i think someone is stealing my wireless

weeder

ok same old same old heard it before type thing,how can i tell for sure and is there a tool for windows i can use to see what ip(s) are and where active on my network and to and from what times?

Wisesmurf

dont know about the ip search but why dont you stick a password on your network, If you dont its your own fault that someones robbing your bandwidth.

feylya

Stick MAC filtering on your wireless too. If you have DHCP enabled, you should be able to see who's connecting. You should also be able to browse for their computer in network places. Wireless works in 2 directions...

aidan_walsh

Install a copy of Network Magic. it'll let you see all devices connected to your router.

Also, look into your routers security configuration, and lock it down.

Lump

Password protect your network..... job done.

weeder

its WEP protected but i fear it may have been cracked

dub45

weeder wrote:

its WEP protected but i fear it may have been cracked

Change to wpa much easier to use and much more secure apparently.

zilog_jones

WEP is actually quite hard to crack - I'd only be worried about people breaking it if there's students around near you
nmap can scan for IP addresses and ports and stuff.

RangeR

zilog_jones wrote:

WEP is actually quite hard to crack - I'd only be worried about people breaking it if there's students around near you
nmap can scan for IP addresses and ports and stuff.

A WEP key can be cracked in under 5 minutes. Please don't offer people some false hope about WEP security.

Webmonkey

Yes wep keys are very simple to crack. Not good security at all to be honest. Download some software mentioned there and have a look at the activity on your network. You could use Wireshark, what i use but could be a bit complicated to use.

limklad

weeder wrote:

its WEP protected but i fear it may have been cracked

WEP is very easy to crack and there are lots of free software out there to crack it.
If you are using WEP or no security :eek: then You have made yourself an easy target to for unwanted visitors to your network . :eek:
What router do you have?
If you have Eircom Netopia wireless router?
There are some details here about setting up your security. access to router is http://192.168.1.254
(I don't know if WPA is available without paying for it or is it just setup in WEP by default which is free for obvious reasons :eek: ).
http://www.netopia.com/support/intl/eircom/technotes/IEWG_110.html
Also if you are probably on channel 7 like everyone else so change the channel so you won't get interference from others. You can use netstumbler to check for available channels out there. There are up to 13 channels available.

WPA have been crack because people use weak passwords
Try and use a combination of Upper case/lower Case/ Special characters ("£$&^%@~ etc) and numbers if using WPA.
I have upgraded by wireless to WPA2 but not all router vendors have WPA and WPA2 in mind for their routers.
For the PC side you can download WPA2 drivers from the Microsoft website and it is free too. Most wireless computers have WPA available on them.
Any Zyxel wireless routers (From BT and Perlico) that I have used have WPA on them
and easily selectable under admin address is: http://192.168.1.1
You should have more details in the package you got with your modem/router.
Mac Filtering can help but on WEP as the MAC address can easily be changed by your "unwanted visitor" computer to match your own computer.
but you will also get headaches if you have a visitor (you have giving approval to) who needs to use your wireless broadband for waht ever reasons.

Changing Passwords regularly can help too.
Maybe a combination of everything (WPA/chaning password/MAC filtering) can help help improve security

Personally I use my own wireless linksys router in combination with the telecom provider own modem, in which I can upgrade the firmware on the router for free. There are plenty free third party firmware out there but do your research before buying. I am able to use WPA2 which is far better than WEP. I had not any problems with it.

Also another great tip: Power down you router when you are not using it. It is the best of all defences that you can put up for your unwanted visitor. They will not have 24 7 access and it is also good for the environment too (save some money on ESB bill not much though :eek: ).

zilog_jones

#Elites wrote:

Yes wep keys are very simple to crack

The last time I looked into WEP cracking (some time last summer), it invlolved a lot of time, two PCs using NICs with a specific 11b chipset (or one PC and *a lot* of time), and Linux. There was a Windows port of the software used, but apparently no one knew how to get it working.

Please prove me wrong if things have got easier since then

christophicus

They have but it still takes a hell of a long time. They need to be using the program at the same time that you are online I was attempting to crack my connection I had a torrent going so there was nonstop internet traffic. i had it going for three days straight and it didnt work,it needed to be longer, I was way off the required amount of info. also I ws using the windows version and it was quite easy to use.

