Who's connected to your Wi-Fi network?

In the Oct 8, 2009 issue of the Windows Secrets newsletter, Fred Langa addressed the question: Who's sneaking onto your Wi-Fi connection?

The article is in the paid edition of the newsletter, so I'm not going to repeat it. However, his advice boils down to using the web interface to check with the router.

Certainly the router is aware of all the connected devices  (computers, smartphones, networked printers, etc) on a Local Area Network. But, many routers don't tell you about all the connected devices. Beats me why, but many fail to report devices with static IP addresses. 

Every device on a network has to be assigned a unique number, and on most networks, this is an IP address. Computers get assigned an IP address in one of two ways.

The easy, and most common way, is that, while starting up, the computer sends out a plea on the network, begging someone (technically a DHCP server) to give it an IP address. Normally the router hands out what are referred to as dynamically assigned IP addresses.

The older, less frequently used option is that the computer (or other device) is pre-configured to always use one specific IP address. This is referred to as a statically assigned IP address.

I've seen many routers whose web interface only reports on devices that were assigned a dynamic IP address. Computers with statically assigned IP addresses remain hidden. They are not really hidden, all sorts of network protocols happily communicate with devices that have a static IP address.

The Linksys router running my LAN is among those that only show devices with a dynamic IP address. The button you click to see the attached devices is labeled "DHCP Clients Table". 

The Netgear WGR614v9 is among those with better reporting. The "Attached Devices" option is easy to find and displays all the in-use IP addresses, regardless of how they were obtained. 

But this still leaves something to be desired. For example, it does not use the MAC address to report on the hardware vendor, which might come in handy when looking for interlopers. It also fails to indicate which devices used a static IP address and which were assigned a dynamic one. 

Reporting on connected devices is not the sort of thing you're likely to see in the specs of a router. Even reviews of routers don't bother to point out whether the web interface reports on all connected devices or just those with a dynamic IP address.

Another issue with Mr. Langa's advice is that logging in to a router and checking on the connected devices requires an understanding of IP addresses,  DHCP and perhaps even MAC addressing. Getting up to speed on this is not realistic for many.

Rather than ongoing monitoring, I think it's better to take some up-front steps to keep the bad guys out.

Use WPA2 with AES (really CCMP) if you can. If some devices on your network can't communicate using AES, then run with TKIP (which works with both WPA and WPA2 routers).

My recent surveying with inSSIDer found that about half the detected Wi-Fi networks were still using the old, flawed WEP for encryption. Thus, just by using TKIP, despite its two known flaws, you are much less of a target. For more about WPA, WPA2 and WEP, see my article The Best Security for Wireless Networks.

In addition to AES or TKIP, you need to also use a long, reasonably random password (pass sentence is even better) for logging in to your Wi-Fi network (this assumes the personal rather than enterprise versions of WPA and WPA2).

These two steps should make any wireless network reasonably secure. Nothing is perfect, but bad guys are most likely to attack the easiest targets. 

FREE Computerworld Insider Guide: Five IT certifications that won’t break you
Join the discussion
Be the first to comment on this article. Our Commenting Policies