device, i.e. all "Securifi Ltd."). All 23 had IP addresses of the format 192. XXX.36.NNN, where NNN ranged from 1 to 168 (obviously with many skips, since there were only 23). Note: the condo router's IP address is 192. XXX.36.1.

 

So then I went to the application's Advanced Options and checked the box for the "Scan the following IP addresses range:" option. I entered the IP address for my extender (192. XXX.36.151) as the lower limit and I entered 192. XXX.36.255 for the upper limit (not sure why I picked 255). With that as a filter, the result was only 9 hits (NO duplicated IP Addresses or MAC Addresses). Besides my extender and my NIC, there were five "Apple" or "Apple, Inc.," one "Liteon" and one "blank." As might be expected, where a device appears in both the filtered and unfiltered lists, the IP Addresses are identical.

 

Unfortunately, my knowledge in this area is very limited, and I have no way of knowing whether one or more of these "non-owned" devices are piggy-backing off of my extender, or if they're only being served by the condo router. With all of that as background (hopefully enough detail), my questions are:

 

Q1. How do I determine the proper IP Address range for the filter, so that I only see devices being fed by Netgear extender (i.e. what is the proper range to specify as it relates to my extender's IP address of 192. XXX.36.151)?

 

Q2. If I set the filter to this proper range and get a hit on one or more 'unrecognized' devices, is there a way to block them (via either their IP or MAC address, and would it be through Netgear's 'Genie' interface)?

 

Q3. Hopefully I will find out that no such "non-owned" devices are being fed by my extender, but should there be, how is that possible, given my WPA2-PSK encryption, coupled with a 26 Hex encryption key (barring them having access to the encryption key)?

 

Q4. I have a Sony Blu-Ray player connected to one of the extender's Ethernet ports via a CAT6 cable. When I streamed Netflix with the application running, I expected to see something related to "Sony" appear in the list of detected devices, but it didn't happen. Would that be due to it being hard-wired instead of wireless (i.e. if I switched its interface to the extender back to wireless, should it then be detected)?

 

Q5. Is it possible that the Charter (Motorola DCH6200) STB is one of these devices (it gets its signal via a single incoming RG6 cable out of the wall)?

 

Q6. I read somewhere that the "Liteon" hit could be due to a cable made by that company, but I find that to be a bit unbelievable. Could that be possible?

 

  • What a strange way to have Internet access.  I'm sorry to say but this is a horribly insecure, and probably slow, setup.  

     

    The problem is that your WN2500RP isn't providing you with any addtional security.  The WN2500RP doesn't have a firewall, so your devices can still be reached by anyone on the network.  Plus, when your traffic crosses over from your WPA2-protected Wi-Fi network to the WEP-encrypted network, anyone with the WEP encryption key can capture it with the right tools.  If your traffic is not encrypted at the IP level, then they can see what you're doing.

     

    You really should get your own dedicated Internet service.  If that's not possible, then you have to do much more to secure your own network.  Either way, you need something with a firewall to keep your neighbors out.  All consumer-grade Wi-Fi routers have firewalls, so you could get one and plug it into your WN2500RP.  Or get rid of your WN2500RP and replace it with a router than offers a WAN connection through Wi-Fi, but these routers are not as common (Exception: Routers running 3rd-party firmware like DD-WRT and Tomato can do this).  Note: Once you put your own router in place, your traffic will be double NAT'd.  This isn't ideal and could cause problems, especially with online games, but that's the price you'll have to pay to continue using the condo's Internet service.

     

     

    The firewall will keep your neighbors from getting into your network, but it can't do anything about protecting your traffic from being snooped while it transits the WEP network.  To counteract that, you will need to encrypt all of your traffic.  A VPN service will do just that.  Do a Google search for vpn providers and pick one that suits your needs.

     

    I hope this helps.  Now to answer your questions.

     

    A1: Extenders don't filter by IP addresses.  Only devices that have your WPA2 key can connect to your extender.  But it doesn't matter whether anyone can connect to your extender or not.  An extender doesn't have a firewall, so anyone connected to your condo's router can reach your devices.

     

    A2: Irrelevant question.  See A1.

     

    A3: Irrelevant question.  See A1.

     

     

    A4: Yes, the Sony probably won't show up directly in your Wireless Network Watcher when it's hard wired.  Traffic from the Sony will "appear" to be coming from the extender.  This is why you saw multiple IP addresses with duplicate MAC addresses.  Someone else with an extender or router will also exhibit the same thing.

     

    A5: No, the DCH6200 does not appear to have any Wi-Fi capabilities.

     

    A6: Liteon makes Wi-Fi adapters.  Disregard the hype about power cables having Wi-Fi chips in them.  That's bogus.

2 Replies

  • What a strange way to have Internet access.  I'm sorry to say but this is a horribly insecure, and probably slow, setup.  

     

    The problem is that your WN2500RP isn't providing you with any addtional security.  The WN2500RP doesn't have a firewall, so your devices can still be reached by anyone on the network.  Plus, when your traffic crosses over from your WPA2-protected Wi-Fi network to the WEP-encrypted network, anyone with the WEP encryption key can capture it with the right tools.  If your traffic is not encrypted at the IP level, then they can see what you're doing.

     

    You really should get your own dedicated Internet service.  If that's not possible, then you have to do much more to secure your own network.  Either way, you need something with a firewall to keep your neighbors out.  All consumer-grade Wi-Fi routers have firewalls, so you could get one and plug it into your WN2500RP.  Or get rid of your WN2500RP and replace it with a router than offers a WAN connection through Wi-Fi, but these routers are not as common (Exception: Routers running 3rd-party firmware like DD-WRT and Tomato can do this).  Note: Once you put your own router in place, your traffic will be double NAT'd.  This isn't ideal and could cause problems, especially with online games, but that's the price you'll have to pay to continue using the condo's Internet service.

     

     

    The firewall will keep your neighbors from getting into your network, but it can't do anything about protecting your traffic from being snooped while it transits the WEP network.  To counteract that, you will need to encrypt all of your traffic.  A VPN service will do just that.  Do a Google search for vpn providers and pick one that suits your needs.

     

    I hope this helps.  Now to answer your questions.

     

    A1: Extenders don't filter by IP addresses.  Only devices that have your WPA2 key can connect to your extender.  But it doesn't matter whether anyone can connect to your extender or not.  An extender doesn't have a firewall, so anyone connected to your condo's router can reach your devices.

     

    A2: Irrelevant question.  See A1.

     

    A3: Irrelevant question.  See A1.

     

     

    A4: Yes, the Sony probably won't show up directly in your Wireless Network Watcher when it's hard wired.  Traffic from the Sony will "appear" to be coming from the extender.  This is why you saw multiple IP addresses with duplicate MAC addresses.  Someone else with an extender or router will also exhibit the same thing.

     

    A5: No, the DCH6200 does not appear to have any Wi-Fi capabilities.

     

    A6: Liteon makes Wi-Fi adapters.  Disregard the hype about power cables having Wi-Fi chips in them.  That's bogus.

    • RSquirrel's avatar
      RSquirrel
      Aspirant

      Dear TheEther,

      Thank you very much for your timely and detailed answers. You've given me a lot to think about. I will do some research and come up with proposed soulutions to meet your router and vpn recommendations. If you don't mind, at that point I would like to run them by you to see if I've correctly understood your suggestions. Thanks again!