Author
Message
Kaosports DD-WRT Novice Joined: 12 Apr 2018 Posts: 1
Posted: Thu Apr 12, 2018 3:26 Post subject: How to monitor wlan for intruders?
Howto monitor wlan for intruders?
Is the a program that can do that
Thanks CJ
See more of our service:
Kaosports Children's Basketball Center: https://kaosports.vn/
https://goo.gl/kzVRxA
Best basketball school location: https://goo.gl/TSZVg4 Last edited by Kaosports on Tue May 22, 2018 8:38; edited 1 time in total
Back to top
Sponsor
lazardo DD-WRT User Joined: 17 Apr 2014 Posts: 140 Location: SF Bay Area
Posted: Thu Apr 12, 2018 6:04 Post subject:
GUI: Security -> Firewall Protection: Enable + Apply Settings
No intruders, but you can see them being blocked:
GUI: Status -> Syslog
or
ssh <your_router> "grep DROP /var/log/messages"
Cheers,
Back to top
jwh7 DD-WRT Guru Joined: 25 Oct 2013 Posts: 2670 Location: Indy
Posted: Thu Apr 12, 2018 16:25 Post subject: Re: How to monitor wlan for intruders?
Kaosports wrote: Howto monitor wlan for intruders?
Is the a program that can do that
Monitor if someone is trying to connect (as addressed by lazardo), or is already connected? For the latter, check the Status->Wireless 'Clients' list. _________________# NAT/SFE /CTF: limited speed w/ DD # Repeater issues # DD-WRT info: FAQ , Builds , Types , Modes , Changes , Demo #
OPNsense x64 5050e ITX|DD : DIR-810L, 2*EA6900@1GHz, R6300v1, RT-N66U@663, WNDR4000@533, E1500@353,
WRT54G{Lv1.1,Sv6}@250 |FreshTomato: F7D8302@532 |OpenWRT: F9K1119v1, RT-ACRH13, R6220, WNDR3700v4
Back to top
mac913 DD-WRT Guru Joined: 02 May 2008 Posts: 1848 Location: Canada
Posted: Thu Apr 12, 2018 16:35 Post subject:
lazardo wrote: GUI: Security -> Firewall Protection: Enable + Apply Settings
No intruders, but you can see them being blocked:
GUI: Status -> Syslog
or
ssh <your_router> "grep DROP /var/log/messages"
Cheers,
I did a telnet to router and the command didn't work using this command worked....
cat /var/log/messages |grep DROP
To check for warnings in the logs...
cat /var/log/messages |grep .warn _________________Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
YAMon 3.4.6 | DNSCrypt-Proxy V2
Back to top
lazardo DD-WRT User Joined: 17 Apr 2014 Posts: 140 Location: SF Bay Area
Posted: Mon Apr 16, 2018 17:25 Post subject:
mac913 wrote: lazardo wrote: GUI: Security -> Firewall Protection: Enable + Apply Settings
No intruders, but you can see them being blocked:
GUI: Status -> Syslog
or
ssh <your_router> "grep DROP /var/log/messages"
Cheers,
I did a telnet to router and the command didn't work using this command worked....
cat /var/log/messages |grep DROP
To check for warnings in the logs...
cat /var/log/messages |grep .warn
Attention to detail.
Code: ~$ ssh dd-wrt "nvram get os_version; grep DROP /var/log/messages" | head -3
33492
Apr 16 16:48:44 dd-wrt kern.warn kernel: DROP IN=vlan2 OUT= MAC=78:24:af:20:02:4c:00:01:5c:63:fc:46:08:00:45:96:55:e1 SRC=108.237.246.19 DST=24.6.184.178 LEN=588 TOS=0x00 PREC=0x20 TTL=52 ID=0 DF PROTO=UDP SPT=30000 DPT=64598 LEN=568
Apr 16 16:48:44 dd-wrt kern.warn kernel: DROP IN=vlan2 OUT= MAC=78:24:af:20:02:4c:00:01:5c:63:fc:46:08:00:45:20:01:79 SRC=108.237.246.19 DST=24.6.184.178 LEN=377 TOS=0x00 PREC=0x20 TTL=52 ID=0 DF PROTO=UDP SPT=30000 DPT=64598 LEN=357
Cheers,
Back to top
al_c DD-WRT Guru Joined: 13 Apr 2013 Posts: 2134 Location: Ottawa Canada
Posted: Mon Apr 30, 2018 3:11 Post subject: Re: How to monitor wlan for intruders?
Kaosports wrote: Howto monitor wlan for intruders?
Is the a program that can do that
Thanks CJ
Perhaps too little too late but on the plus side, YAMon (https://www.dd-wrt.com/phpBB2/viewtopic.php?t=314467 or http://usage-monitoring.com ) shows a list of all devices connecting to your network...
However on the downside, if the intruders appear in the YAMon reports it means you've already been compromised...
Back to top