Please help me out here, a bit of a dilema. I am going over my monthly download/upload limit here.. I have no clue how. I don’t do much, no movies nothing. I believe someone is accessing my wifi… even though I have set a key. I just changed it from WEP to WPA will see how this affects..
I have a D-Link DIR-655 router it’s the latest. What are other ways to secure this network? Also, is there a tool that will let me monitor my network traffic (basically all the traffic that goes through the router)?
Tell me about it man!!
same problem here, I think the wep key thingy make it unaccessible for out siders .
I wish I could use good old fashion cable. Secure like rock.
Tell me about it man!!
same problem here, I think the wep key thingy make it unaccessible for out siders .
I wish I could use good old fashion cable. Secure like rock.
It should right? Now I just read that WPA is more secure than WEP so I changed it and made my key way long... will see what happens today since I will keep an eye on the usage.
I love cable connection too man but gotta share stuff in this world and I just can't live without my laptop.
Yeah I use laptop too.
My landlord ask me to make a wireless key for our network too.
We also have same issue with our usage.
But I am not sure how much work its going to be.
Well it is quite easy to break these keys. You can find tons of software for that. A better option would be to register u'r Physical Address of your hardware in your router and only allow those specific Mac addresses.
Keep on changing the administrative password of your router.
Also check online which encryption is better and update your router firmware and your computer with it.
Turn on u'r router Log and keep on checking that who is logging in to your router and how traffic is behaving.
Turn off any port forwarding for now, untill you solve this issue.
Well it is quite easy to break these keys. You can find tons of software for that. A better option would be to register u'r Physical Address of your hardware in your router and only allow those specific Mac addresses.
More explanation on this would be appreciates. Thanks.
Well it is quite easy to break these keys. You can find tons of software for that. A better option would be to register u'r Physical Address of your hardware in your router and only allow those specific Mac addresses.
Keep on changing the administrative password of your router.
Also check online which encryption is better and update your router firmware and your computer with it.
Turn on u'r router Log and keep on checking that who is logging in to your router and how traffic is behaving.
Turn off any port forwarding for now, untill you solve this issue.
Thanks NM.
I always liked MAC based security better. I will rather do that.
All attacks on WPA rely on brute forcing. Manually computing hashes on attackers PC. Choose a good password because that is all you can do other than taking physical security measures.
I don't agree with risc on this but if you are using a linux machine, the MAC address can be cloned BUT for that to happen, you need to know which MAC address you want to clone.
Try this:
WEP key, 128 bit at least
OR use the WPA / WPA2 WITH RADIUS server
MAC Filtering
Hide your SSID
Good long key phrase
Change default subnet/ip information to something that only you know, like:
192.168.201.x network or something, something thats different than what these routers come with.
I know tcp packet can me modified. But I don't think there is such a hacker in my neighbors.
And yes if router can sniff packets for mac address, than any one can.
I have cracked 128bit keys in 2-3 minutes myself. With the Fragmentation crack it is now even quicker. No more than a day even if your are unlucky where weak IV's are concerned
Try this:
OR use the WPA / WPA2 WITH RADIUS server
Now that is a very good idea.
Try this:
MAC Filtering
Linux as you suggested, but any other OS too including Windows
Try this:
Hide your SSID
Does NOT work. See 802.11 probe packet
Try this:
Good long key phrase
Horay, another good idea.
Try this:
Change default subnet/ip information to something that only you know, like:
192.168.201.x network or something, something thats different than what these routers come with.
That would achieve what? if you do the above you should also suggest disabling DHCP server. Worth the extra hassle? I certainly dont think so. Offers no protection anyway.
I have cracked 128bit keys in 2-3 minutes myself. With the Fragmentation crack it is now even quicker. No more than a day even if your are unlucky where weak IV's are concerned
Now that is a very good idea.
Linux as you suggested, but any other OS too including Windows
Does NOT work. See 802.11 probe packet
Horay, another good idea.
That would achieve what? if you do the above you should also suggest disabling DHCP server. Worth the extra hassle? I certainly dont think so. Offers no protection anyway.
I rather go with layered approach to protecting something which has more holes than swiss cheese. You will need to try combination of methods to secure wireless network. As far as DHCP is concerned, I am all for static IP addresses but in a large network that approach may not be feasible from logistics point of view. And since its a home user, these methods should be enough to keep anybody busy but outside the network.
If I have my private ip address some random ip like
78.34.21.23 and its static. How could some one use my network then.
How would the guess it? wont they have to scan like a million possible address before they know whats my private ip is ??
I rather go with layered approach to protecting something which has more holes than swiss cheese. You will need to try combination of methods to secure wireless network. As far as DHCP is concerned, I am all for static IP addresses but in a large network that approach may not be feasible from logistics point of view. And since its a home user, these methods should be enough to keep anybody busy but outside the network.
HOw you clone MAC addresses in windows?
End of the day your are proposing a INSECURE wireless connection. No matter what you do any traffic from a layer 2 perspective will be captured and available in plain text.
Surely using something like WPA/WPA2 with PSK would be easier for the end user than proposing end to end tunnels using technologies such as VPN (IPSec) or SSH tunnels.
All for static IP's BUT I cant be bothered configuring every idiots devices who requests to use my wifi network. Will this protect an insecure network you proposed? **** no look at any 802.11 frame for destination/source physical and IP addresses.
Windows MAC can be easily changed. Look in your registry. Some drivers support this natively through device manager.
Edit: How does your previous post make for a secure network? makes totally no sense to me.
Why would you go through IPSEC and SSH on your own LAN/WLAN... unless you are outside trying to get into your network from an external network...
Majority of the people who know/do sniff for layer 2 traffic don't waste their time in residential area... they rather target a bank or big company for greater access to information and resources.
Thats why big companies deploy other means of security such as AES, WPA2 with radius server and host of other solutions like cisco's WLAN controller, WCS, NAC for WLANS, WIDS/IPS and many other products from other companies.
But our firend cricky here can't afford these, he will have to work many many years to be able to buy one of these solutions, so what is he to do!
Why would you go through IPSEC and SSH on your own LAN/WLAN... unless you are outside trying to get into your network from an external network...
If using WEP you have to make use of end to end encryption. Otherwise anyone owns your traffic. IF an attacker would to crack your WEP key and view deciphered traffic in real time (possible) you need another layer of protection. In this case either on the TCP/IP layer directly or application layer. This would only protect your data not access to the network.
Majority of the people who know/do sniff for layer 2 traffic don't waste their time in residential area... they rather target a bank or big company for greater access to information and resources.
Probably. But not many banks would present badly protected 802.11 AP for the taking. You can not say well you only use your WiFi for home then you are not a target. In the UK if someone accessed a child porn site, through your internet connection woul would have some serious questions to answer in custody.
Thats why big companies deploy other means of security such as AES, WPA2 with radius server and host of other solutions like cisco's WLAN controller, WCS, NAC for WLANS, WIDS/IPS and many other products from other companies.
AES BTW is just a symmetric cipher. Not some expensive product, implemented on hardware level with all WPA2 devices and most of the newer WPA chips. Better protection than RC4. I never suggested making use of IPS or alike. Just how to keep a secure relatively secure connection without some of the myths suggested here. False security is as bad as nothing in many cases; removes vigilance.
But our firend cricky here can't afford these, he will have to work many many years to be able to buy one of these solutions, so what is he to do!
Neither can most other folk. What I suggested does not involve buying ANY new equipment. In fact I stayed away from suggesting WPA2 or WPA AES in the remote chance some of his devices will only support RC4 based ciphers (WEP).
If you are connected to a network you computer can be hacked, end of story!
A few ways to keep networks protected:
a. no wifi
b. if you have wifi:
- Don't advertise SSID - just to keep the honest guy honest
- Static IP - so the new connections don't automatically get on ur subnet
- Use WPA with a long passphrase (8-10+ alphanumeric, impossible to crack with brute-force)
- Mac filtering (not the best, but with above an additional measure)
- Use one of those aluminum parabolas that directs the wifi signal in the right direction (you'd be surprised how controlled the signal is)
- Use multi-layered approach, e.g. VPN in and then only let people access your network