On 3/28/2004 3:30 PM, David Gibbs wrote:

Paul Tuohy wrote:

It looks like someone is trying to piggy back my network. When I
check the DHCP Client table I see a client that isn't one of my home
PCs. I don't think it is a neighbour coming in on wirless. If I
delete it, it reappears in within the hour. It always has the same
MAC address. It doesn't look like a live connection - no reply when I
ping the IP address.


Just because the ping fails doesn't mean that it isn't a live connection. Anyone that pings my PC's local address will see the same results since I am running ZoneAlarm. It bit buckets any unrequested traffic so my PC doesn't exist on the network outside of things it explicitly joins like "My Network Places."

Things to do to prevent such occurrences ...

1. Enable WEP encryption (or whatever encryption your wireless equipment supports). This isn't fool proof, but it will prevent casual intrusion.

If you want to make it seriously hard you would have to get a separate router and AP plus put a VPN server between the AP and the rest of your network. Even with the WEP replacement WPA this is the recommended "Secure" environment since WPA is better but based on the same flawed encryption calculations. Sonicwall even has a combination Firewall/Router/AP/VPN server, but at about 5 to 7 times the cost it isn't for most personal use only networks.



2. Change your SSID and disable SSID broadcast. This will make it harder for people to connect.


Disabling SSID broadcast will make it harder for the "just literate enough to be deadly" to use but the WEP already has shut this type of interloper down. Otherwise disabling doesn't make the AP any more secure and I have seen several instances where it makes it harder for legitimate connections to get established. The reason it doesn't make it any more secure is that any wireless sniffer can still pick up the SSID from active connection traffic because that part of the header isn't encrypted.

3. Enable MAC address security ... it's a bit of a pain, but will prevent people from using your connection without permission.

Unless a wardriver clones the MAC from sniffing the active connections. Still better to make it harder for them.

4. Change your wep keys and ssid periodically. This will make it even harder for someone to intrude.

Just like any security where you change your password (WEP keys) so the intruder has to start over again. Also, make sure if you use Linksys' Passphrase that you enter something non-trivial and lengthy just like a password. If you don't use the Passphrase make sure you enter the keys in hex so that you can use the full set of bits and not just the ones that make up printable characters if you used ASCII keys.



david



One of the discussions in the wireless newsgroups proposed that it was perfectly alright to use a neighbor's AP and internet without their permission simply because the signal reached their house. Since it was *free* and they hadn't signed any "Terms of Service" with the neighbor's ISP they didn't feel that there was anything they couldn't use it for, including SPAM.

Roger Vicker, CCP

--
*** Vicker Programming and Service *** Have bits will byte *** www.vicker.com 
***
SLIDING DOWN THE RAZOR BLADES OF LIFE.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.