GRRRR Some one downloading on my WEP connection

[b0redom]

Turn off DHCP, turn on MAC filtering, turn off SSID broadcast.

I can't be bothered with setting up WEP and/or WPA, and I've found that this is the best compromise.

[dangel]

One of my neighbours has a talktalk connection which has no encryption AT ALL.
Shocking, but I'm guessing talktalk ship their routers like that.

[peterb]

I trust you have now changed the WEP key/gone to WPA???

[Jay]

I have changed the WEP key to a nighmare 26 upper and lower case key, hidden the SSD, mac filtering and removed DHCP.

What is the best WRT firmware to create a captive portal?

Legally, where do I stand if this guy has torrent the hell out of my connection for the last 6+ months?

[siuron]

best way to protect your wireless connection (not to coporate levels)

no matter how many characters u using for WEP, its too easily crackable.

1) WPA(atleast) some do have WPA2.
2) change the default password (username too if possible) for your router (as its pointless what u configured can be disabled if they can get in the router)
3) disable DHCP or limit the IP range and assign static ip(both router+pc)
4) possibly hide the SSID if u wish (so no one can see your router)
5) and MAC address if u wish.

[peterb]

Legally, where do I stand if this guy has torrent the hell out of my connection for the last 6+ months?

I suppose technically it is theft - but proving it would be difficult. If you have the logs and they show the MAC address of the connected computer, then you might have a case, but unless he has been downloading copyright or illegal material, I don't know how much interest the police would have. The High Tech crime units are pretty busy investigating major crimes. It might be worth reporting it though just in case you get into the scenario below.

Where do you stand if he HAS been downloading illegal stuff stuff? (Terrorism, child pornography and the like) I would think that you are liable for use made of your connection - however the crime is possession, so while you have a reasonable explanation of what and how it happened (again backed up by logs), following seizure and assumoing that the subsequent forensic examination of your computer revealed nothing untoward, you would probably be OK.

You should note that even if the SSID is cloaked, it is a trivial exercise (using the appropriate packages) to get the AP to transmit the SSID. Linking IP address to MAC address is worthwhile though, because although MAC addresses can be spoofed, the spoofer still needs a valid MAC address on youur system linked to the IP address. MAC adresses are 48 bits long spo there are 2^48 combinations for a spoofer to try. (Actually less than that because the initial bits are linked to a mfr ID). But whatever yiou measures yiou take, you want to make it more worthwhile for a cracker to find an easier target than to spend time cracking yours. (The only exception might be in A University Hall with Computer Science students who relish the challenge...or you are being specifically targeted - but an oportunist is more likely to give up and find an easier target.)

The most secure ways of using wirelerss is to set up a radious server and have a frequently changing key, or set up a VPN tunnel over the link between the remote connecting machine and the rest of the network. If you use wpa, you should still change the keys on a regular basis.

If you cannot use WPA because some of the clients don't support it) and you have to use WEP, then yoiu should use the longest key available, and again change it regularly - how often depends on the level of traffic - it is being used heavily, daily changing would be appropriate - but if you have a lot of clients, that is a nightmare without some sort of key server.

Finally, do check the configuration carefully - some APs allow unsecured connections even though WEP or WPA is enabled. The theory being that WEP encrypts the link to protect against eavesdropping - it is not an authentication mechanism and so clients may be permitted to connect in clear and only use encryption at their option.

[funkymunky]

Please don't be under any impression that hiding the SSID is a good idea.If the SSID is being broadcast in a beacon the client sees the SSID and knows that's the access point it needs to connect to and starts the connection. If the SSID isn't being broadcast then the client just sees a beacon without an SSID in it. It then has to probe the access point saying are you the access point for network X. An attacker could be listening for these and then just reply yes and try to initiate a connection - if succesful it's performing a man in the middle attack and all the client's traffic will be passing through the attacker.

[Zak33]

turn off Wireless for a few weeks? Use a Cat5 cable

[Moby-Dick]

MAC addresses can be spoofed, the spoofer still needs a valid MAC address on youur system linked to the IP address.

