Bandwidth Leeching

[Tigger]

(did I even spell that corerctly?!)

I am not so knowledgable with the computers, although I can find my way around and spot a problem when there is one. Please make responses as plain as you can.

When Aaron came home tonight and went to access one of our folders out on the network, he discovered that someone was leeching our bandwidth. Our network was (until about 5 minutes ago) unsecured, because he never got around to securing it.

My questions are as follows:

Now that he's secured it, is there any way to find out who it was or where they are?

How do I find out if they've accessed any files? I'm half assuming they didn't bother, just saw "Hey, there's an unsecured network I can hop on. Cool!" I've been guilty of this myself - it never occurred to me that I could access their computer...

We already strain the bandwith when everyone is home. Usually 4 computers running, sometimes 5. If this other person was hopping on, could THAT be what's been causing us to have so many interruptions? Interruptions are usually solved by rebooting the router/modem.

Let's say we unsecure this network for some reason. Is there a way to house a virus on our computer that won't affect us but WOULD attack anyone that is not okayed? Not something computer destroying but something that says "HEY! No leeching my bandwidth, buddy!"

I think that's all for the moment. I'm feeling rather paranoid, as there are some sensitive things stored on this computer in the shared folders. They needed to be there so they could be accessed both from my computer and from Aaron's, as well as the laptop. I am going to be changing all my account passwords now...

[HTRN]

I'm assuming you have a wireless router? If so, good luck - There's no cheap, easy way to track them. And really, broadcasting an unsecured signal is pretty much saying "here's my bandwidth, enjoy".

Unless they're wardrivers, you can pretty much assume that it's one of your neighbors, probably within 100 yards or so of your router. Are you near a major consumer area where customers with laptops are likely to be, like a Starbucks, Mcdonald's, food court, etc? Because it could be a variety of people using it, they just open the laptop and use the strongest open signal.

Setting up a virus? Uhm, that would probably violate the law.

As for gaining access to your files, that is a distinct possibility, but your going to have to wait till Deacon, Martin, or one of the other Technomancers responds to get your answer.


HTRN

[Tigger]

Wireless router, yes. I didn't figure there was a way to track that was cheap, but I know y'all know all sorts of funny ways to do things. I know broadcasting the signal is like waving a flag, but we've not had any problems until now (that we know of) and we've been here, on wireless, for over two years.

I'm guessing it's someone who is visiting someone else. Neither of our neighbors appears to be...technically inclined. One is an older couple - probably in their 70's - and the other is just...weird. No major consumer area - pretty residential.

Damn on the virus. Even if it's for protection (of a sorts) it's viewed as an attack?

Thanks HTRN - I appreciate it.

[HTRN]

Mac addresses can be spoofed, so yeah, you'd have to catch them in the act with a very directional antenna. If your bandwidth is being borrowed on a regular basis, I'd be less likely to think that it's someone visiting your neighbor, and more likely it's a wardriver, using a high gain antenna, which increases the range dramatically - just because you can't see them, doesn't mean they aren't there.

This is why I like wired connections.

One of the things I would suggest you do is if you can, turn down the antenna output until it's just enough to provide a reliable signal to all your wireless devices. More than is necessary only means the signal is available in a larger area, which means it's being "seen" by more wireless users.


HTRN

[Negative Polarity]

Some routers (I'm using a WRT54G) allow you to specify MAC addresses that are allowed to use your wireless bandwidth. I've found that is one of the most secure methods. Yes, MAC addresses can be spoofed, but there's really no way for any wardriver to know what addresses are actually allowed. Just set it to allow the addresses for the devices you use (provided you actually know what their MAC is) and have it deny everyone else. They won't even be able to connect to your router.

[Tigger]

That's what Aaron ended up doing. He originally tried setting up a WAP (is that correct?) and enabling it on all the computers...but even after entering the password that he had created, we were unable to get online. So...figuring this way would be safer (and hopefully allow us to get online), he found all the MAC addresses for the 5 computers. Hoping this solves the problem permanently.

I just found it weird that he suddenly found someone. Could they be the reason we've been having connectivity issues that seem to be solved (temporarily) by rebooting the router/modem?

Oh! And as for turning down the antenna output: Aaron says we can't. We barely have enough signal as it is to keep his dad connected in the back room. If we turn it down at all, his dad won't be able to get online. Talk about a major travesty!

[Blaze]

Not only is it difficult for anyone but someone very skilled to spoof, but most wireless routers will make your signal undetectable to anyone who doesn't have the right MAC address.

Again, is it possible to go around that? Sure. But unless it's somebody very skilled and dedicated to come after you, I doubt they'd bother with the effort.

Not to mention you can put up a WPA or other type of password behind that, just in case.

[HTRN]

[quote="Tigger";p="714117"]That's what Aaron ended up doing. He originally tried setting up a WAP (is that correct?) and enabling it on all the computers...but even after entering the password that he had created, we were unable to get online. [/quote]
I believe you're referring to WEP, a notoriously weak encryption scheme that can be broken in very short periods of time - Wepcrack can usually guess the key after listening for less than an hour.


HTRN

[Infin8Cyn]

Having both been leeched from, and a leecher here are my thoughts.

Most people don't care about the PC's on the network. 'Hackers' (more correctly, Crackers) are rarely interested in your personal PC. I don't know about yours, but I don't keep Credit Card info on my computer, I don't have my stock information or 401K passwords just laying around, and crackers know this. Hence, people digging for information are more likely to use mass-produced and rapid returning software like spyware or virii. 98% (Naturally a 100% "James Generated" figure) of crackers are not interested in accessing an unsecured AP then trying to break into windows just to rummage around and look for some sort of info. If you're not Bill Gates, George Bush, or Dennis Rodman the payoff just isn't worth it.

