How can I tell if my system compromised?

Yesterday, I thought I would go into my D-Link's menu and check my
settings but I was not able to do so. My password would no longer
work.
I had to reboot the wireless router a couple of times to have it
default to it's factory settings.

I had an OPEN system but I specifically allowed two MAC addresses only
to access the router.

Is it possible for someone to intercept of "sniff-out" the MAC address
and clone it as one of my own? Since my logs are no longer there
after rebooting, I am wondering how would I know if my system has been
compromised?

On Thu, 23 Dec 2004 03:21:25 GMT, "Sam" <(E-Mail Removed)> wrote:
>Is it possible for someone to intercept of "sniff-out" the MAC address
>and clone it as one of my own?

Yes, absolutely; they could passively intercept the traffic on your
network, pick one of the MAC addresses in it, and write it their
network interface. As a guy who's more familiar with the wired world,
I'm realizing that wireless MAC filtering isn't the show stopper I
expected it to be.

Getting back to the subject of the post, if you're back to the factory
defaults then your router isn't compromised, but the systems behind it
may still be. Logs are the name of the game: hopefully your personal
firewall logs, system logs, etc. will provide some answers.

"Jean" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)
: Logs are the name of the game: hopefully your personal
: firewall logs, system logs, etc. will provide some answers.

Thanks for the info. What should I look for in my logs? I am using
Zonealarm and in my area where I use my laptop and desktop there is only
one highspeed ISP. I would not know how to differentiate the ISP
pinging me and an intruder since the intruder would have a similar IP
address as myself or my ISP.

After you reset your router your mac addresses were reset too.
If someone figured out your router password use a more difficult one.
Use 128 but wep encription with a long passphrase.


"Sam" <(E-Mail Removed)> wrote in message
news:VQqyd.7907$uj2.7282@clgrps12...
> Yesterday, I thought I would go into my D-Link's menu and check my
> settings but I was not able to do so. My password would no longer
> work.
> I had to reboot the wireless router a couple of times to have it
> default to it's factory settings.
>
> I had an OPEN system but I specifically allowed two MAC addresses only
> to access the router.
>
> Is it possible for someone to intercept of "sniff-out" the MAC address
> and clone it as one of my own? Since my logs are no longer there
> after rebooting, I am wondering how would I know if my system has been
> compromised?
>
>

Always make an attempt to secure your wireless network. MAC address
filtering alone is insufficient being that MAC addresses can be
spoofed. If you enable encryption with a long nonsense passphrase,
then you really wouldn't need MAC filtering enabled. Example of
nonsense passphrase:

'QD3$fj/057rdTyZP>>?/gG107392alcytBQPZ'
(QD3$fj/057rdTyZP!@>>?/107392alcytBQPZ)-qsh55601<;ST&^999HhTeFDS+

If you use WEP encryption, change the passphrase once a week. It is
recommended that you use WPA-PSK (TKIP or AES) if available. Most home
users don't have a radius server to authenticate with, therefore WPA
(radius) is out of the question.


--
doug Jamal
brought to you by http://www.wifi-forum.com/

By the way, check your router's log. Depending on how detailed you
router's log is, it might show the IP address of each computer wh
logged onto your network, the websites they visited and the times a
well as break-in attempts, etc. Don't expect decent logs from al
routers / APs. An old Netgear router maintained an excellent log, bu
my Belkin and Dlink does not. If an alleged hacker did break into you
APs menu, he or she would likely be smart enough to clear your log

--
doug Jama
brought to you by http://www.wifi-forum.com

Ok, I need help on this one. Where would I insert a passphrase?
Also, I WAS reluctant to use WEP or other security measures for a
couple of reasons:

1. internet speed slows down
2. Dlink-524 firmware is buggy and only works reliably under an
unencrypted OPEN system firmware 1.03. The updated firmware from July
still is poor and drops the connection every 30 minutes or so. DLink
has been a bunch of lazy SOB's and they haven't provided an update
even though they are aware of the problem.

"doug Jamal" <doug.Jamal.1hpzpm@WiFi-Forum_dot_com> wrote in message
news:doug.Jamal.1hpzpm@WiFi-Forum_dot_com...
:
: Always make an attempt to secure your wireless network. MAC address
: filtering alone is insufficient being that MAC addresses can be
: spoofed. If you enable encryption with a long nonsense passphrase,
: then you really wouldn't need MAC filtering enabled. Example of
: nonsense passphrase:
:
: 'QD3$fj/057rdTyZP>>?/gG107392alcytBQPZ'
: (QD3$fj/057rdTyZP!@>>?/107392alcytBQPZ)-qsh55601<;ST&^999HhTeFDS+
:
: If you use WEP encryption, change the passphrase once a week. It is
: recommended that you use WPA-PSK (TKIP or AES) if available. Most
home
: users don't have a radius server to authenticate with, therefore WPA
: (radius) is out of the question.

On Fri, 24 Dec 2004 01:31:37 GMT, "Sam" <(E-Mail Removed)> wrote:
>2. Dlink-524 firmware is buggy and only works reliably under an
>unencrypted OPEN system firmware 1.03. The updated firmware from July
>still is poor and drops the connection every 30 minutes or so. DLink
>has been a bunch of lazy SOB's and they haven't provided an update
>even though they are aware of the problem.

They know there's a problem with the WEP implementation in V. 1.05 of
the DI-524 firmware? Or just that there are lots of problems with it?
I ask because that's what I have - DI-524 V. 1.05 - and the major
issue I'm having is with MAC filtering; the shared 128 bit WEP key
seems to be working fine (with no noticeable reduction in speed, FYI).

"Jean" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
:
: They know there's a problem with the WEP implementation in V. 1.05 of
: the DI-524 firmware? Or just that there are lots of problems with it?
: I ask because that's what I have - DI-524 V. 1.05 - and the major
: issue I'm having is with MAC filtering; the shared 128 bit WEP key
: seems to be working fine (with no noticeable reduction in speed, FYI).

The tech told me they "know there are issues with the 1.05 firmware and
they have no ETA on the new revision". I had to flash back to 1.03
because connections are being dropped every 30 minutes or so. There is
a lot of info available that shows this problem and the fix was go to
back to 1.03.

As far as speed tests go, there has been a lot of [separate] issues
with our ISP and speed tests show a considerable drop in speed using
encryption, which Dlink tech support confirmed. I was told that one can
expect a 10-30% drop in speed! The other day, I set up the WEP 64 bit
encryption and I had difficulty in loading pages. The connection would
just pause. I also have broadband. It's very frustrating.

Hey, Jean. I started to use the 64 bit WEP and the connection goes up
and down like a hooker's panty (using 1.03).

"Jean" <(E-Mail Removed)> wrote in message :
: They know there's a problem with the WEP implementation in V. 1.05 of
: the DI-524 firmware? Or just that there are lots of problems with it?
: I ask because that's what I have - DI-524 V. 1.05 - and the major
: issue I'm having is with MAC filtering; the shared 128 bit WEP key
: seems to be working fine (with no noticeable reduction in speed, FYI).