Stop Internet poachers from stealing your Wi-Fi

Everyone has a different system for keeping their home networks secure. And by "secure" I mean "safe from cheapskate neighbours looking to poach some free Internet."

Everyone has a different system for keeping their home networks secure. And by "secure" I mean "safe from cheapskate neighbors looking to poach some free Internet."

Some users rely on their router's WPA encryption capabilities, while others employ MAC address filtering. Some do both. I'm not wild about either approach, as they involve a lot of hoop-jumping when I need to add new PCs and devices to the network.

Instead, I'm a fan of invisibility. I've taken the simple step of turning off my router's SSID broadcasting, effectively making my network invisible to the neighbors. Hey, they can't steal what they don't know is there, right?

If you've ever detected an unfamiliar network in your own home or, say, the local coffee shop, you know what I mean. Stray Wi-Fi router signals are bouncing all over the place. But a PC can see these networks only because of SSID broadcasting. Turn it off, and it's like the router isn't even there.

Of course, it's there for your PCs and Internet-connected devices. So how do you connect them to an invisible network? Just enter the network name manually. In Vista, for example, head to the Network and Sharing Center, click Set up a connection or network, and then choose Manually connect to a wireless network. Enter your network's name (as designated in the router) and you're good to go. You should also check Start this connection automatically so you don't have to repeat this process, and Connect even if the network is not broadcasting to overcome Vista's natural resistance to invisible networks.

If you don't know how to turn off your router's SSID broadcasting, check the manual. In my D-Link router, the setting is actually called Visibility Status; your mileage may vary.

This is by no means a bulletproof security solution. I'm sure many users will call me foolish, reckless, and other choice words. But because I have suburbia-oriented security needs, I don't feel the need for encryption, filtering, and other heavy-handed measures.

Tags Wi-Fi

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Rick Broida

PC World (US online)

5 Comments

Anonymous

1

Horrible Advice

<strong>Absolutely horrible advice.</strong> Turning off SSID broadcasts do NOT make the access point invisible. Anyone with any packet sniffer will see the SSID. Worse yet, without encryption, the packet sniffer will happily show the contents of all the traffic.

WPA is not "heavy handed." In fact, it's easier to add a new device with WPA than turning off SSID broadcasts. One simply has to connect (and don't need to memorize the SSID, either) and enter the pre-shared key. What the heck is so hard about that?

Steve Riley

2

This is incorrect advice.

An SSID is intended to be a network name, not a password. So treating it like a secret actually means that you won't get the security you think you will.

Even if an access point isn't broadcasting its SSID, you can still easily find out what the SSID is. Just install a wireless sniffer on your computer and wait until someone associates with this "hidden" network. You will see an unencrypted association frame, which contains the AP's SSID. Once you have this, you can then attach to the network.

This person is also leaving himself vulnerable to other eavesdropping attacks. Anything sent in clear text can be intercepted -- email messages, web traffic, newsgroup postings...I shudder to imagine what his neighbors might be learning about him.

WPA and WPA2 are actually pretty simple to set up. Most comsumer access points actually set this as their default now -- all you need to do is supply the pre-shared authentication key: a sentence is best. Windows will detect that your AP is using a secure protocol and ask you only once to supply the PSK, and then you're finished. It's actually less work than going through the steps to make Windows work in the environment he describes.

Please check my article here for more information about wireless security: http://blogs.technet.com/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx

Anonymous

3

Why would you ever advise someone to do this?

SSIDs are not revealed in only the Beacon frame of the AP, but any probe request your laptop is sending out. By setting your AP to be unsecured and hidden, you are telling your laptop to announce to the world what your SSID is via the probe request. Any 14 year old kid with Netstumbler will have your SSID in less than a minute! Further more, Vista will see your network whether its hidden or not and display an "unknown network" in the Available Networks list.

Since you have now told the laptop that your SSID is hidden, your laptop tells the world the name of your SSID wherever it goes. So when you are sitting at the airport, you are letting everyone know that your computer wants to connect to "Broida's Home Network". Any rouge AP can answer this request and now you are connected to my nefarious network and I have access to your machine!

This is terrible advice all around.

luke hawken

4

your so clueless

i thought you people were the best at tech. Ok i know there has been alot of stories about people stealing their internet but it is relatively simple to find out if they are and to stop this from happening but rick you havent a clue on how to do this. just follow these easy steps.....

1:Open your web browser and input your default gateway's IP address. To find this:

Go to Start > run, and type cmd
Type ipconfig and press enter. It will list the default gateway here. Once you have your default gateway address, open your web browser and type it in the URL bar.

2:Input your router's username and password.

Default for Linksys products is usually username: (blank) password: admin
Default for Netgear routers is Username: admin password: password
Default for Dlink routers is Username: Admin; Password: (blank).
Default for Siemens routers is Username: Admin; Password: admin (all lowercase).
Default UNs and PWs can be found sometimes under the router, on the label or using google.
If you are having trouble finding the UN and PW then try http://www.portforward.com this website is usually used for opening ports for P2P programs and games,but when it shows you how to open your ports it tells you the default UN and PW for the router. The router list is HUGE.

3:If you are using the default username and password, go to the Administration tab to change it to something more secure. From the Router's user interface you will probably have a setting to log Users going through the router enable it if not already.

4:Get a pen and paper, and use the steps shown above finding the default gateway to find your MAC or also called physical address of all computers/devices that use wifi/wireless in your home or that will be using it and write them down. From time to time check the log to see if any unknown addresses show up. If so, then someone is leeching off your internet. MAC/physical addresses are unique hexidecimal code that identifies each Network card inside every PC that uses Ethernet. No two MAC addresses are the same.

NOW ANOTHER WAY TO FIND OUT WHO HAS BEEN USING YOUR INTERNET....
1:Navigate to the Setup tab.

2:Scroll down until you see 'DHCP Server' if it is enabled, continue to the next step.

3:Click on the "Status" tab and then on "Local Network" just below the main tabs.

4:Click the button that says "DHCP Clients Table". This list will tell you the computer name of everyone connected to your network on DHCP (DHCP automatically configures a computer's IP and DNS settings. This only works if everyone connected uses DHCP. If someone connects and uses their own static address, then this will not show them.)
BUT IF THEY ARE USING ONE TRY "NETWORK SNIFFER"

IF ALL ELSE FAILS: try Using a different subnet. This will keep people guessing if your DHCP server is off. To do this, just change the router's IP address (on the Setup page) to something other than default (192.168.1.1). Try 192.168.0.1.

or Once you're connected to your network, disable the broadcast option. This will stop the router from broadcasting its name. You will still be able to connect, since you know the name.

you could also try Installing a firewall will HELP prevent cracking of your computer and/or
Enable MAC address filtering. Only allow MAC addresses of computers you know.

johno123

5

thanks luke

thanks for your advice i recomend this method for any one who has the same problem that i had. method 2 is the best and it doesnt take that long to do about 5 mins

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?