My security is compromised!

I wake up this morning and like most mornings i flip open my laptop to see what is happening on the web.

Except today is not like another day.
Today I have had my security of my WIFI network compromised.
Mac OS X unceromoniously informs me that “You can not log on to the network as another computer is connected with your ID. We will change to using <your ID>-2.”

Now I am not novice. I know a little about WIFI routers and security. Enough to set it up with WPA encryption and also bind my MAC address of my WIFI card using MAC address filtering to the router.
I also disable DHCP so that only a single IP can connect via WIFI.
What all this means is that only one machine with my ID can connect via my WIFI connection.

As soon as I saw this I knew I had been compromised. Probably by a script kiddie in the local neighbourhood. [The latest router patch increased the range of the WIFI signal to about 50 meters. Meaning that anyone in my apartment building could be the culprit.]

I have no problem with people accessing unsecure WIFI nodes for their internet hijinks. It is tantemount to someone posting a big FREE INTERNET HERE sign on their house.
But when someone has added a security protocol and gone to the lengths I have to secure my network, then it passes from oportunity to theft.

It is like someone breaking into your house and drinking your milk, just because you are not presently drinking it. [If I had left the door open with a sign saying FREE MILK HERE then I guess I should not care as much. I get what I deserve. But who does that?]

Another concern for me is that I have no way of knowing what they have been doing with my internet connection.
They could easily be using it for nefarious means. In fact this is quite likely as it is very unlikely someone without internet access in their homes would have a WIFI card in the first place.
Why else use someone elses connection if not for things you would rather not do with your own?

So what can I do? Part of the reason I got a WIFI router is that I can have it always on. Just turning off the router when it is not being used is daft.

So I have decided to change all my WIFI settings monthly. This can not gaurantee that the culprit will not be back. But it will make it very annoying for them.
I am also going to write a letter to the owners association indicating that this is theft and if it continues I may have no option other than going to the police. [Which I do not want to do as I doubt they would know what to do]

So, what settings to change? Firstly the WIFI node ID will change to a random sequence of characters. The pasword also. And I will change the IP address each month as well.
[I am also thinking of spoofing an invalid MAC address. If I keep changing that it will definitely annoy the culprit.]

I have written the following java class for generating random alphanumeric passwords.
To run it you must compile it, if you are a java nerd you know how to do this, and then execute it passing in the length of the password you require.

It is totally without anykind of license. It is public domain. Use the code at your own risk.

[java]
public final class PwdGen {

private final static String validchars = “ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890”;
private final static String validfirstchars = validchars.substring(0,51); //only alphas can be first character

private static void log(String log){
System.out.println(log);
}

public static void main(String[] args) {
if (args.length != 1) {
log(“please indicate how long you wish the password to be in the following manner”);
log(“”);
log(“java PwdGen “);
log(“Where is the length of the desired password”);
} else {
log(“the password that has been generated as follows;”);
log(passwordGen(Integer.parseInt(args[0])));
}
}

private static String passwordGen(int len){
char thisChar;
StringBuffer password = new StringBuffer();

for ( int i = 0; i < len; i++){
if (i == 0) {
thisChar = validfirstchars.charAt((int)Math.round(Math.random() * (validfirstchars.length()-1)));
} else {
thisChar = validchars.charAt((int)Math.round(Math.random() * (validchars.length()-1)));
}
password.append(thisChar);
}
return password.toString();
}

}
[/java]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s