Wireless Jitters

[gawdknows]

All,
I hope this is the right area to vent this query of mine...if not, do advise where to go ..

I have a wireless LAN router with which I connect to my Home PC and Laptop and access the cable Internet connection . So far in my immediate neighbourhood no one else had a wireless router and thus no one was connected to my wireless system other than myself.

Recently, a new person has moved in , he has his wireless system too. This person gets to see my router from his home [he told me this himself]. [ He also told, every now and then when his system fails down, he connects via mine ] This made me a little jittery and Now my queries are as following:

1 what harm is to me if he can see my Wireless router ?

2 If he connects via my system, what disadvantage is this to me ? I pay a fixed ammount of 20 euros to the cable company for Internet, so should I really bother if someone else is also connecting. How is this a disadvantage to me ?

3 What else can he see , when connected to my system [ can he see the sites I surf, can he see my H.D, brrrrrrr ]

The reason I never had ˜security" on my system was firstly the obvious ¦there was no one with wireless connections on their PC before in the neighbourhood, thus no threat|secondly I can bring in 'any' PC from my work, put the USB wireless adapter /install the 'not-even-30 sec.' software and start to surf without going through security hasseles, and thirdly but very important¦I also contact my Company's Intranet pages from my home. I log in to remote machines[telnet sessions] to do my work from home. and I am afraid if I start to 'secure' my system, maybe I would never be able to connect to The Company..

If I know what exactly are the ˜pros" or ˜cons" of someone else using my wireless Router¦I can then take the next step¦and that's to secure my system or let it be open, depending if it's a "harmless" or "moderately harmful..but I can survive" or "fatal" issue.

I would appreciate in details, what this new ˜dodgy" neighbour of mine can see and do with my system.

Thanks in advance.

 

[bcastner]

The easiest thing to do would be to secure the wireless connection. This will have no effect on your access to your company intranet.

As to what is possible to do with a connection to your router, the sky is the limit.

Your router likely has a MAC filtering option. Place the MAC address of your existing wireless adapters into the table as permitted users. This means that unless he breaks in and steals one of your adapters he will no longer be able to connect to your router.

Changing the SSID to something unusual as a name, and using WEP would also be a good idea. But a MAC filter would deny him access to your router.

 

[gawdknows]

Great Stuff:-


Now I'm not so a Great MIS person so Let me confirm my understanding:

Firstly:-I should go for the MAC address of my existing wireless adapters, so in my case it's a USB wireless adapter and a LAN PCMCIA card. It -->'DOES NOT '<-- mean the IP addresses of the machines I make use of.

Secondly : - I was reading through the WEP part in the documentation, but I suppose Point 1 is better than this one.

Thirdly :-MAC would be the 'only' 12 digit number I would locate on the USB adapter and the LAN PCMCIA card.

Fourthly :- I understand that on my present machine[connected to my router , as I do every day] I will have to go for a URL:

http://192.168.1.1

, to access the router Menu[ this is what I pick up from the not-so-user-freindly router documentation] and from there I will have to navigate to the MAC filtering settings section, punch in the 2 MAC's I mentioned above , save and come out. and hope that all is fine the next time I go in....sorry but I need some consolation here.

Finally :[The obvious, but still a Guru confirm would help]
Say all the above's done and my router only recognises my USB ADAPTER aNd LAN PCMCIA card. If tomorrow I bring in a 'Brand new' machine, plug-in the USB from 'the working' one into the 'Brand new' one, I can use the 'brand new ' one too for connection [ofcourse software installed]. So basically I can use ONLY the 2 given MAC's on a zillion Windows machine. Am I correct ?

Thnaks in advance for any pointwise clarification.

 

[bcastner]

The MAC address is burned into the adapters you have. It does not change as the adapter is moved to different machines.

To see the MAC address, from a Dos or Command session type:

ipconfig /all

(or winipcfg /all)

The listing will show a 'Pysical address' and this is the MAC address of the device.

 

[Nate1749]

well first off let me just say that you have to decide the balance between security and conveinence. The more security you have, generally the more conveinence you lose.

First off though, don't assume that you two are the only ones running wireless networks, even if you are, don't assume that you don't have wardrivers in your area (people who drive around looking for wireless networks). Recently my friend and I did a survey to see what my subdivision looked like, we found 63 wireless networks (I was only expecting to find 1 or 2) in less than 5 minutes, only half of which had WEP enabled.

Anyways, with that in mind I would first suggest turning broadcasting off. Your router currently broadcasts the ssid of your network, which is how your neighbor picked up the signal. Now, the most popular wardriving program out there, called NetStumbler, can only pick up networks that are broadcasting. If you're not broadcasting, your neighbor & netstumbler's won't be able to see you.

