Wifi leeching
Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Wifi leeching

  1. #1
    Member
    Join Date
    Feb 2005
    Posts
    56

    Wifi leeching

    Lets say for a moment that you live in an appt. complex and are running a wifi network. I know there are alot of security issues about wireless, but im going to be using it soon enough. How hard would it be for someine else in my complex to leech my bandwidth (jump on my network) from next door possibly?

    I've done what reading I can and plan to use NetStumbler to see if anyone else is using it around me that I can tell. But just to easy my paranoid mind, what would one do to protect and leech bandwidth from a neighbors wireless network? The only real information I can find is wifi sniffers...

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    If the wifi is not protected then it can happen with virtually no effort. In one respect this is an intentional feature of wifi............for example you can go down to my local railway station and hook up to a wifi link for free............these (intentional) free nodes are all over the place, and reflect the freedom and mobility that wifi provides.

    Wifi routers come with security features that are either off or on default settings....just follow the instructions to activate/change them and you should be OK.

  3. #3
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    let me give you a run down of basic precausions you will want to take.

    Step 1) Change the default username and password on the router. There is no point in any other security if the thing that controls the security can be accessed by anyone.

    Step 2) turn on WEP or WPA if your router supports it and use a strong key (think of the keys as a assword to your network and create your key with that mindset)

    Step 3) use static IP addresses if possible, and Limit the IPs that can be released. On my network I have 3 computer so only 3 IP addresses can be assigned.

    Step 4) If possible turn on MAC filtering.

    Step 5) Stop broadcasting SSID. This is debateable and many will argue it auses more problems then its worth, but in my opinion it is a good step in hiding your self. its a method of security through obscurity which I persoannly am a big fan of as long as it is used with other layersof security.

    Step 6) keep your router firmware up to date, and keep your computers patched.

    follow the above and you should be pretty good to go.

    for a little added security if you are really worried, do things like use multiple WEP keys if your router supports it, and alternate the WEP keys. Let the guy that is cracking deal with cracking the wep every few days.. Also run a constant capture with ethereal and if you notice alot of traffc and know its not you, than you either have a fun virus (which is damn good to know about anyway) or somone if using your network. Check the router on occassion to see if anyone has gotten an IP assigned to them that shouldnt have. Turn ont he logs for the router (most cheap ones have this feature off by default). And practice good monitoring of traffic and of logs. These will really lock you down tight. good luck.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  4. #4
    Member
    Join Date
    Feb 2005
    Posts
    56
    Thanks for the info, that seems like it should just about take care of every security risk for wifi that I can think of.

    Im going to school to become a sysadmin, so im trying to brush up on everything I already know and anything else I don't that I might run into. Time to learn a new catagory, thx.

  5. #5
    Junior Member
    Join Date
    Apr 2005
    Posts
    1

    Re: Wifi leeching

    Originally posted here by CyberGlyph
    I've done what reading I can and plan to use NetStumbler to see if anyone else is using it around me that I can tell. But just to easy my paranoid mind, what would one do to protect and leech bandwidth from a neighbors wireless network? The only real information I can find is wifi sniffers...
    Ok, so how the hell does NetStumbler help you out here?

    All netstumbler does is broadcasts 802.11 requests, seeing if anybody responds (access points, wifi cards in ad-hoc mode, etc), that's all. It won't tell you who's connected to a network, it won't tell you if someone else is looking for a network ... and it's quite noisy...

    Your best bet would be to turn on wep/wpa (wpa prefered). Wep is easy to crack, it's only a matter of time... BUT when someone (especially the netstumber people) see a network using encryption, they usually just keep looking. If it's going over the air unencrypted, i can sit there with any ol sniffer (kismet, ethereal, etc) and see anything going over the air... plaintext == especially easy

    And as for leeching bandwidth .... the above should be fine, if you want to be extra careful, you can do any of the following...

    *Turn off your routers dhcp server
    *Turn on MAC filtering
    *Swap your antenna's for something only powerful enough for what you need + directional can be your friend....

    Anyways, good luck on the whole sysadmin thing... and ummm ... unless you absolutely need it, keep your wireless seperate from your wired .... invest in a decent router (WRT54G ... ) .... and above all, have fun.

  6. #6
    Simplest answer: it is as hard for them as you make it for yourself Atleast use strong wep/wpa....then use authentication @ the router/switch level...I would deny all access(a true IP.....i.e. give them a 192.168 number just to get to the authenticate, then give them a 10.01 number once they have authenticated.....and have the firewall deny all 192.168 #s......even if they crack your wep/wpa keys, they will still need to authenticate to your firewall/router/switch before they can even browse da intarnet.....Setting static won't help you much as the person could forge their mac into yours.....and if they know your mac, then most likely they know your IP.

  7. #7
    Junior Member
    Join Date
    Mar 2005
    Posts
    25
    you can also set up your router to only have a number of IP address for the amount of computers you have. That way if they do manage to get on and all your computers are on they would have to spoof an IP which isn't impossible or all that difficult but its an extra step your making them take.

  8. #8
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    First off lock down your netwokr like I said previously. if you still are concerned run ethereal or any other other free packet sniffing program and look fro traffic that does not belong to your computers.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Ahem....

    This is a wireless network in an apartment block not a high security government facility.

    Learn about MAC filtering and you will be fine.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #10
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    To chime in here a bit late... I would go with what XTC46 has already mentioned.
    It is even possible to add an additional layer of authentication (UID/PWD) using a RADIUS server.

    http://www.freeradius.org/

    I was just browsing this solution at borders the other night in linuxjournal
    http://www.linuxjournal.com/article/8017
    (require subscritption... but it is free if you stand at the magazine rack at your local book store... like I do)

    One thing I don't go with is the disabling of the SSID. If someone wants to find it out... it is pretty simple. Maybe the AP won't be broadcasting, but using something like Kismet, you can watch the clients looking for the available APs.

    I was sitting there in the library the other day around some people who also had laptops out. There were no available APs there. However, kismet showed several of the laptops around me looking for their "preferred" APs.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •