# who's using my wireless and how to prevent it



## tench (May 3, 2004)

i have a wireless network set up at home with netgear mr 314 wireless router.  how can i check if somebody else is using my network to access the internet?  

what's the easiest way of setting up a password that would prevent that?  (airpot adim utility seems to be working only with the airport base station).

all best,
tench


----------



## cellfish (May 3, 2004)

I doubt anyone here knows much about the Netgear wireless router since most of the guys here probably use an Airport router (myself included). However, to prevent anyone from using your wireless access, you'll need to set up privacy on your network. That means either using an easily hacked personal WPA network or doing as I did and using 128-bit WEP encryption. If you are not using an encryption at all, anyone within the 120 feet that a wireless network can reach can easily enter the network.


----------



## bobw (May 3, 2004)

You can use either of these programs to see if anyone is using your wireless;
MacSniffer

http://www.versiontracker.com/dyn/moreinfo/macosx/13007

istumbler

http://www.versiontracker.com/dyn/moreinfo/macosx/17572

I use a Netgear 814 and you can set it up so that only your machines have access. Read the manual for that. If you don't have the manual, you can download it from Netgear's site.


----------



## fbp_ (May 3, 2004)

http://192.168.0.1/


----------



## stizz (May 3, 2004)

cellfish said:
			
		

> .... If you are not using any encryption at all, anyone within the 120 feet that a wireless network can reach can easily enter the network.



furthermore, if they are using a powered antenna, they could be even further away.

But just because they can access see your network,..wouldnt osx still protect your files unless they had the right password?


----------



## tench (May 3, 2004)

thanks guys.  problem solved -- as bobw and fbp suggested in the netgear control panel -- i registered my desktop and my laptop, so they are now the only machines allowed access to the router.

all best,
tench


----------



## rbuenger (May 3, 2004)

But you should all remember that even if you use locking to given MAC addresses to restrict the access anybody still can be out there and passiv sniffing what you transmit. So I would always turn on encryption.

And if this would be my network (ok, I won't use wireless) the first thinks I would install additional is a NIDS (like snort/HenWen) and a honeypot to catch all those still coming in.

Even with encryption and restricted access using MAC adresses its possible to come in. It's just a bit more complicated. But most people don't know how to recognize if what they found is a honeypot. Most people even don't know what that is


----------



## tench (May 3, 2004)

i'm the first one who has no idea about honeypots, so they may be way above my head (and, obviously, they have nothing to do with honey)

but, on my netgear control panel, i see WEP encryption.  these are my options:

WEP Encryption Disable/Enable
Web Key Generator Create Passphrase
Web Manual Entry (128-bit Wep, enter 26 character (0-9, A-F for each key 1-4)

which still looks way above my head.  how does this work (in simple terms)?  I just don't want to set something up that I will not know how to reverse afterwards.

tench


----------



## dlloyd (May 3, 2004)

I believe the third one just asks you for a password when you try to join the network. That's something that OS X remembers though, so you only have to type it the first time you join, and if you've been using another network.

rbuenger, what is a 'honeypod'?


----------



## rbuenger (May 4, 2004)

a honeypot (sorry had it wrong in my last post) is a security device/program that emulates or offers services in a network . So for example if someone gains access to your network and scans/test it he will find a fresh installed Windows server at IP x.x.x.5 But what he of cause doesn't know is, that this IP and thus the whole Windows is just a software running on x.x.x.2 and simply emulating this OS with a faked IP. So if the intruder trys to access port 135 on this Windows box the software just answer to this request like Windows would do.

So in general it's just a faked service. Could also be just a FTP-Server that listens on your Mac. But instead of offering your real files it just "emulates" a FTP-Server offering some nice and interesting files like /etc/passwd 

The name honeypot cames from that you can catch a bee by just placing a honey pot on the table. The honey is so interesting for this bee that it flys straight in the pot.

So this is what a hacker will do in you network. He will see a very interesting server/service and "hacks" right into it. But insted hacking a real pc he is working in a monitoring software that report every step he trys while letting him see what he wants 

If you're interested in this try a "honeypot" google search or for example this pages:
http://en.wikipedia.org/wiki/Honeypot
http://www.securityfocus.com/infocus/1761


----------



## dlloyd (May 4, 2004)

Hmmmmm, must get me one of those


----------



## Satcomer (May 4, 2004)

Well, this is kind of on topic. i saw a show here in the states on TechTV and it had a segment on Mac wardriving. There is a short Windows media video segment (sorry for that) in the article showing what the program KisMac can do to wireless networks.


----------



## rbuenger (May 4, 2004)

Yeah. You also may have a look at the first movie (the one at the bottom and server 2 ist fastest here) at www.thebroken.org

But you should first get informed  if it's legal to watch movies showing how to hack or use such programs (even if the description is meant to show it in order to know what's possible and how to protect against).

BTW: Ramzi (see him in the movie) is the best and coolest


----------

