# Can someone monitor your wireless internet activity?



## an_a_12

Similar to the question above I feel like my computer is being monitered through a router. I have wireless internet and its possible. 

How can I block the person who is viewing my things? And is it possible I can trace it back to there router?


----------



## johnwill

Enable WPA encryption with a strong key, and any wireless spying will be history.


----------



## sullie86

How would I enable that WPA encryption setting on my computer?? Also, when I am at my buddies apartment, there are many different wireless connections that I may choose from......some are password protected.....Is there a way to get that password without asking them?? I am trying to think of all the ways to keep hackers out of my computer.

Lastly.....is there anyway that you can teach me to hack at all?? solely for the purpose to better understand how to keep hackers out.....if not then that is understandable.....thanks for taking time to read this.


----------



## koala

sullie86 said:


> Is there a way to get that password without asking them?? I am trying to think of all the ways to keep hackers out of my computer.


So you want to hack someone else's password-protected network to keep hackers off your own computer? That's not the kind of advise we give here. Please read the forum rules about illegal activities.


----------



## johnwill

We don't teach hacking here, we try to prevent or block it. :4-thatsba


----------



## af3

Leave it unencrypted. Encryption uses more energy, slows down your network, and makes you look suspicious. You shouldn't care if someone is watching your browsing activity unless you are a criminal or a politician. :4-thatsba

- Limit your routers max IP limit to the amount you use (subnet range)
- Configure static IPs for each device on the network and turn off DHCP

Alternative:
USE WIRED CONNECTIONS, they are faster and private. (You still should not care) :grin:


----------



## koala

af3 said:


> Leave it unencrypted.


*Bad advice* for someone who is looking to protect their connection. You don't have to be a criminal or a politician to have personal details stored on your computer.


----------



## johnwill

Not to mention the biggest issue is people sucking up your bandwidth, and/or doing illegal activities while using your AP. When the authorities track down the IP address, it's you that takes it in the ear, not the guy that was stealing your bandwidth! :4-thatsba

I'm truly stunned anyone would recommend such an approach, but it is foolhardy and ill-advised!

As far as limiting the IP range of DHCP or using static IP addresses, these are not security measures, but rather foolish "feel-good" measures that do nothing for security. Anyone that feels good after doing such anemic protection is a fool!

Some of the stuff that gets posted here simply amazes me.  

The only effective wireless protection is WPA/WPA2 encryption with a strong key. Anything else, and you're just fooling yourself.

*A good read: **The Six Dumbest Ways to Secure A Wireless LAN*


----------



## af3

Personal details would be transmitted to TRUSTED SITES via SSL.

jonwill, please post your responses to unpopular suggestions without flaiming comments.

If illegal activities originate from your connection, and there is an investigation, you are in the clear unless you personally conducted said illegal activities or the investigating officers don't know what they are doing.

This leads me to ask, is there a way for two hosts to have the same IP in a wireless network?

I guess the answer to unexperienced users should be WPA or wired.


----------



## johnwill

If you knew anything about routers, you'd know that the only thing that is tracked is the WAN address (public IP address) that the router connects to. There is no way to know what computer on the LAN side did what. So yes, all the hosts in the wireless network, and the wired ones on the same router for that matter, will have the same IP address.

As far as illegal activities, try telling some of the folks that have been wrongly convicted of many crimes, including the computer variety, that they're "in the clear".

Finally, why would you want to open your network up to freeloaders? So you can enjoy really slow response?

Sorry, but my opinion stands, this is a really irresponsible thing to suggest.


----------



## af3

Of course I know that LANs share public IPs.

How would they be convicted if there is no evidance on the PCs of the accused? I won't believe you without proof. Perhaps an example in a news story?

If DHCP has no free IPs to loan, can a user set a static IP and be served by the router even if the set range is 192.168.2.1-192.168.2.4? (lease time: forever)


----------



## johnwill

I'm not going to argue this point with you any further here. This has dragged this thread far afield. You can start a new thread if you wish to discuss this.


