Re: tracking wireless activity

2005-10-25 Thread Jan Musil
I second that. I actually use the first 2 measures only at the  
moment. The

reason being that not broadcasting SSID prevents my powerbooks from
connecting automatically to the given network as soon as Airport is  
turned

on.

Is there a known way around this, like setting somewhre the name of  
the

network to connect to? I haven't found such an option yet.


In Tiger you can setup preferred networks, but in 10.4.1 it did not  
work well and since then I did not have time to experiment with it. I  
had the same problems with my PowerBooks - they were unable to find  
the network after I woke them up. You may try that and if it does not  
work continue to broadcast the SSID (as I still do), but I live in a  
house and even the closest neighbor does not see my network.


--

 Honza
 www.lesninoviny.com - Blog z lesu a haju Pennsylvanie
 (.mac: musiljan)  (ICQ: 134361915)  (Y!: musiljan)  (M: +1 610 570  
9349)






--
G-Books is sponsored by  and...

Small Dog Electronicshttp://www.smalldog.com  | Refurbished Drives |
-- Check our web site for refurbished PowerBooks  |  & CDRWs on Sale!  |

 Support Low End Mac 

G-Books list info:  
 --> AOL users, remove "mailto:";
Send list messages to:  
To unsubscribe, email:  
For digest mode, email: 
Subscription questions: 
Archive: 



---
iPod Accessories for Less
at 1-800-iPOD.COM
Fast Delivery, Low Price, Good Deal
www.1800ipod.com
---



Re: tracking wireless activity

2005-10-25 Thread Francesco sciacca
> 1. WEP or WPA protection on the network
> 2. MAC address filtering for WS network
> 3. Stop broadcasting your SSID to the world

I second that. I actually use the first 2 measures only at the moment. The
reason being that not broadcasting SSID prevents my powerbooks from
connecting automatically to the given network as soon as Airport is turned
on.

Is there a known way around this, like setting somewhre the name of the
network to connect to? I haven't found such an option yet.

cheers,
gianfranco

-- 
Telefonieren Sie schon oder sparen Sie noch?
NEU: GMX Phone_Flat http://www.gmx.net/de/go/telefonie

-- 
G-Books is sponsored by  and...

 Small Dog Electronicshttp://www.smalldog.com  | Refurbished Drives |
 -- Check our web site for refurbished PowerBooks  |  & CDRWs on Sale!  |

  Support Low End Mac 

G-Books list info:  
  --> AOL users, remove "mailto:";
Send list messages to:  
To unsubscribe, email:  
For digest mode, email: 
Subscription questions: 
Archive: 



---
iPod Accessories for Less
at 1-800-iPOD.COM
Fast Delivery, Low Price, Good Deal
www.1800ipod.com
---



Re: tracking wireless activity

2005-10-25 Thread Jan Musil




case I would suggest you to enable wireless security at least via  
WEP (although this is not very strong security it should keep  
people out for few days). You can also consider enabling MAC  
address filter (MAC address is unique ID of each network card -  
yes people can find




actually, a while ago I read of new software that did a predictive  
key hash or something, and the needed number of packets to decrypt  
the WEP went down from several hundred thousand to often just a few  
thousand or less; 5 min WEP cracks could occur.


I figure, with MAC filtering, at least if they clone your MAC,  
their bandwidth will be poor if you are online as well :)


Yeah that's right the WEP can be cracked fairly quickly (I believe  
that someone was able o crack it in less than 15 minutes of listening  
to traffic) if people assemble enough packets. I would suggest using  
WPA, but then the Wallstreet may not connect as I believe that WPA  
works only with Airport Extreme (at least I had some issues few years  
back connecting with 802.11B to WPA protected network). But maybe  
Apple already fixed that.


Best is to combine at least the three items many people listed here:

1. WEP or WPA protection on the network
2. MAC address filtering for WS network
3. Stop broadcasting your SSID to the world

You could consider monitoring IP addresses on your network from time  
to time to see if you keep people out.



--

 Honza
 www.lesninoviny.com - Blog z lesu a haju Pennsylvanie
 (.mac: musiljan)  (ICQ: 134361915)  (Y!: musiljan)  (M: +1 610 570  
9349)






--
G-Books is sponsored by  and...

