Discussion in 'Article Discussion' started by CardJoe, 15 Oct 2010.
Is.. That really a surprise?
A wifi borrowing newbie like myself is quite capable of perusing networks in city centres.
WPA2 AES long non-dictionary password with Mac address filtering and all DHCP assigned IP have restricted local access (DHCP start at 100, all my machines use the ones under 10).
surely it's secure enough.
the way i see it, those people who don't make their network secure are probably people who don't relay on their network as infrastructure to share stuff. they are not very tech savvy. so a hacked network does not compromise as much as tech savvy people who relay on their network to provide data such as data from their NAS.
what wuyanxu said. Home wifi wouldnt be worth hacking in a lot of cases. Whos gonna drive into a random housing area and decide "this router looks like a good hack" considering my next door neighbour has his unlocked ^^ Chances of it are remote either way. NOTE: If I do get hacked I will promply eat my words and find a corner to lie in and cry myself to death unworthy of browsing these forums
Is setting up a list of allowed mac addresses safe? Does anybody know if the wifi network protected like that can be compromised?
I use WPA2 with Mac address filtering. So far, so good
I'm probably on that list
Can't say i store any delicate data.
If you need security in your home network or don't like the idea that Any one can drive by and have a peak then the only secure network is hardwired. Most people here can use a drill and "hot Glue" so it's really a moot point.
Even if you use the "best" private encryption available and have a 16 character or longer password you can use GPGPU brute force software to hack it in minutes! FACT.
I am curious to test my own network now, but what software would I need?
MAC address filtering will only slow someone down a little so much as the addresses can be sniffed out and then easily spoofed/cloned.
Err, not really comparable though are they since the population of London is more than 20 times greater than that of Cardiff. That obviously paints a far worse image of Cardiff but I strongly doubt the statistics are accurate . Only 4746 badly secured networks in London? I doubt that
Obscure your SSID, like thats going to help with readily available tools that show SSID's regardless of whether they are hidden or not and not to mention that Vista for one has problems connecting to networks with hidden SSID's and it would cause users a lot more headaches and make no difference to any hacker.
Using cables, WPA2 and MAC Address filtering all help, though MAC Addresses can still be spoofed, so aren't foolproof.
A long secure key will however make a world of difference, using number letters and symbols in a completely random pattern rather than just a standard pass phrase like the ones used over on the grc.com website https://www.grc.com/passwords.htm
MAC address filtering will help if the wireless device is "off the air" (as said on wiki)
if you only use your wifi for your smartphones, like me, you should be able to get away with a weaker encryption.
as said in this thread, connect by wire is still the best method. i do it with all my computers currently (although only living in a flat) and only use wifi for my iphone, so shouldn't be any problems. hopefully no one is interested in using GPGPU to Brut force hack me (if they are that despite, my NAS can be accessed online, with 3 password attempts allowed every month)
I run one of my wifi APs unencrypted and firewalled attached to one of my servers. Much handier for visitors who want Internet access, or even the neighbours if they're having trouble.
Frankly, I find it offensive to buy into the line the government (and others who would control you) peddles, namely, that all endpoints must be used only by explicitly authorized users so that they can reliably associate an IP address with a person. I think the Internet is like air: it is the transmission medium of information (speech), and people who would control access to it are fundamentally illiberal.
I'm not opposed to letting people use my internet, but I MUST know who they are before letting them do so. I don't really want a ton of strangers using up by bandwidth for free, and then also all of their actions point back to me (my IP addy). Therefore, I use encryption and BSSID (no MAC filtering since I do let people I know join when they are around).
Could someone point me in the direction of instructs for filtering MACs ? I have a BT Home Hub.
Thank you in advance.
Open it in a virtual machine, and off you go!
That, and any processor Core Duo (1)+ will bring WEP to it's knees in seconds. (Spoonwep for noobs)
even a recent laptop with a mobile cpu: i3, i5 will crack a reasonable WPA key given a few minutes.
and once we get to talking current desktops - O/c'd i7 with accompanying GPGPU, even the most secure WPA networks can be compromised fairly quickly.
WPA2, AES, with a long non-dictionary password is the only way to go.
Hidden SSID, MAC address filtering, are overcome in a mere few key presses and are useless. Don't think I'm talking about a 'determined hacker' either. The above software makes it childs' play.
Someone mentioned DHCP assigned IPs being given limited local access? - Potentially clever, but how do you separate your DHCP clients from your 'fixed' clients? - MAC address, which when spoofed will allow full access. One would simply just de-authenticate the 'real' 'fixed' client(s) and authenticate him or herself as the fixed client through MAC spoofing.
As someone said, wired is the only 'safe' option. Especially if you have a large number of, not necessarily clients, but opening authentications 'Handshakes' on WPA1 which is how they are hacked. Or if you stream a lot of data over your network in WEP. (susceptible to more or less, volume data analysis.)
wpa is good enough considering that most people dont know how to get on it anyway
and if you want to really block everybody add mac address filtering. simple
Gbit ethernet Cheesecake. WiFi is for people who want brain tumours.
yeah wpa2, aes, good password and don't broadcast your ssid
at least that will keep you off the radar when your wifi is not being used
Separate names with a comma.