How can I tell if someone is trying to hop onto my wireless signal?
November 10, 2009 8:46 PM   Subscribe

This should get you all set up.

Of course, your network is secured with WPA, so no one will be connecting in the first place, right?
posted by niles at 8:51 PM on November 10

niles: Not sure how that's going to be able to tell him who is attempting to log in. People that fail will never show up.
posted by floam at 8:52 PM on November 10

Ah, ok. I misread what you're going for here. My solution probably won't help you at all then.
posted by niles at 9:45 PM on November 10

It also depends on your Internet connection (cable modem/dsl model), if you can figure out how to look at the logs for that you'll often see a scary number of connection attempts.
posted by kenliu at 10:02 PM on November 10

If you set it up for WPA2/PSK and don't give the key to anyone, I'd say you probably don't have to worry about your neighbors trying to connect to it... Somebody could try to bruteforce that at one key/second for the next several thousand years and not get the key. For bonus points in an apartment building set the SSID to something like "I can hear you having sex".
posted by thewalrus at 10:26 PM on November 10

you can set MAC filtering on the Airports to only allow connections from specified clients. Yes, the geeks will cry "security through obscurity is no security at all!" - but an additional layer of security, no matter how thin, is still another layer to get through.

Actually, we're going to point out that you're wrong and you don't know what "security through obscurity" means, and then we'll explain that the reason MAC address filtering isn't recommended is because it's a complete waste of time. You simply don't know what you're talking about here, and I don't mean that in offense. MAC filtering isn't "another layer to get through"—it's completely ineffective. Let me explain:

You are an attacker looking for wireless networks. After encountering a WEP-protected network, you launch the pre-built app you found in a 10-second Google search. A few minutes later, you've broken the key. You knew how to find a WEP breaker (not that it's particularly hard, just that you were aware of what to do), so you also have a high likelihood of either knowing you might also need a MAC spoofer or reading about it on the same site you got the WEP breaker. One more Google search later, and you're done. (Or maybe you found a tool that does both, because they're related.)

Back to "you" meaning "you" for a moment.

What's the flaw? I mean, it's two layers, not one, right? Yes, but both layers are shitty. You're putting two wet paper bags together when you should be filling the bag with concrete.

Back to "you", the attacker.

You're surfing for wireless networks and come across Pinback's Awesome Network. You grab your MAC spoofer and—ah shit, it doesn't matter. This network is protected using WPA2.* The MAC spoofer is useless because you still can't break the authentication system.

The point isn't that adding more layers is a waste of time; what the geeks are trying to tell you is that using good tools obsoletes the need for layers of poor ones.

* There are details here that matter. Weak passwords are vulnerable in PSK mode, so you need to choose something strong and unique. WPA's TKIP scheme has been compromised, so everyone now recommends WPA2/AES. But for the sake of the discussion, these are simply details. The real point of my story is simply "good tools obsolete poor ones". Thanks for listening.
posted by Mikey-San at 11:54 PM on November 10 [2 favorites has favorites]

Mikey-San: "What's the flaw? I mean, it's two layers, not one, right? Yes, but both layers are shitty."

So, I take it that by saying "Yes, but…" you admit it's another layer then? Right; that's all I said. I stated that it was a thin, "shitty" layer. I never said, or implied, that it should be the only layer. In fact, I explicitly said "to add further to titanium_geek's suggestions", which were to make sure to use WPA, have a decent password/passphrase, and to change the SSID from the default.

I think you're chewing on the wrong end of the stick here. I'll point out that you totally ignored one screamingly obvious minor potential issue with limiting by MAC address. And I'll also point out that changing the SSID adds absolutely no security at all - so why not criticise that first?

Summary: I'm saying it doesn't help much, but it doesn't hurt much either.
posted by Pinback at 12:22 AM on November 11

So, I take it that by saying "Yes, but…" you admit it's another layer then?

There's nothing to "admit"; your entire mindset is objectively wrong and you do not understand that.

1. MAC filtering is meaningless if you're using poor authentication protocols because you shouldn't be using poor authentication protocols. You're solving the wrong problem at that point.

2. MAC filtering is meaningless if you're using WPA2 because if an attacker compromises WPA2/AES, MAC filtering is not going to help you.
posted by Mikey-San at 12:33 AM on November 11

It's important to place the emphasis on #2, since it's what applies here. Security layers to make yourself feel better is not strengthening security, and that's all MAC filtering is.

If it makes you feel better, go ahead. Just don't fool yourself into thinking it actually buys you anything.
posted by Mikey-San at 12:46 AM on November 11

The changing of the SSID doesn't mean any added security, none what so ever, really. Changing the SSID removes the confused attempts of your neighbour who has the same wifi hardware as you trying to connect to your network- it's a courtesy, that's all.
posted by titanium_geek at 1:55 AM on November 11

oh, and MAC filtering is really annoying when you want to share your wifi with a friend who's come over with their laptop, iPhone, or whatever.
posted by titanium_geek at 1:56 AM on November 11 [1 favorite has favorites]

I should have been a little clearer in my post -

The logs on your cable modem are going to indicate incoming connection attempts coming in from the Internet, not your wireless router - which doesn't directly address your question. You might be able to see the same information in your Airport Base Station logs. You're pretty much guaranteed that people are going to be trying to hack into your network via the Internet, but it is akin to someone walking down the street trying all the doors to see if they are unlocked and not something to be terribly concerned about.

titanium_geek has the right advice, use WPA encryption and you are going to be pretty secure. I'm not sure how you would see connection attempts though.
posted by kenliu at 8:47 AM on November 11

« Older How is Remembrance Day celebra...   |   How can I become ok - content,... Newer »