×
Search TQA Weekly
×
Log into your TQA Weekly

Wireless LAN Hacked?

Detecting and Removing the Intruder

Steve Smith explains how to detect an intruder on your wireless network manually and how to kick them off for good.

Episode #4-18 released on January 18, 2014

I recently went to fix a wireless LAN issue where a computer was unable to connect a new router because it was not compatible with the current technology. After a while the client explained that the reason they got a new router was because they believed their wireless LAN was compromised and being used by an intruder.

The company explained that with their router they could monitor the situation and detect when the intruder connected to the wireless connection. The company, also, expressed concern stating that his older router was less secure than their new one.

I used to own his older router, and it is in fact flash-able with other open source firmwares, and all routers can be made to be more secure. The question is, is the network actually compromised?

This is where this week's episode brings us all, how to determine an issue with wireless LANs, and how to properly deal with the situation.

How do we find out if our wireless LAN is compromised?

It may take a bit of work finding out which devices are entitled to accessing your router at any given time. Many devices access the internet, such as your Blu-ray player, game consoles, computers, tablets, laptops, phones, mp3 players, etc... You need to do an inventory of every connected device, and look for their MAC address. The MAC address is unique to every device, and you'll use this to identify known valid devices on your wireless LAN.

You now need to access your administration center of your wireless LAN. You must, also, access the list of active DHCP connections, and see which of the devices hardware address/MAC address, don't match.

Intruder has compromised our wireless LAN, what can the intruder do, and how much damage can occur?

If you find a MAC address that doesn't match, there is normally of revoke link that will kick them off the network, but this won't keep them off. This is because they already have the password to your network, and they only need to reconnect to your network to get a new lease. Now, what can the intruder do with this kind of access? They can bust your internet bandwidth limit, download illegal files under a connection you are responsible for, they can cause viral infections, access your personal share folders, and if the share folders are write-able, infect your computer with any virus they want.

What can be leveraged against your router?

Besides accessing your files, they can use programs like Firesheep to steal your online sessions, they can scan the network traffic and record everything, they can open the firewall up to viral infections, they can leverage UPNP against you, as well.

How do we boot off the intruder from the wireless LAN?

So, you found the intruder, what can you do? Revoke the lease from the list of DHCP connections, and then change the password to your router, consider taking note of their MAC address to block it using MAC address filtering, only use this to block all access to your network.

Is it possible to prevent future intrusions onto the wireless LAN?

Yes, it is certainly possible to make it harder for people to intrude onto your network. However, you need to use the all the tools accessible in your router to achieve this.

Consider using a hidden SSID. This won't block everyone, but amateurs won't be able to connect to you without the correct SSID.

Use MAC Address Filtering, you can block intruders with this, also known as black listing, however, you can, also, use it as a white list allowing only connections in the Network Filter.

Use a long complicated password made up of gibberish. The longer and more complicated, the less likely anyone will decode it.

Turn off UPNP and WPS. These two technologies are said to make your life simpler, and they do, but they, also, invoke large gaping holes in your security.

Is it illegal for an intruder to access open or encrypted wireless LAN connections without permission?

It many jurisdictions it is illegal to connect to a wireless LAN in which you do not have any explicit consent from operator of the wireless LAN, even if the connect is unencrypted. For this reason, at least in the USA, Canada, and other countries with laws against this crime, you can advice your ISP and your local police of the crime. Many individuals have been fined severely, and you can often sue them for an additional costs incurred by them. Filing a police report, also, has the added benefit of immunizing your from any legal action pertaining to the illegal downloads done on your connection, provided you submit the police report to the court when you are asked to appear in court for this kind of crime.

If you wish to be really secure, use WPA2 or better as your security type for connecting to your wireless LAN, and never use WEP or leave unencrypted.

Host : Steve Smith | Music : Jonny Lee Hart | Editor : Steve Smith | Producer : Zed Axis Productions