On 7/4/2010 10:59 AM, Hroðgar Skjöldung wrote: > Hej! -- sorry for the long email/story -- > I was suspicious that someone was breaking into my wifi, it was subtile like > hijack was throttling in unison with my internet usage. It also looks like > he/she is using a homebrew VPN going to unregistered IPs. Unfortunately, I am > using a d-link di-524. Since I am monitoring activity via the 'router', > stuff like tcpdump is almost useless ( unless there is a technique I am > not aware of ) ...I will get a linux based wifi router soon. > > If you are familiar with the DLink routers could you provide suggestions? > Script kiddies can crack WAP/WEP are there alternatives? > >
The manual only shows the router accepting WEP, so your pretty much stuck. You pretty much have two choices. 1. Stick with what you've got and make it as hard as possible (but you'll still be using WEP) . 2. Buy a more recent route that support WPA (WPA2 preferably), and ideally, is flash-able. The dd-wrt site and their router database is one source of info. Seeing as WEP can be cracked in as little as 60 seconds, I'd go with the second option. (If your interested, check out Security Now podcast #89 - Even More Badly Broken WEP at http://www.twit.tv/sn89 or http://www.grc.com/securitynow.htm.) If you cannot go with option two, then I suggest: - MAC filtering (which you said you already do) - ARea11yL0ngAndComplicat3dWEPkey - Change the WEP key frequently. - Set the router to only allow connections during times you know you'll be home (it's in the advanced section I believe). - Disable DHCP and use static IPs, preferable in a subnet that holds only enough IPs for all your computers. This takes away some of the connect-and-go usability of wireless but you want to make life annoying for anyone who does manage to connect. - If you do want DHCP, try a hybread solution. Use static IPs for workstations and dhcp for wireless. Then put the DHCP IPs in the DMZ. At least you'll make it harder for them to access your internal network. I'm not sure this will work with your router, but it does have a DMZ option, so it's worth a shot. This will at least limit their internal access. - As mentioned previously, change your passwords and do it regularly. - Disable remote administration. - Put the administration interface on some random port. 80 and 8080 are too obvious. Remember, if someone has been using your wireless, there is a good chance they have had access to your network and anything on it. Not exactly a warm fuzzy feeling. While your not able to sniff the wireless traffic directly, you could also put a bridge between your router and modem and list there, depending on your setup. _______________________________________________ mlug mailing list [email protected] https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
