monitoring your wireless connection for intrusion?

Scruff

Is it possible to see who has connected to your wireless router? I have a netopia 3347w that shares my bb connection. I have only WEP set up at the moment (will be enabling MAC authorisation tonight) and i think that one of my neighbours has hacked the WEP encryption and in using my bb. Have been seeing funny things happening like transfer rates dropping every now and again.

Last night as a test I turned off the wifi card on my pc, rebooted the router and connected in with a lan cable. I checked the status of the router and it was saying that 2 DHCP channels were in use. I checked this every now and again and later it had dropped to 1, so i assume he had turned off his p.c.

Is there any way i can check to confirm that it is indeed someone else connecting in? Any way i could send them a "message" over the wireless link?

Vokes

My routers browser interface has a button for listing all clients connected and their MAC addresses. Perhaps yours has one too...?

ambro25

Scruff wrote:

Is there any way i can check to confirm that it is indeed someone else connecting in? Any way i could send them a "message" over the wireless link?

Might be, might not, don't really know...

I had similar weird happenings (which I thought very odd, considering my WEP settings - 13 digit pw, noone but me knows it and it's not on system anywhere).

For the checking thing, as posted earlier, I'm sure your router http interface has a GUI showing connected devices, and probably also a log including the MAC.

For the hi-jacking thing, an easy enough solution is to make sure your router only ever leases one IP (for your laptop) or two IPs (if you also have a desktop and are using both at the same time). If you only very occasionally use both at the same time, then stick with leasing just the one IP, which lease you can override from the router interface at anytime (requires cabled connection to the router tho') if he's grabbed it when you try to connect. An obvious alternative on the same model is to give your lappie and/or desktop a fixed IP and (again) tell the router to only lease to that - not as practical as DHCP though.

Also, obviously enough, switch off your router when your 'puters are asleep - he'll soon get his own or hijack someone else's.

Scruff

that would be handy but dont remember seeing anything like that. will have a more indepth poke around when i get home.

wind00ze

ya just dont enable dhcp and use WPA if you can cos it alot harder to crack

AARRRGH

I check the logs on my router a lot. I can see what IPs it has assigned. So if there's more than two assigned (I have two PCs online all the time) I know there's a problem.

Is this what you mean??

ambro25

@Dublindude - were you asking me? If so, then 'yes'.

@OP - had a quick look in *.pdf of your user manual (Netopia 3347)

(i) in WebUI, select 'Configure' from toolbar
(ii) then select 'LAN'
(iii) in bottom of box, there's 'Other LAN options', including 'DHCP Server' - select that
(iv) the next box to appear is titled (strangely enough ) 'DHCP Server', with 1 drop-down menu showing 'server', 2 fields for IP addresses and 1 field for lease time.

(i) In the box 'starting IP address', use whatever, e.g. default 192.168.1.1

(ii) In the box 'ending IP address', use -
_the same value, e.g. default 192.168.1.1, if you're only using one PC
_the same value +1, e.g. 192.168.1.2, if you're regularly using two PCs

(iii) For the lease time, input 10 minutes or less, e.g. 00:00:10:00.

Save & reboot the router - done.

rogue-entity

Well I would have to agree with the above posts.
If you are seeing more then two assigned IP addresses and you know that two of them are for your PC/laptop then you have been hacked.

You should enable WPA encryption as it is stronger and a lot harder to crack.
You could also change your SSID to something else and disable SSID broadcast, this way no one can find your network.
You should also enable MAC address filtering so that only our lappy can connect to the wireless network.

Scruff

Cheers all!
I saw that DCHP settings but i guess i didnt fully understand what to do. (mate gave me the modem, no documentation and i never downloaded it :rolleyes::rolleyes: ) Thanks.

rouge-entity, made all those changes to the security last night so i guess its as secure as its going to get now.

SouperComputer

if the guy is smart enough to crack WPA, disabling DHCP will do SFA as he already knows the gateway and address range. He\she can just use static ip with the correct gateway address and sponge internet.

Disabling SSID again is useless, he already knows the MAC address and SSID of the router. Even if he didnt, it would be very easy to find the router with SSID broadcast disabled.

Heres what you can try:

* Change the router password
* Change the SSID & disable it
* Change the WPA key, make sure its at least 25 chars, with stuff like # and @ included
* Best to use mac filtering (which can be gotten around too)
* Change the ip of the router to, say 10.0.9.1, disable DHCP
* Put a static ip on your laptop:
10.0.9.4,
subnet 255.255.255.0
gateway 10.0.9.1
DNS 10.0.9.1, 2nd DNS ISP's DNS server

Of course, if he is really persistant, then these measures can be overcome too. You could change the above router weekly, that could pi$$ him off enough to get his own broadband!

Radius or a password protected proxy would be the best way to ensure he doesnt get in easily, but thats a bit more invloved.


[edit] feck, after typing all of that I noticed you WERE using WEP, in that case I guess the guy is not so hardcore, anyway, the above will keep most pi$$ants at bay and encourage them to try another network[ /edit]

ambro25

[tail between legs]Doh! How could I forget about turning off SSID broadcast?!? :rolleyes:[/tail between legs]

Otherwise, pretty much as (and I bow to-) überkomputerführer above has explained - off to do some o'that myself tonight

SouperComputer

The ironic thing is that my router is wide open! Couldnt give a Castlmane XXXX TBH!

shltter

Mac address filtering is useless and if the guy could crack your WEP cloning a mac address would be easy for him

enable WPA with a good password as Soupercomputer suggested change your SSID but not to something stupid like your address even with it disabled anyone with net stumbler will still be able to see it change the admin password on the router thats really all you need to do