Networks prevent people from using my wireless

Discussion in 'Hardware' started by fartonmyear, 16 Sep 2004.

  1. fartonmyear

    fartonmyear What's a Dremel?

    Joined:
    16 Jul 2004
    Posts:
    565
    Likes Received:
    0
    i just got a DI-624 wireless router. how do i prevent unwanted peopel from using the wireless router?
     
  2. hk

    hk Powered By Duracell

    Joined:
    4 Jul 2002
    Posts:
    1,667
    Likes Received:
    0
    1. :search: (google is your friend).

    2. Association control (add you client MAC addresses to its allow list).

    That will stop anyone other than the authorised clients connecting.

    3. WEP

    This only helps keep packets flying to and from the router over the air "private" by encrypting them. Its not brilliant but its better than sending stuff clear text.

    I really should sit down and write a comprehensive WiFi how-to :/
     
  3. jetsetjimbo

    jetsetjimbo Up-up and away

    Joined:
    19 Feb 2003
    Posts:
    2,935
    Likes Received:
    0
    Indeed you should ;) It's so popular now the questions are comming thick and fast. We really need a sticky.
     
  4. fartonmyear

    fartonmyear What's a Dremel?

    Joined:
    16 Jul 2004
    Posts:
    565
    Likes Received:
    0
    please do. i am so confused, WEP MAC etc. what are all these?
     
  5. coorz

    coorz Miffed

    Joined:
    25 Apr 2003
    Posts:
    1,382
    Likes Received:
    2
    What more fun than to setup a honeypot, just to see who's trying to (ab)use your WLAN :baby:
    Disabling SSID broadcast would be the simplest thing to do to stop the n00b peeps (neighbours) from accidentally stumbling upon your WLAN.
     
  6. riluve

    riluve What's a Dremel?

    Joined:
    29 Jun 2004
    Posts:
    875
    Likes Received:
    0
    Wait - that wasn't comprehensive?
     
  7. scoob8000

    scoob8000 Wheres my plasma cutter?

    Joined:
    17 Feb 2002
    Posts:
    1,947
    Likes Received:
    0
    In your router setup, first turn off SSID broadcast as coorz mentioned, and also change the SSID to something other than the default.

    Then when you setup a PC, you will re-enter that same SSID you made up. Now your AP won't show up to war-drivers unless they know the SSID.

    Also, if your hardware supports WPA then forget about WEP, configure WPA-PSK (pre-shared key). You'll need to make up a passcode for it.

    To use WPA though, either your wireless cards software needs to support it, or you need XP and windows update for WPA.

    WPA is much more secure than WEP. Some routers can do both at the same time, but remember if you have one device that only does WEP, that machine is the weakest link in your network.

    -scoob8000
     
  8. mushky

    mushky gimme snails

    Joined:
    24 Mar 2003
    Posts:
    5,755
    Likes Received:
    3
    Can we get this stickied? Really good stuff here..
     
  9. scoob8000

    scoob8000 Wheres my plasma cutter?

    Joined:
    17 Feb 2002
    Posts:
    1,947
    Likes Received:
    0
    I considered making a how-to guide, but theres just so much info out there already.. But everything I know I gathered from forums here and a few others..

    -scoob8000
     
  10. fartonmyear

    fartonmyear What's a Dremel?

    Joined:
    16 Jul 2004
    Posts:
    565
    Likes Received:
    0
    all right. i set up the WPA PSK thing. thanks.
     
  11. Firehed

    Firehed Why not? I own a domain to match.

    Joined:
    15 Feb 2004
    Posts:
    12,574
    Likes Received:
    16
    Lessee..
    MAC filtering
    disable SSID broadcast (make sure you know the router info first!)
    strong WEP key

    Realistically, any of the three prevents anyone from joining who doesn't wanna spend a while getting in or doesn't know how to get around it. I personally just have WEP but there are only 11 houses on my street and of the three with wireless connections I can see, one isn't even WEP'ed, so I don't really worry about it.
     
