Intruder in my wireless network? / intrusion detection programs


Hi!
Today I got the message that unknown computers are connected to the wireless
network on my firewall. Usually, it just shows other computers in our
household, since 2 or 3 PCs have internet connection on our network.
But today, it showed an entirely different IP adress, as if someone from
outside tried to log in to our network.
I searched for a better program to be able to detect and eliminate wifi
intruders, and found "air snare", but it doesn't start, says a file is not
properly registered. In the online help it says the computer on which you
install air snare should be directly connected to the router. This is not
the case, since our router (D-Link DI-624+) is directly connected to a Apple
Macintosh computer.
Could you maybe tell me where to find other WiFi intrusion detection
programs, and how to install and use them?
Thanks in advance,
Valok
Reply to
Valok
Loading thread data ...
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
I strongly recommend that you start by properly securing your wireless network, which should eliminate any intruders:
1. Turn on SSID broadcast. (Hiding it does no real good.)
2. Turn off any MAC address filtering. (It does no real good.)
3. Set a *unique* SSID in your wireless router or access point (e.g., "ValokNet").
4. Turn on WPA-PSK security. (WEP is too weak to be of much value. If your wireless gear can't handle WPA, seriously consider upgrading.)
5. Set a strong wireless pass-phrase, at least 20 characters worth of random words (e.g., "highway soothe location bard great furry" [but NOT this one]).
Reply to
John Navas
Just a heads up (may not apply in your case), but one of my new wireless computers (a tablet/notebook combo) sometimes shows as extra devices on the network (and uses a different workgroup name), but never when it's turned off. I'm guessing the pc and tablet part combo are doing something strange internally.
Reply to
Peter Pan
I am a little naive on password cracking algorithms so I figured I would ask this question. I have noticed many individuals and companies have started using passwords like "highway soothe location bard great furry". Is this type of password any less secure than say "jdieJKndk&ksjjs2$djJOEksl@" since the previous passwords has dictionary words?
tia
moncho
Reply to
moncho
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
Password/phrase strength is defined in terms of entropy, which can be calculated. The advantage of a passphrase of random real words is that it's easier for people to work with, reducing the chance of error and of people writing it down in an insecure way. The drawback is that it takes more characters to achieve the same level of entropy as a password of random characters. But if sufficient extra characters are used a passphrase of random real words can have just as much entropy (strength) as a password of random characters.
A good way to generate a strong passphrase is with "diceware words" -- see , and the Diceware FAQ :
How long should my passphrase be? ... In their February 1996 report, "Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security" a group of cryptography and computer security experts -- Matt Blaze, Whitfield Diffie, Ronald Rivest, Bruce Schneier, Tsutomo Shimomura, Eric Thompson, and Michael Weiner -- stated:
"To provide adequate protection against the most serious threats... keys used to protect data today should be at least 75 bits long. To protect information adequately for the next 20 years ... keys in newly-deployed systems should be at least 90 bits long."
A five-word Diceware passphrase has an entropy of at least 64.6 bits; six words have 77.5 bits, seven words 90.4 bits, eight words 103 bits, four words 51.6 bits. Inserting an extra letter at random adds about 10 bits of entropy. Here is a rough idea of how much protection various lengths provide, based on updated estimates by A.K. Lenstra (See
formatting link
. Needless to say, projections for the far future have the most uncertainty.
* Four words are breakable with a hundred or so PCs. * Five words are only breakable by an organization with a large budget. * Six words appear unbreakable for the near future, but may be within the range of large organizations by around 2014. * Seven words and longer are unbreakable with any known technology, but may be within the range of large organizations by around 2030. * Eight words should be completely secure through 2050.
Entropy of random passwords can be estimated from NIST guidelines (Special Publication 800-63, Electronic Authentication Guideline). For random passwords of all printable characters the entropy is about 6.6 bits per character. *
Thus 12 random characters from the entire printable set would be needed for 79.2 bits of entropy, roughly the same as six diceware words.*
A narrower range of characters decreases entropy bits per character, and would thus have to be longer for the same level of entropy. Non-randomness likewise decreases entropy bits per character.
Reply to
John Navas
This is greatly appreciated.
Thanks,
moncho
Reply to
moncho
I am and remain utterly amazed at how many people think James Bond (or M) are trying to break into their home networks. It is just mind numbing. I guess preaching fear has worked really well, the terrorists are coming, the commies are under your bed and the boogie man is behind that tree. Reality check: Even the simplest passphrase is more then enough to secure your home network. James Bond and the NSA ARE NOT trying to hack your network. In an office environment this might be different, but if you have that large a concern at the office, stick to a wired network.
Diceware phrases and the Beale list, give me a break and try to return to reality. The dog's name is more then enough for a passphrase for your home network. You can even be secure behind WEP encryption. NONE of your neighbors is installing Linux on his laptop so he can sit outside your house and break into your network and anyone who tells you otherwise is just plain nuts. It isn't happening and has never happened on a home network. John, you are the security 'expert' please provide a single documented instance of a home network being violated that was employing even the simplest of passphrases for either WEP or WPA. Come on I dare you. (not some it can be done crap, a case where it HAS been done in the real world and not the CS lab at Dumb Ass U.)
Never happened, all this stuff above is just so much fodder for the scare mongers. Concerned about your bank accounts, this data is sent using secure sockets, the security of your network is not your exposure.
Boo the boogie man is out to hack your internet connection... What a joke.
fundamentalism, fundamentally wrong.
Reply to
Rico
Hi!
wireless gear can't handle WPA, seriously consider upgrading.)
5. Set a strong wireless pass-phrase, at least 20 characters worth of random words (e.g., "highway soothe location bard great furry" [but NOT this one]).
Reply to
Valok
Hi!
