Sustainable Sustworks - Tools for Internet Travel
Inspired Tools for the Mac

Search




Application Note 1003

Using IPNetSentryX to Notify You When a Guest Tries to Access Your AirPort Network



Scenario

Like many people, you run an AirPort base station at home to provide wireless access for your laptop or additional remote computers. You've heard 802.11 is not entirely secure and would like to know whether unknown guests are actually trying to use your wireless network.

This application note will consider two AirPort configurations:

1. You are running a software base station.

2. You are using a hardware base station (access point) in transparent bridging mode to extend your LAN to wireless clients.

IPNetSentryX's flexible combination of IP filtering and MAC Address filterings allows you to detect when new clients try to join your AirPort network.

Detecting guests from a software base station

IPNetSentryX allows you to add MAC Address filtering to your software base station (a feature normally limited to hardware base stations). Consider a desktop Mac with IPNetSentryX running as a software base station and a laptop with an AirPort card used to access that base station.

With the laptop connected to your base station, you can use the Address Scan tool in IPNetSentryX to determine the "Ethernet" hardware address of machines on your network.

Alternatively, you could use the Info tool in IPNetMonitorX or the Network Utility on your laptop to display its hardware address directly. Next, we configure IPNetSentryX to notify us if any other hardware devices try to access our AirPort card besides the Ethernet broadcast address which our laptop might use.

If another device tries to access our AirPort network, we'll see an alert (or other notification if selected) like this.

Next we'll consider using a hardware base station in transparent bridging mode. In this case our desktop is not directly attached to the AirPort interface, so we can't distinguish between wired and wireless traffic based on the physical interface it arrives on. If the number of hosts on our LAN is small however, we can still list them to recognize any new devices on our LAN (wired or wireless). Once again we can use the Address Scan tool to find the MAC addresses of the devices attached to our LAN.

In the firewall rules window, we just append the additional known devices on our LAN.

If any new device appears on our LAN (wired or wireless) we'll be notified as before.

Key Features

IPNetSentryX's MAC Address filtering allows you to distinguish specific LAN devices.

The included Address Scan tool makes it easy to catalog the devices on your LAN.


Please send questions, comments, or suggestions using our general requests form:

http://www.sustworks.com/site/sup_questions.html

Top

Back to IPNetSentryX Application Notes