How can I tell if someone is using my wireless net?

I recently moved to East Tennessee from the Mississippi Gulf Coast after
losing everything -- except the clothes we had on -- to Hurricane Katrina.
Insurance company paid off and we are replacing some of our stuff -- I have
replaced my desktop and laptop and am setting up home network.

I'm using a Motorola SBG900 modem with built-in access point. Desktop is
hardwired through Ethernet connection but the laptop connects through
wireless.

When I first fired up the SBG900 and my laptop, the laptop found six
wireless networks -- mine and five others that I assume belong to people in
my apartment complex. None of the five was secure so I tried connecting --
connected to every one of them. I figured I was doing something wrong by
stealing their service so I disconnected and left them alone.

But -- I secured mine with WEP (or maybe it was WAP, I don't recall).
Before I secured my network, I noticed the wireless light on the modem
blinking but I was not connected -- I suspect someone else was connected to
mine. With my network secured, I have not noticed the wireless light
blinking unless I am connected.

Now, here's my question: Is there any application out there to warn me that
someone has connected to my wireless network or that someone has cracked my
security key? I have situated the access point so I can't see the lights
without crawling under the table -- I'd like something that will run in the
background and give me a screen pop when my access point is connected.
Thanks.

My security key is garbled letters and numbers that I make up and change
every two weeks.

And I'm a real novice at this stuff -- I just put the CD in the tray and
follow the prompts.

Thanks

Why not set the MAC filters --- allow only certain MAC addresses to
access the network.

On Mon, 21 Nov 2005 18:45:02 -0500, "Joe S." <(E-Mail Removed)> wrote:

>Before I secured my network, I noticed the wireless light on the modem
>blinking but I was not connected -- I suspect someone else was connected to
>mine. With my network secured, I have not noticed the wireless light
>blinking unless I am connected.

It might be broadcasts or drive by Netstumbler users there were
flashing the lights.

>Now, here's my question: Is there any application out there to warn me that
>someone has connected to my wireless network or that someone has cracked my
>security key?

Yep. AirSnare.
http://home.comcast.net/~jay.deboer/airsnare/

--
Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
831.336.2558 voice
http://www.LearnByDestroying.com AE6KS
http://802.11junk.com Skype: JeffLiebermann
(E-Mail Removed) (E-Mail Removed)

On 21 Nov 2005 19:51:08 -0800, "John" <(E-Mail Removed)> wrote:

>Why not set the MAC filters --- allow only certain MAC addresses to
>access the network.

Because MAC addresses are incredibly easy to spoof. Just sniff the
traffic for a valid MAC address and tweak the attackers MAC address to
be the same.
http://www.klcconsulting.net/smac/
http://en.wikipedia.org/wiki/MAC_add..._MAC_addresses

--
Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
831.336.2558 voice
http://www.LearnByDestroying.com AE6KS
http://802.11junk.com Skype: JeffLiebermann
(E-Mail Removed) (E-Mail Removed)

If you do all the standard security stuff - you will stop 99% of casual
logon attempts.

Disable SSID
Use WPA security
Use MAC filtering
Change all default passwords
Disable DHCP
Use static IP addresses
Check your router logs for other pc's connected

If someone really wants to hack in using wireless sniffers, etc - they can.
You would have to use some additional security like client level
authentication, VPN, etc. ... which is probably overkill in your case.


"Joe S." <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I recently moved to East Tennessee from the Mississippi Gulf Coast after
>losing everything -- except the clothes we had on -- to Hurricane Katrina.
>Insurance company paid off and we are replacing some of our stuff -- I have
>replaced my desktop and laptop and am setting up home network.
>
> I'm using a Motorola SBG900 modem with built-in access point. Desktop is
> hardwired through Ethernet connection but the laptop connects through
> wireless.
>
> When I first fired up the SBG900 and my laptop, the laptop found six
> wireless networks -- mine and five others that I assume belong to people
> in my apartment complex. None of the five was secure so I tried
> connecting -- connected to every one of them. I figured I was doing
> something wrong by stealing their service so I disconnected and left them
> alone.
>
> But -- I secured mine with WEP (or maybe it was WAP, I don't recall).
> Before I secured my network, I noticed the wireless light on the modem
> blinking but I was not connected -- I suspect someone else was connected
> to mine. With my network secured, I have not noticed the wireless light
> blinking unless I am connected.
>
> Now, here's my question: Is there any application out there to warn me
> that someone has connected to my wireless network or that someone has
> cracked my security key? I have situated the access point so I can't see
> the lights without crawling under the table -- I'd like something that
> will run in the background and give me a screen pop when my access point
> is connected. Thanks.
>
> My security key is garbled letters and numbers that I make up and change
> every two weeks.
>
> And I'm a real novice at this stuff -- I just put the CD in the tray and
> follow the prompts.
>
> Thanks
>

> Disable SSID

Trivial to discover, just increases the chance of others nearby stamping
on your transmissions due to not knowing you were there.