>> Just a heads up (may not apply in your case), but one of my new wireless >> computers (a tablet/notebook combo) sometimes shows as extra devices on >> the network (and uses a different workgroup name), but never when it's >> turned off. I'm guessing the pc and tablet part combo are doing something >> strange internally.
Reply to
Valok
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
I strongly disagree. I've seen clear evidence of a number of dictionary and brute force attacks on home wireless networks, and have gotten reports of others. Software to do this is readily available. Perpetrators include bored/irresponsible teenagers, wardrivers, and the like.
As for government surveillance, there is a very real possibility of that happening, albeit at the ISP/carrier level, rather than at the home wireless network level. No matter how secure your home wireless network, your unencrypted email (for example) is exposed throughout its path.
Reply to
John Navas
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
Note that routers may show a device on the wireless network long after the device has disappeared. It may simply be that you had some other device on the wireless network in the past.
If you're concerned, change your pass phrase. It's a good idea to do that regularly in any event.
Reply to
John Navas
...
I really don't believe James Bond is trying to get into my network (and as John says, the NSA won't bother at that level). But I can't agree that "the simplest passphrase" is enough. Dictionary attacks are simplicity. WEP can be hacked automatically.
You _should_ have that concern in any office. Most countries now have privacy legislation that requires that you protect information on corporate systems. That shouldn't prevent use of wireless.
I'd at least modify the dog's name a bit - there's really no need to make it easy for the kid next door. (I've been known to use _dead_ dog's names!).
No, _your_ position is nuts. The odds of it happening are pretty small, but (a) your neighbors' kids are already installing Linux on their laptops and (b) your neighbors' kids are already hacking. I'm not concerned about people intentionally breaking into my network to steal anything - I'm concerned about bored teenagers (or at least, I would be if I didn't live so far off the beaten track that the only bored teenagers I see are on ATVs or drinking beer & smoking dope in dad's car).
But that's not relevant to the issue of wireless. Your unencrypted email is just as exposed if you use a wired network.
Reply to
Derek Broughton
As much as you might want someone to prove that it has happened, equally, prove that it has NEVER happened as you're claiming...
:)
David.
Reply to
David Taylor
And yet, not a single varifiable link. Software for this is NOT readily available, linux is installed on what 1%/2% of computers in the US, of that how many are laptops (exclude servers in the office acting as firewall/Apache machines, they won't be dragged into your neighborhood). I notice and remind again, you've heard/seen is hardly anything you can back up. No, I can't prove a negative, but you seem unable to back your assertion that it has happened to a secured home network (secure here being WEP with a password of say 'dog' or one of the kids names -three letters)
And no Beale list or Diceware list is going to prevent this type of ease dropping is it? Selling fear here aren't we, not a real threat that this discussion has anyuthing to do with, but hey its something to be scared of...
And is exposed through out its path with your WAP having a 1 Million character passphrase once it hits the ISP side of your internet connection. Again this has NOTHING to do with some silly dance over a passphrase to your WAP. No sign or evidence that the cat's name is not more then enough to secure your wireless connection. Unless of course ou are puching fear.
Say John, thought about running for office, politicians make careers out of pushing fear. The boogie man is out to get the home networker.
Not a single link, not a single documented instance. Not one.
fundamentalism, fundamentally wrong.
Reply to
Rico
The sun could explode also, what are you doing about that?
I'm confused here, where in the post you are responding to was there any mention of NOT securing the office lan?
And yet, you can't show wher ethis has ever happened can you. Using the dogs name or the word cat or even a single letter.
Back this up with a single documented instance of even minimal security being applied to a home network and it being hacked. Not asking for two, just a single one. The boogie man is not hidden behid the tree in your back yard.
And you think the dpoers are going to be breaking into home networks? Get serious, they are hard pressed to get the motivation to make it to school tomorrow.
Right
fundamentalism, fundamentally wrong.
Reply to
Rico
seems then all you can provide is a strongly held opinion, personally I'll listen to people who make their livings in security.
Reply to
prodigal1
Ok, as soon as you tell me how it would be possible to prove a negative.
fundamentalism, fundamentally wrong.
Reply to
Rico
No need to install linux, just use a bootable hacking CD.
There will never be a WEP key of "dog" or anything similar, WEP is either 64 or 128 bits of key material. Don't confuse the WEP key generators that take a passphrase, they don't make a secure WEP key as there's no such thing.
You *are* mistaken.
I couldn't find a single link to a power strip which has the logo BORL on it. It's one that takes multiple types of plug and I bought it in Kuwait. The irony is that on the back it says "Made in England" which is where I live. Now I know that I have this product, in fact I have two and not just me, there are plenty in the shops in the Middle East but seriously and I invite you to search too, I *cannot* find any reference to it either on the web or usenet so by your judgement it cannot exist. It does.
David.
Reply to
David Taylor
That's not for me to define. I'm just asking that you do! :)
Prove that there is not one single instance of a home WEP key being cracked by a neighbour.
David.
Reply to
David Taylor
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
You can either take my word for it, or pay attention to all the activity.
In fact such software *is* readily available -- for example, see * "Cracking WEP in 10 minutes" * Whax * WEPCrack * Airsnort * "How To Crack WEP" * "Cracking WEP" * "Cracking WEP Whitepapers and Tools" Lots more.
[shrug] Your loss, not mine.
Yet you're making strong claims. On what basis? Gut feel?
See citations above. "Where there's smoke..."
Nope. Just strong encryption.
Wireless cracking is a very real threat.
Unless encrypted.
Again, wireless cracking is a very real threat. With all due respect, to suggest otherwise is dangerously naive.
No thanks -- have much better things to do with my time.
Wrong. See above.
Reply to
John Navas

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.