Any reason why you're still using WEP instead of WPA(2)?

It's busted, utterly and completely, time to move on.

Don't use WEP and MAC addresses. They are easily hackable. Use WPA.

I used to have a problem that seemed to be related to ubuntu bringing down the network. It seemed to go away with Hardy Heron, though.

Norm, I've been having this exact problem over the last few days with our home internet service (Comcast) in Seattle. Done quite a bit of troubleshooting but I haven't tried further locking down of the wireless network... my brief glimpses at it didn't show a lot of traffic other than my own.

Yes. I eventually just went with an Open Source firmware for the wireless router and have limited connections to specific MAC address.

If you were in an experimental mood you could have put back the old SSID and then run a packet sniffer to see who it is or what they're doing.

Then there's always all the fun and games with putting a transparent web proxy inline and flipping all their images upside down or other such.

Not a lot of security in WEP if you have a determined attacker (it keeps out the neighbors, of course).

I'd suggest putting some sort of bandwidth monitoring on if it starts happening again.

My use of WEP goes back to the days when either my Linux box didn't support, or I didn't understand how to install, WPA. I suppose now that wouldn't be a problem.

I don't recall seeing any odd traffic or anything, but I didn't try very hard. The problem interferes with Deb's business so I really can't afford to let it keep happening.

Norm -

I had a similar problem at my last home. The solution I used was to do the basic lock down of the router with WEP and MAC address filtering, but I also switched to an IPCop firewall between my network and the cable modem. I put the wireless stuff on it's own zone. I then monitored that, determined that a couple of neighbors were ... borrowing ... bandwidth. I blocked their MAC addresses and the problem went away. I also configured it to reject traffic from all except the IP addresses that my wireless systems use.

A bit of work, but the nice part is that I keep the intrusion detection running, so I can watch stuff bouncing off the firewall. I also have the option of setting up QOS and/or OpenVPN, which I've been considering. I occasionally see attempted connections, but they don't stick around.

The other bonus is I have a lot of control over traffic on the network, much to my teenager's frustration some days. :)

As I said, a bit of work, but it's been well worth it.

Please use WPA on your wireless router. Hiding the SSID and mac filtering are essentially placebos as both can be sniffed and macs can be spoofed.

There are HowTo articles posted on SmallNetBuilder that show how easy it is to break WEP - suppossedly it can be done in as little as 5 minutes.

That said, the pathology of your problem (if it is related to a neighbor vampiring your network connection) does not necessarily indicate a dedicated hacker. BUT, if someone is hacking into your network and you are using windows computers without software firewalls, they might also gain access to your computers as well. Possibly Macs as well.

Just my 2 cents

Hm... I have a similar problem with intermittent slow-downs, and similar experience with with the ISP's customer support. I hadn't thought about wireless hacking, since I don't use the wireless much. Most of the time just to bridge my daughters machine to the house LAN and out to the internet. And that machine is turned off most of the time.

What counts against this, is that I use ntop on the machine I have bridging the home LAN and the internet, and I don't see any strange traffic there during slowdowns.

But I guess I'll try turning off the AP the next time this happens and see what happens.

(I'm using WEP as well, because the APs I'm using don't support doing bridging with WPA, but if switching off the AP during a slow-down works, I guess I have to consider throwning them away and use APs that can bridge with WPA encryption. I already lock the MAC addresses, but that's easy to fake)

The evidence for wifi hacking is entirely circumstantial, and I still think it's unlikely. There are only four possible neighbors within reach and I find it hard to imagine any of them as malicious. But the problem did stop when I turned off the wifi. It could be entirely coincidental, but that seems awfully unlikely as well.

If I had more networking experience and more time, I'd put back the old setup and look for the culprits. Unfortunately, interrupting Deb's internet traffic brings her business to a grinding halt, so that's not really an option.

In the meantime, I've switched to WPA2 encryption and Charter Business internet service. The same service for twice the price except: (1) the tech support is excellent: clueful technicians interested in the problem and equipped with the tools necessary to attack it and (2) Charter now manages the router, so the bits become their problem before they even leave the house.

(This has the added advantage that Charter can help Deb when I'm on the road.)

We use a vpn server on linux,and we don't have any worries till now.I recommend it,works great.It became useful first to distinguish among different kinds of IP vpn based on the administrative relationships, not the technology, interconnecting the nodes. Once the relationships were defined, different technologies could be used, depending on requirements such as security and quality of service.