Hi Rick
if someone is 'trying to connect' then fortunately they arent actually
connecting. there isnt much you can do about people attempting to
connect (unless you hire some sort of sniper on top of your building).
however.
if someone is actually attaching to your wireless lan, that is a
different story.
firstly.
use MAC filtering
second.
get rid of WEP and use WPA or WPA2
if someone is using your network, you should be able to see a dhcp lease
from your dhcp server (which might just be an adsl/ip router). this is a
good place to start!
from there you can block their mac address
otherwise take a look in the routers arp table and look for strange MAC
addresses - then block them.
thats a few quick ideas.
Dean
Rick Welykochy wrote:
This may be off topic, but there is a lot of networking talent
on SLUG. And the answers to this query will be very useful in
general.
A new icon I have never seen before for a PC connection to my
wireless LAN has alerted me that someone the area is attempting
to connect. The icon only indicates that it is a PC. No IP or
any info like that.
What I am after is intrusion detection software for a wireless
LAN.
* how can I get the IPs of the connected or trying to connect?
* can I "snort out" those trying to break in with WEP cracks?
That kind of stuff. I feel like I'm running blind
right now, and disconnecting the wireless is the only option
until I know what is going on.
FWIW I've run this wireless for about five years now and this is
the first time I've seen anything like this. I am in inner Sydney
and there are heaps of wireless LANs around, and an office block
full of PCs 10m across the alley from me.
One idea comes to mind: tcpdump, which has been an excellent tool
in the past, esp. to point the finger at a stray device that is
flooding the LAN.
cheers
rickw
--
http://fragfest.com.au
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
