dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
14465
share rss forum feed

Glen T

join:2003-11-03
BC

Hiding unsecured wireless networks

Is there a way in WinXP to hide unsecured wireless networks and prevent automatic connection to same?

I have set up my wireless router to put time restrictions on Internet connection to prevent my kids from staying up until 2:30 am playing NeoPets. However, my ever-resourceful kids have discovered that they can just log onto my neighbour's unsecured wireless networks when ours goes off at 10:00 pm.

I want to block selected networks from the available networks list on their computer.

Suggestions appreciated.



SoonerAl
Premium,MVM
join:2002-07-23
Norman, OK
kudos:5

1 edit

Why not use software that restricts the hours your kids can logon to their/the family/your XP PC? Software like Netnanny, etc does that.

»www.netnanny.com/products/net_na···res.html

If your kids are limited users then that should solve the problem...

Since I don't use that type of software perhaps others can comment further...

Good luck...
--
"When all else fails, read the instructions..."



GadgetsRme
RIP lilhurricane
Premium
join:2002-01-30
Canon City, CO
reply to Glen T

1. Do what SoonerAl said plus ask your neighbor to secure his wireless.
2. If necessary take away wireless devices and or power cords at the appropriate time.
3. If that is defied it is time for a meeting with the "board of education" and their bottoms and take away all computer privileges
--
Gadgets


Glen T

join:2003-11-03
BC

said by GadgetsRme:

1. Do what SoonerAl said plus ask your neighbor to secure his wireless.
2. If necessary take away wireless devices and or power cords at the appropriate time.
3. If that is defied it is time for a meeting with the "board of education" and their bottoms and take away all computer privileges
Not so simple:

1. I have three daughters who are high-school age. I have to allow them access to their computer (they share it) for actual school work. They can stay up as late as they want writing an essay, but Internet access is just a distraction. They know that they have to finish their online chatting and research by 10:00 pm.

2. They need access to the wireless network for printing, etc. I cannot disable all my computers too (I work from home). But I can shut down Internet access across all of them.

3. I'd have to go door-to-door to find out who owns what wireless access point. I actually went as far as to log on to one of them (of course they haven't changed the default password) and I changed the default SSID to "SecureMePlease". Didn't help.

I could just lock them out of their own routers by setting up security "for them" but that's a bit too nasty.

Glen T

join:2003-11-03
BC
reply to GadgetsRme

By the way, this problem may be more common than you think. My nephew, who is 3rd year university, has been running up the limit on my Brother-in-law's ISP account by downloading music and movies 24/7. Since B-in-L works out of a home office, this wasn't good. He tried restricting access, and now the 'kid' just logs onto his neighbor's wireless.

Be nice if manufacturers of consumer WAPs would amend their getting started wizards to included setting up security and encryption, instead of defaulting to nothing at all.



GadgetsRme
RIP lilhurricane
Premium
join:2002-01-30
Canon City, CO

2 edits
reply to Glen T

I had some friends who had a similar problem and they fix it by moving the computer to a corner of the living room, where they could see it at all times. They also restricted the use of it to homework only for 2 weeks, allowed other uses if the kids could show proof homework was finished after that. It stayed that way until the end of the school year. Then was put back with the warning that the restrictions would be worse if it happened again. The next year they had no trouble at all. Show your daughters this little scenario and ask them which they prefer to behave and act maturely, or be watched like little children. And then follow through if you have to. The other thing to do is buy an inexpensive printer and hardwire it for them and kill all access for a period of time.
--
Gadgets


Glen T

join:2003-11-03
BC

1 recommendation

My solution has been to restrict Internet access. With more responsible Internet usage, the restriction is removed or reduced. With irresponsible usage, access becomes more limited.

With all due respect, I don't really need parenting advice. This was a technical question.



javaMan
The Dude abides.
Premium,MVM
join:2002-07-15
San Luis Obispo, CA

said by Glen T:

. . .

