I recently turned off the WEP protection on my home wireless network. Is there a simple way that I can monitor traffic to see if any neighbors are leeching off of my connection? Does it require additional software or is Windows XP (Home edition) already equiped to show/log traffic? Thanks, Ken
Most WAP's have logging built in. Assuming you are using a Router/WAP, or have a separate router, you can monitor whether or not another IP has been issued by the DHCP server, or whether there is traffic from another IP in the subnet that you aren't using yourself.
Better yet, setup DHCP so that it doesn't issue any more IP's than you are using. Depending on the model, you should also be able to setup MAC filtering on the WAP, so that only specific NICS can connect to it.
None of this is 100% secure. A MAC address can be spoofed and people can get a connection if they know what they are doing. WEP isn't 100% secure either, but you have to judge the likelihood of there being someone nearby who has the inclination to get in.
Personally I'd turn WEP back on or, if it is an option at all, dump that WAP and get one that offers WPA/TKIP protection. I live in a large apartment complex and there are 3 WAP's I can get a connection to without leaving my desk. Taking my notebook system out on the balcony puts me in range of 4 other WAPs that are completely unprotected.
Without WEP your traffic is easily readable. Putting aside the idea of someone leaching your connection, not using WEP allows them to monitor
*your* connection and there is no way you can detect that. At least not until you find all your passwords have been stolen.
Thanks for your response. I guess turning WEP back on is an option.
I turned if off simply to see if my WIFI connections would be more reliable. I have 4 computers running on my home network and sometimes one will just disconnect and it takes me hours to get it back online. (the IP address will show up as 0.0.0.0 and when I use the repair connection option, it will disconnect and then reconnect and keep "acquiring new IP address" for ever.) I had seen a posting by someone with a similar problem who said that he had the same problem until he turned off his WEP. I thought I'd give it a shot.
I hadn't thought of the possibility of others monitoring my connection. I guess that could be dangerous if they can see me access my banking info etc. Thanks, Ken
Maybe, you mean WRT54G. If so, then you can use Wallwatcher to track traffic to/from the LAN by machines as to what remote IP(s) are being contacted and what LAN IP(s)/machines are doing it. This will be done for you in real time and if someone has hacked your network, you should be able to see the activity. You'll have to use one one of the 3rd party firmwares that works with the 54G and Wallwatcher that being mentioned in the link.
You should enable WEP again.
One thing you might want to do in your wireless security is disable the DHCP server on the router and only use static IP(s).
I leave my connection open. I live in a house and can hardly get connectivity on my porch, much less from out in the street or further. I fiure if anyone was connecting to my wireless I would SEE them out in the yard or the street :) LOL.
However, I am very curious as to how my traffic is "easily readable". I have 8 machines in the house. Please explain to me what I have to do using one of my machines as a client to "easily read" the activity of another.
Again, please explain how I can monitor a connection and see the data. I'm very curious as to how "easy" it really is.
As in all security, the target has to be worth the effort expended to penetrate it.
Using this packet sniffer, what is actually seen? IOW, if I edit a spreadsheet on my system and save the file, what of my actual data content is seen by the packet sniffer? Does the packet sniffer format the data or is it just a stream of hex or binary stuff?
It's a stream of TCP/IP packets, the same as an ethernet network, encased in the wireless protocol. Often they are just examined in a technical way to troubleshoot a network, but using the right tools they can be reassembled and viewed in real-time, as if the person were sitting at your system.
As for the spreadsheet example, if you are saving it to your local hard drive there will be no network traffic to capture. But if you saved, or copied, the spreadsheet to another system on your wireless LAN, it can be intercepted. Without encryption you might as well just broadcast it on national television. But even with encryption it can be intercepted.
I can't say WEP is nothing in terms of security but it takes a few minutes to be cracked today. WPA/802.11i is better but for being really better you need a RADIUS server that dispatchs the keys.
Now, of course, is it very interesting to crack your network ? Surely not ! Except if you are living near a crowdy place and your network is very useful to keep anonymousness. Beyond this case you've also the case of a neighbour's child that want to test his knowledges.