Small Dog Electronicshttp://www.smalldog.com  | Refurbished Drives |
-- Check our web site for refurbished PowerBooks  |  & CDRWs on Sale!  |

 Support Low End Mac 

G-Books list info:  
 --> AOL users, remove "mailto:";
Send list messages to:  
To unsubscribe, email:  
For digest mode, email: 
Subscription questions: 
Archive: 



---
iPod Accessories for Less
at 1-800-iPOD.COM
Fast Delivery, Low Price, Good Deal
www.1800ipod.com
---



Re: tracking wireless activity

2005-10-24 Thread Brian McEwen


On Oct 24, 2005, at 4:48 PM, Jan Musil wrote:

case I would suggest you to enable wireless security at least via  
WEP (although this is not very strong security it should keep  
people out for few days). You can also consider enabling MAC  
address filter (MAC address is unique ID of each network card - yes  
people can find


actually, a while ago I read of new software that did a predictive  
key hash or something, and the needed number of packets to decrypt  
the WEP went down from several hundred thousand to often just a few  
thousand or less; 5 min WEP cracks could occur.


I figure, with MAC filtering, at least if they clone your MAC, their  
bandwidth will be poor if you are online as well :)


B


--
G-Books is sponsored by  and...

Small Dog Electronicshttp://www.smalldog.com  | Refurbished Drives |
-- Check our web site for refurbished PowerBooks  |  & CDRWs on Sale!  |

 Support Low End Mac 

G-Books list info:  
 --> AOL users, remove "mailto:";
Send list messages to:  
To unsubscribe, email:  
For digest mode, email: 
Subscription questions: 
Archive: 



---
iPod Accessories for Less
at 1-800-iPOD.COM
Fast Delivery, Low Price, Good Deal
www.1800ipod.com
---



Re: tracking wireless activity (wow)

2005-10-24 Thread Rick McCutcheon
Thank you to all of you who have replied (Bruce, Jan, Howard, Dan), 
sincerely -- the information you've given me is very clear, exactly 
what I was after and I will be able to follow-up on it over the next 
couple of days.  Wow -- what a resource this group is; may it live for 
a long time!  (Bruce -- in my case it'd be the RCMP and CSIS coming to 
knock on the door...)


Regards,
Rick


On 24-Oct-05, at 3:39 PM, Bruce Johnson wrote:



On Oct 24, 2005, at 12:57 PM, Rick McCutcheon wrote:


Greetings Mac Folks,

At home I notice that my DSL modem lights occasionally are flashing 
quite noticeably when neither my TiBook (Mercury/Panther) nor the 
9600 (400/9.1) ethernet connected desk top are on.  Both are routed 
through a motorola wireless router/ethernet hub.


We live in an apartment block.  I'm wondering if others in the 
building might be accessing the modem through the wireless router?  
I'm assuming that's very possible.  I'm curious to know, is there a 
way for me to check and see if that is the situation by looking at 
wireless activity while I'm hooked up with the TiBook (is this built 
into Panther, which I'm still very much learning, or do I need third 
party activity tracking software)?


Actually, you should be able to access this via the wireless router 
software, I'm unfamiliar with any Moto products, but in others you can 
access it and see what devices are attached. Find the airport id's of 
your own systems and you can see if any different ones are attached. 
For more detailed probing of your local network, you can use nmap 
 but that's a fairly geeky tool.


Would other devices like wireless phones possibly make the lights 
jump?


not on the DSL router. However, depending on how the local DSL network 
is set up you might be getting broadcast traffic to all the addresses, 
though that's more common on cable systems. In this case this is 
pretty much just network blah blah noise. To check this, simply unplug 
the wireless router from the dsl modem. If the flickering stops it's 
local traffic, if not it's blah blah.



How worried should I be, if at all.


Somewhat.


Are they getting a free ride?


Odds are 99+% that this is the case; perhaps not even a free ride. If 
your DSL service is particularly common in your building, it could 
well simply be another customer connecting automatically to your 
router instead of theirs. I've seen that happen a number of times. 
Still, this could spell trouble should the FBI or RIAA come 
a'-knocking...



Or worse?


Unlikely, but possible. Someone coming in through an unlocked access 
point or cracked WEP are on the 'inside' on your local network, which 
the router keeps private. Once there, all sorts of mischief could be 
done. Open file shares could be browsed, 'man-in-the-middle' IP 
snooping could be done, the gamut.


Is this level of hacking likely to be going on on your network? 
Unlikely.


Could they hack into it without passwords?  (Generally I assume 
virtually anything is possible...)


If the admin password of the router wasn't changed when you first set 
it up, very likely indeed. If you're using WEP authentication, it's 
reasonably easy to crack. Unfortunately your systems probably don't 
support WPA, a stronger encryption standard.


I've never noticed that anything untoward is happening with my 
computers.  The TiBook mostly stays at work, in any case.


I almost hate to ask this for fear of what I'll find out -- but 
better safe than sorry.


