Between the hours of 10am and 4.50pm everyday I seem to have somebody trying to access my wireless network. It happens evey day, and my network log shows the same MAC address constantly all thru' the day - every second. I don't think they're accessing the network, because its secured(?) using WPA-PSK (somebody now tell me using WPA-PSK for security is like trying to hold water with a sieve), and I also have a MAC address filter which only allows (in theory) the IP camera and the wireless laptop to connect.
Is there anyway I can ever find who this MAC address belongs to?
It is if your passphrase is short and easy, otherwise it's good.
You'd need a wireless sniffer on a laptop or pda, a directional antenna, and your walking shoes.
Or, set up a honeypot "evil twin" access point with the same SSID as yours, leave it open to authentication then peek on the traffic going through to see if you can figure out who it might be based on usage patterns.
On Fri, 03 Nov 2006 17:57:10 GMT, "Bohica" wrote in :
WPA-PSK *with* a strong passphrase is very good. If you're concerned, change the passphrase. I suggest "dicewords" as a good way to generate strong passphrases that are still easy to use.
MAC address filtering is essentially pointless.
Probably not without skulking around. But I personally wouldn't worry.
They may not be trying to 'penetrate' your system at all It could be a neighbor's wireless equipped computer simply looking for a connection. With so many wireless capable computers and the increasing range of the protocols, I would expect your router to be overwhelmed with connection requests. I use my wireless router as an access point behind a wired router, and I leave the wireless powered down when I am not actually using the wireless capability.
On Fri, 03 Nov 2006 18:43:01 GMT, "Stuart Miller" wrote in :
Good point. Some of that can be avoided by setting a unique SSID. All too many people use the same default SSID, and once a computer has been trained to connect to (say) "linksys", it will try to connect to any "linksys" network it finds.
Yes. A passive wireless sniffer such as Kismet will show clients. I suggest a LiveCD such as:
formatting link
a supported card on a laptop.
You can also identify the manufacturer of the device from the MAC address.
formatting link
formatting link
could also do some crude direction finding with your access point using a reflector:
formatting link
However, don't assume that it's someone trying to break in. What's probably happening is that someone has a client radio (PDA or laptop) that is turned on all the time. I do this when I want to run updates in the middle of the night. If they turn off their own wireless access point, leaving the client radio turned on, the client will go searching for any available wireless access point. My PDA (xv6700) does this. If it can't connect to my home access point, it will continuously try to connect to everything else it can hear including saved SSID's that are literally miles away. I can't disable this "feature" in my PDA, but Windoze XP WZC has a checkbox for "connect to any available network" (or something like that). If you find the culprit, ask them to uncheck the box.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.