Hi all

So it seems there are few tech nuts here so is there software to do this?

I have a wireless/wired ADSL router I want a program that will create an alert when an additional computer ties to authenticate with the router or when an unknown IP/MAC address scans/tries to connect to the router.

does that make sence?
I have one hardwired and one wireless connection when a third computer tires to connect to the router it should alert me.

I have tried air defence : not too good doesn't really do what I want
I could use something like airsnare/airsnort but that would tie up my wireless connection on the latop. I want the alert software and the connection to work at the same time.

Oh and I don't really want to be connecting to my router every hour or two to look for new mac/ip addresses, (i know soo lazy).

Any suggestions?

Surely if you use a 48 bit encription code on the wireless set up there shouldn't be an issue. It would take a bit of expertise to break those.

Also don't let it broadcast the SSID and only let it allow known MAC addresses to connect.

Also don't let it broadcast the SSID and only let it allow known MAC addresses to connect.

This looks like the simplest best advice you'll get.... there are ways around this too - but if someone knows how - there is little likelyhood you will stop them anyway.

Don't simply rely on WEP encryption..... anyone that can drive google and has half an iterest should be able to crack WEP in minutes.

As Derek suggests, on top of encryption stop braodcasting the SSID and lock down what MAC address(es) the router will connect to. - also configure your router to log all connection attempts successful or not. Unless you are storing a backup for NASA.. you should be right:p

Mark

Unless you are storing a backup for NASA..

In which case run VMS & LATP :p


Seriously though, the SSID is the simplest thing to hide. Definitely don't rely on WEP as Mark said.

The best bet would be to use WPA rather than WEP encryption as it is stronger. If your devices support it utilise WPA2. In addition to this lock down the machines allowed to use the wireless network to their mac addresses of the wireless network card of the PC on the router. Lastly limit the number of IP addresses available on your internal network to the number of machines you have by changing the subnet. Normal subnet is 255.255.255.0 by changing the zero in the last Octet to another number you can limit the number of active IP addresses in your network. You can figure this out by going to the following website or one similar http://www.subnetmask.info/ others available by googling something along the line of IP calculators.

don't broad cast SSID
lock out all but listed MAC addresses

Yep already done
But if you haver ever used Net Stumber and a MAC address spoofer you will know this is about as much use security wise as a prado off road :D

And may I suggest to anyonne who has a WEP ONLY router to consider buying another or maybe getting a firmware update as WEP is secure for about hmmmm 4 mins.

I guess we could chat about wireless security all night, (well maybe not all night) but does anyone know of any wireless network monitoring software??

Thanks for the suggestions so far

don't broad cast SSID
lock out all but listed MAC addresses

Yep already done
But if you haver ever used Net Stumber and a MAC address spoofer you will know this is about as much use security wise as a prado off road :D

And may I suggest to anyonne who has a WEP ONLY router to consider buying another or maybe getting a firmware update as WEP is secure for about hmmmm 4 mins.

I guess we could chat about wireless security all night, (well maybe not all night) but does anyone know of any wireless network monitoring software??

Thanks for the suggestions so far

Hangover,

On a home network all those things listed above should be more than enough to secure it.... frankly if you are still worried about security after following all those things listed above - I'd shutdown the wireless - and run a cable!...

To give you more useful suggestions it would help if we knew what your current computer platform was - Windows? MAC?, some unix variant...

It might also help if we knew what the router was... for some of the routers on the market there are a lot of thirdparty firmwares that include a variety of tools that may be of use.

Are you wanting this for a home environment?.. or are we talking about protecting a commercial system?

maybe take a peak here... http://www.wi-fiplanet.com/tutorials/article.php/3395991 it might lead you to something that will help with what you are trying to do.


Might also try this: http://home.comcast.net/~jay.deboer/airsnare/index.html I haven't used it.. but looks like it might be interesting.


Cheers,
Mark

I reckon the best way to ensure wireless security is to go 802.11A.

Nobody uses it, and last time I looked none of the wireless hack stuff involved wireless A - a bit like linux or mac, isn't enough of it around to bother hacking.

And it does all the usual wireless security things.

From my experience most wireless 'hacking' is the hackee having not enough security switched on, or none, and the neighbour's wireless setup leeching on the connection automatically.

That is, unless you live next to a vengeful teenager or a university.

:D:D

Cheers
Simon

Please read if you have or are going to get wireless, says it all much better than I can:

http://blogs.techrepublic.com.com/Ou/?p=454

Don't simply rely on WEP encryption..... anyone that can drive google and has half an iterest should be able to crack WEP in minutes.

I haven't been able to. :(

Everything I've seen requires Linux or a Mac to crack WEP.

Can you point me to some sites tell me how? :)

Ron

I haven't been able to. :(

Everything I've seen requires Linux or a Mac to crack WEP.

Can you point me to some sites tell me how? :)

Ron

Why do you want to crack wep?

Cheers
Simon

Why do you want to crack wep?

Don't ask. :)

Actually more for the challenge than anything nefarious.

Ron

I haven't been able to. :(

Everything I've seen requires Linux or a Mac to crack WEP.

Can you point me to some sites tell me how? :)

Ron

you can do it under windoes ce , mobile 5 and xp etc etc

i listed a web site with a heap of this gear on it once before so it should be in the archives..

i dont have my little blackbook of links on me at the moment..

