Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Security: Suspicious wireless activity

  • 13-03-2006 5:34pm
    #1
    MeWantBroadband
    Registered Users Posts: 189 ✭✭


    Hi. I have Linksys WRT54GS wireless router / ADSL modem. It is set up with what I would think is good security: WPA encryption turned on, MAC filtering, SSID is not broadcast, admin password has been changed from the default.

    On two occasions, after I shut down my PC, I have noticed that the 'Internet' and 'Wireless' LEDs are still flickering suggesting, data is flowing through or trying to. At this point in time, the PC and its USB wireless adapter are not connected to power at all.

    What does this LED activity signify? The initial reaction is to think that router has been '0wned' by somebody in the vicinity, and they are using the broadband. The purpose of this query is to identify/eliminate any other possible explainations.

    Is it possible that the communication is being initiated from the internet? For example, the servers or peers that I was connecting to are still sending data (e.g. probing to see if it is available) to the IP address my router was given by the ISP. The router then attempts to send it to my PC via WIFI, but the PC is off at this point. Could this cause the WIFI and Internet lights to flicker?

    When my PC is on, if I look at the list of wireless clients connect in the router admin, there is only the MAC address of my PC. This is all that is allowed by the MAC filitering. I am not very knowledgeable on networks. If someone is spoofing that MAC address, how can the data they want to receive off the internet get routed to the right PC? Can the spoofer use the same MAC address at the same time?

    I am greatful for any insights.


Comments

  • #2
    MrPudding
    Registered Users, Registered Users 2 Posts: 9,788 ✭✭✭MrPudding


    Check the incoming and outgoing logs to see what activity is going on.

    MrP


  • #3
    kippy
    Registered Users, Registered Users 2 Posts: 18,635 ✭✭✭✭kippy


    Most likely the logs wont tell you too much as on consumer electronics they dont log much....
    I think you have very very tight security set up and it is extremely unlikely that someone is using your connection.
    The conclusion that you came to yourself is most likely correct and in general the wireless and internet lights may flicker at all times as traffic may always be going between your WAP and the internet.
    I wouldnt worry about it......
    Kippy


  • #4
    bk
    Moderators, Motoring & Transport Moderators, Technology & Internet Moderators Posts: 22,848 Mod ✭✭✭✭bk


    Since it sounds like you have a tight set up, you probably don't have anything to worry about. However if you want to you can make sure it is secure by following these steps:

    1) Reset the router to default factory settings.
    2) Install the latest firmware.
    3) Change the admin password to something secure (long random alphanumeric characters) and make sure that the router is set so that it can't be administrated over wireless or the internet, only be a directly attached device.
    4) Set up the WPA again with a strong passphrase. A 63 character passphrase made up of random alphanumeric characters, you can generate a good key here:
    http://www.kurtm.net/wpa-pskgen/
    5) Enable MAC address filtering and deactivate SSID transmission.

    If anyone had cracked your wireless, this will make sure they are off and can't get back on.


  • #5
    jimmycrackcorm
    Registered Users, Registered Users 2 Posts: 14,339 ✭✭✭✭jimmycrackcorm


    You can probably set up logging using syslog software to track what ip addresses are being used.


Advertisement