# How can I check if someone is stealing my WiFI?



## Error 404 (Oct 4, 2008)

Ok, its the start of the month and my internet quota has been refreshed.
My sister and I use a fair bit of internet, but not much youtube or big downloads. Somehow we managed to use up 220 MB in one day. (normally we use much less than that).
I only just noticed that the light on my modem which indicated WLAN usage is flashing, just like the light above the ethernet port when it is in use.
Does this mean someone is using the WiFi on my modem to get free internet, and is there a way to check and then block usage?


----------



## KainXS (Oct 4, 2008)

if your router logs the ip's(clients) that connect to it then it should be easy

what kind of router do you have


----------



## NastyHabits (Oct 4, 2008)

1.  Implement security on you router and wifi clients.  (WAP, WEP whatever your router supports.)
2.  Limit the number of DHCP clients your router will accept.


----------



## Homeless (Oct 4, 2008)

Check your router to see a list of connected clients.  DHCP stores connections for 24 hours by default, so if someone used your connection in the last 24 hours, you should be able to see their mac address and host name


----------



## SK-1 (Oct 4, 2008)

Error 404 said:


> Ok, its the start of the month and my internet quota has been refreshed.
> My sister and I use a fair bit of internet, but not much youtube or big downloads. Somehow we managed to use up 220 MB in one day. (normally we use much less than that).
> I only just noticed that the light on my modem which indicated WLAN usage is flashing, just like the light above the ethernet port when it is in use.
> Does this mean someone is using the WiFi on my modem to get free internet, and is there a way to check and then block usage?



Listen to these guys, they helped me big time with a person ripping my bandwidth off.
This same thing has (and still is) happened 2 me I even busted one in his car next to a church by my house at like 2AM!! I now FINALLY have my new router locked down, but I still think even that can be hacked through  It was a night Ill not forget He hit the road tires squealing when he figured out he was busted
I wonder if I can press charges? It is stealing imo.


----------



## CrAsHnBuRnXp (Oct 4, 2008)

Just go in the routers config settings and set the mac addresses for only the computers in your house that have wifi. That way others cant connect to it because the mac addresses wont match. 

Also hide the SSID and get a very strong password.


----------



## Error 404 (Oct 4, 2008)

Ok, my router is a Billion BiPAC 7404VGP.
I should have probably mentioned that I'm a n00b when it comes to this sort of stuff. 
Do I just type in my IP address into IE to get to the modem settings thing? 
I'll need some simple instructions on how to set up the locks on the MAC address thing: I know where to find it in Windows, but not how to lock it on the modem.

Also, does Ubuntu have a different MAC to Windows if its on the same PC? I've got Ubuntu dual booted on my Dell.

@ SK-1: You can press charges, although I'm not sure whether it would be worth it.


----------



## Ahhzz (Oct 4, 2008)

CrAsHnBuRnXp said:


> Just go in the routers config settings and set the mac addresses for only the computers in your house that have wifi. That way others cant connect to it because the mac addresses wont match.
> 
> Also hide the SSID and get a very strong password.




+3


----------



## 3870x2 (Oct 4, 2008)

WAP is more secure, wep can be bypassed pretty easily.


----------



## Error 404 (Oct 4, 2008)

Ok, I'm in the configuration settings, and I've found Firewall settings.
I think it might have something to do with WAN, but I'm not sure.
I want to make sure my dad's laptop can connect to it, but right now he's in mexico so I can't set up the MAC block or whatever it is.
I've attached a pic of the firewall settings.


----------



## 3870x2 (Oct 4, 2008)

you should just be able to set a password.  Do that and 99%+ of all people wont be able to do anything with your connection.


----------



## Ahhzz (Oct 4, 2008)

I don't recognize that model, but if it will do it, the most secure for accessing I've come across, is to do the MAC address assignment. As long as noone can physically connect to the access point, they really can't do anything. They have to have one of the valid MAC addresses to connect from the outside, and most white-collar hackers aren't even going to think about trying to sniff the traffic, pull a valid mac from the noise, mask their own, and try to piggy back in. Just too much fuss, and I'm not even sure what tools to use to do that. You just input the ones you want to be able to connect wirelessly, and the rest can go fly a kite  I've been running mine like that for 4 years now, and never had an intruder.


