Are you using a wifi at your home? You may not know this, however your harmless neighbour may be snopping and cracking your wifi key while using your Internet for free. Using your Internet is still considered harmless. Once an attacker is on your network, it is not so hard to use other methods to get your email accounts or Online banking account. Even your video sex chat may be compromised.
Wireless hacking is now more common than you know.You can buy gadgets at less than $50 over the Internet to crack Wifi-key. My wireless network has been hacked into a few times in my life. My guess is most attack goes unnoticed since people do not know how to detect it at the first place.
Having 7 years experience in IT security, I have pretty strong network key, using WPA2 and cleverly enough not broadcast my SSID. I had a shock yesterday when I saw a stranger PC in my network. I have a strong reason to believe that my neighbour has hacked into my network a few times event I’ve changed the key to a stronger one.
How to check intrusion PC in your network ?
1. Easiest way is to check from your wireless router. This may vary from router manufacturer and model. Go to your router DHCP list. The method may not be so perfect, however this will give an idea who is connected to your network. Do a count of total PC, mobile devices or laptops that is up and running. If you see one or two extra IP Address and foreign hostname in your network, the chances are you have been hacked!
for this example there are 1 PC connected into the network
2. This method is a little more advance. However it does give a much clearer idea on IP Addresses that are on your network.
Download Nmap from the Internet. Run a Ping scan over your subnet. It will display IP address that are live on your network.
To run , Start->run
C:\>nmap -sP 192.168.1.0/24
Starting Nmap 5.51 ( http://nmap.org ) at 2012-02-24 15:15 Malay P
Nmap scan report for 192.168.1.1
Host is up (0.018s latency).
MAC Address: 94:44:52:8E:2A:04 (Belkin International)
Nmap scan report for 192.168.1.99
Host is up (0.10s latency).
MAC Address: 00:18:DE:B9:27:64 (Intel)
Nmap scan report for 192.168.1.100
Host is up (0.10s latency).
MAC Address: 00:22:75:76:34:CD (Belkin International)
Nmap scan report for 192.168.1.101
Host is up.
Nmap done: 256 IP addresses (4 hosts up) scanned in 8.61 seconds
There are 4 IP addresses Up and running which includes the WiFi router from the Nmap command.
Ok, we have know how to detect the intrusive element on the network. The next step is possible to secure your network and prevent reintrusion again.
Things you can do to make your network secure ?
- Changed your Networkname or SSID , remove broadcasting
- Do not use WEP but use WPA2 instead. The newer algorithm always works better
- Use longer and stronger Network key
- Tune down the wireless signal. Less strength means it will not likely to go next door. In my case I used paperbag to wrap around the router.
For my case, things did not workout although the methods above are implemented. I can see the intrusive PC again a few hours later. The intruder seems to be pretty good at this. Cracking the key again. Fortunately my Belkin router comes with MAC address filtering option for the network. MAC address would be the hardware address on the network card. However this would mean that I will need to add all the connected device MAC address into the router table.
To collect MAC address , go to your PC Start->run
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Wireless G USB Adapter
Physical Address. . . . . . . . . : XX-XX-6D-E1-2F-02 <—- MAC address
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
After I added the MAC address filtering, the intruder does not shows up anymore. The funny thing is, one of my particular neighbor seems to hang out on the lawn more after I’ve implemented the security on my Wifi Network.