PDA

View Full Version : People on my network and how to get rid of them.



Altema
11-17-04, 09:17 PM
When i look at my routers page i saw 3 new computers that may have been using my network. I wanted to know if i can do something to boot them. I changed my network's name, channel, and added WEP to it. Is that sufficient enough to say that they have been booted from my connection?

Also, its kinda hard to believe anyone is using my connection because of the range limitations of my router.

Also, isnt there a command in the dos prompt that will list computers on a network? I think i remembered doing something like that in school.

Thank you.

YeOldeStonecat
11-18-04, 07:06 AM
WEP should do it.

Wanna lock it down some more? Introduce MAC filtering...enter the MAC of each and every computer on your LAN, then enable the filtering. That will shut down everyone else.

Wanna lock it down some more? Disable SSID broadcasting, of course you changed it from the default already, right?

Wanna lock it down even more? Disable DHCP, change the default IP address of your router to something else..meaning, instead of 192.168.0.XXX, set it to 192.168.9.XXX, then manually assign IPs to all your workstations.

Most routers will show you an active DHCP leases on their web admin page somewhere. Now granted something with a slight clue would avoid being seen here by doing a manual IP address when they hop on after finding out your DNS settings.....

So something to find anyone else on your network quickly? Just get an IP scanner that will sniff you entire subnet, such as "Angry IP Scanner".

Altema
11-18-04, 03:00 PM
Thank you so much YeOldeStonecat.

imskid
07-26-05, 06:12 PM
Its possible your router could be picking up stray signals or interference from other wireless equipment, it does not seem feasible for one of your neighbors to steal your bandwidth, but I guess some people would do it just because its there.. whenever I use my laptop in the “field” it is always indicating another network or adapter is in range.

seezar
08-14-05, 12:18 AM
Wanna lock it down some more? Introduce MAC filtering...enter the MAC of each and every computer on your LAN, then enable the filtering. That will shut down everyone else.

Wanna lock it down some more? Disable SSID broadcasting, of course you changed it from the default already, right?

Wanna lock it down even more? Disable DHCP, change the default IP address of your router to something else..meaning, instead of 192.168.0.XXX, set it to 192.168.9.XXX, then manually assign IPs to all your workstations.


Disabling SSID, MAC filtering and disabling DHCP will offer no security. Reason being is that the SSID and MAC address are sent over wireless unencrypted and can easily be sniffed. Your subnet can be found just as easily. Just download a Linux distro LiveCD like whoppix and run kismet and you will see this. Just because the SSID broadcast is disabled the network will still be seen, and once a computer associates with the access point the SSID is found as well as the MAC address and the subnet.

So while these will keep out the person who might pick up your connection accidentally, if you've at least enabled WEP (or better yet WPA) then you've already solved that problem. DHCP wasnt meant to be used for security so save yourself the hassle of statically assigning all your machines. But if you do, just understand that it doesnt offer you any further security.

YeOldeStonecat
08-14-05, 11:03 AM
Disabling SSID, MAC filtering and disabling DHCP will offer no security. Reason being is that the SSID and MAC address are sent over wireless unencrypted and can easily be sniffed. Your subnet can be found just as easily. Just download a Linux distro LiveCD like whoppix and run kismet and you will see this. Just because the SSID broadcast is disabled the network will still be seen, and once a computer associates with the access point the SSID is found as well as the MAC address and the subnet.

So while these will keep out the person who might pick up your connection accidentally, if you've at least enabled WEP (or better yet WPA) then you've already solved that problem. DHCP wasnt meant to be used for security so save yourself the hassle of statically assigning all your machines. But if you do, just understand that it doesnt offer you any further security.

It's a matter of helping slow things down. How much time do you wish to give someone to sit in their car outside your car and attempt to "grind in".

They all get broken into eventually. Even WEP doesn't take long anymore, and WPA and WPA2 are sure to have some tools out there to break through them in a short amount of time.

It sounded like a home network setup, so I wasn't going to propose something like Sonicwall TZW VPN wireless solutions for him or a Radius authentication server. Solutions to help him get rid of the "usual joe freeloaders" seemed to fit the bill here.

cyberskye
08-14-05, 01:41 PM
They all get broken into eventually. Even WEP doesn't take long anymore, and WPA and WPA2 are sure to have some tools out there to break through them in a short amount of time.


:nod:

WPA takes a little longer, but either can be cracked using freely available software. If you are worried about someone who knows how to sniff MAC/Subnet, you are pretty much out of luck. They'll get in if they want to.

I keep my AP in a physical DMZ and require IPSec to hit the LAN or internet. Overkill, for sure - I got bored one day :)

IMHO one of the biggest flaws in either WEP or WPA is the difficulty in updating keys - this means folks tend to leave the same WEP Key (passphrase) in place for too long. Frequent changes here are good - as with any password.

Skye

seezar
08-14-05, 02:11 PM
It sounded like a home network setup, so I wasn't going to propose something like Sonicwall TZW VPN wireless solutions for him or a Radius authentication server. Solutions to help him get rid of the "usual joe freeloaders" seemed to fit the bill here.

Agreed that a home network doesnt need to be locked down like fort knox, but my point was that obtaining a valid MAC, finding the SSID and IP and subnet are much easier to crack than even WEP so if someone already knows how to crack WEP they'll already get that info and if its somebody trying to get in that doesnt know what they are doing then WEP has already stopped them. So those things could offer someone a false sense of security.

also, for the time being WPA has only been cracked when someone uses a short key and it gets cracked based on a dictionary attack. Keep the WPA pre-shared key long and not based on dictionary words and you are pretty safe for the time being.

cyberskye
08-14-05, 02:22 PM
also, for the time being WPA has only been cracked when someone uses a short key and it gets cracked based on a dictionary attack. Keep the WPA pre-shared key long and not based on dictionary words and you are pretty safe for the time being.

http://www.ciscopress.com/articles/article.asp?p=369221&seqNum=1

Not quite.

seezar
08-14-05, 02:34 PM
http://www.ciscopress.com/articles/article.asp?p=369221&seqNum=1

Not quite.

Yes, but read part 2 of that article. For the moment the crack is still only based on a dictionary attack.

The very last paragraph of part 2 of the article states:

As we've learned, cracking the password is no simple matter. Due to the WPA design, an attacker must have an insider's understanding of how the packets are created and how their data is used to secure a WPA-PSK network (or a tool that does this for the attacker). Our example provided a test using a previously known password. To successfully crack a random network, an attacker must have a large dictionary file, a powerful computer, and a little luck in order to obtain the password. Fortunately, this isn't as easy as it sounds.


So yes, eventually WPA will most likely be as vulnerable as WEP but until that time comes its still pretty secure.

I currently use a 63 character, randomly generated key made up of alphanumeric and symbols for my PSK. Using that crack would take an awfully long time as well as a ton of processing power to find the key.