With all due respect, I don't really need parenting advice. This was a technical question.
I think your best bet is going to be locating the neighbor, explaining your situation, and see if he can secure his network. I don't think there's much you can do on your end other than trying some of the suggestions others have offered, social solutions though they may be.
--
Woe unto them that call evil good, and good evil; that put darkness for light, and light for darkness. . . Isa. 5:20


Nerdtalker
Working Hard, Or Hardly Working?
Premium,MVM
join:2003-02-18
Tucson, AZ
reply to Glen T

There isn't much you can do about your neighbors to make them "hide" their AP.

As far as I know, there isn't any way to create a "no connect" rule that prohibits you from connecting to a specific AP.

What you could do is get them a wireless NIC that doesn't have enough range or signal sensitivity to connect to your neighbor's AP. I'd look into one of those small little USB dongle Wireless Adapters, and simply remove their default MiniPCI or PC-Card adapters. There simply isn't any way they can connect to your neighbor's AP if they can't see it in WZC.

This might be suitable: »www.linksys.com/products/product···prid=669 Just rip-off the antenna.
--
"Some people never see the light till it shines thru bullet holes." -Bruce Cockburn

iPod Shuffle=iPos


I'm testing Gmail's spam filters: Broadbandreports1@gmail.com
Spam: 6200+


Glen T

join:2003-11-03
BC
reply to javaMan

I appreciate that you have taken the time to respond. However, I am not getting a clear indication from any posting so far that what I am asking is either impossible, or that the posters don't know the answer.

I kind of assumed that this would be something that a network administrator in a downtown office would have run into. Scenario: admin places restrictions on company access to Internet via wireless connection and enterprising employees find ways to circumvent by logging onto unsecured wireless network of John Doe, accountant, on the next floor.

I guess I figured that there would be some registry tweak that would simply hide all non-secured networks in the XP Wireless Network Connection viewer.

As to canvassing the neighbourhood, how would you take it if a complete stranger banged on your door and asked if you had a wireless network in your home? I'd tell the guy to get lost. This is not a practical solution. However, I *could* disable both of them. Maybe that's the best solution -- caveat emptor...


Glen T

join:2003-11-03
BC
reply to Nerdtalker

****
What you could do is get them a wireless NIC that doesn't have enough range or signal sensitivity to connect to your neighbor's AP. I'd look into one of those small little USB dongle Wireless Adapters, and simply remove their default MiniPCI or PC-Card adapters.
****

The ironic part is that, that's what we are using -- a USB54G Linksys dongle. It has a much better range than most PCI cards. I chose it because the PCI card was giving a lousy connection to our own WRT54G router.

These unsecured networks don't show up on my own Compaq laptop with built in 802.11g.



Nerdtalker
Working Hard, Or Hardly Working?
Premium,MVM
join:2003-02-18
Tucson, AZ

said by Glen T:

The ironic part is that, that's what we are using -- a USB54G Linksys dongle. It has a much better range than most PCI cards. I chose it because the PCI card was giving a lousy connection to our own WRT54G router.

These unsecured networks don't show up on my own Compaq laptop with built in 802.11g.
Ouch, that is pretty ironic! Although the WUSB54G does appear to have a nice antenna: »www.linksys.com/products/product···prid=665

Well, I guess you could try this NETGEAR USB adapter: »www.netgear.com/products/details/MA111.php it's only 13dBm.
Or this micro Linksys USB adapter: »www.linksys.com/products/product···prid=519 I can pretty much guarantee that it isn't going to have much range just by looking at it.

Better yet, swap out your wireless NIC with theirs.
--
"Some people never see the light till it shines thru bullet holes." -Bruce Cockburn

iPod Shuffle=iPos


I'm testing Gmail's spam filters: Broadbandreports1@gmail.com
Spam: 6200+


javaMan
The Dude abides.
Premium,MVM
join:2002-07-15
San Luis Obispo, CA
reply to Glen T

said by Glen T:

. . .

