Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login

Posted: 10/10/2007 12:55:09 PM EST
Link Posted: 10/10/2007 12:55:49 PM EST
[Last Edit: 10/10/2007 12:56:02 PM EST by California_Kid]
Post your IP address. I'll Telnet in and take care of it for you.
Link Posted: 10/10/2007 12:58:58 PM EST
Link Posted: 10/10/2007 12:59:59 PM EST
Link Posted: 10/10/2007 1:05:28 PM EST
Use WPA-PSK... pick a long and random passphrase. (12-16 digits, upper and lower case, numbers AND letters, and even a special character or two).

WPA is far more secure than WEP, but the passphrase exchange is sniffable, and vulnerable to dictionary-cracking tools, so do not (I say again, DO NOT) just use a random word out of the dictionary. Also avoid foreign-language words, or words particular to your profession (don't use a bunch of latin crap if you're a lawyer, for instance). Additional dictionaries exist for most password-crackers, and include foreign words, dictionaries aimed at certain professions, and "leet speak" plug-ins for p30p1e wh0 typ3 l1k3 th15). Number-letter substitutions are easily accounted for.

Make note of the SSID (name of your access point), and ensure that your SSID doesn't contain your name, house number or anything else identifiable.

Ensure that the wifi card in your laptop supports WPA-PSK (many older ones do not), and enter the passphrase EXACTLY as you entered it on your router.

Some APs have problems dealing with other manufacturer's wifi cards, so you're usually better off getting like-branded stuff. If this isn't possible, assign your laptop a static IP addresss, as DHCP/authentication problems are common with consumer-grade APs.

That's a start... post back here with your results.
Link Posted: 10/10/2007 1:09:44 PM EST
[Last Edit: 10/10/2007 1:11:31 PM EST by Beltfedleadhead]

Originally Posted By Sylvan:
I have tried for hours and have failed utterly.
I have run with no security fine for about 8 months, but then talk of music files and kiddie porn got me scared.
I am running a WR850G wireless router and I cannot get my laptop to get onto the network once I set up security. I put in the password and have tried the network key and nothing is working
My options are:
Pre Shared Key (PSK)
WPA
WPA-PSK.
Which do I choose and how to configure on Windows XP?
Thanks for the help


Don't want to get busted for your kiddie porn, eh?

I guess that's understandable...
Link Posted: 10/10/2007 1:09:57 PM EST
Just do the Mac address filter. If they don't have the correct Mac address, they can't log onto it, no matter how much you broadcast. It's what I do and it's easier and actually just as secure as any of the 128-bit encryption keys--and i don't have to remember anything.

pato
Link Posted: 10/10/2007 1:10:08 PM EST
[Last Edit: 10/10/2007 1:14:58 PM EST by ben72227]

Originally Posted By Sylvan:
I have tried for hours and have failed utterly.
I have run with no security fine for about 8 months, but then talk of music files and kiddie porn got me scared.
I am running a WR850G wireless router and I cannot get my laptop to get onto the network once I set up security. I put in the password and have tried the network key and nothing is working
My options are:
Pre Shared Key (PSK)
WPA
WPA-PSK.
Which do I choose and how to configure on Windows XP?
Thanks for the help


You'll want WPA-PSK. Regular WPA is for big enterprises who use a 802.1X authentication server for SUPER DUPER complexity

ETA: +1 on Mac Address filtering. If you only allow the computer's mac address, then they simply can't get in. Sure they could spoof a mac address, but it's a lot harder to guess those hexadecimal digits than it is to guess somebody's WiFi password.

ETA2: In ARFCOM fashion...just do BOTH Set up WPA-PSK protection and Mac Filtering.
Link Posted: 10/10/2007 1:12:08 PM EST
[Last Edit: 10/10/2007 1:16:44 PM EST by TheGrayMan]

Originally Posted By pato:
Just do the Mac address filter. If they don't have the correct Mac address, they can't log onto it, no matter how much you broadcast. It's what I do and it's easier and actually just as secure as any of the 128-bit encryption keys--and i don't have to remember anything.

pato


Better do more than that... MAC address spoofing is quite easy, particularly under linux.

********** Edit *************

Seriously... try giving yourself a static IP address in your router's IP block. You'd be amazed how often that solves the problem.