----------



## Error 404 (Oct 4, 2008)

As far as I can tell, there are no MAC address options.

Is there a simple way to detect whether anyone is using the WiFi?


----------



## Ahhzz (Oct 4, 2008)

probably on the system tab, there's a spot for 'connected clients'. That should show you how many are connected, and potentially even a spot for 'disconnect' from there, but it doesn't really look that sophisticated...
The guys are probably right...just setup a security key, and be done. You'll just have to type it into the wireless devices you have using it.


----------



## Ahhzz (Oct 4, 2008)

double post


----------



## Error 404 (Oct 5, 2008)

I have found out how to check is someone is using my WiFi! It keeps a log of connections, and it is empty.
I've also found a simple way of disabling the WLAN: I took the antenna off. 
I'll let my dad look at it when he gets back.
Thanks for all the help!


----------



## Tau (Oct 5, 2008)

Ok follow these steps and it will thwart 95% of people.

1.) Configure a WPA PSK2 with random letter + numbers something like "1sdr5asd664631asdasd"  something along those lines so it cant be dictionary attacked.

2.) Set mac filtering to ban all mac addresses, then add the computers you want to be able to connect to the mac filter white list.

3.) disable SSID broadcast.

4.) turn off auto DHCP, manually assign IPs to the computer you want to be able to connect, and blacklist ALL other IPs.

That should be suffiecent to keep 95% of people out, and if you want to go further you could change so that all your machines are on a random subnet, and make the default subnet the stock one, so even if he does get in he is in the wrong subnet


----------



## Pinchy (Oct 5, 2008)

Error 404;

You with bigpond?

If so, I will explain why your usage is coming up at like 200mb and crap.

Also...if your not using WLAN, just disable it in the router.


----------



## SK-1 (Oct 5, 2008)

I just had another slowdown. Either Comcast hates me or someone is trying to hack my WiFi.


----------



## Mussels (Oct 5, 2008)

3870x2 said:


> you should just be able to set a password.  Do that and 99%+ of all people wont be able to do anything with your connection.



exactly what he said. get a text file, and put a copy of the password in there and then you can just take it around as PC's need to connect.

WEP (64 bit or 128 bit) is the most common, but can be hacked in under 20 minutes by someone with the right tools.

WPA-PSK or WPA2-PSK are the best, as they're near impossible to hack and you can use any password you want (not just hexadecimal codes, but letters and numbers)

NETPAssw0rdnohax4u - random crap, but hard to guess!

Set the password on the router, then set it on every PC... easy. no more hackers.


----------



## Error 404 (Oct 5, 2008)

Ok, the router now has a password!
The 200 MB is probably from the fact that my sister and I were on the PCs most of the day.
My ISP is internode.
And Tau, I would do those things if I understood what they meant and how to do them.


----------



## Mussels (Oct 5, 2008)

Error 404 said:


> Ok, the router now has a password!
> The 200 MB is probably from the fact that my sister and I were on the PCs most of the day.
> My ISP is internode.
> And Tau, I would do those things if I understood what they meant and how to do them.




just make sure the password is on the wireless, and not to just login to the router1


----------



## Tau (Oct 5, 2008)

Tau said:


> Ok follow these steps and it will thwart 95% of people.
> 
> 1.) Configure a WPA PSK2 with random letter + numbers something like "1sdr5asd664631asdasd"  something along those lines so it cant be dictionary attacked.
> 
> ...





Mussels said:


> exactly what he said. get a text file, and put a copy of the password in there and then you can just take it around as PC's need to connect.
> 
> WEP (64 bit or 128 bit) is the most common, but can be hacked in under 20 minutes by someone with the right tools.
> 
> ...