As to canvassing the neighbourhood, how would you take it if a complete stranger banged on your door and asked if you had a wireless network in your home? I'd tell the guy to get lost. This is not a practical solution. However, I *could* disable both of them. Maybe that's the best solution -- caveat emptor...
Personally? I wouldn't mind at all if someone were to explain the situation. In fact, I would be thankful that it was brought it to my attention that someone was sucking my bandwidth. But I do understand your point of view. I have no clue what your situation is, especially if you live in the city. I live in a more rural area and tend to think in different terms I guess.
--
Woe unto them that call evil good, and good evil; that put darkness for light, and light for darkness. . . Isa. 5:20


Nerdtalker
Working Hard, Or Hardly Working?
Premium,MVM
join:2003-02-18
Tucson, AZ
reply to Glen T

said by Glen T:

However, I *could* disable both of them. Maybe that's the best solution -- caveat emptor...
There are a few wireless APs/routers that'll allow you to decrease signal power through their web-based configuration interface.

A bunch of D-Link APs will let you do it without cracked firmware, and you definitely can with any WRT54G(S) alongside some 3rd party firmware.

While I'm not encouraging or condoning the practice of logging into the administrative pages of your neighbor's AP, it might work without you having to shut it down completely.
--
"Some people never see the light till it shines thru bullet holes." -Bruce Cockburn

iPod Shuffle=iPos


I'm testing Gmail's spam filters: Broadbandreports1@gmail.com
Spam: 6200+

Glen T

join:2003-11-03
BC

One is a Dlink. The other is Linksys. At any given time I can 5 or 6 WAPs from this machine. The rest are secured.

I'm not looking to take drastic measures, here. If I was, I'd just drill some holes, string a bunch of Cat6 cable and hardwire the thing to the router...



H1244

@dsl.sntc01.pacbell.n
reply to Glen T

"As far as I know, there isn't any way to create a "no connect" rule that prohibits you from connecting to a specific AP."

Not true. For example, with Intel wireless card and Intel ProSet software tools, you can create profiles that connect to specific APs only.

In the meantime, you need to create limited user account (with Windows XP Pro, not sure about XP Home) that only has limited capability, only admin can change the profile. Now you are in control.



SoonerAl
Premium,MVM
join:2002-07-23
Norman, OK
kudos:5

1 edit
reply to Glen T

Click for full size
Child web controls

Child allowable surfing hours
I still like the idea of parental control software, limited accounts, etc...

This thread got me thinking about my grandkids visiting this summer for two weeks, so I installed a free parental control package from my ISP, Cox HSI, and started experimenting with it. My scheme so far is to...

1. Setup an individual limited account for each grandchild on both of my XP Pro boxes.
2. Use the parental control software to limit the hours each child can access the internet. In each of their cases I limit them to internet surfing 2 hours (120 minutes) per day during their six hours total of allowable time on the PC. During the remaining four hours they can play computer games, etc, but not surf the internet.
3. I use the Windows net user command to limit the actual times during the day they can log onto the computer. For example:

net user dallas /time:M-Su,9am-12pm,5pm-8pm

...allows my grandson Dallas to be able to log into his account only between the hours of 9 AM to 12 PM (noon) and between 5 PM and 8 PM daily.

4. I also setup each childs account so the windows screen saver activates after 15 minutes of idle time and kicks the display back to the Windows Login screen. That way idle sessions are forced to log back on, if they can...See item 3 above. Along with this I setup group policies that disable the screen saver tab for users. Go to User Configuration -> Administrative Templates -> Control Panel -> Display and look at the Hide Screen Saver tab, Screen Saver, Screen Saver Executable Name, etc. policies. That makes it impossible for anyone, except an Administrator, to disable this feature. Now with XP Home you can't use group policies, but you can use a small Windows XP Security Console utility created by Doug Knox, MS-MVP to also disable the screen saver tab.

»www.dougknox.com/xp/utils/xp_sec···sole.htm

I have attached a few example screen shots from the parental control software I am using. It may be of interest...

The nice thing about all of this is that everything is setup on a per user basis, so I can control the kids and still let the adults have access to the PC and public internet at anytime. Of course the adult Visitors account is a limited account and all accounts are password protected...

