The amount of people that do not have a password on their wireless internet connection is unreal, but how do you know if someone has accessed their internet connection with another computer?
Would there be any signs to look for?
plus, is there any way of finding out if someone has tried to connect by attempting to hack into a password secured wireless connection?
If a neighbour is piggybacking, would the IP address be the same as the unsuspecting victim?
Thanks
If someone else has accessed a router, you can examine the router to see for example what leases there are in the DHCP pool, but using a static IP gets around this, and mac's can be cloned.
When you "hack into" a secured connection you dont do some dodgy film related stuff with a progress bar, you steal some packets (silently) and then you wander off and do the attack offline, when you come back, you have the password and look utterly legit.
IP addresses would vary depending on where you are in the connection, their IP on the wlan would be different, but their IP on the internet would be the same, because your ip on the internet is actually the ip of your router performing NAT.
When you "hack into" a secured connection you dont do some dodgy film related stuff with a progress bar, you steal some packets (silently) and then you wander off and do the attack offline, when you come back, you have the password and look utterly legit.
S'about 10 minutes for WEP actually, I tend to do it online. ( Although I don't, I agree, have a progress bar … ) 😉
Listening to the WiFi radio cannot be tracked easily (but it, technically can be done).
Transmitting (including getting an IP) can be tracked through a good logging solution at the WiFi AP.
plus, is there any way of finding out if someone has tried to connect by attempting to hack into a password secured wireless connection?
If a neighbour is piggybacking, would the IP address be the same as the unsuspecting victim?
Thanks
To external parties (the rest of theinternet) the ip address of the piggybacker will be the same as that of the owner of the wifi network, because most routers use NAT. His internal IP address will most likely be different.
Sometimes you'll find useragents in logfiles of visited/hacked websites that are totally different than the systems at the wifi location (Win-firefox vs OSX-safari, for example). It isn't hard evidence (UA's can be spoofed, laptops involved), but it can be an indicator of something fishy.
Theoretically the AP or router (or DHCP server, if there is one) should be able to log the MAC address of the offender, but I've never heard of a case where they actually found it.
More often, it's witnesses saying stuff like "yeah, that guy in the white VW was sitting here for an hour, with his pants down, staring at his laptop" 😉
If there's any traces on his laptop, like wifi useage (regripper!), maybe the witnesses were right..
- Roland