46 total posts
(Page 1 of 2)
MAC filtering for one....
it should be in the manual.
The SSID can still be picked off the air even if your WAP doesn't broadcast. It's a feature of using AIRSNORT to sniff it from other packets that are exchanged.
Do the MAC filter and it's too difficult for most to get around.
1. You can disable the "broadcast ssid" option and that will stop your router from "announcing its presence".
2. You probably have (somewhere buried in the menu structure) the ability to enter the MAC address for each device that you want to connect to your router. If you are running WinXP, perform the following steps:
a. START menu, then RUN
b. Type "CMD" - this should open a window (used to be called a DOS window.)
c. After the command prompt, type "ipconfig/all"
d. The mac address will look like this: 00-00-00-ae-1f-20
e. Most devices also have the mac address written on them somewhere - your router has one and it is on a sticker on its bottom (probably)
f. Gather all of the mac addresses for any device that you want to allow to connect to your router and enter them into the table, this will only allow "authorized" devices to connect.
(On my Linksys WRT54GS it is under the WIRELESS, WIRELESS MAC LIST menu options. There is a button called "EDIT MAC FILTER LIST")
g. Go to the internet and read up on wireless security. The fact that he connected suggests that either (a) he is very knowlegable about wireless networks and has hacked into your network, or (b) you have not activated all of the security features that are at your disposal.
Newer Linksys routers support fairly robust security features that should keep all but very determined outsiders from accessing your router.
Do you have WEP enabled? That combined with MAC filtering should do it. By the way, how did you find out he was using your signal?
how did you find out
He told me. Made me wonder how many others were doing the same thing.
program to montior who is accessing your network
AirSnare is an intrusion detection system to help you monitor your wireless network. here is the link
Its important to get this right because if someone uses your connection to the internet for nefarious purposes the trail will lead back to your door.
It's quite possible you could turn off wireless on your router. You need to check the config via the admin program. Normally you get to this to via a browser address as specified in the manual.
BEFORE YOU DO ANYTHING ELSE:- CHANGE THE DEFAULT ADMIN PASSWORD on your WLAN Router TO SOMETHING UNIQUE TO YOU THAT YOU CAN REMEMBER.
If you leave it as the default then anyone getting in will be able to change/undo what you set.
It's fine setting MAC filtering but if someone spoofs the MAC address then adds another one of their own its unlikely you'll notice and they'll be able to freeload again.
OK - Now how do you secure it if you want to keep the wireless connectivity. There are a few things to think about that progressively increase WLAN security.
They require increasing 'tech' skill although all can be done by a thourough read of the manual.
At each stage check you can still use the WLAN from where you want to before moving on to the next. It will make troubleshooting any problems much easier.
1) Simple Physical security. Normal advise is put your WLAN Access Point (AP)in the middle of your house to reach all parts. But if you can, it's better to position the WLAN AP at the furthest point in your house from any neighbours. So if you have someone on just one side of your house then its best to put it the other side. Its best to put it at the back of the house away from a main road. This reduces the signal from your network that reaches those points. Not only does this mean higher security it minimises the risk of interference from your system with others. Obviously this idea presupposes that you can choose where to locate it because you have a handy network connection their AND you can still pick up the signal everywhere in the house you need it.
Using the admin program:
2) Change the SSID (Network name) to something that works for you rather than the default. If you leave it as the default then all anyone has to do is pick it up through their wireless lan and check the manual out on the internet to work out the default settings for your service.
3)Set WEP (Encryption) on both your Portable and your WLAN router. Preferably at least 128K encryption level where it gives you a choice. The Downside to WEP is that it slightly slows the network speed (not much on modern kit) and it CAN be broken. However to break it you need to sit and scan the network for a while but WEP does prevent all but the most determined snoopers.
4) Make sure you can connect to the WLAN as required. Once your Notebook has learnt the name of your WLAN you can then set the SSID to 'Don't Broadcast SSID' or something similar. This means that anyone scanning for networks wont see yours sticking out like a sore thumb.
5) Change from DHCP Addressing (where the router tells each PC what network address to use) to fixed IP addresses. Any snooper would have to work out what address range you are using then find one that did not conflict. If you keep the range as small as possible it will be less likely anyone can do that.
6) Finally MAC filtering. With this you configure your WLAN router to only accept traffic from the hardware address of your PC's wireless card. I've left this to last because although its not too hard to set up,once an intruder can 'see' your wlan its not too hard to find out a valid MAC address and hijack it.
If you're still worried that someone might abuse your connection then your WLAN Router probably offers logging of some kind that you could monitor and see if it is being used at times you aren't active on it.
No connected network is ever secure but if you do as many of these as you can you'll significantly reduce the chances of anyone abusing your WLAN.
I just bought a new computer with a wireless card. As I pulled it out of the box and turned it on, my neighbor's wireless popped up immediately. Out of curiosity I looked to see "My Network places" and without doing anything on my new computer, their computers were present...including their printers installed on my NEW machine. Everytime that I turn on my computer I have to disable their system. Two questions...
1. If I can see their computers on "my network" and could, if I wanted, enter their computers WITHOUT any special configuration of my system, can they do the same with my computer? Can they enter my computer and access files or see what I am writing? My computer automatically showed up on their "workgroup" WITHOUT MY CONFIGURATION.
2. I currently have a dial-up and am in the decision making stages for a wireless service. I work from the house frequently. My business program has a very high security firewall, but I am concerned that if I get wireless, they and maybe other neighbors might be able to do the same and enter my computer. Their signal is super strong. The other day we were without Internet service, nor phone service, land or cell, for the entire state for several hours. I had a medical emergency for a client that had to be handled in a matter of minutes. I could not make the phone call I needed nor could I access the internet from any of the 3 offices from which I work. In desperation and curiosity I tried the neighbor access and their signal was very strong. They are new neighbors...should I see what they are using and try and help them secure their system more? Plus I guess I would like to have the same company..Ha...but would the signals "fight each other?"
I have saved your previous response for security measures installation but I still have some concerns. Thanks...
Start by changing the workgroup name
Start by changing your workgroup name. Obviously, both your machine and your neighbor's are using Microsoft's default workgroup name probably something like "Home" leading them all to believe they are part of the same network.
Once you choose a new workgroup name, all your computers will use that same wg name, that will allow them to share resources between your computers. When you install your own wireless router, you should also always require authentication on anything you share on your network in addition to using the security recommendations presented in previous posts. That will help prevent your neighbors from getting the same access to your network that you have to theirs.
WEP CAN be broken?
I'm curious how an intruder would go about breaking WEP? Wouldn't they have to have plenty of time in proximity to the siginal and use some sort of WEP cracking program? Couldn't you set some sort of max WEP access tries for a particular MAC, or is this not supported by the majority of the home routers out there?
Stopping Wireless Trespassers
If you're using any standard router, you can use 2 ways:
1. Use WEP(wireless encrypted privacy). This is like setting a login password so that their systems can't access your router.
2. Set your router to accept only recognised wireless cards.
Type http://192.168.0.1 (unique to some routers) and you will get in to the router admin page. (check your manual for exact instructions)
Go to the wireless section and, depending on the brand of router, configure your router to accept only the systems that belong to you.
I don't recommend not broadcasting your SSID as some XP systems you own may not "see" your router and this defeats the purpose of keeping you in and neighbours out.
All instructions should be referred to the router manuals as they are all different.
This should keep the intruder out.
If you use WEP with a custom key that should do it.
However if you did want to just use the router without the wireless option ... just take the antenna off.
Good luck with that... I would be interested in hearing how you found out he was using your signal.
Why not WPA
You should have suggested using WPA as this solves many of the probs with WEP, and is twice as strong (256 bit)
And with most routers you can disable the wireless by accessing the router(192.168.0.1, 192.168.2.1, ect) and disabling it.
While on the subject
How long would it take to hack through a WPA enabled router with a custom password (numbers + letters)
Neighbor using wireless router
What was the solution to this problem?
