How can I tell if someone is using my wireless net?

Why not set the MAC filters --- allow only certain MAC addresses to access the network.

It might be broadcasts or drive by Netstumbler users there were flashing the lights.

Yep. AirSnare.

Because MAC addresses are incredibly easy to spoof. Just sniff the traffic for a valid MAC address and tweak the attackers MAC address to be the same.

If you do all the standard security stuff - you will stop 99% of casual logon attempts.

Disable SSID Use WPA security Use MAC filtering Change all default passwords Disable DHCP Use static IP addresses Check your router logs for other pc's connected

If someone really wants to hack in using wireless sniffers, etc - they can. You would have to use some additional security like client level authentication, VPN, etc. ... which is probably overkill in your case.

Except that you'd stop the same number of attempts by only implementing WPA and changing the passwords, the others are pointless. Disabling DHCP is even extremely annoying. It simplifies things for me _and_ my legitimate users.

We are talking about the one laptop in an apartment complex with many wireless access points and clients. By changing the default tcp/ip address scheme, by using static addresses, by using MAC address filtering, by using WPA and by disabling SSID broadcast ... he stops 99% of the casual users trying to access his network for free. This is much more of a comfort thing - doing all you can...

It's pointless effort. _Even_ with a single user on your wireless network, DHCP simplifies things. With DHCP it's just a matter of turning on your computer. Without it, you need to be comfortable with changing your network settings. Turning off DHCP will do _nothing_ to improve your security. Giving people "security" instructions that they will later find were nothing more than placebos will, in the long run, make them less comfortable rather than more.

btw, you never even mentioned "changing the default tcp/ip address scheme" in your original post. If you mean getting off the 192.168.0.x subnet that most (if not all) routers default to, I agree it's a good idea. It's not, though, a security issue, and can generally be handled by the router.

Trivial to discover, just increases the chance of others nearby stamping on your transmissions due to not knowing you were there.

Ok

Trivial to circumvent such that it's not worth using. If it's to stop causal stumblers from connecting, then WPA will prevent that already.

How is that a security measure? Pointless and can be easily circumvented. See above.

Pointless unless you have also set up filters/rules to limit by IP address. See above.

David.

No, the point is that by *just* enabling WPA (or WEP for that matter), he will eliminate probably 100% of the casual users[1] and he'll have security too!

[1] where casual user is defined as someone who just wants to go into Windows to connect using the wizard.

You've missed the point because anyone with a sniffer will get around MAC filtering, waste of time, and *if* they crack WPA will then see the IP scheme in use anyway so going static has done nothing for security.

Then again, we're still waiting for details of this new super efficient WPA crack...

David.

True. I guess I wasn't clear, setting the MAC filters in addition to the normal security, WEP, etc., should be sufficient. We're not talking about military level security here, it's his home wireless ...

True. I guess I wasn't clear, setting the MAC filters in addition to the normal security, WEP, etc., should be sufficient. We're not talking about military level security here, it's his home wireless ...

While I implent many of the trivially deafeated steps ,(They won't stop a determined hacker, but it's one more step they have to go through) probably the most important measure you can take is the implementation of WPA (WPA2 if possible) with a sufficiently random full length key. WPA crakers use a dictionary brute force approach, and this can be made computationally infeasable by impleneting sufficient randomness and key length. If you don't have the means to generate such a PSK, visit

Doc

Still have a hate on for GRC? I thought the tit-for-tat feud between you two was over ....

Really Bad Idea(tm) to use a passkey generator of dubious merit/heritage.

Instead, download and use Password Safe (free and open source), created by one of the real giants of cryptography and subjected to serious peer review.

I get a substantial number of calls from friends and paying customers dealing with a simple problem. They have a visiting customer or relative with a laptop (usually the college brat home for the holidaze). They want to connect to the wireless network. However, because someone created the obstacle course from hell to get into the wireless, they can't figure out what to change, what to do, or how to get the visitor online. I've lost count of how many times this has happened. Do that a few times and all the security falls apart.

Another problem is the visitor with a WEP only laptop. The home or office network uses WPA, but very few support both WEP and WPA simultaneously. So, the network gets downgraded to WEP to accommodate the visitors. If they run into the ASCII to HEX WEP key conversion problem, they may turn off encryption completely.

So, setup the wireless obstacle course. I'll be interested to know how long it lasts in its maximum security configuration.

[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

MAC filters are pointless.

[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

No hate. I just know Steve Gibson for who and what he is.

Frankly, I'd trust Gibson ...

before...

Sorry, but most of us wouldn't really have a clue who is and isn't a real giant of cryptography. I certainly don't know who Bruce Schneier is (not that that means anything). Steve Gibson probably _isn't_ such a giant but he's got a pretty good track record of keeping computer systems safe (He does love to blow his own horn, but he hasn't steered me wrong yet).

How do you tell that a program available from Sourceforge has a better "merit/heritage"? Anybody can start a Sourceforge project. Interestingly, many of the Sourceforge links appear to be broken - as if nobody is actively maintaining it now that it's been released as open source.

But the MAC address is the first and easiest thing to both sniff and change. Easier than WEP, there's nothing to "decode" just sniff, view and set locally.

Done.

David.