> Use WPA security

Ok

> Use MAC filtering

Trivial to circumvent such that it's not worth using. If it's to stop
causal stumblers from connecting, then WPA will prevent that already.

> Disable DHCP

How is that a security measure? Pointless and can be easily
circumvented. See above.

> Use static IP addresses

Pointless unless you have also set up filters/rules to limit by IP
address. See above.

David.

riggor99999 wrote:

> If you do all the standard security stuff - you will stop 99% of casual
> logon attempts.
>
> Disable SSID
> Use WPA security
> Use MAC filtering
> Change all default passwords
> Disable DHCP
> Use static IP addresses
> Check your router logs for other pc's connected

Except that you'd stop the same number of attempts by only implementing WPA
and changing the passwords, the others are pointless. Disabling DHCP is
even extremely annoying. It simplifies things for me _and_ my legitimate
users.

--
derek

"Derek Broughton" <(E-Mail Removed)> wrote in message
news:17mb53-(E-Mail Removed)...
> riggor99999 wrote:
>
>> If you do all the standard security stuff - you will stop 99% of casual
>> logon attempts.
>>
>> Disable SSID
>> Use WPA security
>> Use MAC filtering
>> Change all default passwords
>> Disable DHCP
>> Use static IP addresses
>> Check your router logs for other pc's connected
>
> Except that you'd stop the same number of attempts by only implementing
> WPA
> and changing the passwords, the others are pointless. Disabling DHCP is
> even extremely annoying. It simplifies things for me _and_ my legitimate
> users.
>
We are talking about the one laptop in an apartment complex with many
wireless access points and clients. By changing the default tcp/ip address
scheme, by using static addresses, by using MAC address filtering, by using
WPA and by disabling SSID broadcast ... he stops 99% of the casual users
trying to access his network for free. This is much more of a comfort
thing - doing all you can...

> wireless access points and clients. By changing the default tcp/ip address
> scheme, by using static addresses, by using MAC address filtering, by using
> WPA and by disabling SSID broadcast ... he stops 99% of the casual users
> trying to access his network for free. This is much more of a comfort

No, the point is that by *just* enabling WPA (or WEP for that matter),
he will eliminate probably 100% of the casual users[1] and he'll have
security too!

[1] where casual user is defined as someone who just wants to go into
Windows to connect using the wizard.

You've missed the point because anyone with a sniffer will get around
MAC filtering, waste of time, and *if* they crack WPA will then see the
IP scheme in use anyway so going static has done nothing for security.

Then again, we're still waiting for details of this new super efficient
WPA crack...

David.

riggor99999 wrote:

> "Derek Broughton" <(E-Mail Removed)> wrote in message
> news:17mb53-(E-Mail Removed)...
>> riggor99999 wrote:
>>
>>> If you do all the standard security stuff - you will stop 99% of casual
>>> logon attempts.
>>>
>>> Disable SSID
>>> Use WPA security
>>> Use MAC filtering
>>> Change all default passwords
>>> Disable DHCP
>>> Use static IP addresses
>>> Check your router logs for other pc's connected
>>
>> Except that you'd stop the same number of attempts by only implementing
>> WPA
>> and changing the passwords, the others are pointless. Disabling DHCP is
>> even extremely annoying. It simplifies things for me _and_ my legitimate
>> users.
>>
> We are talking about the one laptop in an apartment complex with many
> wireless access points and clients. By changing the default tcp/ip
> address scheme, by using static addresses, by using MAC address filtering,
> by using WPA and by disabling SSID broadcast ... he stops 99% of the
> casual users
> trying to access his network for free. This is much more of a comfort
> thing - doing all you can...

It's pointless effort. _Even_ with a single user on your wireless network,
DHCP simplifies things. With DHCP it's just a matter of turning on your
computer. Without it, you need to be comfortable with changing your
network settings. Turning off DHCP will do _nothing_ to improve your
security. Giving people "security" instructions that they will later find
were nothing more than placebos will, in the long run, make them less
comfortable rather than more.

btw, you never even mentioned "changing the default tcp/ip address scheme"
in your original post. If you mean getting off the 192.168.0.x subnet that
most (if not all) routers default to, I agree it's a good idea. It's not,
though, a security issue, and can generally be handled by the router.
--
derek