----------



## sullie86

johnwill: is there a way/place for myself to go to learn more about computers and all? Some of the terms you guys use are familiar but others are....do you have a website for newbs like myself so I can better prepare myself with computers. Also where did you learn all of your tips, trick, and techniques from??


----------



## af3

Books...

Obviously I have yet to read anything involving wireless network security. My networking course did not include WIFI.


----------



## McNinja

af3 you should just use wpa and why don't you like it???


----------



## af3

My router is junk.
WPA encryption devours CPU and battery on a PDA.

I also live in a small town, and if one were to APR my router, I would go visit any neighbor in range with a 802.11 signal coming from their house, and give them my router, just for the sake of having an excuse to justify replacing it with one that can handle encryption. :laugh:

I hear D-Link devices are good. Does anyone recommend a brand? I have had bad luck with Linksys devices that contained Realtek chips. :4-thatsba


----------



## johnwill

I currently have a ZyXEL NBG-425N router and a D-Link DIR-615 router. Both are 802.11n routers and the routing section handles my 15mbit/15mbit fiber connection with no bandwidth loss. Both also offer WPA and WPA2 encryption at full speeds. If the wireless client is up to the task, I get excellent throughput from either of these.

I have them because they were both on rebate deals, one for $25 and the other for $30, not bad for 802.11n (draft) routers. :smile:

FWIW, many of the Linksys devices accept 3rd party firmware, such as DD-WRT, which will expand their capabilities and range in many cases.


----------



## af3

I would stay away from N until it is finalized... Is that too, ignorant? Could one find a flaw in the draft-n stack or firmware comprimise any network using pre-n hardware regardless of what encryption is being used?

/Starts a new thread...


----------



## johnwill

Well, there could be a flaw in any hardware/firmware combination, so using that logic, we'd stay away from anything computer related. :smile:

802.11n (draft) is probably the best tested non-standard wireless protocol ever released, it's had years of use, far more than either 802.11b or 802.11g before they were finalized. There is no reason to believe they're any more vulnerable than any other wireless standard at this point. Most experts expect the 802.11n released standard to be virtually identical to the draft2 specifications.


----------



## McNinja

I'd go with the the middle to best router you can find usually 60$-90$ will suffice for an excellent router. I use linksys, that's what I'd reccomend


----------



## af3

So there is just a speed benefit to N? Not a range benefit? (Yes, I Googled it!)

My connection is 6M so when using a 54M WIFI protocol, I should not feel any speed loss. The only time 108M would come in handy would be when sending files from computer to computer through the router, and I prefer to do so using wired or even SneakerNET DVDs.

_SneakerNET DVD, a data transport and backup all in one! :smile:_


----------



## johnwill

Yes, my machine that sits across the room from the 802.11n router is able to connect reliably at 270mbit. The only fly in the ointment is that when 802.11g traffic is also present, it reduces your speed significantly. :smile:


----------



## af3

I hate it when someone uses a B device in the house!

Have you had any experience with gigabit ethernet? Can a system actualy push that much data that fast through the South Bridge?

EDIT: Is the rating of 54M max for all clients or in the case of a MIMO router, is it the max for each client? :4-dontkno


----------



## djdat

Just a thought, If you are going to leave the network unencrypted, At least turn on mac access control,It makes it harder for hackers to get in (and turn off the ssid broadcast) My network is unencrypted because enabling wep/wpa slows me down by about 15%. :4-dontkno


----------



## af3

Yes, that is a big issue I have with encryption. From what I have experienced, if you have a weak router it may slow you down as much as 75% (A Belkin nightmare I have experienced using WPA) rendering the wireless connection almost useless.

Once hackers connect to your network by listening for signals (SSID is not needed somehow) they can start sniffing and capture a MAC address to use as their own granting them access. I have heard that this can be done without anyone knowing it. It will appear that it is only you when in fact there are two. Sniffing your incoming/outgoing traffic while in idle will show activity that is not yours, but then again it could just be your Anti-Virus checking for updates. :sigh:

It is not cool to leave your network open, unless you can put a smart firewall in between the access point and the internet connection. Implement security in layers. Use a router for wired clients to protect them from clients of the access point and the internet connection.

