Wi-Fi protection

[katiemanny 64]

Hey guys, After we have set up our wireless internet to be able to connect our Nintendo Wii, and Kindle. Now I found out that there's an attacker sending DoS Attack (Denial-of-service attack) on our network on purpose to prevent us from using our own service, what should we do to prevent such attack from appearing on our wireless router logs. Everyday we see this attack recorded.

Anyone with that has experienced similar situation? Any advice will be very helpful.

Edited March 16, 2011 by katiemanny

[spookyturtle 9,465]

Have you enabled network security or is your network open?

[Darnell 8,478]

change your SSID name, change it also to 'not broadcast' (this bit is important)

then pick a compatible encryption type.

Then, back at each device, manually enter the new SSID name and encryption key.

Good LUCK !

[T_and_A 3]

Are you using symantec as your antivirus software?

If symantec, you can disable that denial of service notification under symantec settings

Hey guys, After we have set up our wireless internet to be able to connect our Nintendo Wii, and Kindle. Now I found out that there's an attacker sending DoS Attack (Denial-of-service attack) on our network on purpose to prevent us from using our own service, what should we do to prevent such attack from appearing on our wireless router logs. Everyday we see this attack recorded.

Anyone with that has experienced similar situation? Any advice will be very helpful.

[Deputy Purple 1,294]

Is the DoS attack internal or external?

You really haven't given enough info.

If it's internal then you need to change the security set-up of your Wi-Fi router. Personally I have done the following:

1. Changed SSID from the default
2. Disabled SSID Broadcast
3. Use WPA Personal Security Mode
4. Enabled WIreless MAC Filter
5. Changed the default ip address to something other than 192.168.1.1

[katiemanny 64]

Thank you everyone for your prompt reply, we have Wi-Fi security enable, SSID isn't turned off, we have passphrase, WPA2 enable, but everyday our Router logs is bombarded with connection rejected messages, DoS Attacks, its becoming worry some. We have symantec Norton anti-virus. The panic came when I read about the harm this attack may cause.

[katiemanny 64]

Is the DoS attack internal or external?

You really haven't given enough info.

If it's internal then you need to change the security set-up of your Wi-Fi router. Personally I have done the following:

1. Changed SSID from the default
2. Disabled SSID Broadcast
3. Use WPA Personal Security Mode
4. Enabled WIreless MAC Filter
5. Changed the default ip address to something other than 192.168.1.1

I think its External, I think its someone that is trying to kill our network connection just because he/she cannot use it.

The other night I was playing online, suddenly everything froze, I had to unplug the device to reboot, I think the culprit is determine to ruin our network.

Edited March 16, 2011 by katiemanny

[spookyturtle 9,465]

Call your ISP and get a new IP address.

[Ban Hammer 13,334]

Call your ISP and get a new IP address.

won't that just be detected as they are wireless?

[spookyturtle 9,465]

won't that just be detected as they are wireless?

You're right, it will be detected, but perhaps if they turn off broadcasting SSID and follow the security steps the attacker won't get through. Maybe use a router firewall?

[JohnSmith2007 353]

I think its External, I think its someone that is trying to kill our network connection just because he/she cannot use it.

The other night I was playing online, suddenly everything froze, I had to unplug the device to reboot, I think the culprit is determine to ruin our network.

You might try this, when they are hitting your network try turning off your protection long enough to see who gets in. The name of the computer is sometimes set with the name of the owner. Like mine is Johnscomputerxxxx. It might give you a clue to see who it is.

[rsn 135]

Whoa, lots of bad information in this thread. Let me address some of the false items here.

1. Do not disable SSID broadcast, that provides no benefit to you at all. It is trivial to detect an SSID that is not "broadcast". In fact, the SSID is broadcast by your devices on a network with a router that has its SSID broadcast disabled. All wireless communication is broadcast, and your devices prompt the SSID to be broadcast anyway during attempts to find the router. Discovering the SSID of a router that is set to disable SSID broadcast is easy - there are many free programs on the internet that amateurs can use to detect these. In fact, disabling SSID broadcast usually leads to connection issues and is a pain to deal with for new devices.
2. MAC address filtering was proven to be a useless form of security ages ago. If you want a false sense of security and you like wasting your time, by all means rely on MAC address filtering. It is beyond easy to spoof a MAC address. One can simply listen to traffic on a network and clone the MAC address of a client granted access to the system to masquerade as the same client.
3. Has anyone even asked how the poster knows there is a real DoS attack to be worried about? How do you know for sure there is even a problem?
4. Your internal IP address has no relation to how secure your network is.

You might try this, when they are hitting your network try turning off your protection long enough to see who gets in. The name of the computer is sometimes set with the name of the owner. Like mine is Johnscomputerxxxx. It might give you a clue to see who it is.

you will not see a computer name of the person attempting to connect to your network.

Edited March 17, 2011 by rsn

[JohnSmith2007 353]

you will not see a computer name of the person attempting to connect to your network.

I can go into my network utilities on my router and see the names of those that are connected. I caught my sons friends using my network that way.

[rsn 135]

I can go into my network utilities on my router and see the names of those that are connected. I caught my sons friends using my network that way.

If they are connected to your network, then yes. If this is truly a DoS attack, then they will not be connected to your internal network.

I should also note that it is EXTREMELY unlikely that a normal home internet user would be subjected to a DoS attack. Entities launching this attack usually don't waste their time with targets they don't care about.

Edited March 17, 2011 by rsn

[JohnSmith2007 353]

If they are connected to your network, then yes. If this is truly a DoS attack, then they will not be connected to your internal network.

I should also note that it is EXTREMELY unlikely that a normal home internet user would be subjected to a DoS attack. Entities launching this attack usually don't waste their time with targets they don't care about.

It is more likely someone that has a device set to auto connect with auto retry. In that event it isn't a DoS attack but some idiot that doesn't know how to set up his system. That is why I suggested they allow them to connect so they can see who it is. At that point he can turn his security back on and go confront the other person.