Detecting Wireless Users
Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Detecting Wireless Users

  1. #1
    Junior Member
    Join Date
    Nov 2002
    Posts
    21

    Detecting Wireless Users

    Hi, I have a wireless 1 computer "network" where I have wall--DesktopPC--WirelessRouter and then Laptop that I connect to wireless router. (My DesktopPC has 2 network cards)

    Is there an easy way to see if anyone else is connecting to my wireless network (aside from loging into the router and looking at mac addresses present)?

    Thanks,
    RMSe17

  2. #2
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    sure. download and start up ethereal. Watch the source IP addresses. the only ones you should see are your laptop IP, the desktop IP, the router IP, and of course the broadcast IP. anymore and you got your self a possible intruder. Somone else just posted about wireless a bit ago, take a look at my response there for some tips to protect your network
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  3. #3
    Member
    Join Date
    Feb 2005
    Posts
    56
    To make things easier, I found it very usefull:
    Somone else just posted about wireless a bit ago, take a look at my response there for some tips to protect your network
    let me give you a run down of basic precausions you will want to take.

    Step 1) Change the default username and password on the router. There is no point in any other security if the thing that controls the security can be accessed by anyone.

    Step 2) turn on WEP or WPA if your router supports it and use a strong key (think of the keys as a assword to your network and create your key with that mindset)

    Step 3) use static IP addresses if possible, and Limit the IPs that can be released. On my network I have 3 computer so only 3 IP addresses can be assigned.

    Step 4) If possible turn on MAC filtering.

    Step 5) Stop broadcasting SSID. This is debateable and many will argue it auses more problems then its worth, but in my opinion it is a good step in hiding your self. its a method of security through obscurity which I persoannly am a big fan of as long as it is used with other layersof security.

    Step 6) keep your router firmware up to date, and keep your computers patched.

    follow the above and you should be pretty good to go.

    for a little added security if you are really worried, do things like use multiple WEP keys if your router supports it, and alternate the WEP keys. Let the guy that is cracking deal with cracking the wep every few days.. Also run a constant capture with ethereal and if you notice alot of traffc and know its not you, than you either have a fun virus (which is damn good to know about anyway) or somone if using your network. Check the router on occassion to see if anyone has gotten an IP assigned to them that shouldnt have. Turn ont he logs for the router (most cheap ones have this feature off by default). And practice good monitoring of traffic and of logs. These will really lock you down tight. good luck.

  4. #4
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Originally posted here by CyberGlyph

    Step 5) Stop broadcasting SSID. This is debateable and many will argue it auses more problems then its worth, but in my opinion it is a good step in hiding your self. its a method of security through obscurity which I persoannly am a big fan of as long as it is used with other layersof security.
    [/B]
    All of the above look good except 5. Here are my reason:

    1. Some clients do seem to have issue with connecting to the WEP if you turn off SSID broadcasting.
    2. SSID broadcasting lets others near by know which channel you are on so they can set up their WAP to use a different one and you won’t interfere with each other.
    3. Kismet, or and war driving tool that can use RF Mon mode, can see the SSID anyway if there is much traffic at all. Cloaking the SSID may hide it from NetStumbler, but not Kismet.

  5. #5
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    The reason i say to not broadcast SSID is not to stop people who are actually looking to break into the network, but to stop people who just turn on their laptop from seeingit. I understand that it can cause problems, but I never had difficulty with it. thats why I said that its good to use with other layers of security as well. Alone it really isnt all that great, but it is one more layer to help.


    oh and cypher, thanks for copying my reply from the other thread to here.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  6. #6
    Member
    Join Date
    Dec 2001
    Posts
    84

    AirSnare

    AirSnare is a nice free program you can run to watch who is connected to your wireles router.
    You can confgure it to send a mesage to anyone that connects also.
    http://www.snapfiles.com/php/downloa...10066195&loc=1
    You can\'t squeeze cheese from a goat before it\'s hatched.............

  7. #7
    Member
    Join Date
    Feb 2005
    Posts
    56
    Now that I have enough programs to detect 'hotspots' and secure my network, but what about the other programs; what programs are people using to get on wireless networks like mine? Its always nice to know how to be on both sides of the fence if you know what I mean. I have done some searching around to see what I could find about wireless hacking, but my efforts have came up a little short. Any info here to point me to a good faq type of site would be great.

  8. #8
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    google wireless hacking,

    you will find a ton of stuff.

    A majority of the stuff out there is more sniffing out access points, like as as mentioned with kismet, and netstumbler. There are also a lot of wep breaking utiltiies such as airsnort, and even wpa comprimising utilities.

    Check out a distro like Auditor, or Knoppix STD and put it on a junk machine and play around with your network.
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  9. #9
    Junior Member
    Join Date
    Mar 2005
    Posts
    18
    You could look up AirSnort on Google...

  10. #10
    Junior Member
    Join Date
    Mar 2005
    Posts
    5
    If you just want to see if anyone else is on the network I suggest using any generic sniffer and watching for MAC addresses you don't recognize. You'll want to look for IP's you don't know as well since it's possible for two computers on a wireless net to have identical MAC's.

    If you want to secure your wireless net you'll have to go through more trouble than most people would like you to believe. Even using WEP won't help you much with some of the newer tools that've come out, such as weplab and aircrack.

    MAC address filtering sounds effective but it's defeatable just by listening to the network long enought to find a valid MAC and then changing your card's MAC to match. As long as the attacker has a different IP than the comp whose MAC they're using it'll work just fine. If the IP's are the same then neither computer will be able to talk to the network.

    My suggestions for securing your network are as follows:

    1) Set static IP's on all the computer that are supposed to be using it, then turn off the DHCP server on your router so it won't assign anyone addresses.

    2) Turn on MAC filtering, and set up your router to only allow the IP's your computers are using to connect to the internet. Some AP's will let you filter based on IP but not all.

    3) Turn on WEP so your data can't be sniffed. Use a good key based on a random word, and use at least a 128bit key.

    4) Don't bother with cloaking since it won't stop anyone who knows what they're doing.

    The above will only help you much if you're able to filter based on IP's as well as MAC's. If you follow those steps then even if someone does get on your network they won't be able to make any connections. Also, turning off DHCP and setting up your clients manually prevents some sniffing attacks based on DHCP spoofing.
    A witty saying proves nothing. - Voltaire

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides