Skip

How can I tell if someone is trying to hop onto my wireless signal?
November 10, 2009 8:46 PM   Subscribe

I have a MacBook Pro running OS 10.6.1, and an Airport Extreme Base Station. Is there a user-friendly way to see if someone is trying to use my internet connection or hack into my network?

I live in a large apartment building, and am curious to see if anyone has tried to hop onto my wireless signal. Thanks in advance:-)
posted by invisible ink to Computers & Internet (17 answers total) 3 users marked this as a favorite
 
This should get you all set up.

Of course, your network is secured with WPA, so no one will be connecting in the first place, right?
posted by niles at 8:51 PM on November 10, 2009


If you go into Airport Utility, you can view the log of the device. Have you watched it to see if it logs failed authentication attempts? If so, just point it at a syslog server, and over time you should have a good record of things.
posted by floam at 8:52 PM on November 10, 2009


niles: Not sure how that's going to be able to tell him who is attempting to log in. People that fail will never show up.
posted by floam at 8:52 PM on November 10, 2009


This is an exercise in Paranoia. :)

make sure you're using WPA encryption (not WEP) and have a decent password, (pass phrase better), name your network to something that says "no, not your network" and leave it at that. Most attempts at accessing your network are:
1) accidents- people who want to access their own network and get confused
2) cheap people who want to use your internet.

Anything else should be kept out by the security you've set.
posted by titanium_geek at 8:55 PM on November 10, 2009


Ah, ok. I misread what you're going for here. My solution probably won't help you at all then.
posted by niles at 9:45 PM on November 10, 2009


It also depends on your Internet connection (cable modem/dsl model), if you can figure out how to look at the logs for that you'll often see a scary number of connection attempts.
posted by kenliu at 10:02 PM on November 10, 2009


Thanks everyone, all the answers have been informative.

Floam- I went into Airport Utility --> Advanced --> Logs and Statistics. What would a failed login attempt look like?

Kenliu- I have a cable modem....but unfortunately do not know how to access the logs.
posted by invisible ink at 10:19 PM on November 10, 2009


Additionally, niles' link points to old stuff that's pretty much included in current versions of Airport Utility anyway.

floam's got it, although I think logging is set to 2 or 3 (Critical or Error) by default. You'll need to set it to 5 or 6 before it'll log connections / connection attempts.

Yes, I agree that this way lies madness if you start worrying about connection attempts. Save your paranoia for actual connections.

And, to add further to titanium_geek's suggestions: you can set MAC filtering on the Airports to only allow connections from specified clients. Yes, the geeks will cry "security through obscurity is no security at all!" - but an additional layer of security, no matter how thin, is still another layer to get through.
posted by Pinback at 10:20 PM on November 10, 2009


If you set it up for WPA2/PSK and don't give the key to anyone, I'd say you probably don't have to worry about your neighbors trying to connect to it... Somebody could try to bruteforce that at one key/second for the next several thousand years and not get the key. For bonus points in an apartment building set the SSID to something like "I can hear you having sex".
posted by thewalrus at 10:26 PM on November 10, 2009


you can set MAC filtering on the Airports to only allow connections from specified clients. Yes, the geeks will cry "security through obscurity is no security at all!" - but an additional layer of security, no matter how thin, is still another layer to get through.

Actually, we're going to point out that you're wrong and you don't know what "security through obscurity" means, and then we'll explain that the reason MAC address filtering isn't recommended is because it's a complete waste of time. You simply don't know what you're talking about here, and I don't mean that in offense. MAC filtering isn't "another layer to get through"—it's completely ineffective. Let me explain:

You are an attacker looking for wireless networks. After encountering a WEP-protected network, you launch the pre-built app you found in a 10-second Google search. A few minutes later, you've broken the key. You knew how to find a WEP breaker (not that it's particularly hard, just that you were aware of what to do), so you also have a high likelihood of either knowing you might also need a MAC spoofer or reading about it on the same site you got the WEP breaker. One more Google search later, and you're done. (Or maybe you found a tool that does both, because they're related.)

Back to "you" meaning "you" for a moment.

What's the flaw? I mean, it's two layers, not one, right? Yes, but both layers are shitty. You're putting two wet paper bags together when you should be filling the bag with concrete.

Back to "you", the attacker.

You're surfing for wireless networks and come across Pinback's Awesome Network. You grab your MAC spoofer and—ah shit, it doesn't matter. This network is protected using WPA2.* The MAC spoofer is useless because you still can't break the authentication system.

The point isn't that adding more layers is a waste of time; what the geeks are trying to tell you is that using good tools obsoletes the need for layers of poor ones.

* There are details here that matter. Weak passwords are vulnerable in PSK mode, so you need to choose something strong and unique. WPA's TKIP scheme has been compromised, so everyone now recommends WPA2/AES. But for the sake of the discussion, these are simply details. The real point of my story is simply "good tools obsolete poor ones". Thanks for listening.
posted by Mikey-San at 11:54 PM on November 10, 2009 [2 favorites]


Mikey-San: "What's the flaw? I mean, it's two layers, not one, right? Yes, but both layers are shitty."

So, I take it that by saying "Yes, but…" you admit it's another layer then? Right; that's all I said. I stated that it was a thin, "shitty" layer. I never said, or implied, that it should be the only layer. In fact, I explicitly said "to add further to titanium_geek's suggestions", which were to make sure to use WPA, have a decent password/passphrase, and to change the SSID from the default.

I think you're chewing on the wrong end of the stick here. I'll point out that you totally ignored one screamingly obvious minor potential issue with limiting by MAC address. And I'll also point out that changing the SSID adds absolutely no security at all - so why not criticise that first?

Summary: I'm saying it doesn't help much, but it doesn't hurt much either.
posted by Pinback at 12:22 AM on November 11, 2009


So, I take it that by saying "Yes, but…" you admit it's another layer then?

There's nothing to "admit"; your entire mindset is objectively wrong and you do not understand that.

1. MAC filtering is meaningless if you're using poor authentication protocols because you shouldn't be using poor authentication protocols. You're solving the wrong problem at that point.

2. MAC filtering is meaningless if you're using WPA2 because if an attacker compromises WPA2/AES, MAC filtering is not going to help you.
posted by Mikey-San at 12:33 AM on November 11, 2009


It's important to place the emphasis on #2, since it's what applies here. Security layers to make yourself feel better is not strengthening security, and that's all MAC filtering is.

If it makes you feel better, go ahead. Just don't fool yourself into thinking it actually buys you anything.
posted by Mikey-San at 12:46 AM on November 11, 2009


Thanks, Mikey-San for responding - not only to this question, but also my previous question about Airport Extreme/Express:-)

Overall, I really appreciate all of the advice expressed herein.
posted by invisible ink at 1:08 AM on November 11, 2009


The changing of the SSID doesn't mean any added security, none what so ever, really. Changing the SSID removes the confused attempts of your neighbour who has the same wifi hardware as you trying to connect to your network- it's a courtesy, that's all.
posted by titanium_geek at 1:55 AM on November 11, 2009


oh, and MAC filtering is really annoying when you want to share your wifi with a friend who's come over with their laptop, iPhone, or whatever.
posted by titanium_geek at 1:56 AM on November 11, 2009 [1 favorite]


I should have been a little clearer in my post -

The logs on your cable modem are going to indicate incoming connection attempts coming in from the Internet, not your wireless router - which doesn't directly address your question. You might be able to see the same information in your Airport Base Station logs. You're pretty much guaranteed that people are going to be trying to hack into your network via the Internet, but it is akin to someone walking down the street trying all the doors to see if they are unlocked and not something to be terribly concerned about.

titanium_geek has the right advice, use WPA encryption and you are going to be pretty secure. I'm not sure how you would see connection attempts though.
posted by kenliu at 8:47 AM on November 11, 2009


« Older How is Remembrance Day celebra...   |  How can I become ok - content,... Newer »
This thread is closed to new comments.


Post