Quantcast Wireless Security: Wep, Mac, Honeypot? - digitalFAQ.com Forums [Archives]
  #1  
09-09-2005, 04:19 PM
black prince black prince is offline
Free Member
 
Join Date: Jul 2002
Posts: 1,224
Thanks: 0
Thanked 0 Times in 0 Posts
@Anyone,

Just upgraded to DSL with wireless router and security came to mind.
After reading throught many articles about WEP's and MAC's or HoneyPot
(not sure it's avaliable form Windows)? Is there a pratical security setup
that will keep most hackers away, like wardrivers, warwalkers, etc.
HoneyPot sounds interesting (i.e. 53,000 fake SSID) and would discourage
all but the most experienced hackers or possibly attract them. Does anyone
have a pratical solution

-BP
Reply With Quote
Someday, 12:01 PM
admin's Avatar
Site Staff / Ad Manager
 
Join Date: Dec 2002
Posts: 42
Thanks: ∞
Thanked 42 Times in 42 Posts
  #2  
09-09-2005, 08:17 PM
kwag kwag is offline
Free Member
 
Join Date: Apr 2002
Location: Puerto Rico, USA
Posts: 13,537
Thanks: 0
Thanked 0 Times in 0 Posts
Hi BP,

You should be fine with a 128 bit WEP key
The only way for someone to break your key, would be to use a program with "brute force", after he has captured a lot of packets from you.
You could also configure your AP to use a MAC address only, and this way you can keep your AP without any WEP key, as only the MAC addresses you permit will be allowed access

-kwag
Reply With Quote
  #3  
09-10-2005, 03:27 AM
rds_correia rds_correia is offline
Free Member
 
Join Date: Apr 2003
Location: Chinese Democracy starts now!
Posts: 2,563
Thanks: 1
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by kwag
You should be fine with a 128 bit WEP key
I don't know Karl but all the experts are recommending WPA instead of WEP these days.
But one thing's for sure, none of these securities can save you if you're being attacked by a 1st class hacker.
They say that the real 100% protection mechanism is yet to be found...
At least that's what I've read all over the Internet some time ago when I was planning on going wireless at home.
Cheers
__________________
Rui
Reply With Quote
  #4  
09-10-2005, 06:33 AM
black prince black prince is offline
Free Member
 
Join Date: Jul 2002
Posts: 1,224
Thanks: 0
Thanked 0 Times in 0 Posts
@Kwag and Rui, Thanks

-BP
Reply With Quote
  #5  
09-10-2005, 10:13 AM
kwag kwag is offline
Free Member
 
Join Date: Apr 2002
Location: Puerto Rico, USA
Posts: 13,537
Thanks: 0
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by rds_correia
I don't know Karl but all the experts are recommending WPA instead of WEP these days.
They are both crackeable.
As a matter of fact, the best and most secure practice is to leave the AP completely open and use a captive portal software, where users get a secure logon page, and after validating with their user/password, then they can proceed.
There is free software for this, like "NoCat", but this requiress you to install a U*nix machine as a firewall, together with NoCat.
With this, you're totally secure

-kwag
Reply With Quote
  #6  
09-10-2005, 10:35 AM
rds_correia rds_correia is offline
Free Member
 
Join Date: Apr 2003
Location: Chinese Democracy starts now!
Posts: 2,563
Thanks: 1
Thanked 0 Times in 0 Posts
Quote:
They are both crackeable.
Exactly, I hope I had already made that clear to BP.
But for those weekend hackers out there WPA should be way better than WEP.
At least that's what I've been told by geeks on the m0n0wall mailing lists .
Quote:
As a matter of fact, the best and most secure practice is to leave the AP completely open and use a captive portal software, where users get a secure logon page, and after validating with their user/password, then they can proceed.
There is free software for this, like "NoCat", but this requiress you to install a U*nix machine as a firewall, together with NoCat.
With this, you're totally secure
There! You're almost talking about m0n0wall yourself .
@BP
Try to find a cheap 2nd hand Soekris 4501 on eBay or something.
That should come with 3 LAN ports.
One for the Cable/DSL modem/router, another one for the HUB or Swith of the wired home LAN and a last one for the AP of the wireless home (but not only ) LAN.
Then buy yourself a 64MB CF card, write the m0n0wall image on it and configure the 3rd LAN in Captive Portal mode.
Just create a couple of users for the laptops/PDAs and you're ready to go.
But don't expect to find a Soekris 4501 with a case and a power supply for less than US $100.00 .
And remember, you will most surely need one with 3 LAN ports unless you're ready to give up on wired connections .
Cheers
__________________
Rui
Reply With Quote
  #7  
09-10-2005, 11:28 AM
kwag kwag is offline
Free Member
 
