possible to detect someone connecting to a unsecured wireless network

Mr Burns

Is it possible to detect that some one has connected to an unsecured wireless router? Would it be possible to find out after the fact what was downloaded etc?

cheers
Mr. Burns

Anti

I know its possible on my router if you log into 192.168.1.1 you can view who is connected, but im not sure how to find out what they have downloaded, would be interesting to know though. im trying to login to my router now, but have completly forgotten how so i cant screengrab for you. But if i get it i will repost

Mr Burns

Thanks very much. Much obliged to you.

TriWannabe

why do you want to know mr burns? why not just make it secure?

Black Swan

Interesting question posed by TriWannabe to Mr Burns. Why? Then again, it's perhaps none of our business?

And Mr Burns could perhaps make his router (if in fact it is his router and not one he is accessing at a hotspot or wherever) more secure with a firewall and limiting the number of users to one, etc., etc.

Even with all these precautions, a wireless router can be cracked and used by a good hacker.

Then again, Mr Burns should also be advised that there are many ways of snooping someone's WiFi communications (packet sniffers, installing keyloggers on his computer, RATs, etc., etc.). No WiFi communication is ever absolutely secure from a super cracker.

Furthermore, if he is operating Stateside, then his commuications (or anyone else who is using the same router as Mr Burns) can also be accessed by government agencies without his knowledge. The news in the States has been filled with evidence of ISPs cooperating with these agencies. Millions of customers have been tracked without their knowledge.

ISPs are also notorious about tracking the surfing habits of their customers for various reasons (marketing and otherwise), and if you connect through them at your residence, read the fine print on your contract. You probably gave them permission (but who reads the fine print?).

Anti

i thought access through mac address was the securest option possible. no ?

Black Swan

anti wrote:

i thought access through mac address was the securest option possible. no ?

Nothing is absolutely secure when it comes to computer software and hardware. Although some things are more secure than others.

For example, know of a major university in the States that thought it had the ultimate in defense against crackers. They bragged about their five layers that no one could possibly get through. One day they had to shut down because someone had cracked though four of the five layers and was working on number five.

MunsterCycling

Emmm no would take about 4 sec to fake your MAC address with packet snooping s/w!

irlrobins

As anti said, if you access your router's config page it will show you which mac addresses are currently associated to the router. If you know the mac address of all your PCs ("ipconfig /all" will give you the mac address, otherwise known as pysical address), any extra ones are intruders.

Foxwood

anti wrote:

i thought access through mac address was the securest option possible. no ?

Relying on MAC address filtering is probbay worse than having no security at all, because it apparently gives some people a sense of unwarranted security.

Copying a MAC address is trivial, and filtering by MAC address only serves to make troubleshooting more difficult. Enable WPA-PSK if you want to secure wireless access to your router.

As for tracking what's being downloaded, the simple answer is no. None of the commonly available consumer wireless routers offer the capability (as far as I know). Setting up a PC between your router and your DSL connection to do the tracking is certaily feasible, but it wouldn't be trivial, and would require a fair amount of work to set up.

Mr Burns

If someone spoofed their MAC address to the MAC of one of the approved machines, would the router see the intruder as being the approved machine? Am I right in thinking that?

irlrobins

Yep, if the intruder machine cloned MAC address of PC A, the PC A's mac address would appear in list of connected PCs.

NutJob

[FONT=arial,helvetica][SIZE=-1]ifconfig eth1 down
killall dhclient
ifconfig hw ether 00: 11:22:33:44:55
ifconfig eth1 up
dhclient eth1


its that easy and half thoes commands are just ther for general neatness
[/SIZE][/FONT]

Im afraid crypto is the only way to keep people off your wifi(WPA-PSK). Just make it difficult enough for them to go somewhere else theres plenty of open wireless access points all over the place. Plus use a sentance as a password with funny characters(!@#$%&amp;(*^$><?) and numbers.


If you are curious about whats goin on on your network airsnort under linux and driftnet will give yo a fair idea and are available on many live cds (fun part is wireless card support)


Not to scare you or anything but unsecured wireless puts you at risk of having bank accounts stolen + credit cards + usernames and passwords (depending on services you use online). Not likely someone will hang round ur house long enough to do this but.......
Unfortunatly its a relatively easy thing to do on a un-secured wireless network.


You will find that its mostly likely a neighbour or neighbours kid looking to do some free surfing. Check the router logs and see what pops up in the DHCP section might get lucky and they called there pc some nice netbios name.


Sorry!!!! addition>>>

Forgot netstumbler will show activity but kismit will give details of clients currently connected

MunsterCycling

Nice post NutJob, was asked very similar question by someone yesterday so I'll point them this way to see just how simple it is to spoof a MAC address with Linux.

irlrobins

Airsnare for windows will also show you intruders

NutJob

MunsterCycling wrote:

Nice post NutJob, was asked very similar question by someone yesterday so I'll point them this way to see just how simple it is to spoof a MAC address with Linux.

Keep it legal or at least grey

Airsnare for windows will also show you intruders

Must take a peek at this never herd of it thanks always like new toys


is donation ware if i likeit ill donate thus far thumbs up

irlrobins

Yea used it myself from time to time. Easy enough to use. Comes ethereal too as part of the install. Probably a bit easier to use than a linux live based solution for some people.