Detecting intruders wirelessly...

Is there a program out in the great wide world that can detect when
people try to connect to my wireless network?

for example, if i had a neighbor (FOR EXAMPLE only) that was trying to
crack my WEP or just trying to simply connect to my wireless internet,
woudl a program be out there that would alert me?

thanks in advance, sorry if it is a dumb question...

Jazz Mann

(E-Mail Removed) wrote:
> Is there a program out in the great wide world that can detect when
> people try to connect to my wireless network?
>
> for example, if i had a neighbor (FOR EXAMPLE only) that was trying to
> crack my WEP or just trying to simply connect to my wireless internet,
> woudl a program be out there that would alert me?
>
> thanks in advance, sorry if it is a dumb question...
>
> Jazz Mann
>
Not too dumb. If they're just listening, you're totally out of luck. If
they try to connect, one possibility would be to regularly check the arp
tables on your LAN for any newcomers, although if they spoof existing
corresponding MAC and IP addresses, this would be missed.

Otherwise......??

--
Please use the corrected version of the address below for replies.
Replies to the header address will be junked, as will mail from
various domains listed at www.scottsonline.org.uk
Mike Scott Harlow Essex England.(unet -a-t- scottsonline.org.uk)

On 3 Oct 2005 11:03:51 -0700, (E-Mail Removed) wrote:

>Is there a program out in the great wide world that can detect when
>people try to connect to my wireless network?

Linux, MacIntosh, Unix, or Windoze?

>for example, if i had a neighbor (FOR EXAMPLE only) that was trying to
>crack my WEP or just trying to simply connect to my wireless internet,
>woudl a program be out there that would alert me?

It won't detect a WEP cracker. That's done by sniffing your wireless
traffic and recovering the WEP key from the captured traffic. Since
that does NOT require a connection to your system, you can't detect
it. However, if they succeed in cracking your WEP key, and connect to
your system, any of the wireless intrusion detection systems should
work.

If Windoze see:
http://home.comcast.net/~jay.deboer/airsnare/

>thanks in advance, sorry if it is a dumb question...

There are no dumb questions. However, it would be nice to know what
hardware and software you have availiable to do this.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

thansk for the replies guys...
Windows mostly...
not looking to catch smart guys... mostly dumb kids who will just try
to connect... is there a "for dummies" way to detect possible
connectors?
jazz mann

Jeff Liebermann wrote:
> On 3 Oct 2005 11:03:51 -0700, (E-Mail Removed) wrote:
>
> >Is there a program out in the great wide world that can detect when
> >people try to connect to my wireless network?
>
> Linux, MacIntosh, Unix, or Windoze?
>
> >for example, if i had a neighbor (FOR EXAMPLE only) that was trying to
> >crack my WEP or just trying to simply connect to my wireless internet,
> >woudl a program be out there that would alert me?
>
> It won't detect a WEP cracker. That's done by sniffing your wireless
> traffic and recovering the WEP key from the captured traffic. Since
> that does NOT require a connection to your system, you can't detect
> it. However, if they succeed in cracking your WEP key, and connect to
> your system, any of the wireless intrusion detection systems should
> work.
>
> If Windoze see:
> http://home.comcast.net/~jay.deboer/airsnare/
>
> >thanks in advance, sorry if it is a dumb question...
>
> There are no dumb questions. However, it would be nice to know what
> hardware and software you have availiable to do this.
>
> --
> Jeff Liebermann (E-Mail Removed)
> 150 Felker St #D http://www.LearnByDestroying.com
> Santa Cruz CA 95060 http://802.11junk.com
> Skype: JeffLiebermann AE6KS 831-336-2558

I found this but I haven't tried it yet. It's free for private use. It
looks like what you want.

http://home.comcast.net/~jay.deboer/airsnare/index.html



On 3 Oct 2005 11:03:51 -0700, (E-Mail Removed) wrote:

>Is there a program out in the great wide world that can detect when
>people try to connect to my wireless network?
>
>for example, if i had a neighbor (FOR EXAMPLE only) that was trying to
>crack my WEP or just trying to simply connect to my wireless internet,
>woudl a program be out there that would alert me?
>
>thanks in advance, sorry if it is a dumb question...
>
>Jazz Mann

Opps...Jeff's post showed up late on my news server. Same program.
Looks interesting.

Bruce

Jeff Liebermann wrote:
....
> it. However, if they succeed in cracking your WEP key, and connect to
> your system, any of the wireless intrusion detection systems should
> work.

If they spoof both a MAC and corresponding IP address while the "real
owner" is disconnected, it'll be hard to detect an intrusion. Do you
know anything that will detect this particular situation?

--
Please use the corrected version of the address below for replies.
Replies to the header address will be junked, as will mail from
various domains listed at www.scottsonline.org.uk
Mike Scott Harlow Essex England.(unet -a-t- scottsonline.org.uk)

(E-Mail Removed) wrote:
> thansk for the replies guys...
> Windows mostly...
> not looking to catch smart guys... mostly dumb kids who will just try
> to connect... is there a "for dummies" way to detect possible
> connectors?

Check the arp tables every minute or two. Easy on u*x, but probably
possible on w*ws too. I have a job, running about every minute, that
pings all legitimate hosts on my small home LAN, and reads the arp table
to check whether any changes have been made. Not entirely bomb-proof,
but any casual spoofing of existing IPs will be found, and anyone
snooping on the monitoring machine will leave arp traces.

--
Please use the corrected version of the address below for replies.
Replies to the header address will be junked, as will mail from
various domains listed at www.scottsonline.org.uk
Mike Scott Harlow Essex England.(unet -a-t- scottsonline.org.uk)

> to check whether any changes have been made. Not entirely bomb-proof,
> but any casual spoofing of existing IPs will be found, and anyone
> snooping on the monitoring machine will leave arp traces.

Just out of curiosity, if there was something, what would you do next?

David Taylor wrote:
>>to check whether any changes have been made. Not entirely bomb-proof,
>>but any casual spoofing of existing IPs will be found, and anyone
>>snooping on the monitoring machine will leave arp traces.
>
>
> Just out of curiosity, if there was something, what would you do next?

1. Panic.

2. Panic.

3. Pull the wireless plug, turn off all potentially significantly
insecure (ie w*ws) machines, turn on a network monitor on my freebsd
gateway, and reenable the wireless; sit back and watch.

4. Change ssid and passphrase; try to move from wep to wpa (which, since
belkin don't seem to support it, might be problematic)

--
Please use the corrected version of the address below for replies.
Replies to the header address will be junked, as will mail from
various domains listed at www.scottsonline.org.uk
Mike Scott Harlow Essex England.(unet -a-t- scottsonline.org.uk)