First of all hiding the SSID and limit the network to known MAC-addresses doesn't really help since those informations are never encrypted. So the attacker just has to sniff the network for a while to know which SSID you are using and which MAC-addresses are valid. After that he spoofs his MAC-address and trys to connect again. That takes only some minutes.
Originally Posted by PenguinMigrations
SSID and MAC-addresses can't be encrypted since they are needed to connect the stations to the access point. For more information go here:
Hacking Techniques in Wireless Networks
To detect what's going on you can do the following:
1. Read the log files of your router. There you can normally see which stations have logged in when and how long.
2. If you want to know what the attacker does with your connection first get a HUB (not a switch!) and connect it inbetween the access point and the router or inbetween the router and the modem. Connect a computer to that HUB and start Wireshark. Let it sniff for a while for all packages and have a look to which addresses, web pages ... the attacker connects.
3. Ask your provider to screen the connection.
To keep the attacker out:
1. Use strong encryption like WPA or WPA2.
2. Use the full length for the key (63 chars)
3. Use a strong key. Prefered is to create the key by your computer. For example you can create a random key by typing this line in your shell:
4. Power down the output capacity of your access point to a minimum. E.g. here in my home I get a good connection everywhere with only 40% output capacity. Doing so the distance from where you can reach your WLAN is much smaller.
dd if=/dev/random count=1 bs=256 2>/dev/null |openssl base64 |tr -d '\n' | cut -b-63
5. Switch your WLAN off when you don't need it. Most simple form to do so is to power off the access point.
6. Use cabled network.