Wireless Security: WEP, MAC, HoneyPot?
@Anyone,
Just upgraded to DSL with wireless router and security came to mind. :) After reading throught many articles about WEP's and MAC's or HoneyPot (not sure it's avaliable form Windows)? Is there a pratical security setup that will keep most hackers away, like wardrivers, warwalkers, etc. :roll: HoneyPot sounds interesting (i.e. 53,000 fake SSID) and would discourage all but the most experienced hackers or possibly attract them. Does anyone have a pratical solution :?: -BP |
Hi BP,
You should be fine with a 128 bit WEP key :) The only way for someone to break your key, would be to use a program with "brute force", after he has captured a lot of packets from you. You could also configure your AP to use a MAC address only, and this way you can keep your AP without any WEP key, as only the MAC addresses you permit will be allowed access :cool: -kwag |
Quote:
But one thing's for sure, none of these securities can save you if you're being attacked by a 1st class hacker. They say that the real 100% protection mechanism is yet to be found... At least that's what I've read all over the Internet some time ago when I was planning on going wireless at home. Cheers |
@Kwag and Rui, Thanks :)
-BP |
Quote:
As a matter of fact, the best and most secure practice is to leave the AP completely open and use a captive portal software, where users get a secure logon page, and after validating with their user/password, then they can proceed. There is free software for this, like "NoCat", but this requiress you to install a U*nix machine as a firewall, together with NoCat. With this, you're totally secure ;) -kwag |
Quote:
But for those weekend hackers out there WPA should be way better than WEP. At least that's what I've been told by geeks on the m0n0wall mailing lists :lol:. Quote:
@BP Try to find a cheap 2nd hand Soekris 4501 on eBay or something. That should come with 3 LAN ports. One for the Cable/DSL modem/router, another one for the HUB or Swith of the wired home LAN and a last one for the AP of the wireless home (but not only :)) LAN. Then buy yourself a 64MB CF card, write the m0n0wall image on it and configure the 3rd LAN in Captive Portal mode. Just create a couple of users for the laptops/PDAs and you're ready to go. But don't expect to find a Soekris 4501 with a case and a power supply for less than US $100.00 :?. And remember, you will most surely need one with 3 LAN ports unless you're ready to give up on wired connections ;-). Cheers |
Quote:
I personally love the Soekris board, but I have also made installations on regular PC, and it works great too. @Rui, Have you played with wireless mesh software :?: This is my weekend project (I started last night) :mrgreen: I'm toying around with LocustWorld ( http://www.locustworld.com ) to create a mesh of two points in my house :cool: I'll let you know if I succeed, or fail :lol: (I wish there was something like that for *BSD, but I can't find it :roll: We have these at work http://www.tropos.com , but that's just out of my (pocket) reach :mrgreen: ) -kwag |
@Kwag,
Kwag wrote: Quote:
Tropos MetroMesh was in use :) I sure wish it becomes available to residents to create free WiFi communications :wink: This is very interesting :idea: I'll be watching your progress even though some of what you are doing is technically above me. I hope to get some practical uses from you experience. :wink: -BP |
I'll keep you posted BP :D
I've successfully set up wireless mesh today in my home, and registered at wiana.org. Everything is web based, and when I change something at their site, and I reboot my machine, it picks up the new configuration :cool: One thing I don't like, is that it depends on their site for configuration. I'm really looking for a way to make this work without depending on external sources. I believe FreeBSD 6.x has now some mesh code in there, but the developers said that it's still not production ready. I'll be looking more into this, as I have a lot of interest in having a wireless mesh prototype around the house, and probably many future customers will want that too :cool: Right now, tropos is really "da'bomb" :lol: But it's a very expensive product. If it can be done with a couple of metal cans running *BSD or Linux, I'll be fine with that :lol: -kwag |
Please could you to explain me how to setup such type of security (any).
I installed a wireless lan to my brother, I can see another lans in the building, but I cant make his (my brother) PCs connect with each other when I set wep. I don't know if I need a key or something. Im lost, sorry. Step by step, please. |
Quote:
That's what I'm running at the office with excellent results :D. An old P3-500Mhz with 128MB RAM and a 2GB HDD, which was the smallest disk that I could find around, because that baby's image will need no more than what?, 16MB? :lol:. Of course I could have burnt the image on a CD and use a floppy disk just for the configuration but I haven't been a floppy disk fan for many years ;-). But there are two things that everybody should bear in mind when deciding which hardware to use with m0n0wall or pfSense or whatever open source router out there. And those are the power consumption and the noise. A Soekris box or a PCEngines box has no moving parts and has no fan. Yes these will cost you some extra bucks but remember, no noise coming from these babies. And these will use a regular 12-18Volts AC/DC adapter with very low power consumption. I would say these are a must for home usage. You wouldn't want to get up at 3h00am with your baby crying just because you left your m0n0wall PC running and it's fan went freakin' nuts doing a lot of noise, would you ;-)? But if you have a basement or somewhere where you can leave your hardware running and the power consumption is not a objection, then I guess an old PC will go fine as well. Just my 2 c€nts. Quote:
And reading the home page has not fully enlightened me. Can you elaborate on what can be done with it, Karl? Cheers |
Quote:
I'm sorry but I'm affraid that I have no step-by-step instructions for WiFi. But are you sure that your brothers' PCs are all set up with an IP address inside the same range? That is, open a dos-box on each PC and run "ipconfig". Make sure they all have an IP from the same network, i.e. 10.0.0.1, 10.0.0.2, 10.0.0.3, and so on... And the netmask has to be the same on all of them. If you see a 255.255.255.0 on one of them, the others have to be configured with the same numbers. But that's pure IP networking and has nothing to do with WEP or WPA and you might already know these tips... Anyway, do tell us which IPs and netmasks are running on all those PCs. Cheers |
Quote:
I already connected the lan but without wep or wpa as with those I couldn't connect it. As in the building are another wireless lans Im afraid that somebody can connect to my brother wireless lan. So my problem is not to connect the lan, but to set wep or wpa. |
You can choose whatever WEP key you want.
After you set it on the AP, you set the same key on the client computers (notebooks, etc.), and only those will be able to connect to your AP. -kwag |
Site design, images and content © 2002-2024 The Digital FAQ, www.digitalFAQ.com
Forum Software by vBulletin · Copyright © 2024 Jelsoft Enterprises Ltd.