tracking intruder

They are in so many feet of your router.

Try this. Enable MAC filtering, change the WEP key and disable management over the WIFI link. Also, turn off the wifi or router when you don't need it. That alone will send them away since they won't know if they can get on or when.

Bob

More important than tracking the intruder, is to stop the intruder from continuing to access your network. The first thing you need to do is dump WEP. WEP is hiddeously insecure and can be, and (as you found out) frequently is, trivially hacked. In fact, the FBI did it in 3 minutes using Kismet, Airodump, Airplay, and Aircrack. The proccess is not very complicated, and the above listed tools are readily available. You really need to move to WPA2 if your equiptment will support it, or at least WPA, with a randomly generated sufficient complex passphrase. Now the bad news, WPA/WPA2 has a vulnerability as well. You do not want to use a short passphrase consisting of a word found in the dictionary. This will leave you vulnerable to an offline dictionary attack (A type of brute force attack where words found in the dictionary are thrown against a passprase to recover the passphrase) by someone using KisMac or coWPAtty. (Two popular wireless hacking tools that are also freely available) You will want to use a randomly generated complex passphrase consisting of at least 34 characters. Most publications say 20 characters, but you get about 2.5n bits of security per character +12 bits (2.5n+12 total) in a passphrase. So, this would only give you 62 bits of equivelent security. Bare minimum you want want 96 bits of security, so 34 characters will give you a total 97 bits. Ideally, you will want to use a 64 digit hexadecimal. This will give you a full 256 bits of security, plus using a 64 digit hex avoids the hashing process used to create the 256 bit Pairwise Master Key, because the hex is used directly as the key. It is this hashing process (Specifically, the MIC hash value)that leaves WPA/WPA2 vulnerable to a dictionary attack when short dictionary words are used as the passphrase. Now the good news. The brute force dictionary attack is the only known effective attack against WPA/WPA2. if you use a 64 digit hex you will make your network reasonably secure against any sort of brute force attack in that each of the 2^256 possibilities must be tried since your passphrase can not be found in a dictionary. This is a huge number
1.1579208923731619542357098500 869x10^77 or in decimal format:

1,157,920,892,373,161,954,235,709,850,086,900,000,000,00 0,000,000,000,000,000,000,000,000,000,000,000,000

Now the really good news. To check each of the 2^256 possibilities, you would have to have a device that could crack a billion billion keys per second and it would still take you 3.671x10^51 years to check every possibility. (3,671,743,063,080,802,746,815,416,825,491,118,336,290,905,145,409,708 years) As you can plainly see this is significantly longer than the 3 minutes it took the FBI to hack WEP. Now the best news of all. The DES cracker Deep Crack (something your local wardriver is not likely to have) could only do 90 billion keys a second,and would take 4.0769221021355023274397357709461x10^58 years to exhaust all the possibilities. Newer devices can do 256 billion keys a second These computing Goliaths (something your local wardriver is even less likely to have) would still take 1.4332929265320125369905321069732x10^58 years to exhaust the possibilities. The two most popular tools, KisMac and coWPAtty (something your local wardriver IS likely to have) can do 100 and 60 keys per second respectively. Now, this can actually be subtantially increased to around 76,000 keys a second using precomputed hashes and very large dictionary files (again, readily available). But, 76,000 still falls way short of even the DES cracker, and precomputed hashes in a dictionary attack are of no use if your SSID hash is not in the hash file, and your password is not in the dictionary file. But, for the sake of argument it would still take 4.8279340683183580193365292024362x10^64 years to run through all the possibilities. In reality at 100 possibilities per second it would take 3.6692298919219520946957621938515x10^67 years to exhaust the possibilities. So as you can see if you use a sufficiently complex and random passphrase, you can have a fairly secure network. if you use something like:

toast

Thats exactly what you will be, and it will take anywere from 0.2 seconds to around 5 minutes to hack your network. However, if you use something like:

DE9350EB9F96D947A962E5C9D71A6F5FC3DE5D006BF1340400050D30354AF49F
(a 64 digit hex)

Your would be hacker is going to be busy for quite some time trying to hack your network.

If you don't have the means to generate these sort of passowrds, you can go to:

https://www.grc.com/passwords.htm

You'll want to get this on a computer that is wired to your network.

Hope this helps.

P.S. if your equiptment does not support using a 64 digit hex, you can still use 63 character randomly generated passphrase like:

>66X>XC'kidz^7{u(,v}*C&-X\[|hl}?@O>Kc6w6>goGNB**wO"",0ADq]x*yUg

or

1ZuyAQP3yaqsoyJgBRu0XWidkTm2nWZj6iZVLcArL0C4zeKGyneEC7ZqmKRsyZ6

But be aware that this will only provide 169.5 bits of equivelent security. So, this leaves only 1.0582402237152498756263674716231x10^51 possibilities to check. At a billion billion keys per second, it will take your hacker only 33,533,609,137,426,479,695,108,863.5 (3.35336091374264796951088635x10^24 years to crack your passphrase by brute force. By the way, the age of the universe is believed to be 15 billion years 1.5x10^10.

So as you can see, it is possible to keep intruders at bay with a reasonable amount of effort. There is no such thing as bullet proof. Remeber, it used to be computationally infeasable to brute force DES, and now it can be done in hours. What is impossible today may be child's play tomorrow. But for now, use randomly generated complex passphrase (64 bit Hex or 63 character ASCII) with WPA/WPA2,and your would be hacker is probably only going to waste only so much time on your network, and go in search of a softer mark.