Use MAC filtering
Your router probably has a feature called MAC filtering. This allows you to create a list of permitted MAC addresses to access the router. MAC addresses are (supposed to be) unique addresses assigned to every network adapter. This will prevent any MAC address that is not in the list from using your router. So if you know that you are only going to use a limited number of wireless devices and these will never or rarely change, MAC filtering may be the way to go.
3 things to do
1. Turn on MAC Filtering.
2. Change from WEP to WAP protocol for better security.
3. Stop broadcasting your SSID.
I have listed them in order of importance. Together they will provide the best security for most home grade wireless routers.
About item 3...
Range extenders use that.
How would you fix that?
Stopping wireless use
Well, one way to stop him is enable MAC control. Allow only known MAC. You just have to enter your MAC from all your computer in house and only those will be able to connect, rest will be denied.
MAC filtering not enough
MAC address spoofing is easily done.
google: MAC adress spoofing
Secure Wireless....no such beast right now.
WEP keys can be cracked in hours.
MAC adresses can be spoofed.
Suggested: Set up MAC filtering in your router
Most routers have a MAC filtering feature, where you can specify which wireless computers can connect to your network. This means you can have your devices connect, and not your neighbor's. A MAC address is a hardware address, and you'll use the MAC for your wireless network adapter. To find the MAC, open a command line and type "ipconfig /all". Look for the Physical Address line; you should see six groups of two letters/numbers, separated by hyphens (-). Then, in your router's MAC address filter feature, type your adapter's MAC address.
At home, I turn off SSID broadcast, use MAC filtering, and use WEP encryption: a common wireless security combination.
This happens to me and it does not bother me as long I have a firewall. This way "he" has no access to my accts or anything in my computers. There is enough band in the broadband, so I do not care. I feel I am sharing my wealth, so unless you are hurting it is not worth the trouble.
I would not recommend such a cavalier attitude. Most firewalls do not block the local network, only access from the internet (otherwise other computers on your network could not access each other). If he can log onto your router and obtain a local ip address he is then a part of your local network. He then has access to everything.
Apart from that he can access your internet and be downloading 24/7, at best it would slow down YOUR internet access and at worst he could be downloading illegal material, uploading viruses or cracking into other computers. The author of the Melissa virus, David Smith was tracked back to his computer by the FBI and his ISP. This trail would lead back to you.
If you want to share the wealth then donate to the Tsunami appeal, but you are leaving your household and anyone who listens to you open to enormous risks.
go to 192.168.1.1 and put a password. Or the best solution is use your user manual and follow the directions. But make sure you never forget the password, as this PW will be encrypted and will become much bigger than yours.
Set static ip addresses and clone mac addressess
I had the same issue initally. On my dlink router i set my ip range for 1-4:1 for the router the other 3 for my computers. then i set a static ip address and cloned the mac address of ea computer on the router. All my comp are always on so they dont release. I also set the WAP. Hope this helps
Re:Stopping wireless use
Theres a lot of different things you can do...you already did a couple of things by changing the SSID and by turning off the broadcast on the SSID name. Now what you also need to do is....change the entire scope of the IP address scheme (usually routers use the 192.168.1.x or 192.168.0.x IP addressing scheme, if you change it to something like 172.16.18.x or something, no one will think of trying to use that)...turn off DHCP and make your computers use static IP addressing (this way he will see that there is a wireless network available but will not get the proper IP address that he would need to use it and if you change the entire scope of the IP addressing scheme it would be really hard to guess what it is. Also another thing you could do is turn on mac address filtering to make sure that only the mac addresses of the computers you own are allowed to connect to the router. And of course change the username and password for the admin account on the router so no one else can change the configs of the router. There is always a way to turn off the wireless capability of the router. Also look into turning on the WEP encryption. I hope that was helpful. If you have any questions on any of this please feel free to contact me. NJP548@aol.com
Stopping wireless use by others.
I became suspect of someone using my wirless link. I found that when I'm not using it, I put aluminum foil around the antenna. That sure solved my problem.
I considered any problems that might be associated with this method. I do not consider the low power on the transmitter to be harmed by this method of blocking others use. If anyone else finds cause for alarm, I'd be glad to hear from them.
I just wear a Aluminum foil hat...
see 1/21/2005 post
in Networking and Wireless Forum