If you have a WRT54G, you have un Linux firmware inside and have then other Linux firmwares available on the market. Since its linux you have access to the tools that exist on this system (WellReiter, Ethereal, AirCrack, etc).
Can you kindly point me toward one of the right tools? I really would like to determine for myself just how "easy" it is for someone with the right tools to intercept data and read it. I have used sniffers and watched sniffers being used to troubleshoot network and traffic issues. But I have never been able to see any data that made any logical sense. Just technical sense.
P.S. (Okay, a long PS...) I've been the IT business for over 10 years. I often read and hear about potential "interception" of signals and data. But, to this day, I have never met even one person that could demonstrate it. Not even one of the multitude of Systems Engineers I associated with as peers, and then managed over the last 10 years, before I retired this last January. And guess what, I was in a business that specializes in this type of activity, at a much higher level than home users. And none of them could demonstrate it. Of course, they use tools not available to average citizens and not directly connected to the IT arena.
I also attended a week long seminar/workshop produced by Verisign Corporation entitled "Applied Hacking and Countermeasures". It was a great week on Fisherman's Warf in SF. But neither of the two instructors could demonstrate interception of signals and/or data within the classroom environment either. We spent most of the week learning how to hack into systems by obtaining a password list and/or via the SMTP interface (and FTP).
In all my experience, and training, I have never seen anything but academic ramblings about signal and data interception. Things like the physical superiority of fiber verses cable because fiber is so much harder to splice. Etcetera.
Bottom line, I personally am not convinced this is a real enough threat to spend time and money on UNLESS you are doing it for CYA reasons and you have data that is so important that it is a realistic target (i.e. larger corporations, govt agencies, etc).
Even on the news, all you ever hear of is computer crime via the "break in" method... someone "cracked" userID/password and or entered through a mis-configured firewall or something. But virtually NEVER do you hear of signal interception actually occurring.
I am a very practical person. I try to apply engineering practices to most everything I do. To include conducting a proper risk assessment before expending money and time to fix something that isn't broke. I have never been convinced that this whole wireless security issue is worth messing with except for organizations like I mentioned above.
How about the chaps that sat in the parking lot at Home Depot and used a home-built wireless antenna to get the signal that was being used between the registers.
How about the user next door to me that has a wireless router with no password, and a computer with no password, where I can sit in my driveway with my laptop and browse his files?
The signal is there, and you can always read/capture it, but it's knowing what to do with the data that makes the difference.
In the case of some streams, the typical home user is not going to be able to do anything with the data. In the case of some 'groups', the signal is understood and decoded into a live stream of usable data that can be viewed without either the sender/recvr knowing it.
for a list of programs. And do a search on wardriving as I suggested.
Note that you really have to get into deciphering network traffic, or use a program that supports reassembling the packets.
You wouldn't hear much about it because it is immensely difficult to prove. You'd have to catch a person in the act and triangulate the signal from their NIC - also impossible if all they are doing is monitoring the traffic
- that is you can tell they have a wireless NIC, but that doesn't give you probable cause to demand they tell you what they are doing.
With wired networks, intercepting traffic is pretty much reserved to either the IT department monitoring their own users, or corporate espionage. The latter being the reason many financial institutions and law firms opt for fiber.
Network vandalism and data theft is also greatly under-reported. Few businesses want to publicize an illegal entry when it could scare off their customers.
So you don't bother even using encryption on your wireless system? Well, chances are you'll never run into a problem. But if you use a wireless system, keep in mind never to transmit anything that you wouldn't want to be seen on the evening news.
As I menioned in another post, THIS type of protection has my complete attention. It is this type of "hacking" that occurs 99.9 percent of the time. Actual break-ins to systems. Well worthy of expending time and money on. I take all the precautions I can to prevent this sort of attack. Also automated web server attacks. Things like complex passwords, static IPs, network firewalls, web server security configs and OS hardening, etc.
Thank you for your input and your links. I did check out that site. Most of it, as many other sites, concentrates on various techniques to obtaining userID and passwords to hack INTO systems. As I mentioned earlier, I am very attuned to that kind of protection.