For instance, if you're running 192.168.0.x with a netmask of 255.255.255.0, then give yourself an IP address of 192.168.0.100 (just to pick one), with a similar netmask, and a gateway of 192.168.0.1

That's a common home network setup... see if it fixes your problem, and post back here.
Link Posted: 10/10/2007 1:14:46 PM EST
Link Posted: 10/10/2007 1:16:59 PM EST
I'd use TKIP... it's more common.
Link Posted: 10/10/2007 1:17:12 PM EST
[Last Edit: 10/10/2007 1:18:47 PM EST by ben72227]

Originally Posted By Sylvan:
For encryption status I have a choice of AES or TKIP.
Does it matter?


AES is better than TKIP; it is the government standard now IIRC. But really, it's not like you need that kind of advanced level cryptography...do you? Got some kiddie porn you need to hide or something
Link Posted: 10/10/2007 1:19:04 PM EST
Link Posted: 10/10/2007 1:25:52 PM EST
TKIP and AES are not exactly the same thing. Let me try to explain (and any crypto wizards can feel free to correct my non-NSA-trained knowledge of wifi cryptography).

TKIP is Temporal Key Integrity Protocol, and is a method whereby the AP and the clients manage their wireless keys. It fixes a lot of the vulnerabilities of WEP, and is most likely to be the supported WPA encryption mode for most older APs and wifi cards.

AES is Advanced Encryption Standard, and refers to a method (in fact, a particular cypher) for encrypting data, so they're not really the same thing. Most older APs and wifi cards do not have the required hardware support for AES, so TKIP is more common, and more likely to be used on older hardware.

Hope that clears up the mud a bit.
Link Posted: 10/10/2007 1:39:03 PM EST

Originally Posted By pato:
Just do the Mac address filter. If they don't have the correct Mac address, they can't log onto it, no matter how much you broadcast. It's what I do and it's easier and actually just as secure as any of the 128-bit encryption keys--and i don't have to remember anything.

pato


A winner!!!!
Link Posted: 10/10/2007 1:44:09 PM EST

Originally Posted By bdgenz:

Originally Posted By pato:
Just do the Mac address filter. If they don't have the correct Mac address, they can't log onto it, no matter how much you broadcast. It's what I do and it's easier and actually just as secure as any of the 128-bit encryption keys--and i don't have to remember anything.

pato


A winner!!!!


If win = easy to hack.
Link Posted: 10/10/2007 2:22:16 PM EST

Originally Posted By bdgenz:

Originally Posted By pato:
Just do the Mac address filter. If they don't have the correct Mac address, they can't log onto it, no matter how much you broadcast. It's what I do and it's easier and actually just as secure as any of the 128-bit encryption keys--and i don't have to remember anything.

pato


A winner!!!!


You're being facetious, right? A man who truly bears the mark of Tux the Penguin would know better than to rely on simple MAC address filtering as their sole means of wireless security.

Many of the active attacks on wifi, including various packet injection methods and deauth flooding rely on some form of MAC address spoofing. It's ridiculously easy to do, and simple MAC filtering, while useful, is not the best way to secure an AP.
Link Posted: 10/10/2007 2:42:43 PM EST
You folks fail to realize where the real threats hang out and the REASON for needing the security. Not to mention that $50 wireless device should NOT be your first line of defense.

Just cuz you (almost) can doesn't mean you SHOULD.

Wrong place, wrong time.

But go ahead and nail your 7 year old if you feel the need.
Link Posted: 10/10/2007 3:04:13 PM EST

Originally Posted By bdgenz:
You folks fail to realize where the real threats hang out and the REASON for needing the security. Not to mention that $50 wireless device should NOT be your first line of defense.

Just cuz you (almost) can doesn't mean you SHOULD.

Wrong place, wrong time.

But go ahead and nail your 7 year old if you feel the need.


Right... because 80% of all hacks are inside jobs, but that's probably not as applicable to the man's home (unless he has teenage kids, in which case wireless security is only one of several things he should be thinking about...).

I don't know if you were trying to fulfill the stereotype of the misanthropic, smart-aleck, superiority-through-obscurity computer geek, but you're pretty close with that post.