PPS airopeek comes to mind and it runs under windows... but my memory is crap...

Don't ask. :)

Actually more for the challenge than anything nefarious.

Ron

check out AirSnort & Netstumbler


But..........
I do remember someone once saying to me "If you don't know how, maybe you shouldn't be doing it" and "wireless is a two way street"

Maybe he was being condescending but it makes you think

Yeah, I can't get NetStumbler to work on my iPaq.

I also looked at Airsnort but it doesn't support my laptop wireless.

Ron

I agree totally with Bytemark. Ditch the wireless, and disable it in the router. And please change the admin password for your router as well. ZDnet, Cnet, etc all report far to many security problems with wireless networking. It may be all the buzz, but, if you are a home user, like myself, the depth of security you need to go to for wireless is no fun at all.
My system is wired from router to a network hub, then wired out to the system from there. My router also has port scan reporting, so it tells me if someone is trying to knock on my door. With the internal IP tables firewalling, and all incoming ports blocked, I am as secure as a home user can be, for the time being at least.

Shorty

hide the ssid and and use wpa and delete the bank of englands records from your pc... :P

if anyone does attempt to get to your wireless link it is only going to be so they can get some free bandwidth not read your latest sensational dairy entry..

and by the time you firewall all the ports you think they can grab you on you may as well not be on the internet..

paranoia is a marvellous thing.......

Who said I am paranoid? I am just cautious is all.:D

Shorty.

I have implemented some of the above, but the only thing which gives me piece of mind is VPN.

Anybody connecting to my network via wireless or wired gets its into a 'DMZ subnet'. From there nothing can be done. In order to access the actual network (which then includes the other machines and internet) the users need to VPN. As VPN established a secure protocol from the start (even before authenticating) cracking the authentication is nearly impossible.

hide the ssid and and use wpa and delete the bank of englands records from your pc... :P
paranoia is a marvellous thing.......

Just to expand on that Inc. i hope everyone clears the internet cache after any passworded internet transactions? - Bank, ebay, paypal etc etc etc
I have found this useful, efficient, easy to use and free, (best price of all).
CrapCleaner (http://www.aulro.com/afvb/www.CCleaner.com)


I have implemented some of the above, but the only thing which gives me piece of mind is VPN.
cracking the authentication is nearly impossible.

Sorry to scare you but ................... VPN (http://blogs.zdnet.com/Ou/index.php?p=21)

Paranoid me? No I'm just worried about everything :D
Personally I don't really care about bandwith theft I get about 20GB that I never use up, then it's throttled not billed.
I just want to make sure no one decides to kill my registry or some other equally nice trick.

======================
Thread hijack
I spoke to someone today about wireless, they assured me that an expert, (read as: local paper) came and set up the wireless network. "We can't connect to the neighbours internet anymore so our security must be very good." *** Ignorance is bliss. ***

Just to expand on that Inc. i hope everyone clears the internet cache after any passworded internet transactions? - Bank, ebay, paypal etc etc etc
I have found this useful, efficient, easy to use and free, (best price of all).
CrapCleaner (http://www.aulro.com/afvb/www.CCleaner.com)



Sorry to scare you but ................... VPN (http://blogs.zdnet.com/Ou/index.php?p=21)

Paranoid me? No I'm just worried about everything :D
Personally I don't really care about bandwith theft I get about 20GB that I never use up, then it's throttled not billed.
I just want to make sure no one decides to kill my registry or some other equally nice trick.

======================
Thread hijack
I spoke to someone today about wireless, they assured me that an expert, (read as: local paper) came and set up the wireless network. "We can't connect to the neighbours internet anymore so our security must be very good." *** Ignorance is bliss. ***

I am not scared ... if I read the article talks about people using weak passwords. Don't really care about that, as the passwords must be strong and there is as well a black list.

In addition ... even if you have the password ... how likely is it that you have the certificate?

I agree totally with Bytemark. Ditch the wireless, and disable it in the router. And please change the admin password for your router as well. ZDnet, Cnet, etc all report far to many security problems with wireless networking. It may be all the buzz, but, if you are a home user, like myself, the depth of security you need to go to for wireless is no fun at all.
My system is wired from router to a network hub, then wired out to the system from there. My router also has port scan reporting, so it tells me if someone is trying to knock on my door. With the internal IP tables firewalling, and all incoming ports blocked, I am as secure as a home user can be, for the time being at least.

Shorty


Hey Shorty I only say ditch the wireless IF you are so paranoid that hidden SSID, WPA and Mac filtering combined are not enough on your home system...:p:p

Mark

:p :p :p :p :p

All their bases are belong to ME!

At last, my plan to take over the world is......

Nah, not that paranoid. Just cautious is all. Don't want my plans for world domination to fall into government hands. They'll only botch it all up.

Shorty.:p

I have implemented some of the above, but the only thing which gives me piece of mind is VPN.

Anybody connecting to my network via wireless or wired gets its into a 'DMZ subnet'. From there nothing can be done. In order to access the actual network (which then includes the other machines and internet) the users need to VPN. As VPN established a secure protocol from the start (even before authenticating) cracking the authentication is nearly impossible.

Hey Dante...

Sounds like you are certainly making it harder for the average hacker... but depending on what hardware you are using and what sort of VPN tunnel... don't be so sure it's totally bulletproof....;)

Complacency … number one enemy of network security:p




Mark