Join Date: Apr 2002
Location: Puerto Rico, USA
Posts: 13,537
Thanks: 0
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by rds_correia
Try to find a cheap 2nd hand Soekris 4501 on eBay or something.
That should come with 3 LAN ports.
Or if you already have an old PC laying around, you can always download the m0n0wall PC image, and run it on that old PC
I personally love the Soekris board, but I have also made installations on regular PC, and it works great too.

@Rui,

Have you played with wireless mesh software
This is my weekend project (I started last night)
I'm toying around with LocustWorld ( http://www.locustworld.com ) to create a mesh of two points in my house
I'll let you know if I succeed, or fail
(I wish there was something like that for *BSD, but I can't find it
We have these at work http://www.tropos.com , but that's just out of my (pocket) reach )


-kwag
Reply With Quote
  #8  
09-10-2005, 01:11 PM
black prince black prince is offline
Free Member
 
Join Date: Jul 2002
Posts: 1,224
Thanks: 0
Thanked 0 Times in 0 Posts
@Kwag,
Kwag wrote:
Quote:
@Rui,

Have you played with wireless mesh software Question
This is my weekend project (I started last night) Mr. Green
I'm toying around with LocustWorld ( http://www.locustworld.com ) to create a mesh of two points in my house Cool
I'll let you know if I succeed, or fail Laughing
(I wish there was something like that for *BSD, but I can't find it Rolling Eyes
We have these at work http://www.tropos.com , but that's just out of my (pocket) reach Mr. Green )
-kwag
I assume this is a training Mesh I live in Philadelphia and never knew
Tropos MetroMesh was in use I sure wish it becomes available to
residents to create free WiFi communications This is very
interesting I'll be watching your progress even though some of
what you are doing is technically above me. I hope to get some practical
uses from you experience.

-BP
Reply With Quote
  #9  
09-10-2005, 01:18 PM
kwag kwag is offline
Free Member
 
Join Date: Apr 2002
Location: Puerto Rico, USA
Posts: 13,537
Thanks: 0
Thanked 0 Times in 0 Posts
I'll keep you posted BP
I've successfully set up wireless mesh today in my home, and registered at wiana.org.
Everything is web based, and when I change something at their site, and I reboot my machine, it picks up the new configuration
One thing I don't like, is that it depends on their site for configuration.
I'm really looking for a way to make this work without depending on external sources.
I believe FreeBSD 6.x has now some mesh code in there, but the developers said that it's still not production ready.
I'll be looking more into this, as I have a lot of interest in having a wireless mesh prototype around the house, and probably many future customers will want that too
Right now, tropos is really "da'bomb"
But it's a very expensive product.
If it can be done with a couple of metal cans running *BSD or Linux, I'll be fine with that

-kwag
Reply With Quote
  #10  
09-10-2005, 01:37 PM
Prodater64 Prodater64 is offline
Free Member
 
Join Date: Mar 2003
Location: Palma de Mallorca - España
Posts: 2,925
Thanks: 0
Thanked 0 Times in 0 Posts
Please could you to explain me how to setup such type of security (any).
I installed a wireless lan to my brother, I can see another lans in the building, but I cant make his (my brother) PCs connect with each other when I set wep. I don't know if I need a key or something.
Im lost, sorry.
Step by step, please.
Reply With Quote
  #11  
09-10-2005, 02:06 PM
rds_correia rds_correia is offline
Free Member
 
Join Date: Apr 2003
Location: Chinese Democracy starts now!
Posts: 2,563
Thanks: 1
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by kwag
Or if you already have an old PC laying around, you can always download the m0n0wall PC image, and run it on that old PC
I personally love the Soekris board, but I have also made installations on regular PC, and it works great too.
Yep, you can always go for a PC with 3 Ethernet NICs.
That's what I'm running at the office with excellent results .
An old P3-500Mhz with 128MB RAM and a 2GB HDD, which was the smallest disk that I could find around, because that baby's image will need no more than what?, 16MB? .
Of course I could have burnt the image on a CD and use a floppy disk just for the configuration but I haven't been a floppy disk fan for many years .
But there are two things that everybody should bear in mind when deciding which hardware to use with m0n0wall or pfSense or whatever open source router out there. And those are the power consumption and the noise.
A Soekris box or a PCEngines box has no moving parts and has no fan.
Yes these will cost you some extra bucks but remember, no noise coming from these babies.
And these will use a regular 12-18Volts AC/DC adapter with very low power consumption.
I would say these are a must for home usage.
You wouldn't want to get up at 3h00am with your baby crying just because you left your m0n0wall PC running and it's fan went freakin' nuts doing a lot of noise, would you ?
But if you have a basement or somewhere where you can leave your hardware running and the power consumption is not a objection, then I guess an old PC will go fine as well.
Just my 2 c€nts.