In reality, and more than likely, they just wanted free internet. Now, they could have been browsing child pornography or downloading copyrighted material, who knows? But in all likelihood those are the worst 'crimes' they would have committed.

Can you track them down? Conceivably, you could set up a laptop, and using some wifi tools (Kismet/etc), track down where the signal is strongest thus hackily triangulating their position. Is it worth it? No. Not unless you suspect them of a serious crime of some sort. Sure, you could harass them about stealing wireless, but who really cares?

Connectivity. Unless they were sapping enormous amounts of bandwidth (unlikely due to the strength of the signal, and the limitations of wireless as is), or launching DDOS attacks against the router (or trying to hack to configuration password (See: Unlikely)) there's no particular reason why it should lose connectivity or go down. In theory a number of things could happen, but any good router should be able to defend itself enough to maintain activity throughout these issues.

Wireless security. So far, WPA2 (IIRC) is the only true "SAFE" encryption standard. WEP (Wireless Equivelancy Protocol) is VERY crackable and can be done in under an hour with a laptop and a simple Kismet/*nix software setup. WPA is also crackable, but not nearly as easily. MAC addresses (as mentioned above) can be spoofed so while they act as another layer (and a fairly decent one) it's not an impassable layer of security as some people convince themselves it is.

Here's my take on it all. Most all security methods can be bypassed (WPA2 being the current exception), so MAC Spoofing, WEP, WPA are all like putting chicken wire around a pile of money. It'll keep the honest thief out (The person who normally wouldn't do anything wrong), however this method won't keep the actual thief out. If they want internet, they'll MAC spoof or run WEPCrack across the router all night long. Fact of life. 2hrs of fuckin' around in Linux is cheaper than $50/month for internet. So...

If it's an actual problem (If Mr.X keeps coming back), Setup WEP Encryption (64bit is fine, as I said, it's all crackable so the strength IMO is relatively moot) and then add on MAC limitations. If they get past that, you've got someone who's serious about what they're doing, and you should look into WPA2 equipment. If they don't, all the better, you've solved your problem.

[gravity]

Does not broadcasting the SSID help at all? I have a 124 hex WEP password, freaking huge thing, and I don't broadcast my SSID just in case. I'm not worried about anyone trying to leech off of my bandwidth, there are two high speed wireless networks in my area that are broadcasting without any protection (one of them a generic Linksys router), but I'd rather be safe than sorry.

[BtEO]

Not broadcasting the SSID helps too.

It's layers upon layers; the more that need to be beaten, the less likely someone will care enough to do so; there's always someone who doesn't realise their network needs to be secure.

Because my DS only supports WEP I'm forced to use that, but on top of that I limit access based on MAC addresses, and hide my SSID.

And something else worth considering if your router provides the tools (and that may only be true if your router is combined with an ADSL modem[1]): blocking Internet access to specific IPs. In my case only four IPs are allowed to use the Internet, none are in the range assigned by DHCP. It also helps if you connect by wires where possible, the two single biggest connection users on my network are mine and my brother's desktop PCs. By having them connect in the traditional fashion I have greatly limited the amount of wireless packets for attackers to sniff.

---

[1]Even if it's not you may be able to set limitations at the modem's end.

[Deacon]

[quote="Blaze";p="714125"]most wireless routers will make your signal undetectable to anyone who doesn't have the right MAC address.[/quote]


What?

[Infin8Cyn]

[quote="Deacon";p="714166"][quote="Blaze";p="714125"]most wireless routers will make your signal undetectable to anyone who doesn't have the right MAC address.[/quote]


What?[/quote]
Blaze, please, please put down the pipe.

[quote="BtEO";p="714147"]Not broadcasting the SSID helps too.

It's layers upon layers; the more that need to be beaten, the less likely someone will care enough to do so; there's always someone who doesn't realise their network needs to be secure.

Because my DS only supports WEP I'm forced to use that, but on top of that I limit access based on MAC addresses, and hide my SSID.[/quote]

Not broadcasting the SSID helps, but only a tiny bit and only to the 'honest thief' as I mentioned before. Kismet can find non-broadcasting SSIDs within minutes. So if the attacker is using a decent setup (or at least the right OS/tools) it's easily thwarted.

[quote="BtEO";p="714147"]By having them connect in the traditional fashion I have greatly limited the amount of wireless packets for attackers to sniff.[/quote]
Not really. Since you're using WEP, there's an easy and well known (Known well enough that there's a shell script to do it automatically) exploit in which you can generate traffic and weak keys. Again, to the uneducated attacker this would be an annoyance, but to a seasoned attacked it's just another hoop to jump through.

[Tigger]

WEP was what I meant, and Aaron figured someone could crack it easily enough with enough time and determination. Hence him changing it to only allowing our MAC addresses.

What is an SSID?

I'm still going on the assumption that it was someone visiting the neighbors - a grandkid, or a girlfriend. With only our MAC's allowed, unless they're pretty serious, we should be safe enough now...correct?

[gravity]

[quote="Tigger";p="714173"]
What is an SSID?
[/quote]

It's the name of your wireless network. You can disable the broadcast of it on your modem so that people who don't know the exact name of the spelling, or don't have the cracking tools, can't find your network at all because it won't show up on their wireless network search.

*mental note: check in to WPA2 security on my wireless system... if it's supported*