kimbell

Can someone please help with advising me on the best way to monitor my network. I think someone is using my network without permission.
1st What is the best way to monitor my secured (WEP) network activities and usage.
2nd If someone has gained assess how do I

A) identify them and locate there location
B) report this activity to the proper authorities (who would this be)
Thank's in advance for any info.

__________________

Monitr7

Well, some APs have a logging feature that can be used to track accesses of your AP. Search, using keyword "logging".

Also, some logging software exists, such as AirSnare. Search, using the same keyword.

As far as reporting it, once you've logged all clients accessing your AP, you would, at least, have evidence that your being breeched. Thorn or one of the other LEOs on this forum would have better advice for you in that arena.

__________________
WTOTD Industries - Where quality is Job #3.

G8tK33per doesn't care about the tarded people!
-Kanye West

Thorn

Your best bet is to contact the police covering your area and ask to speak with a computer crimes investigator. Unless you follow exact procedures for the logs and the collection of evidence other evidence (which vary according to each state), you may invalidate any investigation.

Generally you'll need to log the MAC address of the intruder, IP addresses/sites visited, dates, times length of time of the connections. You'll also need to confirm that the MAC address is not something that is within your home or business. There are few things more embarassing to a victim than to call the investigating officer and have to say "Nevermind, it turns out it was my (spouse. child, business partner, etc.). They didn't tell me they were doing this."

__________________
Thorn
"I'm The Doctor. I'm a Time Lord. I am from the planet Gallifrey in the constellation Kasterborous. I'm 903 years old and I am the man who is going to save your lives and all 6 billion people on the planet below... You got a problem with that?"

kimbell

With that being said and a person follows the correct protocol per his local laws, how could the person who has intruded on the network be identified? Would there have to be a officer that caught the person parking outside my house with their computer or could they be identified if they had been some accessing personal websites like email (assuming they did not create an alias account). Would the computer that was used hold evidence of the intrusion in the memory (assuming they do not delete their temporary files and cookies)?

__________________

streaker69

It would depend upon the sophistication of the investigating department how they could catch the perp. Surveillance, could be conducted, triangulation of their signal could be done (but doubtful they'd go to this extent).

Chances are it's probably just a neighbor that doesn't know they're connecting to you. After all, you did change your SSID from the default and don't have yourself set to Channel 6.

While the average computer user thinks that deleting data from their harddrive clears them, most of the time they're terribly mistaken. Many times data can still be recovered from a drive even though it's formatted. But unless this person is doing something really bad they probably wouldn't go to that extent.

Why even bother with all that? Turn off your SSID Broadcast, Turn on WEP/WPA and turn on MAC Filtering, then if it's just someone that is accidently connecting (a common thing in dense areas) they could just happen across your AP.

Always remember, that any data that you're transmitting without some form of encrypting is easily readable by someone else. So if you don't have WEP on, you are transmitting unecrypted personal data into the airwaves.

__________________
"One of these days, I'm going to cut you to pieces."

If you're offended by this post, please feel free to report it to one of the many helpful moderators of this forum.

Thank you.

Thorn

There are a number of things that might identify them, from physically being located (ie. parked outside the house at the time, on a computer, accessing sites), to tracking him via radio direction finding, to a collection of little things such as a username, password, MAC, etc. Certainly things like a username used in accessing email can be used as part of the whole picture. While alone any of these things might not be much , taken together they can add up very quickly to show the guilty party.

As to whether things are retained, yes; although technically, it's not in memory, but on the hard drive. Even deleting cookies and temporary files doesn't clear everything. It certainly doesn't clear things like downloaded files or emails. For example, if your logs show that "application.exe" was downloaded at 08:56 today, then if the bad guy's computer was seized by warrant even months from now, an examination would show that program as being created at approximately 08:56 today. Again, taken with several other pieces of evidence, it all adds up to show who the intruder is to the police (and potentially a jury down the road.)

Unless they person is very smart and does things exactly right, they will leave evidence. It's just a question of whether it's worth the effort to track them down. If you've had a one-time, 5-minute theft of your broadband service because your WLAN wasn't running encrypted, then it's not worth the time and effort of investigating. Chalk it up to experience, and turn encryption on and make sure it doesn't happen again. On the otherhand, if you've had WEP enabled, someone's repeatedly cracked it and stolen proprietary information worth miillions, then there's no question, go after the thief.

__________________
Thorn
"I'm The Doctor. I'm a Time Lord. I am from the planet Gallifrey in the constellation Kasterborous. I'm 903 years old and I am the man who is going to save your lives and all 6 billion people on the planet below... You got a problem with that?"