Quote:
Originally Posted by kwag
Have you played with wireless mesh software -kwag
I'm sure I've heard that name "Mesh" already but I am not familiarised with it yet.
And reading the home page has not fully enlightened me.
Can you elaborate on what can be done with it, Karl?
Cheers
__________________
Rui
Reply With Quote
  #12  
09-10-2005, 02:14 PM
rds_correia rds_correia is offline
Free Member
 
Join Date: Apr 2003
Location: Chinese Democracy starts now!
Posts: 2,563
Thanks: 1
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by Prodater64
I installed a wireless lan to my brother, I can see another lans in the building, but I cant make his (my brother) PCs connect with each other when I set wep.
Hi Luis ,
I'm sorry but I'm affraid that I have no step-by-step instructions for WiFi.
But are you sure that your brothers' PCs are all set up with an IP address inside the same range?
That is, open a dos-box on each PC and run "ipconfig".
Make sure they all have an IP from the same network, i.e. 10.0.0.1, 10.0.0.2, 10.0.0.3, and so on...
And the netmask has to be the same on all of them.
If you see a 255.255.255.0 on one of them, the others have to be configured with the same numbers.
But that's pure IP networking and has nothing to do with WEP or WPA and you might already know these tips...
Anyway, do tell us which IPs and netmasks are running on all those PCs.
Cheers
__________________
Rui
Reply With Quote
  #13  
09-10-2005, 04:10 PM
Prodater64 Prodater64 is offline
Free Member
 
Join Date: Mar 2003
Location: Palma de Mallorca - España
Posts: 2,925
Thanks: 0
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by rds_correia
Quote:
Originally Posted by Prodater64
I installed a wireless lan to my brother, I can see another lans in the building, but I cant make his (my brother) PCs connect with each other when I set wep.
Hi Luis ,
I'm sorry but I'm affraid that I have no step-by-step instructions for WiFi.
But are you sure that your brothers' PCs are all set up with an IP address inside the same range?
That is, open a dos-box on each PC and run "ipconfig".
Make sure they all have an IP from the same network, i.e. 10.0.0.1, 10.0.0.2, 10.0.0.3, and so on...
And the netmask has to be the same on all of them.
If you see a 255.255.255.0 on one of them, the others have to be configured with the same numbers.
But that's pure IP networking and has nothing to do with WEP or WPA and you might already know these tips...
Anyway, do tell us which IPs and netmasks are running on all those PCs.
Cheers
Thanks.
I already connected the lan but without wep or wpa as with those I couldn't connect it.
As in the building are another wireless lans Im afraid that somebody can connect to my brother wireless lan.
So my problem is not to connect the lan, but to set wep or wpa.
Reply With Quote
  #14  
09-10-2005, 04:38 PM
kwag kwag is offline
Free Member
 
Join Date: Apr 2002
Location: Puerto Rico, USA
Posts: 13,537
Thanks: 0
Thanked 0 Times in 0 Posts
You can choose whatever WEP key you want.
After you set it on the AP, you set the same key on the client computers (notebooks, etc.), and only those will be able to connect to your AP.

-kwag
Reply With Quote
Reply




Similar Threads
Thread Thread Starter Forum Replies Last Post
Ultra VNC 1.0.2 : Security upgrade Dialhot Computers 4 08-18-2006 09:25 AM
Security glänzend Off-topic Lounge 0 01-15-2005 09:52 AM
Social Security glänzend Off-topic Lounge 0 09-10-2004 08:53 AM
Wireless Routers el_mero_zooter Computers 1 10-22-2003 05:42 PM
Tighter security from now on. kwag Off-topic Lounge 0 06-30-2003 02:15 PM

Thread Tools



 
All times are GMT -5. The time now is 05:32 PM  —  vBulletin © Jelsoft Enterprises Ltd