H1244
@pacbell.n
| reply to Glen T
Re: Hiding unsecured wireless networks
The Intel card I use is Intel 2200b/g. I believe 2100b/g, 2915a/b/g all have wireless profile management capabilities. When you first start the Intel ProSet tools that come with the card, just disable the Window's Wireless Zero Configuration as part of the initial set up. You can switch back and forth but the Intel tool are far super then the Window's.
You can go up one level and get a Cisco wireless card. You can do a lot more but it is just too expensive for home use. |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T U-Verse
 ·AT&T Midwest
| reply to Glen T
I haven't tried this, so I am not sure if it will work. But it might be worth a try.
You could configure tcp/ip for your wireless card, to use a fixed IP address, fixed gateway, fixed DNS server (same as gateway).
Then as long as you choose a subnet different from that of your neighbors, you won't be able to connect via the unsecured neighbor's network because the subnet will be wrong. |
|
TheWiseGuy
Dog And Butterfly
Premium,MVM
join:2002-07-04
Yonkers, NY
| reply to Glen T
If they know what they are doing they can get around this, but you could set a static IP address, with your router and computers on a different subnet then the other Wireless networks, this will keep them from connecting without changing the IP address. This is easy to get around if you know what you are doing.
Also you could add a software firewall that has the ability to allow things based on time of day.
--
Dog and Butterfly |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC
·Verizon Online DSL
 ·Skype
| reply to nwrickert
said by nwrickert  :I haven't tried this, so I am not sure if it will work. But it might be worth a try. You could configure tcp/ip for your wireless card, to use a fixed IP address, fixed gateway, fixed DNS server (same as gateway). Then as long as you choose a subnet different from that of your neighbors, you won't be able to connect via the unsecured neighbor's network because the subnet will be wrong. This, in addition to the limited account (user account), will accomplish what the original poster is asking.
If the kids are logging on to the neighbor's AP, the "system built on trust" is already broken.
Furthermore, it is generally considered a poor practice to use an Administrator's / Owner's account for day-to-day use.
--
Robb Topolski
http://www.funchords.com/
Hillsboro, Oregon USA |
|
jaa
Premium,MVM
join:2000-06-13
 ·Optimum Online
·Vonage
| reply to Glen T
Cybersitter, Cyberpatrol, Guardian Monitor are all programs that will do what you want. There are many other solutions out there as well.
--
NOTHING justifies terrorism. We don't negotiate with terrorists. Those that support terrorists are terrorists. |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
|  said by jaa :Cybersitter, Cyberpatrol, Guardian Monitor are all programs that will do what you want. There are many other solutions out there as well. The original poster seems pretty set on not going that route...;)
--
"When all else fails, read the instructions..." |
|
jaa
Premium,MVM
join:2000-06-13
·Optimum Online
·Vonage
1 edit | reply to Glen T
said by Glen T :For example, a client asked me to look at his kid's computer because one of his three kids could not print to the their networked printer. When I arrived, the child was not home, and no one knew her password, so we could not test the printing problem. Solution to that is remove the password so you can do the testing, then let them add it back in later.
In my house we have implemented a non-technical solution that works well with the kids - technically they have full internet access 24/7. Client software is the best way to control it technically. There are plenty out there reasonably priced, and some ISPs offer it for free.
As long as they have admin privliges, there is nothing you can do in XP that they can't undo. Even installing the internet limiting software can often be uninstalled (though you would know they did that). I think some cannot be uninstalled without the password - if you lose the password you have to reformat the drive to get rid of it.
--
NOTHING justifies terrorism. We don't negotiate with terrorists. Those that support terrorists are terrorists. |
|
fccgrant
join:2003-11-17
Carol Stream, IL
| reply to Glen T
You may want to look at this topic below...
»Block access to unsecured networks?
This explains how a software firewall such as Zone Alarm can be used to reject certain IP's from connecting to your system. You could set up the IP range of your neighbor's router to be rejected by the Zone Alarm firewall when the router trys to connect to your computer. Of course you may have to re-configure your router so as to not conflict with your neighbor's range.
Another thought...I'm hoping you have a software firewall of some sort on that computer. If not, your kids accessing the neighbor's unsecured wireless router may allow all kinds of nasty things on to your system. If he hasn't set up wireless then he more than likely doesn't have the firewall configured leaving you vulnerable.
fccgrant
--
In Deo speramus, ceteros omnes observamus |
|
Glen T
join:2003-11-03
BC
| I will try the IP range solution. I don't need to go overboard with this in terms of securing the solution.
The problem, in a nutshell, is that Windows XP SP2 just makes it too easy to browse and auto-connect to any available network. I have tried removing non-preferred networks from the list, but once you have logged on to one it remembers it -- and they just come back when you delete them from the list.
I will also inquire with Linksys to see if their client software would allow me to only connect to a profile account. They may have some undocumented switch to hide the others.
In general, people don't seem to distinguish between network resources. And no wonder: you buy a router, plug it in. Log on and it works. All you have to do is peruse the SSIDs out there -- most are still set to defaults like "default" (D-Link) and "linksys". Other than relative signal strength, the typical user wouldn't even know whose network they are connected to. The default treatment of this by the hardware vendors borders on negligent IMHO.
Most people don't have any knowledge of the issues or the protocol involved.
In my case, if those networks were not visible, this would be enough to deter the kids from connecting. As it is, they just see this as being no different then changing TV channels.
