You might look for logs such as LAN users, connection or status log, or connected MAC addresses. And you can also use a tool to check the IP/MAC on your wireless network IP range.

Verify the MAC addresses

To find out who is on your network, you have to make a list of all the devices that are meant to be connected. Find out their MAC adresses and their IP addresses if they are static.

To find out the MAC and IP address on Windows OS, click the Start menu and choose Run. Type cmd and click OK. In the screen that opens, type ipconfig/all and hit Enter. The MAC address will be shown as the physical address.

Once you know the MAC addresses of each of the computers on your wireless network, you will recognise any addresses that don’t belong under the window that shows the MAC addresses of current clients.

Check the IP addresses

Similarly you can see how many IP addresses have been dipped out by the DHCP server. If you check the IP of each of your computers, you can see if other IP addresses have been used in your wireless network.

To find out your IP address on Windows OS : Click Run ? type in cmd ? type ipconfig/all ? which will display the IP address for that computer.

Use a software to scan for IP/MAC

Zamzom Wireless Network Tool (google it for download) is a free tool that can do a quick scan for you. Just load it up, hit Fast Scan and it will show you the IP and MAC addresses of every computer that is connected to your WAN. You can also perform a deep scan, but a fast scan will be enough for most users.

Dealing with intruders

If you find someone using your wireless router, they may well not be doing so nastily or intentionally. Sometimes people can’t tell which is their own connection and they may honestly believe that they are using their wireless router. In this case, the best thing that you can do is to secure your own wireless network.

• Passive attacks:

In a wireless network passive listening is even easier than the media air is hardly controllable.

Often, the radio coverage of one access point goes beyond the private domain of a company or an individual. The passive attack the most common is the search for access point.

This attack (called Wardriving) became the “game” the favorite of many hackers, the access points are easily detected by a scanner (equipped with a laptop WiFi card and special software to search for PA.) These cards are equipped with wifi directional antennas (Yagi type) to listen to the radio traffic at a distance outside the coverage area of access point.

There are two types of scanners, liabilities (Kismet, WifiScanner, prismstumbler …) without leaving traces, virtually undetectable and assets (Netstumbler, dstumbler) detectable when listening, they send out “probe request” . Netstumbler only works on Windows, others work with Linux.

The sites identified are then indicated by marking out (with chalk) the following code (Warchalking):

A preliminary traffic analysis allows to find the SSID (network name), the MAC address of access point, throughput, use of WEP encryption and signal quality. Combined with a GPS, the software can locate the access point.

At a higher level of software (or type Aisnort WEPCrack) allow a few hours (depending on traffic), to decipher the WEP key and with the tools and network analysis conventional information retrieval can go further. The attacker can pass a so-called active attacks.

• Active attacks :
  

We’ll see, quite briefly, the various known attacks in wired networks and affect, of course, the world of wireless.

1- DoS (Denial of Service)
The denial of service network is often an alternative to other forms of attack because in many cases it is simpler to implement, requires less knowledge and less easily traceable than a direct attack to enter a system to take control.

This attack is intended to prevent legitimate users from accessing services by saturating false requests these services. It is generally based on “bugs” software.
In the wireless environment, it includes blocking access points either by flooding the request of disassociation or Deauthentication (Airjack type program), or more simply by jamming radio signals.

2- Spoofing (impersonation)

IP spoofing is a technique that allows an attacker to send a packet machine appears to be from an IP address other than the attacker’s machine. IP spoofing is not provided an IP address change.

More precisely it is a travesty (he is the technical term) of the IP address in the packets, that is to say that the packets are modified so that they appear to reach d a machine.

3- “Man in the middle” in rural Wi-Fi

This attack is for a Wi-Fi has to have an access point near abroad in other legitimate AP. Stations wishing to connect to the network to deliver PA “felon” their information for the connection.

This information will be used by a pirate station. Just simply a pirate station listening to the traffic, get MAC address of a legitimate station and its AP, and intercalated in the middle.