simple solution, get into your routers management interface, check the logs for DHCP leases, find the mac addresses there, check them against whatever
devices are in your network, if it doesn't match, suspect.
192.168..x.x is a private range, not a public range. These are internal addresses, most routers by default use 192.168.1.x or 192.168.0.x for their
range of IPs.
The router will be 192.168.x.1 and will hand out IPs to any devices present in the network. If your router is supplied from the ISP, or has the ISP
connection (cable or DSL) it will have an uplink port which is the internet connection, this is the only connection that will get a public IP from the
ISP, your router effectively performs Network Address Translation for you, allowing multiple machines to use a single public IP to hit the
internet.
It should be fast and easy to see which device has what IP, if you are concerned about intrusion simple enable MAC based filtering, only allowing the
MAC addresses of the devices you personally want on the network.
I have some experience with basic WIFI cracking, wep and wpa. A few tips, use WPA-2 with a large, random, salted (using alt characters like #)
password and it's pretty darn secure, to brute force that would basically take too much time to be worth it. Most "cracking" isn't cracking at all,
it's using the rainbow tables method by which you hash the SSID of the network and attempt to dictionary attack the password (you must supply a list
of possible passwords). Also, if you router has the option to deny access to the management page from the WLAN enable that as it's quite easy to get
into your network, and if you allow changes to the router from the wireless anyone within range could get in, block you out, open ports for
themselves, or even get your ISP login information.
Step 1 is to locate the network and a client machine.
Step 2 using packet injection and mac spoofing mask yourself as the client machine and send a request to the network that makes the client
reconnect.
Step 3 capture the handshake between client and network
Step 4 run the precompiled HASH table with dictionary attack against downloaded hash.
If you have the password in your list, eventually it will crack it. I've seen WEP take 3 hours, and another WEP take less than 2 minutes. I've only
ever gotten into a WPA network once, and it's because they used real word phrase that was in my dictionary list.
The reason I posted that is one of the first few steps to cracking into your network is to spoof the client, so mac filtering isn't 100% either.
A flood attack is basically what it sounds like, too many incoming packets that literally clog up your network interface. A large scale would be a
DoS attack where you flood a target from usually a botnet of hundreds of infected machines. Sending soo much traffic that it floods the link and in
most cases bumps them offline, just like the old telephone modem days.
I'd check your router and see if it offers DoS protection and other options for it's firewall that would probably be where the false positive is
coming from, and is easily disabled.
edit on 20-1-2011 by phishybongwaters because: forgot something