I think MS and the NIC vendors should get their act together on this. I can't believe that I'm the only one to have run into this issue. But then, I guess it runs counter to .Net philosophy -- connecting anywhere, anytime. |
|
fccgrant
join:2003-11-17
Carol Stream, IL
| Let us know how that works out as I'm curious myself.
My solution is to disable Wireless Zero Configuration in the Services panel. The wireless utility I use takes over and does the connection to my wireless router. After configuring the wireless in the utility I remove the shortcut to the utility from the START menu and the Windows desktop. Reboot and make sure it works.
Of course...if you have really smart kids they'll have all of these steps reversed in minutes.
Good luck.
fccgrant |
|
JTY
join:2004-05-29
Ellensburg, WA | reply to Glen T
The static IP solution should work.
Another possible solution, is to use task scheduler to replace the hosts file at the designated time. Replace it with something that will redirect pretty much any hostname lookup to an invalid IP. |
|
jaa
Premium,MVM
join:2000-06-13
·Optimum Online
·Vonage
| reply to Glen T
I'm not sure how any solution will work. If you can set it up, can't they just unset it?
Right now, it is set to connect to your network, right? Unless they go and connect to the neighbors network (a deliberate act), they will stay connected to your network.
If you set zone alarm to block the neighbor's address range, couldn't they just set it back - they have admin privileges, right?
Like I said before, I've chosen a "social" solution to blocking internet off hours. If you want a technical solution, you are going to have to remove admin privileges.
Using a fixed IP address that is on your network's subnet (and not the neighbors') is sort of like not broadcasting your SSID and thinking the wireless network is secured.
--
NOTHING justifies terrorism. We don't negotiate with terrorists. Those that support terrorists are terrorists. |
|
wi-fi
@verizon.ne
| reply to Glen T
quote:
Glen T
3. I actually went as far as to log on to one of them (of course they haven't changed the default password) and I changed the default SSID to "SecureMePlease".
That is not legally allowed. If you are caught you will be in serious trouble. What ever you do, do not do that again.
I think I know why "that did not help." They must, ex: by pressing the reset button, reset their router to connect to it. |
|
Shootist
Premium
join:2003-02-10
Decatur, GA | reply to Glen T
Simple PULL the wireless card out of the system and run a wire to it.
--
Shooter Ready--Stand By BEEP ******** |
|
ff1324
Everybody Goes Home
Premium
join:2002-08-24
On Four Day
| reply to wi-fi
said by wi-fi:
That is not legally allowed. If you are caught you will be in serious trouble. What ever you do, do not do that again.
Really? Show me the law where he is that says he can't do that.
And I think that Shootist has by far the best solution. If there's a hard wire, there's no chance of them getting on the neighbor's network.
--
The funny thing about firemen...night and day they're always firemen |
|
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
| reply to H1244
The ZyXEL HS100W is a possible alternative solution.
It applies to all computers in the house and is based upon logging into the router to get access to the internet.
The admin sets the accounts up with the appropriate permissions which includes how much daily access and between what times that access is allowed. There is an optional subscription content filter to BlueCoat(formerly cerberian) with over 50 topics covered/choosable.
In this way you do not have to change your current PC setup.
»www.us.zyxel.com/products/model.···88555542
--
Ain't nuthin but the blues! "Albert Collins". Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"LlamaWorks Equipment |
|
big greg
Premium,MVM,Ex-Mod 2005-6
join:2003-10-11
Boston, MA
clubs: 
| reply to Glen T
If the machines are using XP, I would set up an IPSec packet filter rather than using fixed IP addresses.
Change your router to use an IP address range that isn't 192.168.1.0 or 192.168.0.0 subnets... let's say your use 192.168.192.0. Go to each XP machine and install an IPsec packet filter that only allow traffic through to a an address that's on the private address range you selected. Your kids will probably take awhile to find it (you use the Local Security Policy in Administrative Tools to configure it). Leave DHCP and the rest of the software alone.
Now when they associate with your AP they are all set because the filter will let 192.168.192.* through, but when they associate with another AP not in your range the packets are blocked. That way it looks like they can associate but no packets get in or out. For problem solving, a quick ipconfig /all will show you which AP they are associated to.
As an aside, I don't think its a good idea to let everyone have full admin privs, particularly with teens. You can fix this easily. It is easy to do in XP, a bit more work in 2k. Make a new account called Glen or something like that, make it your administrative account access, and put a password on it. Go to the orig account that everyone uses and make it a restricted account. Everyone keeps the one desktop and you have a secure account for things you want under your control.  |
|
Shootist
Premium
join:2003-02-10
Decatur, GA
| reply to Anav
That router will NOT stop a wireless PC, notebook or desktop, from logging on to a unsecured, and for that matter a secured wireless network if you know the password, AP or wireless router. The only way to stop that is to take the wireless card out and hard wire it to the router. NO wireless card NO logging on to someone else's wireless network.
If that fails because they buy there own wireless card and or wireless USB adapter then it's time to look at what you have done wrong as a parent and correct it ASAP.
--
Shooter Ready--Stand By BEEP ******** |
|
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS | Ahh okay thanks shootist, yes apart from the other location applying security, there is no other option than removing wifi..... |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
1 edit | said by Anav :Ahh okay thanks shootist, yes apart from the other location applying security, there is no other option than removing wifi..... Well, the use of limited accounts and parental control software (that blocks internet access on a per user basis during certain time periods) is certainly an option...although not one the original poster seems willing to use for some reason...
--
"When all else fails, read the instructions..." |
|