If LAN performance (local computer to local computer speed) is a concern, maybe you should be using gigabit Ethernet. I would imagine its great for big LAN parties.

However, since most residential connections are about 4-8mbps on average (cable/dsl) encryption on a 54mbps wireless G network would not slow things down too much (depends on distance), but there will be a delay (latency/lag/omg n00b fix ur ping) in comparison to a wired network.

This is all textbook stuff... there are plenty of sites where you can read about it... hopefully.


----------



## johnwill

Back from vacation. :smile:

I have gigabit all around here, except for the wireless of course. I see decent speeds, but not anything approaching the actual bandwidth of the gigabit capability. The fastest file transfers from a Windows Server 2003 system to a workstation seem to clock in at around 25mbyte/sec max.

On the topic of wireless, the only protection is really WPA or WPA2 with a strong key. MAC filtering is very easy to defeat, and it's child's play to spoof the MAC address. SSID hiding only hides the broadcasts, the SSID is transmitted in the clear in the message traffic, again ineffective.

The only thing wireless has going for it is the lack of wires. Wired connections are faster, more reliable, more secure, and easier to setup and keep running.


----------



## asdf56

This site says that wireless internet activity can be easily monitored. 

http://community.spiceworks.com/topic/27642

I'm wondering if people will leak personal information like online banking etc. to the wireless internet they use.


----------



## DeadlyData

I'll give you a professional prospective and a direct answer to your question.

Yes internet activity can be monitored weather it be wireless or not.

How ever to further answer the question it can only be monitored if the person is able to be registered on your network.

The rest of your question how ever is simply malformed-or not asked correctly as you would not be able to trace any thing back to any ones router because it's simple routers do not connect to each other wireless adapters connect to routers.

Tracing it back to their computer how ever is a possibility finding free software that is allowed for public use how ever would be a bit more difficult because the application would triangulate based on latency and other aspects.

If you feel some one is monitoring your activity my recommendations would be to go through your routers access and connected device logs if any other devices are connecting I'd suggest not only using WPA or PKA-AES 256bit (Usually only available in modded firmware or so I've seen.).

But also using a strong key so it's not to be easily brute forced by certain applications available to even the dumbest users on the internet.

To go more in depth about the monitoring aspect.

The ways you can be monitored simply have to do with the person being on the same network as you.

If you ever had another system connected to the network and you used a method most of us refer to ARP - Spoofing.

You potentially not only monitor but pretty much control the traffic of this other device thus allowing you to do various amounts of things one of which logging web traffic.

Hope the information I provided helped.


Addition:
I agree with the guy who commented on MAC spoofing as well most wireless devices actually allow you to set the MAC they should use.

Even my hardware firewall allows me to use a custom MAC which is how I usually go about changing sub nets.

I as well agree with "Wired connections are faster, more reliable, more secure, and easier to setup and keep running."...

How ever with the small aspect of if it was at a higher level there's also ways to pickup wired signals with un correct fabricated wire and as well ways to tunnel through power lines and pickup certain information it's way more advanced and usually wouldn't be a method against a home user... more likely in government or paid security environments such as training in various places.


----------



## johnwill

There's always a way to crack almost any security, however as you say, what would be the return on investment in attempting extreme measures to crack a home network. I lose no sleep over the possibility that someone will manage to monitor the traffic over my wired network connections! :grin:


----------



## asdf56

So what kind of information is logged in the router's logs?


----------



## johnwill

Actually, they're not saying it's easy to monitor activity. I think you're spending way too much time anguishing over this issue. :smile:


----------



## DeadlyData

asdf56 said:


> So what kind of information is logged in the router's logs?


Depends on the router, but mostly login attempts, system mac addresses, host names times they were connected and etc.

With a modified router how ever any thing could really be logged.

And I agree with the other guy on your spending way to much time worrying about the issue, unless you're really a targeted person or are running some kind of company that would be targeted you really don't have much to worry about at all.


----------

