Re: No WEP key works?
From: Max Bolingbroke (batterseapower_at_hotmail.com)
Date: 09/13/04
- Next message: Ron Lowe: "Re: Finidng the IP Address of MY Networked Printer"
- Previous message: Larry Moskowitz: "Re: Belkin Router"
- In reply to: Brett: "Re: No WEP key works?"
- Next in thread: Brett: "Re: No WEP key works?"
- Reply: Brett: "Re: No WEP key works?"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 13 Sep 2004 18:38:12 +0100
Brett wrote:
>>A MAC filter isn't very secure, but its better than nothing. You setup
>>your router/access point with a list of MAC addresses that it will allow
>>to connect to it. Any other computers will have MAC addresses that are not
>>on the list, and so will not be able to connect. One problem is that the
>>actual data is sent unencrypted, so people can still eavesdrop on your
>>data, though not send any of their own. A more annoying problem is that
>>they can just change their MAC address and suddenly be able to connect..
>>
>>Your setup sounds good! Two layers of protection is excellent, but a
>>problem could occur when wireless clients connect, if they manage to break
>>the relatively insecure MAC filtered or horrendously insecure open
>>environment. They will be able to bypass the router firewall, at least,
>>which could have some nasty consequences. I would give you a 6 with your
>>wireless networking open, or a 9 if you can get WEP working (WEP has known
>>vunerabilities still, however :))
>>
>>To stop responding to pings, check your router configuration. Assuming you
>>are running a NAT network, it is probably the router responding to pings -
>>there might be an option to turn that off. If you are running a non-NAT
>>network, zonealarm may have a setting to stop pings, or you could use the
>>Windows Firewall as well/instead and set it up not to respond to ICMP echo
>>packets (pings).
>>
>>The IP limitation thing you talk about might deter the casual comprimiser,
>>but as soon as one of those machines is switched off, the IP is open for
>>use without any detrimental effects. Even with another PC using the IP,
>>someone could still technically use the in-use IP and get all the reply
>>packets (unlike normal IP spoofing), since they are on the same network
>>segment and the packets will be broadcast to both PCs with the IP.
>>
>>The upshot of all of this is that its a really good idea to get WEP, or,
>>even better, WPA working. Are you running a network of wifi equipment from
>>different manufacturers? Thats the only situation where I've seen this WEP
>>problem..
>>
>>Max Bolingbroke
>
>
> Max, Thanks. I now have WPA-TKIP working. I'm using the Passphrase (8-63
> chars) rather than Hex (64 bits). Which of those is better.
>
> Since I'm now using WPA, will the MAC addresses be encrypted for MAC
> filtering? Meaning, being able to use MAC filtering without the problems
> you mentioned earlier.
>
> Also, my network now shows up with a lock in avialable networks. Clients
> are allowed to use WPA only. Also, I've checked "discard ping to WAN".
> Running ShieldsUp, my network passes the ICMP ping test. However, it is
> sending information to the source and thereby exposing its existence. I'm
> not sure yet how to turn that off. Here is what I have checked:
>
> Intrusion Detection Feature
> SPI and Anti-DoS firewall protection : X
> RIP defect : X
> Discard Ping To WAN : X
>
> Stateful Packet Inspection
> Packet Fragmentation X
> TCP Connection X
> UDP Session X
> FTP Service X
> H.323 Service X
> TFTP Service X
>
> Do any of the above seem as though they would send information to the
> source? The router is trying to gather info on the source in case I'd like
> that emailed to me. I haven't filled in my email info but I guess it
> gathers either way.
>
> Thanks,
> Brett
Hi,
It's great to hear of your WPA success! Personally I would favour a
totally random hex key, as using a passphrase leaves you open to
dictionary-based attacks (providing the algorithm used to generate the
key from the phrase is known). This is reaching the outer degrees of
probability though, so I'd say you were OK.
If you decide to use MAC filtering as well, data will still be encrypted
by WPA and so you will not have any issues there. However, it is still
bypassable by changing your MAC address to one you have decided to
trust, however IIRC MAC addresses are hidden from packet sniffers with
WPA enabled (not 100% sure here).
I'm not sure I can be of more help with your router problems unless I
know what brand/model it is. Could you furnish me with that info and
also confirm that you are failing the "Unsolicited Packets" packets
test? Or is it the "Solicited TCP Packets" test? BTW, none of the
settings there look like they should be a problem.
Max Bolingbroke
- Next message: Ron Lowe: "Re: Finidng the IP Address of MY Networked Printer"
- Previous message: Larry Moskowitz: "Re: Belkin Router"
- In reply to: Brett: "Re: No WEP key works?"
- Next in thread: Brett: "Re: No WEP key works?"
- Reply: Brett: "Re: No WEP key works?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
