WIFI hijacking
September 3, 2007 4:38 PM Subscribe
How do I know if someone is using my WIFI connection (WPA)?
Best answer: General advice: Log your router's activity. Examine the logs.
Many wireless routers, such as the popular Linksys series of SOHO WiFi routers, offer dedicated Web pages in their administrative interfaces, where you can see the list of active clients, updated each time you refresh your browser window. If you have such a router, just log in as administrator, and look to see what clients are active when you suspect others are using the connection via WiFi.
posted by paulsc at 4:46 PM on September 3, 2007
Many wireless routers, such as the popular Linksys series of SOHO WiFi routers, offer dedicated Web pages in their administrative interfaces, where you can see the list of active clients, updated each time you refresh your browser window. If you have such a router, just log in as administrator, and look to see what clients are active when you suspect others are using the connection via WiFi.
posted by paulsc at 4:46 PM on September 3, 2007
Also consider using a longer, non-dictionary passphrase. There are tools that run dictionary attacks against WPA.
posted by dws at 4:49 PM on September 3, 2007
posted by dws at 4:49 PM on September 3, 2007
Do you have any reason to suspect this or are you just curious?
posted by dance at 4:50 PM on September 3, 2007
posted by dance at 4:50 PM on September 3, 2007
Another good question: Why do you care? It's good karma to run an open Wifi access point. You'd probably never notice someone using it.
If you're worried about someone sniffing your traffic, then maybe your AP lets you add a second, unannounced network. Make one open and make one secret and encrypted. People who want access won't bother trying to crack your 'net just to get access if the don't need to.
posted by cmiller at 6:14 PM on September 3, 2007
If you're worried about someone sniffing your traffic, then maybe your AP lets you add a second, unannounced network. Make one open and make one secret and encrypted. People who want access won't bother trying to crack your 'net just to get access if the don't need to.
posted by cmiller at 6:14 PM on September 3, 2007
To add to paulsc's advice --
Name your computer something interesting, like 'Badass'. Go to the administration page and click around until you find a list of computers that have connected to your router. If there's anything other than 'Badass', you'll have found someone else.
What you do at that point is up to you. I myself have inadvertently connected to someone else's wifi, simply because my hardware is obnoxious like that.
posted by lilithim at 6:20 PM on September 3, 2007
Name your computer something interesting, like 'Badass'. Go to the administration page and click around until you find a list of computers that have connected to your router. If there's anything other than 'Badass', you'll have found someone else.
What you do at that point is up to you. I myself have inadvertently connected to someone else's wifi, simply because my hardware is obnoxious like that.
posted by lilithim at 6:20 PM on September 3, 2007
I'd also suggest that - if you think unknown people have had extended access to your router - you reflash it's ROM. Not only will it get you up-to-date, it insures that you're not working with subverted hardware (See: Warkitting: The drive-by subversion of home routers (PDF) )
posted by Orb2069 at 6:43 PM on September 3, 2007
posted by Orb2069 at 6:43 PM on September 3, 2007
You'd probably never notice someone using it.
This is a lie and absolutely untrue. One laptop running one torrent client will bring your network to a halt. You also open yourself to all sorts of legal liabilities nowadays.
That said, your routers admin pages have a part about dhcp leases. Most likely if someone is on your network they are using dhcp and your router will log the lease. If you are using WPA with a strong password it is likely no one is on it. WPA is not crackable like WEP. The main attack against WPA is dictionary attacks against the sniffed authentication. If youre worried then change your password. Shut off your computers. Reboot the router. The activity light on the wireless shouldnt be blinking much.
Also note that sniffing a wifi connection is not like sniffing a wired connection. Wireshark or ettercap may do nothing at all. You might have better luck with tools specifically designed for wireless capture and analysis.
posted by damn dirty ape at 8:29 PM on September 3, 2007
This is a lie and absolutely untrue. One laptop running one torrent client will bring your network to a halt. You also open yourself to all sorts of legal liabilities nowadays.
That said, your routers admin pages have a part about dhcp leases. Most likely if someone is on your network they are using dhcp and your router will log the lease. If you are using WPA with a strong password it is likely no one is on it. WPA is not crackable like WEP. The main attack against WPA is dictionary attacks against the sniffed authentication. If youre worried then change your password. Shut off your computers. Reboot the router. The activity light on the wireless shouldnt be blinking much.
Also note that sniffing a wifi connection is not like sniffing a wired connection. Wireshark or ettercap may do nothing at all. You might have better luck with tools specifically designed for wireless capture and analysis.
posted by damn dirty ape at 8:29 PM on September 3, 2007
Best answer: tool specifically designed for wireless capture and analysis == kismet
posted by philomathoholic at 11:59 PM on September 3, 2007
posted by philomathoholic at 11:59 PM on September 3, 2007
Best answer: A tool I use is Network Magic (free version). The network map shows everything connected to your network from print servers and other (known) computers to intruders that are not a known part of your network.
posted by worker_bee at 5:06 AM on September 4, 2007 [1 favorite]
posted by worker_bee at 5:06 AM on September 4, 2007 [1 favorite]
This thread is closed to new comments.
If you're particularly paranoid you could try a packet sniffer... wireshark(?) or something.
posted by tngrn at 4:44 PM on September 3, 2007