Go Back   Wireless and Wifi Forums > News > Newsgroups > alt.internet.wireless
Register FAQ Forum Rules Members List Calendar Search Today's Posts Advertise Mark Forums Read

 
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 10-01-2006, 04:26 PM
noel.wester@webtribe.net
Guest
 
Posts: n/a
Default How to tell if your wi-fi connection has been compromised?

Hi,

I've been running a wireless network under WPA-Personal encryption for
about a year now.

I've just helped a (non pc-literate) friend install a secured wireless
network. She asked me "how do I know if this network gets hacked?"

And, do you know, I couldn't answer her! I assumed any decent
encryption would deter any casual war-drivers and the like so it's not
a question that I've ever considered.

So............how would you know? Presumably there's software out
there that'll flag up intrusion attempts?


Reply With Quote
  #2 (permalink)  
Old 10-01-2006, 04:44 PM
Duane Arnold
Guest
 
Posts: n/a
Default Re: How to tell if your wi-fi connection has been compromised?


<noel.wester@webtribe.net> wrote in message
news:1159719982.433738.154590@i42g2000cwa.googlegr oups.com...
> Hi,
>
> I've been running a wireless network under WPA-Personal encryption for
> about a year now.
>
> I've just helped a (non pc-literate) friend install a secured wireless
> network. She asked me "how do I know if this network gets hacked?"
>
> And, do you know, I couldn't answer her! I assumed any decent
> encryption would deter any casual war-drivers and the like so it's not
> a question that I've ever considered.
>
> So............how would you know? Presumably there's software out
> there that'll flag up intrusion attempts?


If the hacker was using a DHCP IP from the wireless router, then you would
see an IP issued to a MAC, which is an unique ID assigned to each NIC wire
or wireless that has connected to the router. You can compare the IP and
associated MAC's in the router's DHCP table screen to a MAC on the private
LAN by going to each machine on the private LAN and doing IPconfig /all can
compare MAC(s).

But a hacker can use a static IP on the router so that it doesn't show in
the router's DHCP table. If the router has a syslog feature, then you can
use something like Wallwatcher or other such software and you can see all
IP(s) DHCP or static and see what connections are being made.

http://www.sonic.net/wallwatcher/

These are just two ways. I am sure there are more on the wireless side of
the situation.

Duane :)




Reply With Quote
  #3 (permalink)  
Old 10-01-2006, 05:17 PM
richgrant@hotmail.com
Guest
 
Posts: n/a
Default Re: How to tell if your wi-fi connection has been compromised?

Wireless is pretty un-secure in that way, there are no obvious ways to
tell, especially with high-street routers.

Like mentioned before there are a few traces that can be found but
unless you know what you are looking for they are pretty useless.

I suppose protecting your wireless network securely and correctly in
the first place is the only answer to this.


Richard Grant
_________________
http://richeh.homeip.net/forum


Duane Arnold wrote:
> <noel.wester@webtribe.net> wrote in message
> news:1159719982.433738.154590@i42g2000cwa.googlegr oups.com...
> > Hi,
> >
> > I've been running a wireless network under WPA-Personal encryption for
> > about a year now.
> >
> > I've just helped a (non pc-literate) friend install a secured wireless
> > network. She asked me "how do I know if this network gets hacked?"
> >
> > And, do you know, I couldn't answer her! I assumed any decent
> > encryption would deter any casual war-drivers and the like so it's not
> > a question that I've ever considered.
> >
> > So............how would you know? Presumably there's software out
> > there that'll flag up intrusion attempts?

>
> If the hacker was using a DHCP IP from the wireless router, then you would
> see an IP issued to a MAC, which is an unique ID assigned to each NIC wire
> or wireless that has connected to the router. You can compare the IP and
> associated MAC's in the router's DHCP table screen to a MAC on the private
> LAN by going to each machine on the private LAN and doing IPconfig /all can
> compare MAC(s).
>
> But a hacker can use a static IP on the router so that it doesn't show in
> the router's DHCP table. If the router has a syslog feature, then you can
> use something like Wallwatcher or other such software and you can see all
> IP(s) DHCP or static and see what connections are being made.
>
> http://www.sonic.net/wallwatcher/
>
> These are just two ways. I am sure there are more on the wireless side of
> the situation.
>
> Duane :)



Reply With Quote
  #4 (permalink)  
Old 10-01-2006, 05:44 PM
Jeff Liebermann
Guest
 
Posts: n/a
Default Re: How to tell if your wi-fi connection has been compromised?

noel.wester@webtribe.net hath wroth:

>She asked me "how do I know if this network gets hacked?"

(...)
>So............how would you know? Presumably there's software out
>there that'll flag up intrusion attempts?


Good question. It's exactly like someone breaking into your house
while you're away. You can tell by something is missing, something is
messed up, or something is added. If you had a burglar alarm, the
alarm might go off if someone broke in and did nothing (tourist). The
alarm can also go off because of door rattlers, critters, earthquakes,
etc.

The computer version is identical. There are programs that you can
run that will detect, block, notify, and log intrusion attempts. For
example:
http://home.comcast.net/~jay.deboer/airsnare/
I use Log Viewer
http://svs.sv.funpic.de/
which works on a limited set of routers and gives considerably more
info than just intrusion attempts. Also a wide variety of SNMP based
systems.

These are the burglar alarms that will indicate that something unusual
or unexpected is happening or has happened. The problem is that they
generate considerable output and require some vigilance on the part of
the user. Knowing what an attack looks like and what thing look like
normally, are also helpful.

