Anyone familiar with Kismet?

If I'm reading this description right, it sounds like it can detect if someone is hacking you:

http://en.wikipedia.org/wiki/Kismet_%28software%29

for computer security. It's not as though any old hacker could edit it.

I did a little more googling and realized it wasn't user-friendly. I found another called Xirrus Wi-fi Inspector which I thought would lay it down easy, but I've only got the gadget working. So far, I've seen nothing which is superior to Insidder, which is a very intriguing program.

1- Turn off wireless access, if at all possible.

2- Along with #1, use ethernet to connect to my modem and router.

3- Use an excellent consumer-grade router. Of course, you can spend a lot of money on commercial-grade routers
but that's usually overkill for a home.

4- Harden your OS: http://www.itcoach.com/unsafe/System-Hardening.htm#steps (one of many pages on the internet about it)

5- Inspect your router log every day to see which IP addresses are trying to gain access. In my experience, you will see many IP's from China. Just stating
my experience. You can look up the locations by using this URL: http://www.networksolutions.com/whois/index.jsp (again, one of many pages)

6- Make sure your DMZ is turned off. A "duh" step but worth mentioning.

7- On your "Security" router administration page (or something that means the same thing), turn on as many features as you can.

8- Turn off UPnP (Universal Plug and Play) service both in your router and your OS (if you have it). Yes, it makes life a tad more difficult but you
can open ports easily enough.

9- Make sure you only open ports that you absolutely have to. The usual way hackers gain access is by identifying open ports. Close the ports as soon as you can, if you can. You can test your router's ports with this service: https://www.grc.com/x/ne.dll?bh0bkyd2 (Gibson's ShieldsUp).

10- Disable the Telnet service both in your router and in your OS. Only use Telnet very briefly and if you absolutely have to. Telnet is a very insecure protocol and a very old one, well known to hackers.

11- Malware scan your hard drives (including all floppies, CD's, DVD's, and USB thumb drives) with at least two excellent anti-malware programs. If you're really concerned, you can always backup your data, erase/format your hard drive and reinstall your OS anew.

12- Then.... I would use a security program as you have mentioned. I would also seriously consider a higher-grade commercial router if you are really concerned about it.

FWIW. Hope it was helpful.

I'll check to see who owns the IPs.

Also, how do I disable the pings?

And, dummy me, what's a DMZ?

Enabling the DMZ simply means opening a hole in the firewall so ALL data traffic can connect to one computer on your network. Of course, this totally disables any protection you derive from a router/firewall.

As far as pings go, on my Linksys router with the DD-WRT firewall firmware installed ( http://www.dd-wrt.com/site/index ), first you go to the Security page. There is a setting there called " Block Anonymous WAN Requests (ping) ". You check that to block the router from responding to ping requests from the internet.

One last suggestion: You want to change your IP address somehow. If you are on the typical "dynamic IP system" that ISP's typically employ, it's easy. You just turn off your modem for 24 hours or so and let your ISP reassign you a new IP address. Before you do that, make sure to get the IP address you currently have by going to http://www.whatismyip.com or any of the many others on the internet that will give you your IP address. Then, after shutting off your modem for 24 hours or so, you compare your new IP address with the old one. If it's the same, you either have to call your ISP and have them reassign you or just leave the modem off a bit longer. The lease time for your ISP-assigned IP address varies from ISP to ISP. Your ISP may be willing to tell you that information.

If your IP address is static (much more costly and usually a business feature), you have to call the ISP directly to obtain a new IP address.

To really thwart any attackers, a new IP address is essential. It's like moving across town and now the bad guys have to find you all over again. Of course, you can be hacked AGAIN at the new IP address but by now you've done all you can to secure your network.

I'll change the IP address soon.

One last question. What does it mean when the log says: DHCP IP: my ip number, TO MAC address so and so? I have a lot of those.

Also weird is that it looks like my e-mail server connected with the internet on a day when I wasn't here.

http://en.wikipedia.org/wiki/MAC_address , lots of geeky information there.

You can look up those MAC addresses here: http://standards.ieee.org/develop/regauth/oui/public.html

It means your router was connected to certain network interfaces (i.e, network interface card or NIC), hopefully your own machine's or ones you approved of. Your machine will have at least one network interface if not two or three. You can look up their MAC addresses. The ones you don't recognize, hopefully you approved of those.

About the email server, is it configured to work on days you don't personally attend to it ? Typically (from my knowledge), email servers are left on almost all the time and receive email all the time. If yours is configured differently, yea, that's a serious problem.

I'm almost out of my depth here. It's time for someone more knowledgeable than I to step in or a security professional in your area.

Thank you.

Hopefully all this solves the problem. If not, I would address my next DU thread in here to a network security expert. We have at least one network security expert in GD, but I'm loathe to name him or her for obvious reasons. Of course, you can always find someone locally. Good luck. :)