Why don't you add something applicable to the orignal poster's situation instead of what you just generated?
Link Posted: 10/10/2007 3:15:45 PM EST

Originally Posted By TheGrayMan:

Originally Posted By bdgenz:
You folks fail to realize where the real threats hang out and the REASON for needing the security. Not to mention that $50 wireless device should NOT be your first line of defense.

Just cuz you (almost) can doesn't mean you SHOULD.

Wrong place, wrong time.

But go ahead and nail your 7 year old if you feel the need.


Right... because 80% of all hacks are inside jobs, but that's probably not as applicable to the man's home (unless he has teenage kids, in which case wireless security is only one of several things he should be thinking about...).

I don't know if you were trying to fulfill the stereotype of the misanthropic, smart-aleck, superiority-through-obscurity computer geek, but you're pretty close with that post.

Why don't you add something applicable to the orignal poster's situation instead of what you just generated?


You hit the nail on the head in your first sentence and went down hill from there.

All I'm saying is KNOW your enemy before you just hop through some BS hoop designed for the tin-foil sheeple cuz some dip-wad says you need too and it must be important if there is a button.

Most probably the OP doesn't need what he is trying to accomplish.

Give it a little thought before you burn the day away on shit that's only half baked.

Or is that not technical enough?

Link Posted: 10/10/2007 4:03:06 PM EST
I don't disagree at all. If there is a threat, by all means do what you need.

Low hanging fruit from what? When was the last time you saw a dog attack a wheat field?

Technical enough, we understand each other.

If enabling encryption stops someone from capturing your uname and password to your bank by all means, if that's how you have to operate, fight with the MS box to make it happen. And how exactly did she get "caught" with the goods? Doubt it was from an unencryped channel being scanned by the feds.

At home, I don't even bother with shutting down my AP. My neighbors don't stand a chance of dropping anything on my network/nodes even if I wanted.

I build my own routers, don't use MS and don't need to worry much about patching anything as a result.

A guy was having problems with a little piece of technology and trying to shoe-horn it into a MS product, going nuts in the process. My point was, why do you think you need this? How else can you solve a problem that seems trivial enough yet is giving you more hassle than ot might be worth?

Please help anyway you can. MS, Linux, security, principles, whatever. We are all here to learn and different perspective can only help the thought process. The individual makes the final decision as to what is better for the situation.
Link Posted: 10/10/2007 4:08:43 PM EST

Originally Posted By pato:
Just do the Mac address filter. If they don't have the correct Mac address, they can't log onto it, no matter how much you broadcast. It's what I do and it's easier and actually just as secure as any of the 128-bit encryption keys--and i don't have to remember anything.

pato


That's what I would do. MAC filters aren't bulletproof, but are a better solution than most of the encryption methods.
Link Posted: 10/10/2007 4:19:30 PM EST
[Last Edit: 10/10/2007 4:22:20 PM EST by kc-coyote]
With WPA encryption, use a VERY long completely random passcode. Here is an excellent key generator:
https://www.grc.com/passwords.htm

Use it (63 character) along with MAC filtering and it should give you good protection from the casual hacker or someone looking for a free connection.

If you're worried about typing it in correctly on the router AND the laptop/wireless device, highlight the passcode and paste it on a MS word document. Then save it to a thumb drive. You can then copy and paste it, regardless of passcode length or complexity, easily on the other devices...

Also if you want to see what are the open ports, if your router responds to pings, and other possible secutiy holes in your system run the free Shields Up tests here:
https://www.grc.com/x/ne.dll?bh0bkyd2

Link Posted: 10/10/2007 5:35:16 PM EST

Originally Posted By Avenger069:

Originally Posted By Chairborne:

That's what I would do. MAC filters aren't bulletproof, but are a better solution than most of the encryption methods.


I am going to have to respectfully disagree here. I work in network security and it always takes longer to crack encryption (even WEP) than it does to capture a MAC address and and then shift my MAC to match.

As far as addressing the overall topic of this thread all you really want to do is stop the casual browser. I typically prefer to: 1) Always use encryption. Do WPA but if for some reason you can't then at least do WEP. 2) Disable broadcast of your SSID. This is never truly hidden though. 3) MAC filtering...if you want to deal with this. Also, please for the love of all that is holy, change your default password on your router.