If you have clients using the connection , then finding a valid MAC isn't rocket science

[Sinizter]

I would think that you are liable for use made of your connection

Thats a German law not proven in UK courts - if some of the torrent news sites are to be believed. I am quite I saw it somewhere else too.

In the UK you do not need to supervise other adults using your internet connection. The law here becomes very murky with regard to shared computers and liability. But it should still be the person who performed the act, not the owner of the computer or the owner of the internet connection who is responsible.

I dont think the its an IP address and might not have been mine defence has been tested in UK waters either.

[[GSV]Trig]

What kinda stuff could this guy use to hack into your network, I've got 2 AP's at home (well one here at mine n one next door for mum n dad) and I've always wondered just how secure it is...
I suppose if someone wants to get in then theres not a massive amount to stop them..

WEP 128bit.
Mac Filtering
No DHCP

[Moby-Dick]

Now that would be telling

sadly 128 bit WEp can be cracked , it just takes a little longer to collect the packets , but you do need to be able to sniff active connections. WPA is still crackable , but harder.

in an ideal world , the wireless segment of a network should be seperate from the private network , but thats unlikly to happen in domestic scenarios.

[peterb]

Thats a German law not proven in UK courts - if some of the torrent news sites are to be believed. I am quite I saw it somewhere else too.

In the UK you do not need to supervise other adults using your internet connection. The law here becomes very murky with regard to shared computers and liability. But it should still be the person who performed the act, not the owner of the computer or the owner of the internet connection who is responsible.

I dont think the its an IP address and might not have been mine defence has been tested in UK waters either.

You may well be right (I'm not a lawyer) but if illegal activity is traced to an IP address, it is a short step to obtain a court order to get the owner or user of the IP address at the time the illegal activity took placed, and the next action will be to seize the computer(s) of the person involved and the registered user of that IP address. In the case of illegal images, the offence is posession and viewing, so the search will be to determine what is on the machines and what the machines have been used to access. You may be innocent, but by that time that has been established, you will probably have been arrested, DNA sampled, and suffered massive inconvenience, to say nothing of the potential damage to your reputation.

Now that would be telling

sadly 128 bit WEp can be cracked , it just takes a little longer to collect the packets , but you do need to be able to sniff active connections. WPA is still crackable , but harder.

in an ideal world , the wireless segment of a network should be seperate from the private network , but thats unlikly to happen in domestic scenarios.

The Draytek 2800 does allow that - a wireless user can be configured so they don't have access to the LAN - but that is of course no help in the above scenario where the hacker is accessing the internet.

WEP and similar encryption techniques are primarily a privacy tool to protect the link from eavesdropping. not an authentication mechanism to validate a particular user.

[Jay]

Well there is no proof he used it for anything other than browsing and I don't want this to get blown out of proportion. I will change the key every week fom now on and also keep an eye on the router to see what its up to.

thanks for you help on this one.

[Moby-Dick]

WEP and similar encryption techniques are primarily a privacy tool to protect the link from eavesdropping. not an authentication mechanism to validate a particular user.

Very true - and thats a handy thing with the draytek - I think the buffalo kit used to do that too. Will the draytek support something like RADIUS based authentication ?

[peterb]

Well there is no proof he used it for anything other than browsing and I don't want this to get blown out of proportion. I will change the key every week fom now on and also keep an eye on the router to see what its up to.

thanks for you help on this one.

Indded not - and as with most security questions - it comes down to risk assessment. However I mentioned the Radius server solution earlier - one that I have never implemented or considered in depth myself, but this thread has got me thinking about it again.

As a start, you might find this link interesting - the content is rolling off my printer as I type, so I haven't given it any more than a cursory look.

However the solution suggested is open source... And also note that this specifically addresses the user authentication aspects of the wireless link, rather than the encryption/privacy aspects.

Installing and Operating a RADIUS Server

It also appears to be a 'work in progress' but is still a useful starting point.