Is someone stealing your Wi-Fi enabled Internet connection?
So you suspect someone may be stealing your Internet connection? Given a network via a home wireless broadband router, many users are simply left staring at a little black box with antennas and wondering just what is going on behind the scenes.
Thinking of disabling your SSID broadcast? Don’t bother; clients will then have to transmit connection request packets with the network’s SSID to automatically connect. This will actually leave your network in a less secure state than it was. Besides, software like Kismet can still detect your wireless network even without an SSID being broadcast.
So your wireless network has WEP encryption? As far as that’s concerned, you may as well have no encryption at all. As for WPA? Well, your getting warmer; But the hard truth is, no WLAN is 100% secure.
Which brings us back to the beginning. You may or may not have a semi-secure wireless network, but if you have any at all, you may want to find out if it is effective.
I personally recommend using AirSnare; it is a free, lightweight program that will alert you to unfriendly Media Access Control (MAC) addresses on your network and will also alert you to any Dynamic Host Configuration Protocol (DHCP) requests taking place.
In networking, a MAC address is a unique identifier that is associated with most network interface cards (NICs). Your wireless network interface card (WNIC) and router have one, as well as any intruder that may be accessing your network.
Upon the immediate launch of the program, AirSnare will detect your NIC’s MAC address on your computer, as well as your router and any other clients on your WLAN, whether they be legitimate or not.
Clients can then be selected and associated in the “friendly MAC address” list. Other clients who join the network will be automatically associated as “unfriendly.” So finding an intruding client via its unique MAC address on your network is that easy, right? Well, not exactly.
Many attackers rely on using a faked MAC address (MAC spoofing) to gain access to a network that they otherwise could not. This is generally because software or hardware restrictions can be set on networks (wireless MAC filtering) to allow only pre-defined hardware with a user-submitted MAC address to access the network.
But detecting a WLAN client can be done through software like Kismet, and spoofing a MAC address to match a legitimate client can be achieved using software like SMAC.
While the process is quite complex, there is no easy way to detect an attacker who is spoofing a MAC address to gain access to your network.
The best you can do is monitor network traffic through the software Ethereal, which comes bundled with the AirSnare package.
Upon launch of Ethereal, simply clicking ‘Capture>>Interfaces’ from the menu will allow you to see a list of all NICs present on your machine. Select a NIC and click ‘capture.’
You’ll then be shown a list of all packets being sent through your WLAN; If you’re not browsing the Internet, you should see minimal activity, if any at all.
A few packets may be captured here and there, which usually can be attributed to software on your machine accessing the Internet. But you’ll be looking for extreme activity; chances are, if someone is stealing your bandwidth, you’ll see the packet count rise by the thousands in just a matter of seconds.
Related Posts:
