Crowded WiFi Neighbourhood

[Richard]

We may or may not agree with all that the ICO says but a link to their words on the subject is here,

https://ico.org.uk/for-the-public/online/wifi-security/

I am not aware of anyone still shipping totally unsecured routers, but if you did get one and left in the as received state than I would expect that not to end well. This would be my expectation even if you had not reduced the security level (how could you) if none was set? The ISP would not accept excess use arising that way, nor would any other authorities dealing with other more challenging legal issues, ‘here is a can, now carry it’ is a likely response

The reference makes no comment about the user’s responsibilities in the UK apart from a heavy hint to secure things and use an ‘undefined’ secure password that contains letters and numbers.

How often do most people check for ‘foreign’ users of their system? No I do not mean immigrants, I mean those who are not part of their user group, – not the same thing at all.

[The Duke]

I think it’d a great, and cheap way of implementing a big network.

[Ed P]

Richard, most ISP provided routers include a DMZ which is basically just a router firewall setting that opens (part) of your network to the outside world. It sort of makes the main ICO recommendations a bit moot as nearly every family containing a teenager will have set up a DMZ to allow gaming action. In a way a DMZ is akin to the Open Wifi that Drezha was suggesting or that used by BT Open Wifi.

About the only thing that securing your router really achieves is to stop malfactors from pwning your physical router and setting it to always point to their spam/Trojan links. As there are plenty of other ways of piggybacking this action via conventional hacks (including manufacturers back-doors), it really only stops the less adept script-kiddies from being a random nuisance.

On your other point of checking for unauthorised activity: most ISP provided router/modems provide no facilities allowing you to check other than total up/down stats.

If you wonder why you don’t get all that info, the answer is that checking the logs is too hard for 99% of users. Something like Glasswire software can give those really interested a rough guide but you need a Windows server set-up to make it at all useful. (Linux has other tools but again you would need a server) but I do not think it can show if your physical router has been pwned and re-routing shims inserted into its Linux firmware.

I personally think that the only people really at risk of opening everything up are students in hall. They really should lock everything down in order to to protect against teenager’s sense of humour. :wacko:

[Richard]

Ed, I have never needed or used any open ports, the children had no use of them, or if they did they never asked and that was a while ago.

I wasnot talking of logging every piece of data but checking to see which device logged on to the network. In reality this should only affect the WiFi as far as interlopers go. If you cannot trace the wries, there is not much hope for you.

Some areas are possibly worse than others and yes, student accommodation areas and flats in general are likely pretty bad for cross linking. There are none near me and, as I said most people have their routers locked down enough that no neighbour is going to end up on the wrong network by accident. That is a more likely problem for most round here who would want to access their own servers, printers and whatever else they have, not someone else’s set-up. War driving and parking up and free riding is likely to bring a response from several sources. WiFi struggles to give good enough in building coverage, the gardens and beyond are a different issue all together.

It is true that routers used to have logs and many fruitless hours could be spent on them. I stopped bothering with that well before replacement routers lost the facility to log such data. I find the bigger issue with ISP boxes is that they are often pretty basic and configuring them into another style of set up is such a pain anyway that it is not worth dragging new problems on board. I have been sent a couple over the past twelve months, neither are in use as their performance was too dire to warrant further study or a total reconfigure of my set up.

[The Duke]

Il most Routers Richard will have a list of devices (or Mac addresses) that have contacted. It keeps a record as every device is give a unique address 192.168.0.(1-255)

In my router at least you can change the mac address of the device for a more memorable name such as Richards desk top, Richards phone, wife’s laptop, kids tablet, lounge tv, bed 1 tv, and so on. This makes seeing new device entries easy.

Ive done this, as it also makes it easier to schedule what times the router cuts my kids access off. As my 15 year old will sit up all night on line. So weak night he is cut off at 20:00 to 06:30, my 9year old at 19:00 to 06

[Richard]

Many of my devices have fixed IP addresses, at least for the wired devices so they are fairly easy to spot and track. The only variables are the WiFi devices I know what most of them are though the router is very reluctant to use a name and sometimes it works happily with devices while not listing their existence. I have just spent a few happy(?) moments adding details for them to be ignored. I will now give up.

[Ed P]

True Steve, but of itself it does not allow you to see whether the activity was ‘normal’ or due to some botnet on a device sending out DDOS messages. You would need to monitor usage stats by each device to look for any abnormalities and my router certainly does not help with that at all.

[The Duke]

Your right. I don’t think mine can either. You. Glasswire as you said would do it.

Ive had glass wire on my phone for a week or so, and it’s quite interesting seeing what app does what and how often.

[Author]

Posts