Wireless Under Attack?

When I got my wireless networking operating under Linux a few days ago, I was very surprised to find that I had a small but constant amount of inbound traffic on it whenever I used it, measuring 4K to 6K a second. Changing to different channels made no difference. I’d never seen this under Windows, on any of the machines that I used wireless with (including this one), but I figured that could be due to the differences between the Windows and Linux drivers — that it was always there and I just wasn’t able to see it before. The router didn’t report any additional devices connected, so I thought nothing further of it.

I’d been using a Netgear RangeMax WPN824, an 802.11g router, for maybe the last year and a half. It did the job and did it fairly well, but I had need of a router for another location, so I decided to pick up a new one for the office and move the Netgear one to a new home.

After some research, I picked up the D-Link DIR-655 yesterday. It has draft 802.11n/g/b wireless instead of only g and b, gigabit wired Ethernet in place of the Netgear’s 10/100, and several other features that sounded interesting, plus it had gotten rave reviews (from both users and experts) just about everywhere. And to my surprise and delight, it even had explicit instructions for setting it up from Linux — most hardware manufacturers don’t even acknowledge the existence of anything other than Windows and Mac, so it was quite nice to see Tux sitting next to the Mac Finder icon in the documentation.

I set it up with almost exactly the same settings as the Netgear one, the only real difference being that the SSID had one character added. But despite this, to my shock, my Linux machine doesn’t show the constant 4K-6K incoming anymore!

That leads me to wonder whether the incoming data was a targeted attack, perhaps aimed at trying to break through the WPA encryption. I can’t imagine why else the traffic would vanish when I changed the SSID, unless some other network was trying to use the same SSID (not impossible, but unlikely bordering on ludicrous). Or maybe that it wasn’t network traffic at all, but background radiation that was being misinterpreted by the Netgear box. We’ll see how things go when I install it at the new location.

3 Comments

  1. I have the same router, I’d been worried it was under attack too – by watching the blinkin’ lights. The lights were on while my computer was off and I noticed it was acting like something was accessing it – but the DSL modem wasn’t having enough activity to think anyone was doing anything via it. I suspect our netgear routers are having a collective hallucination, rather than a concerted attack. 😉 Knowing the collective computer literacy of here (sort of a combination Barrio and Charedi area) I doubt anyone is trying to crack it. Though in case someone is, I’m thinking I’m going to finally get my building-mate (who I’m sharing it with – its his router and laptop) to switch over to WPA.

    Incidentally, WPA can be cracked if you have a weak password. grml includes a utility for that, as well as the latest WEP cracker. (It’s not a cracker’s CD, I didn’t get it for that or knowing that was part of it, but it has a little bit of everything utility-wise. Luckily for the authors it’s not based in the US else they’d probably all get arrested. 😉 )

  2. I’ve use WPA from the time I first got that router — and I don’t have a weak password — so it’s highly unlikely that anyone would have broken through it, even if they tried. (And some of our neighbors might try, though I don’t know their technical skills or inclinations.)

    The new router allows for both WPA and WPA2 at the same time though, so I can use WPA from the Palm TX and WPA2 from the laptop at the same time. 🙂 Under Linux, that is… the Windows driver for my laptop’s wireless card doesn’t support WPA2 for some reason, even though the hardware itself obviously does.

  3. The old router was installed at it’s new location today, and it immediately started picking up 4-6K per second again. Since that location is much too far for it to be the same person attacking, and in a place that I know no one was using wireless networking before, I’m betting it is merely background radiation that’s being mistaken for a valid signal.

Comments are closed.