|
-
February 28th, 2005, 11:13 PM
#1
Senior Member
my wireless has an intruder
i run a belkin wireless router, my pc is hardwired and the one upstairs is connected with a wireless usb access thingy, ran netstumbler upstairs and had an intruder, i killed my home network and grabbing thier mac addy i blocked it in the router and enabled only my 2 mac addys thru the enable mac filtering function, yet the intruder was still present, i had to go to work but want it locked down when i get home, i need help
the only way to fix it is to flush it all away-tool 
-
February 28th, 2005, 11:14 PM
#2
Intruder? Netstumbler won't detect intruders, as it's ONLY function is finding other wireless access points just like yours. This means that most likely your neighbor or nearbye setup their own home wireless network and netstumbler detected it's presence.
To quote the net stumbler website:
etStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g.
This means it looks for other wireless routers, wireless servers, and general access points that are offering wireless network access. So get what I mean? It doesn't detect people or clients connecting to wireless, it detects the wireless "servers" so to speak.
http://www.netstumbler.com/faqs/general/
\"It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.\"
- Charles Darwin
-
February 28th, 2005, 11:17 PM
#3
Senior Member
umm their mac addy was in my system, i think, the profiles name was mike and had the same ssid(?) i did, so can you tell me how to be sure?
the only way to fix it is to flush it all away-tool
-
February 28th, 2005, 11:18 PM
#4
Senior Member
I Agree with Guardian Alpha. If you are still paranoid, just setup an encryption key. That in conjunction with MAC Filtering will keep you safe from "the girl next door". Now, the question is what will keep the girl next door safe from you now that you're aware that you're in range of her 2.4Ghz vibes........
There are many rewarding oppurtunities awaiting composure from like minds and great ideas. It in my objective to interconnect great things.
-
February 28th, 2005, 11:19 PM
#5
guardian is correct: you're probably seeing another AP with the same SSID (yours probably still has the default) - the MAC you're talking about is the MAC of that AP, not the MAC of "an intruder".
-
February 28th, 2005, 11:19 PM
#6
i think, the profiles name was mike and had the same ssid(?) i did, so can you tell me how to be sure?
As I said, net stumbler only shows you other wireless "servers", not people who are connecting to them. If you have a default SSID (like 'linksys") then chances are there will be thousands of other people around the world with that same default SSID, because that's how it came out of the box.
Is it an SSID you've made by hand? Even still, it isn't a client connecting to you, just a wireless point for others to connect to.
edit: fraggin has made an excellent point. Even though you don't have an intruder, it's always safer to turn on WAP or WEP encryption for your router, that way no one can log onto it without you specifically having them to put in the keyword.
This is the instructions for a Belkin 54g wireless router using WEP encryption, and it should be very close to how other versions of their routers preform:
http://www.belkin.com/support/kb/kb.asp?a=2806
If it's too different from your current wireless router model, look here for further information:
http://www.belkin.com/support/
\"It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.\"
- Charles Darwin
-
February 28th, 2005, 11:22 PM
#7
Senior Member
makes sense, thanks for the clarity, i panicked for a sec and had to run to work
the only way to fix it is to flush it all away-tool
-
March 1st, 2005, 12:30 AM
#8
For wireless, I'd recommend the following:
- Change the default SSID to something only those in your household/apartment know.
Change the default channel to something else.
Password protect remote administration if enabled otherwise disable it.
Definitely turn off broadcasting.
Definitely change the default password on the router.
We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.
-
March 1st, 2005, 12:40 AM
#9
If you are still paranoid, just setup an encryption key. That in conjunction with MAC Filtering will keep you safe from "the girl next door".
To expand on that a tad - Should you choose WPA-PSK as your encryption method, make sure you use a good passphrase (a nice mix of upper case/lower case, punctuation and symbols that's at least 20 characters long). That should do quite well). Also remember, if the "girl next door" just happens to be a tech savvy cracker, MAC filtering will only offer minimal help. For the common person, MAC filtering is a decent deterrent but don't rely on it.
This is the instructions for a Belkin 54g wireless router using WEP encryption, and it should be very close to how other versions of their routers preform:
I checked this link, and I'm assuming you meant WPA encryption, not WEP?
Is it an SSID you've made by hand? Even still, it isn't a client connecting to you, just a wireless point for others to connect to.
If he/she did indeed create a unique SSID (not default), is it possible this is a case of the "evil twin"? Pardon my ignorance on the matter as I'm still learning the whole "evil twin" concept.
The object of war is not to die for your country but to make the other bastard die for his - George Patton
-
March 1st, 2005, 12:08 PM
#10
Some suggestions
Evil twin is basically a bad guy’s honeypot AP with a stronger signal within your wireless area that mimic your legitimate AP. This may attract you or your users to log into the evil AP. With a convincing login prompt, you or your user could give away sensitive data like usernames and passwords.
That's why personally I don't recommend disabling SSID broadcast. Legitimate wireless clients will find a SSID-broadcasting APs easier and unknowingly get trapped in a honeypot. Also, disabling SSID broadcast won't prevent a sniffer getting the SSID, since the SSID is sent in the clear in the probe message when a client associates to an AP.
MAC filtering? Some pros and cons. MAC addresses are also transmitted in the clear text. In a dynamic environment, I won't try to configure APs for each and every trusted client.
If you really want to that route (MAC filtering), and you mean serious business, do also the following:
- Disable DHCP for wireless clients. If you have time to register all the valid MACs, you or your users should have time to set static IPs.
- Don't use the default subnet. Use funky subnet like 10.123.234.0 with mask 255.255.255.192 (it gives you the 10.123.234.1-62 range).
- Connect your AP to the rest of your network via a switch, not a hub. Disable port mirroring, unless you know what you're doing.
- Segregate your wireless segment and wired segment with a firewall. By nature, wlan is an untrusted or not-so-trusted network.
- Setup a proxy with user authentication to get to the Net.
Of course, always use the highest level of encryption available and use strong passphrases.
And even with all those I'm still paranoid. 
Peace always,
<jdenny>
Always listen to experts. They\'ll tell you what can\'t be done and why. Then go and do it. -- Robert Heinlein
I\'m basically a very lazy person who likes to get credit for things other people actually do. -- Linus Torvalds
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
