05-02-2004, 02:59 PM | #1 (permalink) |
At The Globe Showing Will How Its Done
Location: London/Elysium
|
Reverse Wardriving?????
Greetings Everyone,
The entire weekend my cable speeds have been less than a 56k modem. I am going to wait for the weekend to finally conclude (maybe Comcast is conducting some maintenance or upgrades?) to really start getting upset but this episode got me think. Could someone be siphoning off my wireless connection? I know there are programs that let people know there are open access points in the area but is there something out there to let me know if someone is tapping into my connection. Thanks
__________________
"But a work of art is a conscious human effort that has to do with communication. It is that or its nothing. When an accident is applauded as a work of art, when a cult grows up around the deliciousness of inadvertent beauty, we are in the presence of the greatest decadence the West has known in its history." |
05-02-2004, 03:17 PM | #2 (permalink) |
I flopped the nutz...
Location: Stratford, CT
|
not sure of a program that can do it, but take a look in your router's settings for dhcp client table. you'd see that it distributed multiple IP addresses, which would indicate someone else is on your network.
I've had network slow down big time once or twice. Shut down, unplug your cable modem for a minute, plug it back in and let all lights come on and start your machine back up again. If that doesn't work, also try resetting the router as well, my linksys has needed that before. and if you don't already have it in place, set up 128 bit WEP for your wireless connection, and make your password for it and the router tough. If you're in an area with a lot of people, change the channel you're on from 6 too. any changes on your router will also need to be made to the wireless computer you want to connect. that will help prevent anyone from leeching off your connection.
__________________
Until the 20th century, reality was everything humans could touch, smell, see, and hear. Since the initial publication of the charted electromagnetic spectrum, humans have learned that what they can touch, smell, see, and hear is less than one millionth of reality |
05-02-2004, 03:52 PM | #3 (permalink) |
beauty in the breakdown
Location: Chapel Hill, NC
|
I dont know of any programs out there that would tell you if someone is using the access point, but if you just make sure that none of your machines are and it is still sending out lots of data, there is a good chance someone is.
Enable WEP encryption, and if possible MAC address filtering. Especially the last one. That will stop anyone other than you from using it.
__________________
"Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws." --Plato |
05-02-2004, 04:31 PM | #4 (permalink) |
Junkie
|
It's extremely easy to ascertain is someone is using your Access Point.
Just check the association table. If any clients you don't recognize are "associated", then they are POSSIBLY using your wireless. There are a number of steps you should undertake to secure a home WLAN anyway. 1) Change the default SSID All Access Points come with a default SSID (think of it as a "name") out of the box. The SSID is used to identify the 'cell'. This default SSID should be changed. Use something that is relevant to you. This is NOT really adding any security, but is simply best practice. 2) - Disable SSID Broadcast By default, your AP will probably "broadcast" the SSID. Effectively it is saying "Look everyone! Here I am! Come and connect to me!". This is fine for public hotspots etc, but you don't really want or need it for home deployments. Simply disable SSID broadcast if possible (some models may not support this). Again, this does not really improve security, but is considered best practice. 3) Enable WPA (or WEP in "worst case" scenario) If your Access Point supports WPA (WiFi Protected Access), then you should definitely enable it. For home use, this will be in what is known as "WPA-PSK Mode". The PSK stands for Pre-Shared Key. This means you will need to define a phrase or "key" to be entered on both the Access Point and your clients. This is then used (in the background, so you don't hvae to worry about it) to automatically generate new WEP keys every so often. When choosing a pre-shared key (sometimes known as a phrase, or pass-phrase, or key), the longer the better. Ideally you should use something at least 20 characters long and that mixes upper case, lower case and numeric characters. Something like "Idon7WnthacK3rz!" (I don't want hackers). This is JUST AN EXAMPLE, but you get the idea. If your Access Point does NOT support WPA (an old model for example), then configure 128bit WEP on both your AP and client and change it regularly. This may be a pain, but it's worth the extra security. 4) Enable MAC address filters If you Access Point supports it, enable MAC Address filtering. You will need to know the MAC address of your own computers and input them into a table on the Access Point. Effectively you are telling your Access Point to "only allow these devices" to associate. 5) If possible bring down transmit power There's no reason to be blasting out your signal at 100mW if you don't need to. Why extend your radio cell into the neighbourhood if you only want to cover your living room? This may require a little experimentation, but it's worth it. 6) - Lock data rate This may not be suitable, but many users lock their data rate at 11Mbs (for 802.11b) or 54Mbs (for 802.11a/g). This means you either connect at that high speed, but nothing lower. This means that the area covered by the cell is smaller and "tighter". Alternatively, step it down one level. The more data rates you support (or "allow"), the "bigger" your cell and the more likely that devices far away can associate; ie, hackers across the road. Once you follow all (or most) of the steps above you shall mitigate 99.99% of most hacking attacks; these tend to be opportunistic in any case. Any more questions on WLANs or security related topics, let me know... Mr Mephisto |
05-02-2004, 04:46 PM | #5 (permalink) |
Thats MR. Muffin Face now
Location: Everywhere work sends me
|
if the above doesnt help, can you provide more info on your setup? (including equipment models)..
__________________
"Life is possible only with illusions. And so, the question for the science of mental health must become an absolutely new and revolutionary one, yet one that reflects the essence of the human condition: On what level of illusion does one live?" -- Ernest Becker, The Denial of Death |
05-02-2004, 08:57 PM | #7 (permalink) |
At The Globe Showing Will How Its Done
Location: London/Elysium
|
I must ditto the excellent advice commented on above by yakimushi. Thanks Mephisto. I am looking into each of those points as we speak. Thanks
__________________
"But a work of art is a conscious human effort that has to do with communication. It is that or its nothing. When an accident is applauded as a work of art, when a cult grows up around the deliciousness of inadvertent beauty, we are in the presence of the greatest decadence the West has known in its history." |
05-02-2004, 10:50 PM | #9 (permalink) |
Junkie
|
Absolutely not roadkill. What ever you do, don't go tinkering with your innards!
However, as I mentioned above, you should try to do this "if possible". I say it like that because not all makes and models may let you do this. I have no experience with the D-Link devices. I know it's certainly possible with Cisco gear. But if you only follow the first 4 steps, you'll be infinitely more secure that if you simply use the AP "out of the box". Mr Mephisto |
05-02-2004, 11:52 PM | #10 (permalink) |
Guest
|
Mr. Mephisto's advice is very good but if you really want to know if anyone is associating with your AP that isnt you try using kiwi syslog from www.kiwisyslog.com. It will make a log whenever a client tries to associate with your AP. I have a cisco wireless class and we used this on a Aironet 1100AP.
|
05-03-2004, 01:09 AM | #11 (permalink) |
Junkie
|
Logging onto your AP and asking it to display the association table is the best way of ascertaining the clients that have associated to it.
Trust me on this mciprepaid. All the kiwisyslog util does is query a host on its SNMP and log files. Not all entry level kit supports out of band management. Mr Mephisto |
Tags |
reverse, wardriving |
|
|