Who'S On My Wifi - Software

[urandom]

mac filtering and hidden essid are a waste of time. as stated earlier, use wpa2 and some strong ASCII password like you can find here for example:

https://www.grc.com/passwords.htm

[surayu]

But I guess you've never checked what they actually record? That little box with flashing lights can log (rotating) at most can store few megabytes of largely worthless information,

Well, better you start purchasing some better hardwares then

I did check what my machines are doing, and i also decided to extend by a bit their capabilities too....

What you propose is leaving your house doors open at night because you've recognized the danger that you might get robbed with locks anyway, so screw any

precautions

I still fail to see what did they rob from me, i mean, i have been doing this for years now, problems so far = 0 (zero)

Or if you live in ignorance, then live in greed too, dont run an open WIFI because it can make things slow for you..

Are we here maybe ignoring that you might be selling some security packages of some sort??? if you do, i am sorry but i am not interested, any decent router worth of his name will show you if any connections is using more bandwitch than it should and enable you to fix that with a couple of clicks, unfortunately you can't cure greeds (the me-me-me-only me syndrome) with the same ease....

[Tywais]

Why secure it: Note 3. of the first list. Being in Thailand this could be a very

significant issue if someone piggybacks your IP to do something that falls into

the LM laws. Also, the Computer Crime Act has a variety of potential holes

you could fall into by allowing it even unintentionally. It's a bit naive to think

'they' have to prove anything.

----------------------------------------------------------------------

1. Ensure only authorised people can use the Internet services you have paid for

An unsecured access point allows someone to connect to your wireless

network and use your bandwidth. Depending on the type of account you hold

with your ISP, this could mean you are able to download less content per

month than you have paid for; your connection will be slower as it is shared

with other unauthorised users; and/or your bandwidth might be ‘shaped’ due to

exceeding your download quota; or if you have a plan which requires you to

pay for bandwidth beyond a certain quota, you may find yourself with an

unexpectedly large ISP bill.

2. Protect your data confidentiality and privacy

With the right tools, it is relatively easy for someone within range4 of your

unsecured wireless access point to see your Internet traffic and read what you

do online. Failure to use encryption potentially allows people to read your email

messages sent and received via email software on your computer and access

your email account username and password. It may allow people to see what

web sites you visit and the content of those pages (except where web sites use

HTTPS).

3. Prevent unauthorised people from using your Internet access for criminal

purposes

Unauthorised users who connect to the Internet via your wireless connection,

may undertake some illegal activity. If that activity is detected and investigated

it will lead investigators to the owner of the IP address allocated to you by your

ISP. This could mean you become liable for criminal actions that occur from

computers that use your Internet connection, even when you did not authorise

the activity or were not aware the connection had occurred.

Source - .pdf file

The downside of a wireless network is that, unless you take certain precautions, anyone with a wireless-ready computer can use your network. That means your neighbors, or even hackers lurking nearby, could “piggyback” on your network, or even access the information on your computer. And if an unauthorized person uses your network to commit a crime or send spam, the activity can be traced back to your account.

Source - FTC

• Service violations: You may exceed the number of connections permitted by your internet service provider.
  
• Bandwidth shortages: Users piggybacking on your internet connection might use up your bandwidth and slow your connection.
  
• Abuse by malicious users: Users piggybacking on your internet connection might engage in illegal activity that will be traced to you.
  
• Monitoring of your activity: Malicious users may be able to monitor your internet activity and steal passwords and other sensitive information.
  
• Direct attack on your computer: Malicious users may be able to access files on your computer, install spyware and other malicious programs, or take control of your computer.
  

Source - US Cert .pdf

[surayu]

It's a bit naive to think

'they' have to prove anything.

That's the common rule in Thailand, now the topic is the internet however it could be applied to everything, we take the risk, if it's not illegal and can improve other people lifes, for me it is worthed to fight for it, i don't want to live in a society where everybody think only about himself, what kind of world is that?

[Baloo22]

mac filtering and hidden essid are a waste of time. as stated earlier, use wpa2 and some strong ASCII password like you can find here for example:

https://www.grc.com/passwords.htm

I will differ with you on this. MAC filters and disabling broadcasting of the SSID are not a waste of time. It is not a matter of having one "golden" lock but rather a number of security measures in place. You do not lock your car and your house to make them impenetrable. There is no such thing. You make it so that the thief passes by your car or house and goes for the easier, unlocked car/house. The more obstructions that you can put up against unauthorized connections, the less likely that they will happen.

First, if you don’t need to use wireless, DON’T! Use a wired connection if possible. It is inherently more secure (it doesn’t send data over the air) and it is much faster than wireless. Only go wireless if you have multiple computers in multiple locations around the house or if you need to move around with your computer. For Example; At one time, my household had multiple people/multiple notebook computers. Then I used wireless. Then, for a six month period, there was only one computer, mine, and I used it right next to the router. I connected with LAN cable and disabled the router’s wireless activity. I even ran cable to my AppleTV so I would not need wireless for that. Hackers can’t hack what isn’t on. And wired connections are much faster.

Here is what I do for the wireless when I use it in my household back home: (most modern wireless routers will allow you to do these things)

1--Disable the broadcasting of your SSID (the BM that advised to do it after you have setup and tested your connections is on the mark)

2--Use the MAC filter to limit the connections to ONLY those computers that you specify. The wireless “card”, or device, on your computer(s) have a unique number known as a MAC or “hardware’’ address. That is the address(s) that you enter into your router’s MAC filter.

3--Limit the number of IP addresses that your router can hand out to the number of computers that you will have connecting.