This is also configured so only the administrator can configure all of this...
--
"When all else fails, read the instructions..."

Glen T

join:2003-11-03
BC

1 edit

I really wanted to avoid setting up limited accounts. On my computers at home, there is only a single user account with no login or password and max. admin. privleges.

The reasons for this are many. Each user profile has its own desktop etc. And this just adds to administrative headaches.

For example, a client asked me to look at his kid's computer because one of his three kids could not print to the their networked printer. When I arrived, the child was not home, and no one knew her password, so we could not test the printing problem.

Files end up on different desktops in different profiles. Games and applications work in one profile -- not installed in another. Backup is a nighmare. Etc. etc.

I'm just looking for a *simple* solution here. My system is built largely on trust. The single kid computer is in the corner of the family room where everyone can see and use it.

I just need to make sure that the kids are getting enough sleep on a school night -- usually, I'm the first one in bed -- I'm not waiting around to police this.

I can't outright terminate Internet access as a punishment. The kids work on computers at school and then e-mail work home to themselves to finish, then e-mail back in the morning. One daughter is studying journalism. She is working on articles all the time for school publications.

I should also mention that there are plenty of parental controls in place. We have one TV in the house. There is a long-standing ban on TV viewing during the week -- for all family members. MSN messaging and instant messaging have always been banned (and removed -- I shot the messenger) on my computers.


Glen T

join:2003-11-03
BC
reply to H1244

****
Not true. For example, with Intel wireless card and Intel ProSet software tools, you can create profiles that connect to specific APs only.
****
I take it that in order to set this up, you would disable "Use Windows to configure my wireless network settings" and then use some proprietary software that came with the NIC?


Glen T

join:2003-11-03
BC

Tried using the latest software connection monitor that came with the WUSB54G. It does replace (turn off) the Windows wireless connection manager, but it is largely the same. No way to block/hide non-preferred networks.



H1244

@dsl.sntc01.pacbell.n
reply to Glen T

The Intel card I use is Intel 2200b/g. I believe 2100b/g, 2915a/b/g all have wireless profile management capabilities. When you first start the Intel ProSet tools that come with the card, just disable the Window's Wireless Zero Configuration as part of the initial set up. You can switch back and forth but the Intel tool are far super then the Window's.

You can go up one level and get a Cisco wireless card. You can do a lot more but it is just too expensive for home use.



nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse
reply to Glen T

I haven't tried this, so I am not sure if it will work. But it might be worth a try.

You could configure tcp/ip for your wireless card, to use a fixed IP address, fixed gateway, fixed DNS server (same as gateway).

Then as long as you choose a subnet different from that of your neighbors, you won't be able to connect via the unsecured neighbor's network because the subnet will be wrong.


TheWiseGuy
Dog And Butterfly
Premium,MVM
join:2002-07-04
East Stroudsburg, PA
kudos:3
Reviews:
·Optimum Online
reply to Glen T

If they know what they are doing they can get around this, but you could set a static IP address, with your router and computers on a different subnet then the other Wireless networks, this will keep them from connecting without changing the IP address. This is easy to get around if you know what you are doing.

Also you could add a software firewall that has the ability to allow things based on time of day.
--
Dog and Butterfly



funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6
reply to nwrickert

said by nwrickert:

I haven't tried this, so I am not sure if it will work. But it might be worth a try.

You could configure tcp/ip for your wireless card, to use a fixed IP address, fixed gateway, fixed DNS server (same as gateway).

Then as long as you choose a subnet different from that of your neighbors, you won't be able to connect via the unsecured neighbor's network because the subnet will be wrong.
This, in addition to the limited account (user account), will accomplish what the original poster is asking.

If the kids are logging on to the neighbor's AP, the "system built on trust" is already broken.