As I said, odds are likely 99% (or even 99.99%) someone in your 
apartment building is either going "woo hoo! free internet!" or thinks 
they're connecting to their own wireless router.


Steps can be taken to mitigate the problem:

1) Enable WEP encryption with a new password.
2) Make sure the admin password on the router has been changed, to 
something secure and hard to guess.
3) Most wireless access points allow you to limit the number of 
simultaneous connections and limit connections to specific MAC 
addresses. Set yours to 2 (or 1, if you don't use the desktop and the 
laptop simultaneously.) and set it to just allow the MAC addresses 
(Airport or Ethernet ID of your systems. depending if you're using the 
wireless or wired ports) of your systems to connect. Then if you try 
to get on, and can't you know someone's mooching, simply powercycle 
the wireless router to kick 'em off, and get on.


This will block the casual use and casual snoopers. It's not proof 
against a determined bad guy, but as I said, it's unlikely that this 
is the case.


--
Bruce Johnson

This is the sig who says 'Ni!'


--
G-Books is sponsored by  and...

Small Dog Electronicshttp://www.smalldog.com  | Refurbished Drives 
|
-- Check our web site for refurbished PowerBooks  |  & CDRWs on Sale!  
|


 Support Low End Mac 

G-Books list info:  
 --> AOL users, rem

Re: tracking wireless activity

2005-10-24 Thread Jan Musil

Hi Rick,

the best way to figure out if somebody is using your DSL without your  
permission is to check the number of IP addresses that your wireless  
router assigned to clients. You can do that on the router - you  
should be able to connect to its IP address via browser on http:// or  
https:// port. If there are more more addresses assigned than you  
have computers then it is clear that someone uses your badwidth. In  
any case I would suggest you to enable wireless security at least via  
WEP (although this is not very strong security it should keep people  
out for few days). You can also consider enabling MAC address filter  
(MAC address is unique ID of each network card - yes people can find  
ways to change their MAC address, but this is another level of  
protection of your network). If you enable the MAC address filter be  
sure to add any new equipment that you add later (new computer,  
network printer, etc. otherwise they will be unable to connect to  
your network). And lastly you can disable broadcast of the network  
SSID which should help hide your network (again this is only weak  
protection as people that already know your SSID are likel to connect  
wihout problems). You may need to change your SSID to something else  
before you disable SSID broadcast.


By the way securing your network is very good idea as you could be  
held responsible for what people do from your segment of the network  
- I hope your neighbors are no spammers or crackers... Not to scare you.


Hope this helps.


Best Regards, Jan



On Oct 24, 2005, at 3:57 PM, Rick McCutcheon wrote:


Greetings Mac Folks,

At home I notice that my DSL modem lights occasionally are flashing  
quite noticeably when neither my TiBook (Mercury/Panther) nor the  
9600 (400/9.1) ethernet connected desk top are on.  Both are routed  
through a motorola wireless router/ethernet hub.


We live in an apartment block.  I'm wondering if others in the  
building might be accessing the modem through the wireless router?   
I'm assuming that's very possible.  I'm curious to know, is there a  
way for me to check and see if that is the situation by looking at  
wireless activity while I'm hooked up with the TiBook (is this  
built into Panther, which I'm still very much learning, or do I  
need third party activity tracking software)?  Would other devices  
like wireless phones possibly make the lights jump?  How worried  
should I be, if at all.  Are they getting a free ride?  Or worse?   
Could they hack into it without passwords?  (Generally I assume  
virtually anything is possible...)  I've never noticed that  
anything untoward is happening with my computers.  The TiBook  
mostly stays at work, in any case.




--

 Honza
 www.lesninoviny.com - Blog z lesu a haju Pennsylvanie
 (.mac: musiljan)  (ICQ: 134361915)  (Y!: musiljan)  (M: +1 610 570  
9349)






--
G-Books is sponsored by  and...

Small Dog Electronicshttp://www.smalldog.com  | Refurbished Drives |
-- Check our web site for refurbished PowerBooks  |  & CDRWs on Sale!  |

 Support Low End Mac 

G-Books list info:  
 --> AOL users, remove "mailto:";
Send list messages to:  
To unsubscribe, email:  
For digest mode, email: 
Subscription questions: 
Archive: 



---
iPod Accessories for Less
at 1-800-iPOD.COM
Fast Delivery, Low Price, Good Deal
www.1800ipod.com
---



Re: tracking wireless activity

2005-10-24 Thread Bruce Johnson


On Oct 24, 2005, at 12:57 PM, Rick McCutcheon wrote:


Greetings Mac Folks,

At home I notice that my DSL modem lights occasionally are flashing  
quite noticeably when neither my TiBook (Mercury/Panther) nor the  
9600 (400/9.1) ethernet connected desk top are on.  Both are routed  
through a motorola wireless router/ethernet hub.


