User Panel
Posted: 10/10/2007 1:55:09 PM EDT
I have tried for hours and have failed utterly.
I have run with no security fine for about 8 months, but then talk of music files and kiddie porn got me scared. I am running a WR850G wireless router and I cannot get my laptop to get onto the network once I set up security. I put in the password and have tried the network key and nothing is working My options are: Pre Shared Key (PSK) WPA WPA-PSK. Which do I choose and how to configure on Windows XP? Thanks for the help |
|
Post your IP address. I'll Telnet in and take care of it for you.
|
|
when I try to repair on the laptop I get "The follwowing steps of the repair operation failed: Renewingthe IP Address
|
|
Use WPA-PSK... pick a long and random passphrase. (12-16 digits, upper and lower case, numbers AND letters, and even a special character or two).
WPA is far more secure than WEP, but the passphrase exchange is sniffable, and vulnerable to dictionary-cracking tools, so do not (I say again, DO NOT) just use a random word out of the dictionary. Also avoid foreign-language words, or words particular to your profession (don't use a bunch of latin crap if you're a lawyer, for instance). Additional dictionaries exist for most password-crackers, and include foreign words, dictionaries aimed at certain professions, and "leet speak" plug-ins for p30p1e wh0 typ3 l1k3 th15). Number-letter substitutions are easily accounted for. Make note of the SSID (name of your access point), and ensure that your SSID doesn't contain your name, house number or anything else identifiable. Ensure that the wifi card in your laptop supports WPA-PSK (many older ones do not), and enter the passphrase EXACTLY as you entered it on your router. Some APs have problems dealing with other manufacturer's wifi cards, so you're usually better off getting like-branded stuff. If this isn't possible, assign your laptop a static IP addresss, as DHCP/authentication problems are common with consumer-grade APs. That's a start... post back here with your results. |
|
Don't want to get busted for your kiddie porn, eh? I guess that's understandable... |
|
|
Just do the Mac address filter. If they don't have the correct Mac address, they can't log onto it, no matter how much you broadcast. It's what I do and it's easier and actually just as secure as any of the 128-bit encryption keys--and i don't have to remember anything.
pato |
|
You'll want WPA-PSK. Regular WPA is for big enterprises who use a 802.1X authentication server for SUPER DUPER complexity ETA: +1 on Mac Address filtering. If you only allow the computer's mac address, then they simply can't get in. Sure they could spoof a mac address, but it's a lot harder to guess those hexadecimal digits than it is to guess somebody's WiFi password. ETA2: In ARFCOM fashion...just do BOTH Set up WPA-PSK protection and Mac Filtering. |
|
|
Better do more than that... MAC address spoofing is quite easy, particularly under linux. ********** Edit ************* Seriously... try giving yourself a static IP address in your router's IP block. You'd be amazed how often that solves the problem. For instance, if you're running 192.168.0.x with a netmask of 255.255.255.0, then give yourself an IP address of 192.168.0.100 (just to pick one), with a similar netmask, and a gateway of 192.168.0.1 That's a common home network setup... see if it fixes your problem, and post back here. |
|
|
For encryption status I have a choice of AES or TKIP.
Does it matter? |
|
AES is better than TKIP; it is the government standard now IIRC. But really, it's not like you need that kind of advanced level cryptography...do you? Got some kiddie porn you need to hide or something |
|
|
TKIP and AES are not exactly the same thing. Let me try to explain (and any crypto wizards can feel free to correct my non-NSA-trained knowledge of wifi cryptography).
TKIP is Temporal Key Integrity Protocol, and is a method whereby the AP and the clients manage their wireless keys. It fixes a lot of the vulnerabilities of WEP, and is most likely to be the supported WPA encryption mode for most older APs and wifi cards. AES is Advanced Encryption Standard, and refers to a method (in fact, a particular cypher) for encrypting data, so they're not really the same thing. Most older APs and wifi cards do not have the required hardware support for AES, so TKIP is more common, and more likely to be used on older hardware. Hope that clears up the mud a bit. |
|
A winner!!!! |
|
|
If win = easy to hack. |
||
|
You're being facetious, right? A man who truly bears the mark of Tux the Penguin would know better than to rely on simple MAC address filtering as their sole means of wireless security. Many of the active attacks on wifi, including various packet injection methods and deauth flooding rely on some form of MAC address spoofing. It's ridiculously easy to do, and simple MAC filtering, while useful, is not the best way to secure an AP. |
||
|
You folks fail to realize where the real threats hang out and the REASON for needing the security. Not to mention that $50 wireless device should NOT be your first line of defense.
