question about z100g data (is someone trying to hack my net?)

Hello all,

Looking at my z100G (wireless router/firewall) control panel under Reports > Networks > WLAN, data for "Wrong NWID/ESSID" and "Invalid Encryption Key" gives a receive value of 10978894 for both. This seems to imply 10 million+ attempts to log onto my wireless net. Am I reading this correctly?

I do not broadcast my SSID, so I don't see how anyone could inadvertently/accidentally try to login to my net. It wouldn't show up on a list of available networks, or would show up as an un-named net. Is this an innocent byproduct of some other kind of traffic, or do I have someone who is trying to access my WLAN net? The number of attempted connections is so large that it would seem to be software based, as in a program trying to crack the key.

There is nothing on the z100g page that indicates the dates of these unsuccessful login attempts (if that's what they are), and there is nothing under either the security or event log that seems to correspond to someone trying to login and failing.

I am not sure what I can, or should, do about this. The data seems to suggest that the connect attempts were unsuccessful and there is really no way that anyone is going to guess either the SSID or pass phrase, no matter how many times they try. Is there anything I can do to learn more about what is happening, or is this something common that I don't need to be concerned about?

Thanks,

LMHmedchem

 

Probably other users on the same channel. Log into your z100g and under the "My Network" tab, change the wireless settings from automatic to XX channel. Before doing so, check with inSSIDer for a free or less polluted channel.

Fax
P.S. Double check you are using a WPA encryption! Unhide your SSID, it does not provide any security.

 

Alright, I will do that.

I am using WPA2 with MAC filtering and a very long random pass phrase, so I don't know how much more secure I can make it. I presumed that someone needs to know the SSID in order to log in, is that not true? When I open up a laptop here, my network does not appear in the list of available ones, so how does someone set up to log in without knowing both the SSID and pass phrase? I know that is referring to security from casual, untrained threats.

I would prefer that I had a router that would not accept any WLAN traffic except for VPN connections. That would mean that anyone connecting would need the right WPA2 credentials, and also correct VPN credentials. If it was set up properly, someone trying to get in wouldn't know they were being rejected because they weren't connecting with VPN (I think).

I don't think I can do that with this router, and I don't know router hardware well enough to know if there are other reasonable priced models that would. I have used the z100g, and liked it, mostly because it came packaged with a multi-user license for ZAISS and I like the interface for both ZAISS and z100g. The complete lack of any kind of support has become annoying and ZAISS has been surpassed by Comodo, so I will probably start looking for a new setup. One issue is that I guessed there would be fewer conflicts between the hardware and software firewall since they were both ZA products (a leap of faith, I know).

What would folks here recommend for a combination of hardware firewall router and software firewall client?

LMHmedchem

 

Yes WPA2 is OK. Also change the default router password. Mac can be spoofed and SSID can be read even if hided. So your only line of defense is WPA2. IMO better to visible to normal users around you (hackers will anyway see you regardless of the SSID status) so they can avoid you. Z100G is an end-of-life product not anymore supported and still on G instead N.

I am running here a NETGEAR with ZA Extreme. Working perfectly fine, no need to shift to other software firewalls . Depending on the NETGEAR you choose you also have VPN management integrated (or you can load alternative firmware if supported). Just check online the manuals or ask at their user support for guidance.

Hope this helps.

Cheers,
Fax

 

What is currently the best wireless encryption standard? I haven't looked in a while. Are you running a software firewall as well, or do you just use the one on the router?

LMHmedchem

 

WPA2 AES encryption. Yes, I am running a software firewall as well (ZA). The router will cover the inbound unsolicited calls while the software firewall will take care of the outbound.

 

Btw, this is an explanation from the Z100G official support forum: Excessive Wrong NWID/ESSID

And this is the explanation in the manual:
http://www.checkpoint.com/smb/help/z100g/8.0/1655.htm

This is an introduction to VPN in Z100G:
http://www.checkpoint.com/smb/help/z100g/8.0/6529.htm
(only one user per session as per most home router on the market)