By now wireless networks are virtually everywhere, easily accessible and often freely available. Most of us have it in our home, surfing the web anywhere inside and outside the house, reading mails in bed first thing in the morning, or listening to streaming music in the kitchen while doing the dishes.
The image to the left was graciously provided byvia stock.xchng VI.
But is your wireless network safe? Did you take all the commonly recommended precautions? Did you…
- change the default router password?
- change the default IP subnet?
- disable remote router access?
- change the default SSID?
- disable SSID broadcasting?
- turn on the router firewall?
- enable data encryption, preferably WPA/TKIP?
- enable MAC filtering?
Did you or is this all Greek to you? Net-Security.org has a pretty good article explaining all relevant terminology and why it’s important to take the aforementioned steps.
Now if you did follow all of the advice, is your wireless network safe? Probably not. Even the strongest encryption can be hacked, every firewall has a hole and if someone really wants to break in, they will find a way. It’s not very likely, but it’s still possible.
What remains to be done is monitor your wireless network for suspicious activity. If you don’t find your router’s built in MAC address login and protocols convenient to use, here’s an alternative. AirSnare is a thorough network monitor for both wired and wireless networks from Windows 98 up to Windows XP. It will detect all active MAC addresses and monitor their activity. Warnings will be issued if unknown / unfriendly MAC addresses are detected.
However, before you go ahead and download AirSnare, you should be aware of a few potential issues:
- it was last updated in 2006
- it may not support all network cards
- it may cause problems with Windows 2k
- it only works with WinPcap 3.1 (new version 4.0)
- the support forum seems broken
Nevertheless, AirSnare can be a valuable tool. The main window shows three major categories on the left: Network Adapters, Unfriendly MAC Addresses and Friendly MAC Addresses. To start monitoring your network connections, double click the respective network adapter(s) or right-click and select >Start. Then watch for detection of unfriendly MAC addresses. You can manually add friendly MAC addresses by right-clicking the category and selecting >Add New or you right-click on a MAC address reported as unfriendly and select >Add to Trusted.
AirSnare optionally scans for MAC, TCP and UPD traffic, and you can track connections via the AirSnare or Ethereal protocols. DHCP requests can be shown in a separate window. Per default there is an audio alarm when potential unauthorized actions, routers, ARP Poisons, MAC Spoofs or Gateway connections are found. The audio alarm can be turned off via >Options menu >General tab >Alert section >remove checkmark infront of Play WAV Alert Sound.
The AirHorn option is a cool idea, but as of Windows XP SP2 won’t work, if the windows firewall is on and the messenger service is turned off on the receiving machine. I couldn’t get the >Send E-mail on alert option to work either.
So what do you do when you detect a questionable MAC address? If there is suspicious activity on your wireless network, you best change your network key, exclude the MAC address via your router, and eventually change your IP subnet. If the activity comes in via the wired network, you should also increase your local security, scan your system for malware, update your firewall, and lock up your network as best as you can.
How do you keep your wireless network safe? What tools are you using and what’s your experience with them? Do you know of a better, free alternative to AirSnare? Please share and leave a comment!