Webmonkey

They need to be using the program at the same time that you are online

Not neccessarily. You can inject packets into the network by fooling the Router into broadcasting broadcasts, creating network activity. I wouldn't say its secure at all especially if some wiz kids around your neighbourhood.

Wcool

christophicus wrote:

They have but it still takes a hell of a long time. They need to be using the program at the same time that you are online I was attempting to crack my connection I had a torrent going so there was nonstop internet traffic. i had it going for three days straight and it didnt work,it needed to be longer, I was way off the required amount of info. also I ws using the windows version and it was quite easy to use.

5 minutes folks: http://www.mini-itx.com/2006/08/31/the-janus-project

mentalgrinder

Peer Gaurdian is pretty cool, you just leave it on and it takes a list of any i.p's trying to acces your computer. The only crappy thing is you have to either turn it off when browsing or it blocks all websites until you allow them, other than that its weird seeing how many i.p's it picks up.

NutJob

Change to WPA


Change ur ssid to anything except the default
Use a strong wpa password
If ur lucky enough to have wpa2 hardware use wpa 2.

APPS:

[php]
-Wireshark will probably only work properly under linux i gave up on windows around xp sp1 so i cant say it will work for xp.


-http://www.remote-exploit.org/
(will give you a choice of wireshark,etherape,driftnet,tcpdump....... but you will have to do some tweaking to get traffic on wired port if ur wireless adaptor is not supported)

-Also can actually be done from a vmware session wit a supported usb wifi dongle.
http://radajo.blogspot.com/2007/01/auditing-wireless-networks-from-windows.html

-Also there's this which was posted here and i never checked it out
http://home.comcast.net/~jay.deboer/airsnare/
[/php]


Check ur router logs for dhcp requests from unknown mac addresses (they may have been lazy and this will confirm other people are accessing ur network)


Wep is like shooting fish in a barrel at this stage.



EDIT: Dont rely on Mac addresses as there easily changed on both windows and linux

Urban Weigl

WPA has also been cracked, and whatever you do, don't use WEP. Might as well leave it open.

Use WPA2 if at all possible.

limklad

Urban Weigl wrote:

WPA has also been cracked, and whatever you do, don't use WEP. Might as well leave it open.

Use WPA2 if at all possible.

As far As I know people uses weak passwords with WPA and WPA2 (i.i sex, love or derek etc or even combined them with numbers ie sexfor1 etc) and they have been crack by dictionary attacks.
Not all wireless routers in this country giving out by the BB providers can be upgraded to WPA2 so many people are screwed.

unless you know of another method of breaking WPA or WPA2.

I still recommend mixing up special characters (i.i %$£"!~@)( ) with numbers and breakup words with Upper case and lower case.
ie Bore2dEATH%with_NO$ or an jumble like this SDd*8$^werf@sdf
One guy used the following password with his wireless router: lOSE€wiTH_EIRCOMbb and he was an eircom user :eek:

Again the best method of all is to power down when not in use.;)

aidan_walsh

Say what you like about Steve Gibson, he has a pretty good password generator.

NutJob

Urban Weigl wrote:

WPA has also been cracked, and whatever you do, don't use WEP. Might as well leave it open.

Use WPA2 if at all possible.

WPA has not been cracked (where cracked means an algorithm weakness).
Unlike wep which was fundamentally broken.
WPA is actually a very well implemented algorithm which makes it infeasible to brute force.

WPA gains a hell of alot of its strength by using the SSID as a seed for the password. Be warned though there are rainbow tables out there for commonly used SSIDs e.g. Linksys..... See http://www.renderlab.net/projects/WPA-tables/

The crazy Gibson password generator would make brute forcing(even without changing the seed) a waste of time.

So in summary WPA + Decent pass-phrase + SSID change. Will keep even a determined from breaking brute forcing there way onto your network.


For those who do have WPA2 support on all your equipment use wpa2 but its highly unlikely you do.

eddhorse

Eh are you sure WPA hasnt been cracked?
Maybe that was WPA-Pre shared key.

WEP = Useless, can be cracked with Linux/Kismet/Aircrack/Aireplay (packet injection) bout 5-10 mins.

Id agree with the turning off the router option.
Otherwise WPA is a must.