.

is this WLAN being hijacked?

<<

ryan.cartner

User avatar

Newbie
Newbie

Posts: 20

Joined: Tue Aug 15, 2006 12:26 pm

Post Tue Aug 22, 2006 12:31 pm

is this WLAN being hijacked?

I'm on an unencrypted wireless lan. Over the last 2 days I've noticed my internet connection slow down notably. The WLAN LED on my router (D-LINK DI-514) is flashing continually... but in the routers config, it shows no wireless connections to the device. So my question is, what are the chances that someone in my neighborhood is cloaking on my network and swallowing all my bandwidth?  :-X
<<

Hug_It

Newbie
Newbie

Posts: 28

Joined: Thu Feb 23, 2006 4:21 pm

Post Tue Aug 22, 2006 3:45 pm

Re: is this WLAN being hijacked?

Encrypt your wireless! One, that would answer your question immediately. If you the slow down goes away, problem solved (although I doubt that's the problem). Two, the wireless and wired networks on that router(and most default home routers) are automatically bridged. So everyone in your neighborhood has access to everything you send over the wire.

If you don't, it's just a matter of time before you are 0wn3d (not to mention broke). Point being, someone leaching your bandwidth is the least of your worries.
Last edited by Hug_It on Tue Aug 22, 2006 3:47 pm, edited 1 time in total.
CISSP
<<

Negrita

User avatar

Sr. Member
Sr. Member

Posts: 299

Joined: Sat Sep 10, 2005 5:45 pm

Location: /dev/null

Post Tue Aug 22, 2006 5:28 pm

Re: is this WLAN being hijacked?

1. Enable MAC access control on the router. On a D-Link this may entail disabling DHCP and creating a static ARP table.
2. Reduce the LAN size to include only 1 computer, i.e. give it a SNM of 255.255.255.252.
3. Change the SSID to something other than the default and something only you will know.
4. Disable broadcasting of the SSID; If you know what it is then there's no reason to broadcast it.
5. Use some kind of encryption, preferably WPA or WPA-PSK.
6. If your WNIC is 802.11g then configure the router to that as 802.11b is considered an insecure protocol.
7. Disable remote management of the router if you don't need it, and use a complex password for the Admin account.
8. Make sure your box is clean before you do all this, otherwise everything you do will be known to the cracker.

Hug_It wrote:Encrypt your wireless! One, that would answer your question immediately. If you the slow down goes away, problem solved (although I doubt that's the problem).


This is not quite correct. Encrypting wireless doubles the overhead on the network and could therefore theoretically cut the network speed in half.
CEH, CCSA NG/AI, NNCSS, MCP, MCSA 2003

There are 10 kinds of people, those that understand binary, and those that don't.
<<

Hug_It

Newbie
Newbie

Posts: 28

Joined: Thu Feb 23, 2006 4:21 pm

Post Tue Aug 22, 2006 6:26 pm

Re: is this WLAN being hijacked?

Maybe I wasn't clear enough.

If he's connected via ethernet, enabling encryption won't effect HIS speed at all and will give him the answer. If he is connected only through wireless his problem probably has more to do with interference from other devices operating in the spectrum and killing his through put being nothing is showing up on the router.
Last edited by Hug_It on Tue Aug 22, 2006 6:30 pm, edited 1 time in total.
CISSP
<<

Kev

Post Tue Aug 22, 2006 8:07 pm

Re: is this WLAN being hijacked?

  To answer your question more directly, the chance someone is leaching off you is very great.  If you are curious to see, download RogueScanner and check it out.
http://www.networkchemistry.com/product ... canner.php
   
    Also, many routers allow you to see connections to your network via the admin panel.  I would do this first before I implemented security just to know for sure if my neighbor was the culprit.
<<

ryan.cartner

User avatar

Newbie
Newbie

Posts: 20

Joined: Tue Aug 15, 2006 12:26 pm

Post Tue Aug 22, 2006 8:25 pm

Re: is this WLAN being hijacked?

lol, okay

first of all, this wireless router is unencrypted purposefully. I'm not worried about someone leeching my bandwidth, infact I was sort of fishing for that. My question is whether or not someone could be accessing the router without showing up in the wireless device list of the routers management panel. Unfortunately, this router doesn't give me a lot of control with its interface. Since it switches rather than broadcasting, I can't just sniff the wire promiscuously... I'm going to poison the arp table on the router to see if I can find/intercept some traffic from the rogue (if one exists)
<<

Kev

Post Wed Aug 23, 2006 10:12 am

Re: is this WLAN being hijacked?

  Routers are not created equal as far as their control interface is concerned.  I never just rely on that for protection or information.  Some don’t even update their wireless connections in real time and you might not see that connection at first if they just connected.  However in most cases you should be able to see someone connected to the router if someone has connected to the network.  A router needs to “see” the connection in order to have a successful network environment.

      Most attackers trying to be stealth will either spoof their IP or attack a box already on the network and place a rootkit so they remain invisible.  If they spoof their IP you will still see them, just not their real IP.  If they rootkit a box on the network, they are totally invisible unless you are really good at security.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software