[DCLXVI666]

Hey all,
Last night I had someone hack into my wireless (home) network. Somehow they were able to break my WPA and get in. I had DHCP set to only hand out the same amount of IP address as i have computers. They were able to figure out my network address and basically started at the bottom of the IP range and started going up because everyone of my computers (4 total) received an IP conflict error, one right after the other and in numerical order. I killed the power to the router and when I restarted it I was completely locked out and it would seem that a bunch of my network setting had been changed as I could not connect to nor ping the router and my modem would not sync up with the router. Needless to say it's go me a little paranoid and I am considering putting an IDS in place. The problem that I am running into is finding one that is not only designed with wireless security in mind but also a) will run on a Windows Xp machine and b) is open source. I will pay for software if I absolutely have to but would honestly prefer not to. If there are any programs (open source or reasonably priced) that meet the following requirements i would greatly appreciate any suggestions. Thanks in advance.

[klam]

Hey there,

You know what's the coolest security feature you can put into a router? (in my humble opinion of course) it's the mac address filter.

Spoofing the mac address is possible but it's way harder to do than ip spoofing plus, the hacker would need to know what mac address to spoof anyways.

For more information read on:
http://compnetworking.about.com/cs/w...macaddress.htm

Also consider disabling the broadcast of your signal.

Hope it helps =p

[DCLXVI666]

My fault, i guess I left that part out but I was using MAC filtering and they were still able to get in which is why I'm more than a little paranoid about locking everything down hardcore. Any other suggestions?

[lunarlander]

Disable the SSID broadcast, it makes your network harder to find.
Change your SSID from the default.
Use a long complex password for the router admin.
Install firewall on all your PCs, if there is a zone setting, set it to use the 'public hotspot' strong settings.
Run Hijackthis on all PCs and save the output. Then you have a snapshot of what is normal for your PCs.
Backup your data, in case the attacks become nasty.

[DCLXVI666]

Thanks for the information but this is stuff that I already know and practice. I work for the US Army in Information Assurance and Network Security. These are all strategies that I have used as long as I have had a wirelss network. The next thing to do would be to install and run an IDS on my system. I know that there are plenty out there that are opne source but many of them only run on a Linux platform and other aren't designed with wireless networks in mind. I am simply asking if anyone knows where I can get such a program. I appreciate you responses and trying to help me out but I am not an "average" user. I know that an IDS seems like I'm jumping the gun but I'm very paranoid now becuase they were able to get in past all my security measures. Thanks!

[lunarlander]

I have only used Snort, and its not a wireless ids. But heres an article reviewing a bunch of wireles ids.
http://www.networkcomputing.com/show...leID=189500017

Just curious, how do you know that it is a wireless attack?

[DCLXVI666]

Well I had my wireless router set to hand out only hte amount of IPs needed for each of my computers. Well, one by one each of my computers, in numerical order, began getting IP conflicts. Then, all at once all of my computers lost their wireless connections. I pulled the plug on the router and after an hour or so I restarted it and went to get into it via CAT5 and it wouldnt let me get in at all. I ended having to do a factory reset on it. Whoever got in there, locked me out of my own router. Thanks for the reply though, I will take a look at this link.

[klam]

That's an interesting problem you've got there.
I'd be very interested to see what your solution to this problem is.

[lunarlander]

What make and model is your wireless router? Maybe its a good idea to search for it at securityfocus.com to see if there are any vulenerabilities?

[DCLXVI666]

It's belking wireless 802.11G. I will look into it on the mentioned website. For anyone who cares, I have been unable to find an open source wireless IDS that runs on windows. I think that the solution might be to just install some form of linux (possibly Fedora) on my home server and go from there. I am alos wanting to stand up a network firewall. Any suggestions?