Personally, even though I work with this stuff, I just do WEP and disable broadcast. I know you can crack it really fast...we do it all the time in our training classes. Everyone has their own opinion of what you should do but you really have to ask exactly what it is you want to accomplish. Some people get so anal about this shit it's silly. At least take a few precautionary steps and you will be ok. If you have a need to lock your stuff up like Knox then maybe you need to rethink using wireless at all.

ETA: This post is addressing home use. In the enterprise it's a different game.


For the home user a MAC filter will keep 99% of "casual" users from trying to access the network, of course any other security will also. It's amazing how many people have unsecured networks though (not ever a filter, just default everything). I know how to keep serious hackers out (RADIUS) but don't even bother at home, even though I have the hardware to support it.
Link Posted: 10/10/2007 5:41:51 PM EST

Originally Posted By Chairborne:
It's amazing how many people have unsecured networks though (not ever a filter, just default everything).


Really. I walk around my front yard with my laptop and it seems that every one's network is named "linksys". One dufus has his street address as his SSID. Another dufus has "67 Impala" as his SSID. (He's the only one in the area with a '67 Impala.)
Link Posted: 10/10/2007 5:41:57 PM EST
did you get it working ??



wpa2 personal aes is the easiest to setup and doesn't require much extra configuration(its super strong) .


but all your equipment has to be new and have the latest drivers. not to mention they have to be running xp sp2 with all the the windoz updates installed.


if you not able to get it to work using aNY type of wpa even regular wpa personal, you will need to update either the driver for your wireless card or even better the card itself.

using wep is old any probably the most pita to setup, unless you have a usb thumb drive and a text file
Link Posted: 10/10/2007 5:51:06 PM EST

Originally Posted By SWS:

Originally Posted By Chairborne:
It's amazing how many people have unsecured networks though (not ever a filter, just default everything).


Really. I walk around my front yard with my laptop and it seems that every one's network is named "linksys". One dufus has his street address as his SSID. Another dufus has "67 Impala" as his SSID. (He's the only one in the area with a '67 Impala.)


That's when this comes in handy: Default Passwords
Link Posted: 10/11/2007 3:32:59 AM EST

Originally Posted By SWS:

Originally Posted By Chairborne:
It's amazing how many people have unsecured networks though (not ever a filter, just default everything).


Really. I walk around my front yard with my laptop and it seems that every one's network is named "linksys". One dufus has his street address as his SSID. Another dufus has "67 Impala" as his SSID. (He's the only one in the area with a '67 Impala.)


This is why I applaud the OP for at least poking around in his AP's internals. He's not one of those who simply plugs it in and assumes he's GTG.
Link Posted: 10/11/2007 4:19:28 AM EST
Internet Connection > Smoothwall Firewall > Wireless Router/Switch Configured with WPA, MAC Filtering and Static IP's that aren't the standard 192.168.1.x
Link Posted: 10/11/2007 4:22:55 AM EST

Originally Posted By SWS:

Originally Posted By Chairborne:
It's amazing how many people have unsecured networks though (not ever a filter, just default everything).


Really. I walk around my front yard with my laptop and it seems that every one's network is named "linksys". One dufus has his street address as his SSID. Another dufus has "67 Impala" as his SSID. (He's the only one in the area with a '67 Impala.)


We had a guy in Vegas like that. His SSID was Impreziv. He was the one on the block with a hopped up Subaru Impreza. Wasn't real hard to figure his stuff out. I helped him out with securing his network and he helped me out with a check.

Link Posted: 10/11/2007 4:29:32 AM EST

Originally Posted By SWS:

Originally Posted By Chairborne:
It's amazing how many people have unsecured networks though (not ever a filter, just default everything).


Really. I walk around my front yard with my laptop and it seems that every one's network is named "linksys". One dufus has his street address as his SSID. Another dufus has "67 Impala" as his SSID. (He's the only one in the area with a '67 Impala.)


Right now, I am showing 19 available wireless networks on my laptop.

Only 1 is non-secure...
Link Posted: 10/11/2007 4:36:49 AM EST

Originally Posted By cruze5:
wpa2 personal aes is the easiest to setup and doesn't require much extra configuration(its super strong) .

but all your equipment has to be new and have the latest drivers. not to mention they have to be running xp sp2 with all the the windoz updates installed.


+1 for WPA2 personal and do not broadcast the network, make it private.

Top Top