Comments on: Wi-Fi Security http://www.terminally-incoherent.com/blog/2007/11/22/wi-fi-security/ Utterly random, incoherent and disjointed rants and ramblings... Sat, 10 Jan 2009 03:36:32 +0000 http://wordpress.org/?v=2.0.5 by: Fr3d http://www.terminally-incoherent.com/blog/2007/11/22/wi-fi-security/#comment-7193 Sat, 01 Dec 2007 01:19:30 +0000 http://www.terminally-incoherent.com/blog/2007/11/22/wi-fi-security/#comment-7193 I've just finished doing a similar thing to what thither + upsidedownternet suggested: Only a few MAC addresses can access my internet/network, the rest are dumped onto a second subnet with a captive portal-style gateway. It worked quite well up until I added a "drop all packets that aren't on port 80" rule on my server and forgot to only tell it to do this on the new subnet :mrgreen: Luckily I have keyboard and monitor extension cables running to my server so I was able to remove that rule from IPtables and re-add the correct one :) I’ve just finished doing a similar thing to what thither + upsidedownternet suggested: Only a few MAC addresses can access my internet/network, the rest are dumped onto a second subnet with a captive portal-style gateway.

It worked quite well up until I added a “drop all packets that aren’t on port 80″ rule on my server and forgot to only tell it to do this on the new subnet mrgreen

Luckily I have keyboard and monitor extension cables running to my server so I was able to remove that rule from IPtables and re-add the correct one )

]]> by: Luke Maciak http://www.terminally-incoherent.com/blog/2007/11/22/wi-fi-security/#comment-7191 Sat, 01 Dec 2007 00:02:26 +0000 http://www.terminally-incoherent.com/blog/2007/11/22/wi-fi-security/#comment-7191 <strong>@thither</strong> - hehe! I recommend forcing all the fonts on the page to render as comic sans by injecting some HTML or CSS into the pages. ;) @thither - hehe!

I recommend forcing all the fonts on the page to render as comic sans by injecting some HTML or CSS into the pages. )

]]> by: Fr3d http://www.terminally-incoherent.com/blog/2007/11/22/wi-fi-security/#comment-7188 Fri, 30 Nov 2007 20:58:24 +0000 http://www.terminally-incoherent.com/blog/2007/11/22/wi-fi-security/#comment-7188 @thither: LOL :D I run a Linux box that does the DNS and DHCP stuff for my LAN, so I could probably do this if I configured my Access Point to be open... *bookmarks for future use* :mrgreen: @thither: LOL D

I run a Linux box that does the DNS and DHCP stuff for my LAN, so I could probably do this if I configured my Access Point to be open… *bookmarks for future use* mrgreen

]]> by: thither http://www.terminally-incoherent.com/blog/2007/11/22/wi-fi-security/#comment-7186 Fri, 30 Nov 2007 19:43:24 +0000 http://www.terminally-incoherent.com/blog/2007/11/22/wi-fi-security/#comment-7186 I've been meaning to start running <a href="http://www.ex-parrot.com/~pete/upside-down-ternet.html" rel="nofollow">upsidedownternet</a>, but I don't think my puny OpenWrt router has the CPU for it. If I can get it working, I may run it as an open node with essid "I enjoy reading your email". I’ve been meaning to start running upsidedownternet, but I don’t think my puny OpenWrt router has the CPU for it. If I can get it working, I may run it as an open node with essid “I enjoy reading your email”.

]]> by: Luke Maciak http://www.terminally-incoherent.com/blog/2007/11/22/wi-fi-security/#comment-7163 Wed, 28 Nov 2007 18:07:07 +0000 http://www.terminally-incoherent.com/blog/2007/11/22/wi-fi-security/#comment-7163 In that case, simple mac filtering would probably prevent nasty neighbors from "stealing the internet". In that case, simple mac filtering would probably prevent nasty neighbors from “stealing the internet”.

]]> by: ikaruga http://www.terminally-incoherent.com/blog/2007/11/22/wi-fi-security/#comment-7162 Wed, 28 Nov 2007 17:58:21 +0000 http://www.terminally-incoherent.com/blog/2007/11/22/wi-fi-security/#comment-7162 One possible explanation for the silliness is that he/she is running some old version of Linux where encryption doesn't work with their card. I remember a while back, WEP encryption didn't always work. DOH! One possible explanation for the silliness is that he/she is running some old version of Linux where encryption doesn’t work with their card. I remember a while back, WEP encryption didn’t always work. DOH!

]]> by: Luke Maciak http://www.terminally-incoherent.com/blog/2007/11/22/wi-fi-security/#comment-7145 Mon, 26 Nov 2007 22:01:40 +0000 http://www.terminally-incoherent.com/blog/2007/11/22/wi-fi-security/#comment-7145 Actually, that's a good approach, unfortunately not always applicable. For example, some home networks are mostly wireless. I have been in households where the whole LAN consists of 3-4 laptops, 2 wireless printers and nothing else. Actually, that’s a good approach, unfortunately not always applicable. For example, some home networks are mostly wireless. I have been in households where the whole LAN consists of 3-4 laptops, 2 wireless printers and nothing else.

]]> by: Craig Betts http://www.terminally-incoherent.com/blog/2007/11/22/wi-fi-security/#comment-7144 Mon, 26 Nov 2007 21:51:10 +0000 http://www.terminally-incoherent.com/blog/2007/11/22/wi-fi-security/#comment-7144 I treat my wireless as if it was a connection from the internet. Any computer on my wifi is NOT on my local network at home. Instead, they are behind my firewall (DMZ actually). I have an authentication mechanism in place to keep pests out. I treat my wireless as if it was a connection from the internet. Any computer on my wifi is NOT on my local network at home. Instead, they are behind my firewall (DMZ actually). I have an authentication mechanism in place to keep pests out.

]]> by: Luke Maciak http://www.terminally-incoherent.com/blog/2007/11/22/wi-fi-security/#comment-7142 Mon, 26 Nov 2007 21:19:53 +0000 http://www.terminally-incoherent.com/blog/2007/11/22/wi-fi-security/#comment-7142 Yup, I agree. Actually that's what I was trying to say but it didn't come out right. ;) On a side note, consider this: open wifi < MAC filtering < WEP < WPA < no wifi Wireless security goes from 0% on the left to 100% on the right. The time and effort it takes a random wardriver to break into your network goes from 0s on the left, to ∞s on the right. Common sense suggests you want to be as far right as you can. ;) Yup, I agree. Actually that’s what I was trying to say but it didn’t come out right. )

On a side note, consider this:

open wifi < MAC filtering < WEP < WPA < no wifi

Wireless security goes from 0% on the left to 100% on the right. The time and effort it takes a random wardriver to break into your network goes from 0s on the left, to ∞s on the right. Common sense suggests you want to be as far right as you can. )

]]> by: Miloš http://www.terminally-incoherent.com/blog/2007/11/22/wi-fi-security/#comment-7139 Mon, 26 Nov 2007 17:58:58 +0000 http://www.terminally-incoherent.com/blog/2007/11/22/wi-fi-security/#comment-7139 That's nice, but MAC address can be spoofed as well. Don't leave things up to chance.If you want to keep your stuff private, take the necessary steps to make it so. That’s nice, but MAC address can be spoofed as well. Don’t leave things up to chance.If you want to keep your stuff private, take the necessary steps to make it so.

]]>