WEP can be cracked in under 5 minutes easy.  WPA/2 currently cannot be bruteforced and has to be dictionary attacked so it takes a wile, and is easy to catch as there is real traffic requests.  This is why a random password works great because it will take forever to find it with a dictionary attack, a password thats random and 15 characters long would take FOREVER to crack.



Error 404 said:


> Ok, the router now has a password!
> The 200 MB is probably from the fact that my sister and I were on the PCs most of the day.
> My ISP is internode.
> And Tau, I would do those things if I understood what they meant and how to do them.



There should be settings in your router/WAP to set all these things, start with the basics and add from there.  You should be able to turn on WEP/WPA-PSK/WPA2-PSK.  WPA2-PSK Private is the best form of password security for wifi right now.  look around in the settings untill you find that and than turn it on with a 100% random password, just mash the keyboard with letters numbers, and random caps.

Next, there should be a section called "Mac filtering"  or something like that, and in there you can either enable, or disable a specific mac address from having access.  There should also be a setting were you can set it to deny access to all mac addresses except ones that you specify.

a clairification;  a mac address is unique to each network adaptor, be it your lan port on your motherboard, NIC, wireless card... your router will have one, etc.  Mac addresses are similar to IPs and preform a similar role, they identify your computer, in most cases to the router so that the router can assign it the correct IP and than route traffic to it.

By disabling all mac addresses, you make it so that only YOUR mac addresses can connect.  This is a HUGE security boost, though you need to take this a step further as you can do what is called "mac spoofing"  wich is make your mac appear as someone elses. (someone could pretend to be you, and your router would think it was you, as all it checks in the mac address)

The next step would be to turn the DHCP (the part that assignes IPs) from Auto (it gives everyone who connects an IP) to manual.  in Manual mode you will see a list of Mac addresses that are currently connected (should also see the computer Name) than you will be able to manually assign an IP address to each machine.  Than on that machine you will have to set the IP in the network connections menu.

These are the steps i would take.


----------



## Error 404 (Oct 6, 2008)

Ah ha!
I have found the MAC address settings, and set them to allow only my PCs.
I've changed the security settings on the WLAN section as well, and the DHCP is now manually set.
Thanks!


----------



## Ahhzz (Oct 6, 2008)

There ya go. The Mac address will knock out any casual stealer.


----------



## DaMulta (Oct 6, 2008)

I'll tell u this, Nortan(as mush as I hate their program)will tell you who is all on the network. So if someone is stealing it, Nortan will tell you.


----------



## Tau (Oct 6, 2008)

Error 404 said:


> Ah ha!
> I have found the MAC address settings, and set them to allow only my PCs.
> I've changed the security settings on the WLAN section as well, and the DHCP is now manually set.
> Thanks!



Excelent, you should now be safe from the vast majority of people, unless there is someone who REALLY wants your data/bandwidth


----------



## Error 404 (Oct 6, 2008)

Tau said:


> Excelent, you should now be safe from the vast majority of people, unless there is someone who REALLY wants your data/bandwidth



lol, I doubt many people would want it that much; its only 512 kb/s.

Also, I don't have a single copy of Norton: I put them through the CD shredder after uninstalling it (and reformatting Windows) because of the pain it caused me.


----------



## Tau (Oct 6, 2008)

Error 404 said:


> lol, I doubt many people would want it that much; its only 512 kb/s.
> 
> Also, I don't have a single copy of Norton: I put them through the CD shredder after uninstalling it (and reformatting Windows) because of the pain it caused me.




No loss there Norton is a joke.


----------



## Snipermonkey2 (Oct 6, 2008)

Get Wireshark and you can watch your network traffic live so you can make sure no one is tapping in.


----------



## Error 404 (Oct 6, 2008)

I'll try Wireshark out, seems useful. I could keep an eye on how much my sister is using with her anime...


----------



## FooArm (Oct 7, 2008)

i dont know if you can check but if you reset the password everyone with the old password will get kicked off


----------