Now that doesn't make you invisble, if someone knows your ssid then they can get on your network, but that's why changing it from the default (as mentioned above) is a good idea.

Additionally, your network always sends out what's called a beacon, that synchronizes your wirless devices with your router. Now, NetStumbler and windows do not identify beacons with wireless networks, so you're ok. However, there are some wireless sniffing programs in Linux that do pick up on beacons, but disabling broadcasting is probably your best bet.

Also, you might want to turn DHCP off, which is what is automatically assigning your neighbor an ip on your network. If you do this, you'd always want to change your default ip addresses. This however, would make you have to manually assign each computer on your network an ip; granted this only takes a minute, but yet another hassle. Also, if you kept your default subnet settings, all your neighbr would have to do is configure himself to one of them manully and he'd be right back on.

If your neighbor was fluent enough in the proper applications could he view what you're browsing (in real time), check sites you've been too, do other fradulent things; absolutely... but chances are he won't.... but that doesn't meant a wardriver won't. Someone could break into your house, steal senstive documents, even your computer, but knowing that doesn't make you lock all your doors and windows & hire an armed guard everytime you leave your home.... Decide the balance you want, but just realize that for all the creative ideas you come up with on how someone could possibly infringe on your privacy, that there is probably an application out there already dedicated to just that idea. It's a good practice to take some security steps, but if someone really really wanted to get into your network (or anyone's) they could; just like if someone really really wanted to break into a bank vault, they could.

If you do decide to implement some security, my theory is do it right. If you're going to do encryption, don't use WEP, download the auto-update's from microsoft and use WPA-TKIP, which is currently the most secure wireless security available. If you're going to turn DHCP off, change your subnet so they are not default numbers; and like mentioned above do MAC filtering. Good luck, hope this helps.

-Nate

 

[bcastner]

Nate1479,

Quote:

&quot;first off let me just say that you have to decide the balance between security and conveinence&quot;

If he has a MAC filter option on his wireless router, I do not see the trade-off. He brings a laptop home from work for the first time, connects the USB adapter, it is recognized and connects. This is the same adapter in each instance, and MAC filtering on the router has no issue.

Second, WPA-TKIP, among the WPA variants, is excellent stuff. But since he is using a USB adapter my guess is that this is all 802.11b, and WPA-TKIP is denied him on both the router and adapter side.

Finally, disabling broadcast for SSID is often recommended but easily the least secure method of securing a router. And likely the most common reason for issues in this, and other forums, for problems with connections with wireless adapters. Ignore any and all of the internet advice to disable broadcast for SSID. If you really depend on this as a security measure, please ask here for better advice as to how to secure your adapter and wireless router.

DHCP is something this client actually needs on the router, from his problem description. Yes, you could work around it with static IPs.

But MAC filtering is pretty absolute. Once he identifies the MAC addresses for his existing router as permissable addresses his neighbor is not an issue.

Can you beat MAC filters? Can you beat SSIDs? Can you beat WEP? Can you beat WPA? The only question in the end is &quot;Is it worthwhile to do so?&quot;

 

[Nate1749]

I think MAC filtering is great, I do it myself... What I meant was though that in order to do it, it's still an inconveinence; as is all security.

As for WPA, I'm not sure of his specific hardware, but I didn't want him to implement WEP and think that he is now secure. Although since he does not yet have WEP, it would be a good start =)

If he implemented any type of encryption that would also block his neighbor. Depending on how deep on security you want to go, in comparison spoofing a MAC address (which can easily be obtained if you're broadcasting) takes far less time than to break WEP.


&quot;Ignore any and all of the internet advice to disable broadcast for SSID. If you really depend on this as a security measure, please ask here for better advice as to how to secure your adapter and wireless router.&quot;

Wow, well I would have to severly disagree with that. Identifying your network only requires you typing in the ssid in windows, then you're set. I would consider typing in the name of the network, just as hard if not easier than typing in the mac address for filtering.


I would say if you just want to block your neighbor, any encryption or mac filtering would do great. If you want to be a little more secure there are more options in these posts listed above =)

-Nate

 

[bcastner]

Quote: &quot; Identifying your network only requires you typing in the ssid in windows, then you're set. I would consider typing in the name of the network, just as hard if not easier than typing in the mac address for filtering.&quot;

You never tried to change your MAC other than on the router as a &quot;clone.&quot;

Nothing is perfect, but SSID is honestly not viewed as a security measure but as a convenience for earlier wireless clients to identify single APs in a multiple setting. An example note from Micorosft: &quot;
All access points must broadcast their SSID to identify themselves to potential clients that are in the area. Disabling SSID broadcasts on an access point is not considered a valid method for securing a wireless network.&quot;
Source:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q811427

While MAC spoofing is possible, the difficulty for the hacker is that MACs do not route.