Furthermore, it is generally considered a poor practice to use an Administrator's / Owner's account for day-to-day use.
--
Robb Topolski
http://www.funchords.com/
Hillsboro, Oregon USA


jaa
Premium
join:2000-06-13
kudos:2
Reviews:
·Vonage
·Optimum Online
reply to Glen T

Cybersitter, Cyberpatrol, Guardian Monitor are all programs that will do what you want. There are many other solutions out there as well.
--
NOTHING justifies terrorism. We don't negotiate with terrorists. Those that support terrorists are terrorists.



SoonerAl
Premium,MVM
join:2002-07-23
Norman, OK
kudos:5

said by jaa:

Cybersitter, Cyberpatrol, Guardian Monitor are all programs that will do what you want. There are many other solutions out there as well.
The original poster seems pretty set on not going that route...;)
--
"When all else fails, read the instructions..."


jaa
Premium
join:2000-06-13
kudos:2
Reviews:
·Vonage
·Optimum Online

1 edit
reply to Glen T

said by Glen T:

For example, a client asked me to look at his kid's computer because one of his three kids could not print to the their networked printer. When I arrived, the child was not home, and no one knew her password, so we could not test the printing problem.
Solution to that is remove the password so you can do the testing, then let them add it back in later.

In my house we have implemented a non-technical solution that works well with the kids - technically they have full internet access 24/7. Client software is the best way to control it technically. There are plenty out there reasonably priced, and some ISPs offer it for free.

As long as they have admin privliges, there is nothing you can do in XP that they can't undo. Even installing the internet limiting software can often be uninstalled (though you would know they did that). I think some cannot be uninstalled without the password - if you lose the password you have to reformat the drive to get rid of it.
--
NOTHING justifies terrorism. We don't negotiate with terrorists. Those that support terrorists are terrorists.

fccgrant

join:2003-11-17
Carol Stream, IL
reply to Glen T

You may want to look at this topic below...

»Block access to unsecured networks?

This explains how a software firewall such as Zone Alarm can be used to reject certain IP's from connecting to your system. You could set up the IP range of your neighbor's router to be rejected by the Zone Alarm firewall when the router trys to connect to your computer. Of course you may have to re-configure your router so as to not conflict with your neighbor's range.

Another thought...I'm hoping you have a software firewall of some sort on that computer. If not, your kids accessing the neighbor's unsecured wireless router may allow all kinds of nasty things on to your system. If he hasn't set up wireless then he more than likely doesn't have the firewall configured leaving you vulnerable.

fccgrant
--
In Deo speramus, ceteros omnes observamus


Glen T

join:2003-11-03
BC

I will try the IP range solution. I don't need to go overboard with this in terms of securing the solution.

The problem, in a nutshell, is that Windows XP SP2 just makes it too easy to browse and auto-connect to any available network. I have tried removing non-preferred networks from the list, but once you have logged on to one it remembers it -- and they just come back when you delete them from the list.

I will also inquire with Linksys to see if their client software would allow me to only connect to a profile account. They may have some undocumented switch to hide the others.

In general, people don't seem to distinguish between network resources. And no wonder: you buy a router, plug it in. Log on and it works. All you have to do is peruse the SSIDs out there -- most are still set to defaults like "default" (D-Link) and "linksys". Other than relative signal strength, the typical user wouldn't even know whose network they are connected to. The default treatment of this by the hardware vendors borders on negligent IMHO.

Most people don't have any knowledge of the issues or the protocol involved.

In my case, if those networks were not visible, this would be enough to deter the kids from connecting. As it is, they just see this as being no different then changing TV channels.

I think MS and the NIC vendors should get their act together on this. I can't believe that I'm the only one to have run into this issue. But then, I guess it runs counter to .Net philosophy -- connecting anywhere, anytime.


fccgrant

join:2003-11-17
Carol Stream, IL

Let us know how that works out as I'm curious myself.

My solution is to disable Wireless Zero Configuration in the Services panel. The wireless utility I use takes over and does the connection to my wireless router. After configuring the wireless in the utility I remove the shortcut to the utility from the START menu and the Windows desktop. Reboot and make sure it works.

Of course...if you have really smart kids they'll have all of these steps reversed in minutes.

Good luck.

fccgrant