Something missing is often easy to miss. More likely, the files that
are missing were copied and not removed. For example, some attacker
copying the registry files and cracking the passwords at their leisure
is difficult to detect. Same with copying personal documents. If you
leave important documents on your machine, at least encrypt them so
they don't get stolen.

More commonly, something gets added or replaced on your machine.
That's the virus, worm, trojan horse, key logger, spam reflector, or
similar evil software. For example, an installed key logger will
build a file of all you keystrokes, and send it off to the evil
hacker. If there are any passwords or credit card numbers in there,
it can be extracted. In most cases, such malware can be detected by a
virus scanner and a spyware scanner. The problem with these is that
they often detect the addition or replacement file AFTER they have
been installed. By then, it may be too late. Some of these can be
detected by the network traffic they generate, but that requires more
monitoring.

When I clean a machine from malware, the most common question is
"where did it come from". Quite often, the question revolves around
wireless security, which is rarely the culprit. I have yet to see
much in the way of direct wireless attacks by hackers installing
malware. Unfortunately, I've seen the exception. Customer goes to a
hotel and decides to save dollars by using an open access point
instead of the pricey hotel system. The open system had a script
running that detected connections, looked for open shares, and filled
his machine with executables that were full of malware. This is not
exactly your situation, but should be considered. If you're worried
about someone breaking into your wireless system, one also should
worry about them breaking into the computers on the LAN.

In most cases, the break in doesn't even touch the computers on the
LAN. The attacker doesn't want to destroy your system. They want to
use your broadband internet connection to surf the net for free. The
politics and legalities get thick at this point. Policy can be
anything from wide open permissive to draconian security measures. You
decide for yourself. There are systems designed to make it easy:
http://www.fon.com
My attitude is that I don't mind people using my internet connection
as long as I know who they are and how to contact them. Of course,
abuse, spamming, excessive traffic, file sharing, ****, etc are
discouraged.

The various software packages are useful for detecting such wireless
tourists. You can also see them appear in the router logs and
sometimes in the DHCP table. However, these again require log reading
and vigilance. Most commonly, an unwanted user is detected by the
traffic they generate. I get calls asking if it's normal for the
wireless light on the router to be flashing all the time and for the
connection to be slower than a snail. This is usually an obvious clue
that someone is using the wireless. Just watching the lights is a
helpful clue, but not a guaranteed burglar alarm. It's also subject
to false alarms, such as when various software packages decide to do
their updates.

In general, WPA with a sufficiently long and complex encryption key,
is sufficient security. The real weakness with such a shared key is
that users can "leak" the encryption key. I went to party once and
noticed that the WPA key was scribbled on a piece of paper near the
router. During the party, I declared that I could crack the
encryption in a few minutes. I did some hand waving, some magical
incantations, and I was instantly on their wireless network. I was
hailed as a great hacker. Then I told them that I already knew the
encryption key in advance and how I found it. If you leave the key in
plain sight, expect to be hacked by your friends.


--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Reply With Quote
  #5 (permalink)  
Old 10-01-2006, 06:13 PM
Axel Hammerschmidt
Guest
 
Posts: n/a
Default Re: How to tell if your wi-fi connection has been compromised?

<noel.wester@webtribe.net> wrote:

> Hi,
>
> I've been running a wireless network under WPA-Personal encryption for
> about a year now.
>
> I've just helped a (non pc-literate) friend install a secured wireless
> network. She asked me "how do I know if this network gets hacked?"
>
> And, do you know, I couldn't answer her! I assumed any decent
> encryption would deter any casual war-drivers and the like so it's not
> a question that I've ever considered.
>
> So............how would you know? Presumably there's software out
> there that'll flag up intrusion attempts?


Yes indeed. It's called a firewall.

Reply With Quote
  #6 (permalink)  
Old 10-03-2006, 11:06 PM
JPElectron
Guest
 
Posts: n/a
Default Re: How to tell if your wi-fi connection has been compromised?


- Run www.dnsredirector.com
- Make a rule in the firewall to deny UDP port 53 outbound from ANY
machine except the computer running DNS Redirector
- Change the DHCP scope of the LAN to hand out the IP of the computer
running DNS Redirector as the default DNS server
- Set Logging=Full in the dnsredir.ini file, look for any IPs that
aren't your and see where they are surfing to.


noel.wester@webtribe.net wrote:
> Hi,
>
> I've been running a wireless network under WPA-Personal encryption for
> about a year now.
>
> I've just helped a (non pc-literate) friend install a secured wireless
> network. She asked me "how do I know if this network gets hacked?"
>
> And, do you know, I couldn't answer her! I assumed any decent
> encryption would deter any casual war-drivers and the like so it's not
> a question that I've ever considered.
>
> So............how would you know? Presumably there's software out
> there that'll flag up intrusion attempts?



Reply With Quote
Reply


« Linking NICs on Laptop | secure access point from rest of network »
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
The Repeater, Access Point, Laptop Triangle of Death (Please Help) TheKingsCrown Network Troubleshooting 11 09-01-2010 09:59 AM
sharing connection with laptop jon@jonriley.freeserve.co.uk alt.internet.wireless 4 02-23-2007 02:53 PM
Weird: internet connection drops LAN stays up. Kees alt.internet.wireless 4 09-03-2006 09:00 AM
Wireless connection goes stale eric.goforth@gmail.com alt.internet.wireless 1 10-16-2005 10:51 PM
Why do I need a software firewall? om.newsgroup@gmail.com comp.security.misc 60 10-15-2005 01:10 AM


All times are GMT. The time now is 11:42 AM.



Powered by vBulletin® Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0 PL2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45