News
Blogs
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
IT Careers
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Industry
This Week in Print
Print Subscriptions


Ads by TechWords

See your link here


Michael Horowitz's picture
Michael Horowitz

Defensive Computing

More posts | Read bio

October 10, 2009 - 12:04 P.M.

Who's connected to your Wi-Fi network?

5 comments

In the Oct 8, 2009 issue of the Windows Secrets newsletter, Fred Langa addressed the question: Who's sneaking onto your Wi-Fi connection?

The article is in the paid edition of the newsletter, so I'm not going to repeat it. However, his advice boils down to using the web interface to check with the router.

Certainly the router is aware of all the connected devices  (computers, smartphones, networked printers, etc) on a Local Area Network. But, many routers don't tell you about all the connected devices. Beats me why, but many fail to report devices with static IP addresses. 

Every device on a network has to be assigned a unique number, and on most networks, this is an IP address. Computers get assigned an IP address in one of two ways.

The easy, and most common way, is that, while starting up, the computer sends out a plea on the network, begging someone (technically a DHCP server) to give it an IP address. Normally the router hands out what are referred to as dynamically assigned IP addresses.

The older, less frequently used option is that the computer (or other device) is pre-configured to always use one specific IP address. This is referred to as a statically assigned IP address.

I've seen many routers whose web interface only reports on devices that were assigned a dynamic IP address. Computers with statically assigned IP addresses remain hidden. They are not really hidden, all sorts of network protocols happily communicate with devices that have a static IP address.

The Linksys router running my LAN is among those that only show devices with a dynamic IP address. The button you click to see the attached devices is labeled "DHCP Clients Table". 

The Netgear WGR614v9 is among those with better reporting. The "Attached Devices" option is easy to find and displays all the in-use IP addresses, regardless of how they were obtained. 

But this still leaves something to be desired. For example, it does not use the MAC address to report on the hardware vendor, which might come in handy when looking for interlopers. It also fails to indicate which devices used a static IP address and which were assigned a dynamic one. 

Reporting on connected devices is not the sort of thing you're likely to see in the specs of a router. Even reviews of routers don't bother to point out whether the web interface reports on all connected devices or just those with a dynamic IP address.

Another issue with Mr. Langa's advice is that logging in to a router and checking on the connected devices requires an understanding of IP addresses,  DHCP and perhaps even MAC addressing. Getting up to speed on this is not realistic for many.

Rather than ongoing monitoring, I think it's better to take some up-front steps to keep the bad guys out.

Use WPA2 with AES (really CCMP) if you can. If some devices on your network can't communicate using AES, then run with TKIP (which works with both WPA and WPA2 routers).

My recent surveying with inSSIDer found that about half the detected Wi-Fi networks were still using the old, flawed WEP for encryption. Thus, just by using TKIP, despite its two known flaws, you are much less of a target. For more about WPA, WPA2 and WEP, see my article The Best Security for Wireless Networks.

In addition to AES or TKIP, you need to also use a long, reasonably random password (pass sentence is even better) for logging in to your Wi-Fi network (this assumes the personal rather than enterprise versions of WPA and WPA2).

These two steps should make any wireless network reasonably secure. Nothing is perfect, but bad guys are most likely to attack the easiest targets. 

 

What People Are Saying

Add new comment

wi-fi security

Submitted by catilley on November 5, 2009 - 11:03 P.M.

I have read the above article and many others about wi-fi "piggybackers". This has been an ongoing issue for many years now, but the main problem is the wi-fi "hosts", not "piggybackers". Now there are some people who "crack" into someone's network, and that is clearly illegal. But the host who doesn't even bother to secure their network can blame no one but themselves for leaving their signals floating around for others to USE, not STEAL. I live in a duplex apartment that has (before I moved here) a HUGE wi-fi antenna on the unused chimney top. And it works VERY WELL! I have my own broadband wireless card (Verizon), but sometimes I use the library connection (which is a public hotspot and perfectly legal) for downloading extremely large files (1GB or more). But my point is, the nearly 30 or so "unsecured wireless networks" in a 2 mile radius. And those are the strong ones, not counting about another 20 weaker ones. When there are that many free signals roaming around, it tells me something. People who invest $40 to $60 a month for internet and are too LAZY to secure their network are simply inviting "piggybackers", most of who are honest and are just using the free signals to browse, email, etc. They are also leaving themselves open to data thieves, actually a small percentage of free wi-fi users. The real "thieves" are going to break into the networks one way or the other anyway, or move on to an easier target to break into. A thief is a thief, and will find a way. But to use a free, unsecured network traveling through your home to browse, shop, email, etc; is NOT a thief. If that person is a thief, then the host who is broadcasting their unsecured signals through people's homes are TRESPASSERS, plain and simple. And if I was ever brought to court for such a charge, that would be my defense, and the one who pressed charges against me would be facing trespassing charges as well. There are all kinds of ways to secure your connection, including a simple paint job, but most of the security instructions are in the router's box. Just plug and play. That's the American way these days, and I'm not ashamed to tell it like it is.

Reply | Report this comment

"Another issue with Mr.

Submitted by Anonymous on October 13, 2009 - 10:30 A.M.

"Another issue with Mr. Langa's advice is that logging in to a router and checking on the connected devices requires an understanding of IP addresses, DHCP and perhaps even MAC addressing. Getting up to speed on this is not realistic for many."

You greatly exaggerate the complexity behind these addresses. Middle school children all over the globe are perfectly comfortable in their familiarity with these concepts.

Reply | Report this comment

Business

Submitted by Windows Man on October 11, 2009 - 12:58 P.M.

My small company has been looking for a way to monitor who's on the wifi with an easy to read display, you have no idea how hard it is to find something like that.

Reply | Report this comment

SNMP

Submitted by Rodney on October 15, 2009 - 4:40 P.M.

Google SNMP and the name of your router. You may get luck and find what you are looking for.

Rodney

Reply | Report this comment

Only the router knows

Submitted by Michael Horowitz on October 12, 2009 - 10:47 A.M.

In the article in question, a couple programs were suggested that claim to do this. I'm not sure it can be done, other than by the router.

A computer with a good firewall, would have all its ports stealthed and thus probably invisible to probes from elsewhere on the LAN.

Another product required the router to log detailed information and send it to a monitoring computer. Some routers support this, many don't. A router with alternate (non-vendor) software is more likely to support this.

All this assumes, the personal editions of WPA and WPA2. The enterprise version should have better monitoring.

Reply | Report this comment

Related Posts

Wi-Fi security: It's a good time to be a bad guy
What no one is saying about WPA2 security
Wi-Fi encryption "cracked in 60 seconds"... time to panic?
Wi-Fi Protected Access: More access, less protection

Today's Top Stories

IE9 to tap hardware to boost performance
Free Web apps to help organize your holidays
Report: Microsoft may pay News Corp. to delist from Google
KT to sell iPhone in South Korea
New attack fells Internet Explorer
Google's Chrome OS hits BitTorrent
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.