We live in an apartment block.  I'm wondering if others in the  
building might be accessing the modem through the wireless router?   
I'm assuming that's very possible.  I'm curious to know, is there a  
way for me to check and see if that is the situation by looking at  
wireless activity while I'm hooked up with the TiBook (is this  
built into Panther, which I'm still very much learning, or do I  
need third party activity tracking software)?


Actually, you should be able to access this via the wireless router  
software, I'm unfamiliar with any Moto products, but in others you  
can access it and see what devices are attached. Find the airport  
id's of your own systems and you can see if any different ones are  
attached. For more detailed probing of your local network, you can  
use nmap  but that's a fairly  
geeky tool.


Would other devices like wireless phones possibly make the lights  
jump?


not on the DSL router. However, depending on how the local DSL  
network is set up you might be getting broadcast traffic to all the  
addresses, though that's more common on cable systems. In this case  
this is pretty much just network blah blah noise. To check this,  
simply unplug the wireless router from the dsl modem. If the  
flickering stops it's local traffic, if not it's blah blah.



How worried should I be, if at all.


Somewhat.


Are they getting a free ride?


Odds are 99+% that this is the case; perhaps not even a free ride. If  
your DSL service is particularly common in your building, it could  
well simply be another customer connecting automatically to your  
router instead of theirs. I've seen that happen a number of times.  
Still, this could spell trouble should the FBI or RIAA come a'- 
knocking...



Or worse?


Unlikely, but possible. Someone coming in through an unlocked access  
point or cracked WEP are on the 'inside' on your local network, which  
the router keeps private. Once there, all sorts of mischief could be  
done. Open file shares could be browsed, 'man-in-the-middle' IP  
snooping could be done, the gamut.


Is this level of hacking likely to be going on on your network?  
Unlikely.


Could they hack into it without passwords?  (Generally I assume  
virtually anything is possible...)


If the admin password of the router wasn't changed when you first set  
it up, very likely indeed. If you're using WEP authentication, it's  
reasonably easy to crack. Unfortunately your systems probably don't  
support WPA, a stronger encryption standard.


I've never noticed that anything untoward is happening with my  
computers.  The TiBook mostly stays at work, in any case.


I almost hate to ask this for fear of what I'll find out -- but  
better safe than sorry.


As I said, odds are likely 99% (or even 99.99%) someone in your  
apartment building is either going "woo hoo! free internet!" or  
thinks they're connecting to their own wireless router.


Steps can be taken to mitigate the problem:

1) Enable WEP encryption with a new password.
2) Make sure the admin password on the router has been changed, to  
something secure and hard to guess.
3) Most wireless access points allow you to limit the number of  
simultaneous connections and limit connections to specific MAC  
addresses. Set yours to 2 (or 1, if you don't use the desktop and the  
laptop simultaneously.) and set it to just allow the MAC addresses  
(Airport or Ethernet ID of your systems. depending if you're using  
the wireless or wired ports) of your systems to connect. Then if you  
try to get on, and can't you know someone's mooching, simply  
powercycle the wireless router to kick 'em off, and get on.


This will block the casual use and casual snoopers. It's not proof  
against a determined bad guy, but as I said, it's unlikely that this  
is the case.


--
Bruce Johnson

This is the sig who says 'Ni!'


--
G-Books is sponsored by  and...

Small Dog Electronicshttp://www.smalldog.com  | Refurbished Drives |
-- Check our web site for refurbished PowerBooks  |  & CDRWs on Sale!  |

 Support Low End Mac 

G-Books list info:  
 --> AOL users, remove "mailto:";
Send list messages to:  
To unsubscribe, email:  
For digest mode, email: 
Subscription questions: 
Archive: 



---
iPod Accessories for Less
at 

Re: tracking wireless activity

2005-10-24 Thread darm0k

At 02:57 PM -0500 10/24/2005, Rick McCutcheon wrote:


At home I notice that my DSL modem lights occasionally are flashing 
quite noticeably when neither my TiBook (Mercury/Panther) nor the 
9600 (400/9.1) ethernet connected desk top are on.  Both are routed 
through a motorola wireless router/ethernet hub.


