How can I detect unauthorized access on my 802.11 g/n network?

How can I detect unauthorized access on my 802.11 g/n network? I am using a wireless network and I want to make sure that no unauthorized users are connecting through my access point. I am using the standard encryption the device supports. I know it is a trivial matter for someone to scan my network and break the encryption key and then connect. Are there any tools to spot the rogue user?
Asked by: Guest \| Views: 220

Total answers/comments: 1

Comments display order:

Guest [Entry]

"If your network is relatively small and you know how many users/devices ""should"" be on it at any given time, you can check the wireless router's client list. This varies by model and firmware, and may be completely different for 3rd party (eg, dd-wrt). For example, my dd-wrt based Linksys router has:

Two clients connected. I know that there's a potential for 4 total, and I know the last two octets of the two devices in the image :-). Of course that may not work if you have a lot of users/devices, and of course MACs can be spoofed. You should switch your encryption to WPA2, as WEP is very easily broken anyway, which will help keep unauthorized people from accessing your network.

Depending on what kind of environment you're working with, you may also want to look into a tool like SNORT. SNORT is an intrusion detecction system and is very sophisticated for network monitoring. As a superuser, this might be a fun and useful home project, and if this is for work, there's many reasons to use SNORT in a company.

For what it's worth, if you do check out SNORT, you might also be interested in sguil, a nice GUI front end for viewing SNORT data.

(I am not affiliated with SNORT or sguil, and other tools may exist that may work better for your use case, but these are what I've used)"