I guess by now we all have heard a lot about this, I took the liberty of physically demonstrating it to myself to grasp the actual extent of this issue. I was only alarmed to this after noticing my networking becoming slow and when even it’s obvious no pc are running but the router data light keeps blinking.
Fig 1: Searching for WIFI targets
The results were shocking I managed to hack my network three times under different passwords, all under 2 minutes duration, the scripts are getting easier and readily available through the internet and the fun just begun.
I immediately understood what was going on and for the fun of it I dearly wanted to know how many devices were connected to my network by checking the IP addresses and also to track that user mac address.
Fig 2: Running AutoScan Network 1.26
The auto scan above revealed more than what I intended to know with the other help of Snort and WireShark, I have intentionally hidden some data above for privacy issues. I managed to get the culprit mac address, other than just using my net I quickly notice most of the data being transferred I could easily intercept and the fact that he or she didn’t even go to the extent of hiding the mac address I saw no harm nor threat imposed by the individual rather than just surfing the net.
Fig 3: Enabling the system log from the network router
Fig 4: Enabling the MAC filter from the network router
(I have intentionally hidden some data above for privacy reasons)
Fig 5: Retrieving MAC addresses from Windows
Run “ipconfig /all” if you are running windows , to get the MAC addresses for the devices in your PC.
Fig 6: Retrieving MAC addresses from Linux
Run “ifconfig -a” under linux, to get the MAC addresses for the devices in your PC.
I guess by now we all know that the best security to date is WPA2 but for the likes of those whom are using old routers that doesn’t support this feature. There are other options that they can use.
Hide your SSID so that it is not visible
Try to make your password meaningless and as long as possible with the mixture of letters, number and symbols, this will only slow the process but not entirely a solid solution
Enable MAC filter, only allow the devices that you specify to connect.
Enable a system log, to watch on the activity going through your router
Scan your network time to time to gather useful feed back.
I am currently on all the above and more, my system is on a dual boot with BackTrack 5 the leading Penetration Testing Distribution.