Wireless signal theft detection

[Battle Monkey of Zardoz]

I have WAP security set on my wireless. Yet over the past couple of weeks I've noticed slow or sluggish speed. I know I need to probably change the PW and go over my settings, but I want to be sure that my Internet signal is not being stolen. So.   Is there any software detection tools, free would be good, that would let me know if I have any cooties.

[RocketMan]

WAP?  Or did you typo WPA, or do you possibly mean WEP?
If WPA, try to upgrade to WPA2.  It is somewhat more secure.
If WEP, ditch it and upgrade to WPA2 if possible.  Anybody and their grandmother can crack WEP with easily available tools from the intarwebs.

[lee n. field]

nmap, set on a stealthy scan.

[Phantom Warrior]

Wouldn't looking at the DHCP table confirm the problem?  If there are MAC addresses you don't recognize then you have a thief.  Am I missing something?

[Gewehr98]

Note to the wise...

What wireless router are you using?

Many of the Linksys, Belkin, Netgear, D-Link, and other routers have been compromised over the last year or so via their default admin passwords.  The Psyb0t worm was one piece of malware that took advantage of this oversight, the other was the Zlob trojan. 

Make sure that once you set up one of those small home wireless routers, you immediately change out the default password to something more secure.

I can quite easily get into several of the unsecured (another user mistake) wireless networks in my neighborhood via their default passwords, found here:

http://www.phenoelit-us.org/dpl/dpl.html

 It's pretty much a given that when I find an SSID which says "Linksys" or similar, they haven't done much to protect their systems. I've left them alone, but I really need to do a screen capture and walk over to their homes with evidence in hand so they take at least simple security measures seriously.   

[GigaBuist]

Wouldn't looking at the DHCP table confirm the problem?  If there are MAC addresses you don't recognize then you have a thief.  Am I missing something?

That would do it.  It's usually called 'attached devices' in my experience.  Check it when things seem sluggish and you'll know.

[Battle Monkey of Zardoz]

Its WPA.  Linksys.  SSID and PW were changed when I installed it.  

[mtnbkr]

Your wireless AP should tell you what's connected.

Chris

[Nitrogen]

That would do it.  It's usually called 'attached devices' in my experience.  Check it when things seem sluggish and you'll know.

Here's my suggestions, in order of paranoia.  You should do at least the first 3
1) WPA2 if your clients support it, then use WPA.
2) Pick a non-obvious SSID.  I use a nonsensical phrase (e.g. Leaping Burgers)
3) Turn off SSID Broadcasts.
4) get your MAC addresses and turn on MAC address filtering.
5) set up a passworded proxy server, configure all your computers to use it, and block all outgoing traffic not from the proxy server.

If you REALLY want to be a nerd (like me) I have a completely sanitary network where my wifi is, and I have to use ipsec to get to the REAL network, with my SAN and Internet access.

But I'm the computer equivalent to Uncle Jed in the middle of nowhere, with an electrical fence around his property, a moat, and an armed militia patrolling his homestead.

[Battle Monkey of Zardoz]

It's an almost 2 year old linksys. I just turned off all computers
in the house, turned off wifi on the iPhone, and well, the PC actvity and wireless lights were just a
blinking away. I'll reconfigure using some of the above suggestions or buy an updated wireless router.

It's sad when you iPhone, on edge is faster than your cable broadband through a linksys.

[GigaBuist]

5) set up a passworded proxy server, configure all your computers to use it, and block all outgoing traffic not from the proxy server.

A while back I got an idea in my head.  After upgrading to an 802.11n router I noticed one of my neighbors was using it. I wanted to set up a proxy server, log where they were going on the net, and then configure it to only display to non-authorized users a list of any embarrassing sites that they'd visited.

Too much work though. I just finally encrypted the link.

[sanglant]

it would be easier to route to, well i ain't even going to type the names but you know them.   but what happens if someone you like(say your mom or preacher) is at your house and tries out your network before you can add them to the ok list.

[Boomhauer]

This thread motivated me to get off my ass and encrypt my wireless, especially since we've gotten our first neighbors in my little corner of nowhere.

[Battle Monkey of Zardoz]

Update:

Just trashed the linksys and bought a belkin enhanced wireless router (n). Named my network.  Set to do not broadcast.  WPA2 encryption and changed the factory PW.

I should be good to go. Running much faster as well.

[Gewehr98]

What did you do with the old Linksys?

[InfidelSerf]

yeah what did you do with the old linksys
I'll assume that's 1st dibs on gewehr98s part
Put me down for 2nd.. depending on model #

Or just do what we would be doing with it..
http://www.dd-wrt.com/site/index

I'm actually running
Hyperwrt 2.1b1 + Thibor15c  

[Battle Monkey of Zardoz]

The old linksys is settng in the garage. Why?  Is there someone in need of one?  Gewehr98 if you need it, pm me.

[Gewehr98]

PM sent. 

[Battle Monkey of Zardoz]

PM answered

[sanglant]

with computer hardware, there is always someone that could use it. if it isn't working, well. 

[Battle Monkey of Zardoz]

Gewehr98 will be getting it. 

[roo_ster]

I'll cry when the older (v1 & linux flavors) used Linksys routers compatible with ddwrt are no longer available.

[Marnoot]

I'll cry when the older (v1 & linux flavors) used Linksys routers compatible with ddwrt are no longer available.

Linksys continues to manufacture the WRT-54GL which is DD-WRT compatible, so I don't think the supply will be drying up anytime soon. I'm hoping they'll manufacture an equivalent 802.11n version.

[Gewehr98]

So will I, and I run Tomato.  Supposedly some of the newer N Linksys routers (WRT-300N, WRT-320N, WRT-350N?) are being used with success under DD-WRT:

http://www.linksysinfo.org/forums/showthread.php?t=63100

http://www.linksysinfo.org/forums/showthread.php?t=59462

[sanglant]

Gewehr98 will be getting it. 

i saw(lol, typed that backwards the first time ) that before i replied i was more talking about the next thing, the only thing i don't give away are(or is that is) hard drives. when i'm done with them they won't work for anything, i have a few i need to break down and recover the magnets from. the preacher at my church(man that's odd to type ) builds computers for people from old parts, i have been trying to get him to try out linux.