Just cuz you (almost) can doesn't mean you SHOULD. Wrong place, wrong time. But go ahead and nail your 7 year old if you feel the need. |
|
Right... because 80% of all hacks are inside jobs, but that's probably not as applicable to the man's home (unless he has teenage kids, in which case wireless security is only one of several things he should be thinking about...). I don't know if you were trying to fulfill the stereotype of the misanthropic, smart-aleck, superiority-through-obscurity computer geek, but you're pretty close with that post. Why don't you add something applicable to the orignal poster's situation instead of what you just generated? |
|
|
You hit the nail on the head in your first sentence and went down hill from there. All I'm saying is KNOW your enemy before you just hop through some BS hoop designed for the tin-foil sheeple cuz some dip-wad says you need too and it must be important if there is a button. Most probably the OP doesn't need what he is trying to accomplish. Give it a little thought before you burn the day away on shit that's only half baked. Or is that not technical enough? |
||
|
I don't disagree at all. If there is a threat, by all means do what you need.
Low hanging fruit from what? When was the last time you saw a dog attack a wheat field? Technical enough, we understand each other. If enabling encryption stops someone from capturing your uname and password to your bank by all means, if that's how you have to operate, fight with the MS box to make it happen. And how exactly did she get "caught" with the goods? Doubt it was from an unencryped channel being scanned by the feds. At home, I don't even bother with shutting down my AP. My neighbors don't stand a chance of dropping anything on my network/nodes even if I wanted. I build my own routers, don't use MS and don't need to worry much about patching anything as a result. A guy was having problems with a little piece of technology and trying to shoe-horn it into a MS product, going nuts in the process. My point was, why do you think you need this? How else can you solve a problem that seems trivial enough yet is giving you more hassle than ot might be worth? Please help anyway you can. MS, Linux, security, principles, whatever. We are all here to learn and different perspective can only help the thought process. The individual makes the final decision as to what is better for the situation. |
|
That's what I would do. MAC filters aren't bulletproof, but are a better solution than most of the encryption methods. |
|
|
With WPA encryption, use a VERY long completely random passcode. Here is an excellent key generator:
https://www.grc.com/passwords.htm Use it (63 character) along with MAC filtering and it should give you good protection from the casual hacker or someone looking for a free connection. If you're worried about typing it in correctly on the router AND the laptop/wireless device, highlight the passcode and paste it on a MS word document. Then save it to a thumb drive. You can then copy and paste it, regardless of passcode length or complexity, easily on the other devices... Also if you want to see what are the open ports, if your router responds to pings, and other possible secutiy holes in your system run the free Shields Up tests here: https://www.grc.com/x/ne.dll?bh0bkyd2 |
|
For the home user a MAC filter will keep 99% of "casual" users from trying to access the network, of course any other security will also. It's amazing how many people have unsecured networks though (not ever a filter, just default everything). I know how to keep serious hackers out (RADIUS) but don't even bother at home, even though I have the hardware to support it. |
||
|
Really. I walk around my front yard with my laptop and it seems that every one's network is named "linksys". One dufus has his street address as his SSID. Another dufus has "67 Impala" as his SSID. (He's the only one in the area with a '67 Impala.) |
|
|
did you get it working ??
wpa2 personal aes is the easiest to setup and doesn't require much extra configuration(its super strong) . but all your equipment has to be new and have the latest drivers. not to mention they have to be running xp sp2 with all the the windoz updates installed. if you not able to get it to work using aNY type of wpa even regular wpa personal, you will need to update either the driver for your wireless card or even better the card itself. using wep is old any probably the most pita to setup, unless you have a usb thumb drive and a text file |
|
That's when this comes in handy: Default Passwords |
||
|
This is why I applaud the OP for at least poking around in his AP's internals. He's not one of those who simply plugs it in and assumes he's GTG. |
||
|
Internet Connection > Smoothwall Firewall > Wireless Router/Switch Configured with WPA, MAC Filtering and Static IP's that aren't the standard 192.168.1.x
|
|
We had a guy in Vegas like that. His SSID was Impreziv. He was the one on the block with a hopped up Subaru Impreza. Wasn't real hard to figure his stuff out. I helped him out with securing his network and he helped me out with a check. |
||
|
Right now, I am showing 19 available wireless networks on my laptop. Only 1 is non-secure... |
||
|
+1 for WPA2 personal and do not broadcast the network, make it private. |
|
|
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.