If it's inbound traffic, then it's one of two things:

a) ARP packets.  This is the protocol that the next router upstream 
from you uses to find you.  It's normal to see about 2 to 5% ARP 
traffic on DSL and Cable lines.  No big deal -- think of it as leaves 
falling on your roof.


b) Infected PCs hunting for more machines to infect.  This would be 
the Great Pumpkin rattling your doorknob.  In addition to the direct 
packets (pings, http, etc requests), these "scans" cause about 2/3 of 
the ARP traffic.


If it's outbound traffic, then...

We live in an apartment block.  I'm wondering if others in the 
building might be accessing the modem through the wireless router?


heck yea.  You're broadcasting "ip availability" to everyone!

If you don't want your neighbors to be able to use your service, turn 
on WEP or WPA encryption.


is there a way for me to check and see if that is the situation by 
looking at wireless activity while I'm hooked up with the TiBook


Routers always track who they're talking to.  They do this two ways: 
In its DHCP table, and in its route table.  At least the DHCP table, 
and probably also the route table should be viewable from the 
router's web interface.



Would other devices like wireless phones possibly make the lights jump?


yes.  There are 802.11 "IP Phones" available that can do this. 
They're currently a bit pricey tho.



How worried should I be, if at all.


Your xDSL contract probably says you cannot share the service beyond 
your own premisis.  So you're perhaps risking a "theft of services" 
charge from your telecom provider.


But more importantly, because it's your residential service, you 
could be held laible for whatever the other users are doing -- file 
trading or spamming etc.


HTH,
- Dan.

--
G-Books is sponsored by  and...

Small Dog Electronicshttp://www.smalldog.com  | Refurbished Drives |
-- Check our web site for refurbished PowerBooks  |  & CDRWs on Sale!  |

 Support Low End Mac 

G-Books list info:  
 --> AOL users, remove "mailto:";
Send list messages to:  
To unsubscribe, email:  
For digest mode, email: 
Subscription questions: 
Archive: 



---
iPod Accessories for Less
at 1-800-iPOD.COM
Fast Delivery, Low Price, Good Deal
www.1800ipod.com
---



Re: tracking wireless activity

2005-10-24 Thread Howard Katz
Sometimes "hits" from the internet will cause the lights to flash.  I
see this on my DSL router soemtimes when all computers are off. 
But---did you set your wireless router to privacy mode, so no one
other than you can use it?

LaterHoward

On 10/24/05, Rick McCutcheon <[EMAIL PROTECTED]> wrote:
> Greetings Mac Folks,
>
> At home I notice that my DSL modem lights occasionally are flashing
> quite noticeably when neither my TiBook (Mercury/Panther) nor the 9600
> (400/9.1) ethernet connected desk top are on.  Both are routed through
> a motorola wireless router/ethernet hub.
>
> We live in an apartment block.  I'm wondering if others in the building
> might be accessing the modem through the wireless router?  I'm assuming
> that's very possible.  I'm curious to know, is there a way for me to
> check and see if that is the situation by looking at wireless activity
> while I'm hooked up with the TiBook (is this built into Panther, which
> I'm still very much learning, or do I need third party activity
> tracking software)?  Would other devices like wireless phones possibly
> make the lights jump?  How worried should I be, if at all.  Are they
> getting a free ride?  Or worse?  Could they hack into it without
> passwords?  (Generally I assume virtually anything is possible...)
> I've never noticed that anything untoward is happening with my
> computers.  The TiBook mostly stays at work, in any case.
>
> I almost hate to ask this for fear of what I'll find out -- but better
> safe than sorry.
>
> Cheers,
> Rick
>
> --
> G-Books is sponsored by  and...
>
>  Small Dog Electronicshttp://www.smalldog.com  | Refurbished Drives |
>  -- Check our web site for refurbished PowerBooks  |  & CDRWs on Sale!  |
>
>   Support Low End Mac 
>
> G-Books list info:  
>   --> AOL users, remove "mailto:";
> Send list messages to:  
> To unsubscribe, email:  
> For digest mode, email: 
> Subscription questions: 
> Archive: 
>
>
>
> ---
> iPod Accessories for Less
> at 1-800-iPOD.COM
> Fast Delivery, Low Price, Good Deal
> www.1800ipod.com
> ---
>
>

--
G-Books is sponsored by  and...

 Small Dog Electronicshttp://www.smalldog.com  | Refurbished Drives |
 -- Check our web site for refurbished PowerBooks  |  & CDRWs on Sale!  |

  Support Low End Mac 

G-Books list info:  
  --> AOL users, remove "mailto:";
Send list messages to:  
To unsubscribe, email:  
For digest mode, email: 
Subscription questions: 
Archive: 



---
iPod Accessories for Less
at 1-800-iPOD.COM
Fast Delivery, Low Price, Good Deal
www.1800ipod.com
---