  12. hk

    hk Powered By Duracell

    Joined:
    4 Jul 2002
    Posts:
    1,667
    Likes Received:
    0
    Disabling the SSID will *NOT* under *NO CIRCUMSTANCE* prevent a war driver (by war driver I mean someone more evolved than a netstumbler whore) finding your AP. Most "proper" war drivers will be running Kismet with AirSnort at a very minimum. If I were to stumble onto an AP that did have its SSID broadcast turned off, it would make me curious... and raggage would occur, but thats just me.

    It will stop people associating by accident, and most windows monkeys from going "ou access point".

    As for WPA... I almost pissed myself laughing at that :) It is slightly more secure than WEP, but the advantages in security cost in packet overhead and AP load, as such its a whole lot easier to confuse the crap out of an AP running WPA, not to mention one running WPA and WEP. WEP nor WPA should be seen as a way to prevent people from using your access point.

    WEP and WPA are frame encryption methods, all they do is prevent someone running AirSnort or something similar from seeing the packets you are transmitting in clear text, they are encrypted. However you can break WEP by collecting around a million packets and running it through something like <CENSORED> and it wil spit out the key. On a busy network a million packets can be collected in the space of a few hours.

    EDIT: On a side note, pumping a VPN down stunnel is about the best way to encrypt your transmission through free space. Someone would have to be bloody desperate to get at your network to consider taking that on.

    Anyway.

    The best way to prevent other people using your access point is association control.

    Every network device has a unique identifier, called a MAC address, looks something like 00-00-00-00-00. Is you tell your AP to only let your mac addresses connect to it, thats the best way to garuntee your security.

    However nothing will keep you safe if people are determined and skilled enough, but thats the same as being on the internet. MAC spoofing is possible, if you dont believe me, come down to Reading, sign an NDA, and I'll show you ;) :p

    Nuff said.
     
  13. scoob8000

    scoob8000 Wheres my plasma cutter?

    Joined:
    17 Feb 2002
    Posts:
    1,947
    Likes Received:
    0
    Someone determined and skilled enough could circumvent all the measures in this thread.

    But every little (and maybe minute to the pros) security measure added helps somewhat.

    And somewhat is better than an completely wide open and un-secure network.

    Just my .02
    (please don't send me 2 cents via paypal. :p )

    -scoob8000
     
  14. coorz

    coorz Miffed

    Joined:
    25 Apr 2003
    Posts:
    1,382
    Likes Received:
    2
    What's even worse than a wide open network is a false sense of security. Still you have to do all you can to secure your (W)LAN, and pray nothing bad happens.
    And no you won't get .02 cent by PayPal, their fee would leave you with even less :miffed:
     
  15. fartonmyear

    fartonmyear What's a Dremel?

    Joined:
    16 Jul 2004
    Posts:
    565
    Likes Received:
    0
    does anyone have the DI-624 router? i can't seem to find the place to enter MAC addresses.
     
  16. star882

    star882 What's a Dremel?

    Joined:
    19 Mar 2003
    Posts:
    925
    Likes Received:
    1
    Being a system administrator, I can tell you that most "outside" connections to WLANs are just WLAN equipment stumbling upon it and connecting (my Dell Axim X30 would connect to my neighbor's network right out of the box, until I configured it to connect to only my network).
    WEP is enough to prevent accidental connections, and it's pretty good for actual security. But if you have WPA, by all means use it.
     
  17. scoob8000

    scoob8000 Wheres my plasma cutter?

    Joined:
    17 Feb 2002
    Posts:
    1,947
    Likes Received:
    0
    Not familier with that unit, but not all soho wireless AP's support MAC association..

    -scoob8000
     
  18. pgp_protector

    pgp_protector What's a Dremel?

    Joined:
    17 Sep 2004
    Posts:
    35
    Likes Received:
    0
    One other bit of advise.

    Most Wireless routers have an admin feature for controling them, and come with a default password.


    Change the password


    My $0.02
     
Tags:

Share This Page