So, unless he broke into the house and stole an authenticated adapter, he could not discover a MAC address by &quot;net stumbling&quot; the router.

Bill

 

[gawdknows]

Dear bcastner and Nate1749

I will have to hand it over to you both., I was a novice till I read your corresponding articles ...amazing.

On my side, I have executed the MAC filters. I put down on the table the 2 MAC addresses (I only have 2 adapters). In order to check the theory, I deliberately kicked out my Home PC USB mac address from the table. I then came downstairs and started my Laptop [ this is still in the MAC table] and I could connect. Then I went up, booted my PC and wanted to connect [say to.. Google] and I could get 'NO' connection.
Then I went down and re-activated the Home PC MAC from the laptop[router Mgt,], came up to test again. My home PC connected to google in within seconds...
Thus prooving that :-only stuff mentioned in the MAC filters can access network connection.

From all the above and cummulative, the synopsis I learnt is that I shall stick to MAC filters for the time being. The other factors mentioned by Nate1749 are sure worth a good try and if I really was in charge of a commercial centre with Wireless systems, I would go through each and everyone of the above mentioned workarounds religiously.
But the one thing that really stood up and taught me a lesson was not anything technical, but a simple Morale lesson and that was not to 'assume', as I was doing all this time.

Thanks again to both of you....and to your knowledge on the subject...
My issue for the time being could be referred as a 'satisfied' close.

 

[gawdknows]

All this knowledge has now got me going
I want to turn the situation U-turn...hunted becomes the Hunter..

How do I see the neighbor's SSID ? Would it have to be a 'Netstumbler' ?...and how was he able to see my Router's name in the 1st Place...?

Curiosity killed the cat !

 

[Nate1749]

Oh no... I think I was misunderstood.... What I meant was that (refering to my quote above) if you disable broadcasting, you are forced to enter in the name of your SSID manually. I was stating that entering this name in manually, was as difficult as typing in a Mac address.
Meaning, both require just a little typing, not difficult...

Anyways, in response to your latest question gawd..
Windows XP looks for networks that are broadcasting, it's kind of like a plug and play network thing and it should be disabled by default (but it rarly is). If you're broadcasting, anyone can see you. The reason he may be seeing you and you not him is either because he is not broadcasting, or that he has a stronger card than you.

You may only be able to go to (just a guess) the end of your driveway and be on your network, but actually your network signal goes on much farther than that. Someone with line of sight and a very strong attena could pick up your wireless network up from over a mile (I've heard as far as 3) away. Additionally, this distance will only become farther over time as there more efforts are being put into attena's that can not only pick up and amplify weak signals, but accuratley re-construct them as well.


Turning off broadcasting is a good measure, I hate to disagree with anyone on message board, but really it is. It is ironic though that out of all the security references chosen, Microsoft was the one (no one gets directions from a blind man).

Here is CNET saying it's a good idea

http://att.cnet.com/internet/0-3762-8-20797609-6.html

and here is LinkSys, who is the number one manufactuor in home networking devices (recently purchased by Cisco) stating it as one of four measures you should take for basic security (mac filtering is of course one too =)

http://www.linksys.com/edu/page10.asp

Now I could see the argument on how you could say it's not actual security since you're not really doing anything, but it is still a very very good practice and will make you invisible to everyone but the elite few who are running a flavor of linux with a nice sniffer.

Also, one more piece of advice to you gawd.... Wireless networks run on a channel, however, the signal (because the channels are so close in frequency) can be picked up on the two closest channels in either direction. So if you are running your network on channel 6, it is using frequencies on channels 4, 5, 6, 7, and 8. If your network is on channel 1, then it will be using channels 1, 2, and 3.

Now why is knowing this useful. Well let's say (theorically) you wanted to have 3 wireless networks that were all independent of each other. In order to do that it would be best to put one on channel 1, the other on 6, and the last one on channel 11. Since your neighbor is kind of enough to tell you that he's running a network, chances are he may be on the same channel as you. This would cause additional interference on both of your networks, potentially slowing them down a bit. So, you may want to ask him what channel he's on so you can set yours up on a different one to minimize interference. Now you're in Europe, and they have different channel arrangements than the USA (which has 1-11), depending on which specific country you're in it can go up to 15 (I think). Additionally, this information is true of the 2.4Ghz range, I'm not sure about other (ie 5Ghz) ranges and how they function. Just figure I'd give you some more to think about. Pat yourself on the back, you've actually thought (and taken some) security measures, you're way ahead of the pack!

-Nate

 

[gawdknows]

Wow...there seems to be no end to this vast sea !

One quick point . You advised I stop my 'broadcasting' , and you wrote &quot;you are forced to enter in the name of your SSID manually&quot;

Question:- where/When does this happen then. What I mean is ...say next time I boot my PC, dub. click on the IE icon, would I get a message box to feed in the SSID name or what.....

