The other thread (about security and MACs and sniffers and etc) got me
thinking.

I can be working on my laptop and notice my wireless connection will go from
excellent to low to good... and I'm not moving, and the antenna hasn't
moved.

Does this mean that someone is connecting and sucking up my bandwidth?

I'm considering getting some high-powered intrusion detection tools... not
that free stuff. Or, would I just be wasting $$$ ???



--
Servatis a periculum...
Servatis a maleficum...
http://dwacon.blogspot.com

dwacon wrote:
> The other thread (about security and MACs and sniffers and etc) got me
> thinking.
>
> I can be working on my laptop and notice my wireless connection will
> go from excellent to low to good... and I'm not moving, and the
> antenna hasn't moved.
>
> Does this mean that someone is connecting and sucking up my bandwidth?
>
> I'm considering getting some high-powered intrusion detection
> tools... not that free stuff. Or, would I just be wasting $$$ ???

What type of wap do you have? I replaced a G with an N and it does the cycle
from excellent to low and back....

On Dec 30, 4:58 pm, "dwacon" <aunt.jem...@pancake.box> wrote:
> The other thread (about security and MACs and sniffers and etc) got me
> thinking.
>
> I can be working on my laptop and notice my wireless connection will go from
> excellent to low to good... and I'm not moving, and the antenna hasn't
> moved.
>
> Does this mean that someone is connecting and sucking up my bandwidth?
>
> I'm considering getting some high-powered intrusion detection tools... not
> that free stuff. Or, would I just be wasting $$$ ???
>
> --
> Servatis a periculum...
> Servatis a maleficum...http://dwacon.blogspot.com

You could set up kismet and sniff your channel. [Turn off hopping.]
An old notebook computer with wifi card would do the trick. If you are
running linux, I suppose you could add a wifi dongle just for
monitoring purposes, but I think a notebook off in the corner would be
better.

With kismet, you may find there are other users of your channel that
don't show up in the site survey. That is, they do no broadcast their
SSID.

"dwacon" <aunt.jemima@pancake.box> hath wroth:

>The other thread (about security and MACs and sniffers and etc) got me
>thinking.

Ummm... I never stop thinking. I can't even stop thinking if I try to
stop thinking. How do you start and stop thinkin? What's your
secret?

>I can be working on my laptop and notice my wireless connection will go from
>excellent to low to good... and I'm not moving, and the antenna hasn't
>moved.

Yep. You're not moving and neigher is the router. However, all the
other junk in the house is moving around. Reflections and multipath
are a fact of life in wireless. They come, go, move, change, and
drive me nuts. Depending on modulation scheme, such frequency
selective fading can have a big effect on signal strength.

>Does this mean that someone is connecting and sucking up my bandwidth?

Umm... Bandwidth isn't something that you pour out of a glass and
consume. Nobody is going to deplete your bandwidth without your
knowledge. Just watch the flashing lights on your unspecified model
wireless router. When they're furiously flashing, there's somone on
your system. If you have WPA or WPA2 encryption running with a
decent encryption key, I wouldn't worry about someone breaking in.

>I'm considering getting some high-powered intrusion detection tools... not
>that free stuff. Or, would I just be wasting $$$ ???

Sigh. I have no idea what you're trying to protect or why you
apparently consider WPA encryption to be insufficient. I've used IDS
(intrusion detection systems) such as Snort for trapping evil bad
guys. I think my false alarm rate was something like 100 false alarms
to every valid attack. Most of the attacks were just scripted probes.
If you're still interested in buring money, methinks you should read a
bit on IDS system configuration and operation. Otherwise, use WPA or
WPA2, or perhaps setup a VPN, and be done with it.



--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

"Jeff Liebermann" <jeffl@cruzio.com> wrote in message
news:va6hn392l048t6nfblm7qc0kohpv5i29br@4ax.com...
> "dwacon" <aunt.jemima@pancake.box> hath wroth:
>
>>The other thread (about security and MACs and sniffers and etc) got me
>>thinking.
>
> Ummm... I never stop thinking. I can't even stop thinking if I try to
> stop thinking. How do you start and stop thinkin? What's your
> secret?
>
>>I can be working on my laptop and notice my wireless connection will go
>>from
>>excellent to low to good... and I'm not moving, and the antenna hasn't
>>moved.
>
> Yep. You're not moving and neigher is the router. However, all the
> other junk in the house is moving around. Reflections and multipath
> are a fact of life in wireless. They come, go, move, change, and
> drive me nuts. Depending on modulation scheme, such frequency
> selective fading can have a big effect on signal strength.
>
>>Does this mean that someone is connecting and sucking up my bandwidth?
>
> Umm... Bandwidth isn't something that you pour out of a glass and
> consume. Nobody is going to deplete your bandwidth without your
> knowledge. Just watch the flashing lights on your unspecified model
> wireless router. When they're furiously flashing, there's somone on
> your system. If you have WPA or WPA2 encryption running with a
> decent encryption key, I wouldn't worry about someone breaking in.
>
>>I'm considering getting some high-powered intrusion detection tools... not
>>that free stuff. Or, would I just be wasting $$$ ???
>
> Sigh. I have no idea what you're trying to protect or why you
> apparently consider WPA encryption to be insufficient. I've used IDS
> (intrusion detection systems) such as Snort for trapping evil bad
> guys. I think my false alarm rate was something like 100 false alarms
> to every valid attack. Most of the attacks were just scripted probes.
> If you're still interested in buring money, methinks you should read a
> bit on IDS system configuration and operation. Otherwise, use WPA or
> WPA2, or perhaps setup a VPN, and be done with it.


Maybe I'll go to school and get a CISSP...


--
I made magic once. Now, the sofa is gone.
http://dwacon.blogspot.com

"dwacon" <aunt.jemima@pancake.box> hath wroth:

>Maybe I'll go to school and get a CISSP...

I can see it now.... You catch a hacker and threaten them with your
CISSP certificate? I don't think that will help much.

Kinda reminds me of a friend that foiled a mugging by simulating a
martial arts stance, and announcing to the attacker "I know Origami".
It worked once, but I'm not sure it would work on a better educated
mugger. Maybe if you wear a reduced size copy of your CISSP
certificate around your neck or silk screened on your jacket?

--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

"Jeff Liebermann" <jeffl@cruzio.com> wrote in message
news:oh5jn3pdanneml3fodtec1gbrq7og3vvs9@4ax.com...
> "dwacon" <aunt.jemima@pancake.box> hath wroth:
>
>>Maybe I'll go to school and get a CISSP...
>
> I can see it now.... You catch a hacker and threaten them with your
> CISSP certificate? I don't think that will help much.
>
> Kinda reminds me of a friend that foiled a mugging by simulating a
> martial arts stance, and announcing to the attacker "I know Origami".
> It worked once, but I'm not sure it would work on a better educated
> mugger. Maybe if you wear a reduced size copy of your CISSP
> certificate around your neck or silk screened on your jacket?


Forgot to add my <SARCASM> </SARCASM> tags...


--
the basement belongs to the water bugs
http://dwacon.blogspot.com