4--Use WPA2 security and a strong password. A password produced by the website you referenced would be good. (this password is entered in the router and also the computers to connect)

Could someone still get in given enough time and resources? Sure. But it will be more likely that they will pass me by and go for the next house with the unsecured system.

[surayu]

And one more observation, as you know there are gazyllions of internet cafes where you can just start using the internet with nobody knowing anything about you at all, so how comes NOBODY is asking for your passport?? aren't they afraid to be prosecuted because of a potential crime you could do by using their internet connection?

I can't recall of anyone being arrested because of this, can you???

Another case of a storm in a tea cup

[astral]

...........

The MAC address can be spoofed.

Yes but you have to know what value will be accepted , and that is not so easy.

The standard value for most routers is 00:00:00:00:00:00, so it's wise to change that a More difficult value (Only numbers (0-9) and letters (A-F) accepted)

I think you have missed the point.

The router's MAC address is irrelevant!!

If the router is set to block all except "äuthorised" MAC addresses

then no-one can break in, unless they know one of those addresses

Not an uncommon approach on secure commercial networks.

[MJCM]

I think you have missed the point.

The router's MAC address is irrelevant!!

If the router is set to block all except "äuthorised" MAC addresses

then no-one can break in, unless they know one of those addresses

Not an uncommon approach on secure commercial networks.

Astral I made a Mistake in that post. Thaimite pointed that out already.

Read here:

http://www.thaivisa....25#entry5226849

It should read "the standard value in the mac address filter for most routers is 00:00:00:00:00:00".

Edited April 19, 2012 by astral

[Crushdepth]

Thanks all for your replies.

This is a bit of a learning project for me rather than being paranoid, just trying to keep up with the ever moving advance of technology.

I am using WPA2 encryption so sounds as if I'm pretty well secured.

Will have a look at the MAC address thing and have a play around with that, also the SSID filtering.

I am trying the free Nirsoft program which does the job but does not have the automatic scans but useful for checking who is logged on or if I see someone with a laptop lurking outside the window.

:-)

Honestly just use the WPA encryption with a strong random key and forget about it. Currently considered bulletproof if the key is strong. But do not use a lame password as the key or you are wasting your time.

Mac filtering is easy to circumvent, as the addresses are revealed whenever an authorised computer associates with the access point. Just need to listen for a while.

[4evermaat]

.......

Dont run an unsecure WIFI network you greatly enhance any risk. If you are a restaurant or bar then at least WPA it and change the password daily, if sufficiently large approach a vendor that provide gateway equipment that will allow you to issue unique username/password for access (e.g. bangkok airways, big hotels etc..)

.........

I've seen a few small businesses with this type of setup for logging into the wifi. Is it possible to get free or paid gateway software? It appears to be secure and you can also assign time to it as well, so you can limit the login to one-time use or expire after xx hours.

It's a bit naive to think

'they' have to prove anything.

That's the common rule in Thailand, now the topic is the internet however it could be applied to everything, we take the risk, if it's not illegal and can improve other people lifes, for me it is worthed to fight for it, i don't want to live in a society where everybody think only about himself, what kind of world is that?

Reminds me of the days when you could leave your doors unlocked. There were times where I left my car door unlocked (if there was nothing it it). In thailand, I haven't seen that type of mentality. I've seen people give away produce (coconuts, mangos, papayas, etc), but they tend to lock sheds or doors that hold important items. I guess to each their own. It's still a good idea to ask the owner or landlord just to be on the safe side. Despite the fact that there are dedicated internet shops/wifi hotspots in just about every town large or small, if somebody really wants to use your specific internet connection, they need only do the same thing they would do if they needed to use the toilet or anything else on the property: ask . Taking some basic security measures are not unreasonable, especially if the internet is important for your livelihood.

But yes, there are people with wifi sniffers and all they have to do is guess the correct password. Or they can reset your modem to factory settings or change admin settings undetected by logging into the admin panel; surprised no one mentioned that one. Anyway, that can easily be solved by changing the default router administation login/password. Make sure you do not forget it, although there is a manual "reset [to factory default]" button on the router itself.

[surayu]

if somebody really wants to use your specific internet connection, they need only do the same thing they would do if they needed to use the toilet or anything else on the property: ask . Taking some basic security measures are not unreasonable, especially if the internet is important for your livelihood.

How can giving out a password, for example, to any of your random customers, protect the owner of a restaurant/cafe, etc?? or you guys have in place some of the more secured place on this planet, as checking their ID and perhaps taking finger prints and an eye scan to each one of them, or there is something i am not understanding here

When someone connect to your wi-fi, their machine it's in fact asking to your machine to lease them an ip address, if this can make someone feel better, if you would like anything else to it, as requesting the user to agree a Terms of Service Policy, to register in person or a few songs and a dance before you give them this new aquired power to browse the internet at their will, it's entirely up to you, maybe a button with the writing "Thank you" that they have to click before they get connected might make you happy

I just modelled my own connection by thinking how i would like to have it if i was on the other side, always keeping in mind what could potentially go wrong.

Personally when i am in a shopping center for example, and there are maybe 10-15 connections all asking for money, i am just disgusted by it, but that's just how i feel...

[nikster]

My take on this is: If you have an open network, the occasional freeloader will come by and leech off of you - wouldn't be a problem except for the Thai laws, so you have to protect your network.

Use WPA2 with any* kind of password and you're fine. Nobody is going to sit in front of your house guessing passwords. Nobody is going to run a password cracker on your network. While these things are possible, they are highly unlikely. Getting hit by lightning should be more of a worry. Not to mention a bus.