Second question:- I was doing some homework myself [ Thx. to some Great teachers ] and I found that SSID should be 'unique' [32 char Identifier] for the network.
So I went to my Router Mgt. console and in the wizard I saw my 'ESSID' name [ hoping it's same as SSID ] = WLAN [ ...correct, that's what my neighbor gloatingly had pointed out to me ]

So If I change this ESSID to some other name [and 'check-on' the checkbox for 'stop broadcasting'], save the configuration. Next time logging in, would it be effecting my &quot;LAN PCMCIA &quot; and the &quot;USB adapter&quot; in any way......meaning do I have to reconfigure them again and maybe land up in yet another unending-problem .....or they should be left as they are right now as I write this mail [ all's working at this very moment , as you all know and with the MAC filters ,done yesterday ]..?

I assume both question 1 and 2 are related, [ I'll have to 'stop' broadcasting , and change my SSID name ] .A pointer here would make me finally bottle up this yawning gap I had left behind.

[**Rest's been done :-, I have changed the password for my Router Mgt. console yesterday and I am on MAC filtering]

Thx!

 

[gawdknows]

All , <specially Nate>

well I took the leap of faith and disabled the 'broadcasting'

I nearly cried the next time.....'I' the owner was royally kicked out !!.....

solution :&quot;reset&quot; the router-->start the config. right from scratch..whew !

My results:-Change the default SSID
Change the default password for wireless device
Enable MAC address filtering

but don't Disable the SSID broadcast option. I kept telling the router Mgt. Prog. to accept the new SSID name....and it Grandly kept giving me errors.

SUMMARY:-Zillion Thanks to the Likes of 'Nate' and 'bcastner'.
Take this mail thread as a 'starter's approach to WI-FI' and I hope all future potential 'wi-fi rookies' get an interaction with the likes of 'Nate' and 'bcastner' for their Excellent Mastery on this new but in-hype tech.

Over 'n' out
Long Live the Forum !

 

[Nate1749]

Glad to hear you've changed your router password and SSID.

The reason why you want to change your password is obvious. The reason you want to change your SSID is so that someone doesn't know what manufactor you have. The reason you don't want them to know is because if your ssid was say LinkSys... Chances are if you didn't change the default name of that then you may not have changed the default password (which for linksys is admin), or maybe you didn't change the default subnetting so they can just assign themselves an IP.

Changing the name of the SSID is a good practice, but it's not really doing anything other than showing that you know how to update a field. Additionally, if you are broadcasting your default (or non default) ssid, then they could also find the manufactur of the router by looking up it's MAC Address. The first part of the MAC address is assigned to a certain manufactur, so if your ssid was &quot;Bob's network,&quot; they could just look up the MAC address and find out that they you are running a Linksys piece of equipment.

This is why you should turn off broadcasting and change your ssid.....
Let's say that you turned off broadcasting, but kept the default SSID and still had DHCP enabled. This would mean that if someone was driving by they wouldn't see your network advertised, however, they may have a list of &quot;default&quot; names that it is constantly looking for, since you would have that it would see it and match it and they'd be online on your network. By turning off broadcasting they can't see your SSID at all (except the elite few), by additionally changing the SSID then they won't be able to get on your network either (unless they someone knew your unique ssid name and were looking for it).

See everything you do it just one more annoyance for an intruder. Currently wireless networks are so open and easy to get into most wouldn't bother dealing with anyone who has MAC filtering or encryption enabled. They'll just skip by and go to the next network. The thing with security though, is first you're afraid of it, then you kinda like it, and before you know it you've set up a fort knox security system for little home dinky network.... just because it gets fun =)

As for setting up the SSID in windows.... I don't have a windows XP machine here, but I believe all you did is go to the properties of the wireless card, click on a tab (maybe advanced?) and then add the ssid of your network in there. That way it will always be looking for that SSID, even though it is not broadcasted. It's really like a lock and a key, once they match (on both router and wirless device) then it works. You've already seen where to change the SSID on your router, so you're already 50% of the way there.

I'm not sure if I understand exactly what you asking in part of your question, but once you enter in the SSID once under that tab, then it will always be looking for it until you remove it. It's a one-time setup thing (just like the MAC filter).

-Nate

 

[Nate1749]

We must have been typing responses at same time... Glad to see you fixed everything; too bad your equipment isn't liking the specific ssid you're telling it. Have fun, and good luck (don't forget about changing channels to lower interference!).

-Nate

 

[Nate1749]

The book of Wi-Fi
By: John Ross

See if your library has it, great book and meant for reading by the novice, but contains lots of advanced and technical information (don't worry, you won't get lost!).