Security Question? How Do I Read My Logs?

Me Thinks someone is using my bandwidth?
I went into my logs and put some of the IP numbers into my browser and they open some sites I have not visited. Huh?

I have a WRTG54. A Version 2.0 with the latest Firmware.
I configured it to allow my laptop to use my Comcast cable internet via a Motorola SB5100 cable modem.
I have WPA2 Personal, AES,A Shared Key, and a Group Key renewing every 3600 seconds.
I can't get all the numbers to open a site as I have never entered webb addresses this way "72.14.207.99".

I need to learn how use my logs to see if I am being hacked.

 

Are you using a complex long password for your WPA2?

The number you reference is called an IP address. When you type in a URL like www.google.com, your computer contacts another computer called a DNS server to look up what you typed in to find the corresponding IP address, which is used to find websites on the internet. Your router logs IP addresses being visted, and not URLs.

You visit a lot more websites than you think. Like on this page, you're also hitting Google for the ads in the left frame.

 

Thanks WackyT.

I'll look at the password thing.
Can you point me at somthing I do or use to detect when a second party has gotten into my network?

 

Check how many clients is connected to the router and see if you identify any unknown or duplicates.

 

You can use AirSnare or Look@LAN to monitor network clients.

 

Change your SSID name then disable its broadcast.

 

Use truly random generated keys, all printable chr's. Use the max number allowed, always. I use http://www.grc.com key generators. Just Copy and Paste. If you can remember the keys it's to easy and not long enough. If the keys are good you will need to copy and paste them.

 

Good Stuff Guys,

I had a "Cable Guy" friend over today and he went through my setup and said I am good to go.
The GRC thing will be implemented tonight.

For fun I connected to one of (many) my neighbors network and entered the Linksys isp and got in under Linksys, Admin, and moved around in his router setup.
How can I anonymously leave him word in his setup he needs to secure it?

 

Changing SSID is fine but disabling broadcast tends to cause problems in XP and you yourself may struggle to get on your LAN then.

MAC filtering and a strong password is as much as you can do really.

If you find that the person could still get on you can trying limiting the number of IP addresses allowed to one.

 

Hidden SSID causes no problems, I do find it easier to do the setup then hide it when every thing is working.

The notion of MAC filtering is a JOKE. Any sniffer can give you that info. All broadcast includes it in the header. Run a copy of netstumbler if you want to see them. Beside you can take any router or network hardware and they provide a way to clone your mac address.

therock, some router have problem with the " chr, if you have a problem, remove them from the string.

 

Eh, no:

1. OS problems like XP
2. Also there is a neat little exploit for those who hide the SSID. Which in turn gives up a lot more network traffic information than if it had just been broadcasted!

 

great site to sleuth out IP and/or website info:

http://www.dnsstuff.com