News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

wlan security?

Started by daydreamer, June 12, 2005, 08:05:28 AM

Previous topic - Next topic

daydreamer

I got wireless connection at home and every friend tell me it opens up my computer for attacks and they should never use it
so I read up on security and hardware is capable of send/receive it encrypted 64/128/256bit and a builtin firewall etc
it also default using channel 6, so I switched to use another channel and put on encryption
so whats enough?, do I need 256bit or is it overkill, or is it enough with 64bit?
should I start vpn tunneling as well?(it supports vpn tunneling also)

I think it should be cool to surf while sitting on the lawn in front, when its sunny or a block away in the car



hutch--

Magnus,

Its probably fine in most instances if you use the firewall and encryption but I would not handle national secrets with that technology. If the higher level of encryption is fast enough I would use it as it makes the other end have to work harder if they ever bothered.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

Mark Jones

I agree. Having worked for a national ISP, I've heard a few horror stories about script kiddies driving around town with their laptops and wireless receivers in their car, looking for LANs to break into. (And in one case, actually succeeding - followed by a slew of legal ramifications from the FCC, among other things.) That victim had no idea that their router could be "hacked" and thus never enabled encryption...

Also I think recently someone said that a 128-bit cypher had been defeated - maybe in China. But still, it took a supercomputer and a very long time. 64-bit would be significantly shorter, do-able on an average PC but it will still take a long time. If someone's going to spend years of their life hacking into my router, and actually succeed, kudos to them ID10Ts. :bg
"To deny our impulses... foolish; to revel in them, chaos." MCJ 2003.08

Ghirai

You don't need a supercomputer to crack a WEP password, i managed to do it in ~20 minutes (64b).

You need kismet, wepcrack, a sniffer, and a ARP poisoning app to force the target to generate some traffic, so you don't have to wait too long.
The idea is that you need to sniff a couple hundred MBs of encrypted trafic, so you have enough initialization vectors. Then you just feed the dump file to wepcrack.

WEP just gives you a false feeling of security, trust me.
MASM32 Project/RadASM mirror - http://ghirai.com/hutch/mmi.html

carlos

Hi daydreamer

Allmost all the wireless routers I know of had a Firewall to protect you From the Net, but the main danger you have is conection from the wireless side, details vary, but all the routers had a seting that let conect only certain net adapters, the go/no go is based in the adapter MAC address, so on esence only designated PC could conect to the wireless lan.
Unless you plan to setup a comunity Hot Spot in your House area (not a sensible ting to do), activate this feature, giving the router the MAC of the machines you want to conect to the net.

Good luck

Carlos
This message was made with 100% recycled bytes; No bits where harmed in the making of this message

P1

Kind of like the front door lock.  You keep it locked until you expect company ( other users ).

Like the front door, it keeps the curious and casual people out.  It does not stop a professional.

Keep anything important in your house?  What's in your wallet?   :bg

Regards,  P1  :8)

daydreamer

thanks, so I should go 256bit, constantly changing keycode faster than you can hack it, if I want to keep it really safe
should I also shut it down, to minimum usage when not using internet also
no I cant find MAC adress thing

P1

daydreamer,

Don't let your nice dreams become horror films about being hacked.

If you are really concerned, setup an IDS with a spare computer and watch for activity.  If you get some then go for it.

Regards,  P1  :8)

Ghirai

Oh, forgot to say, you can also spoof your MAC address, so MAC filtering only would delay the attacker  :toothy

Anyway, unless someone knows you have something very important on your system, nobody would waste time cracking your WEP key/spoofing the MAC to get in, they will just move on tho the next AP...
MASM32 Project/RadASM mirror - http://ghirai.com/hutch/mmi.html

sluggy

Quote from: Mark Jones on June 12, 2005, 10:29:34 PM
I agree. Having worked for a national ISP, I've heard a few horror stories about script kiddies driving around town with their laptops and wireless receivers in their car, looking for LANs to break into. (And in one case, actually succeeding - followed by a slew of legal ramifications from the FCC, among other things.) That victim had no idea that their router could be "hacked" and thus never enabled encryption...

Also I think recently someone said that a 128-bit cypher had been defeated - maybe in China. But still, it took a supercomputer and a very long time. 64-bit would be significantly shorter, do-able on an average PC but it will still take a long time. If someone's going to spend years of their life hacking into my router, and actually succeed, kudos to them ID10Ts. :bg
It is hard to stop this sort of hacker because it can now be done from a reasonable distance provided you have the right equipment. In any case, you won't have too much to worry about if your router is locked down, because you can guarantee that you have 10 neighbours who haven't locked theirs down, and they will get "hacked" first  :lol

daydreamer

its good to be cautious, because I dont want anyone to spoof me in a eshop, after snapping up my codes


hutch--

There is another approach, live stream Kylie continuously across your wireless network and only pass data where you require it. Someone would soon get tired of listening.  :bg
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

daydreamer

Quote from: hutch-- on June 19, 2005, 01:11:10 AM
There is another approach, live stream Kylie continuously across your wireless network and only pass data where you require it. Someone would soon get tired of listening.  :bg
LOL should probably work, you mean Hutchence ex
first thought when I entered this forum, I was wondering if you was somewhat related to him

shadow

Use WPA not WEP and use 256bit AES encryption

sinsi

Sorry to resurrect an old topic, but does encryption slow down a wireless link much?
We've just got adsl2+, which comes with a wireless router with 4 ethernet ports.
The modem internet connect speed is 10684 kbps, I'm assuming this is about 10 megabits/sec max - about 1 megabyte/sec.

Downloading a file from microsoft through the wireless (802.11g, 54 megabits/sec) is around 60-70 kbytes/sec.
Downloading the same file from microsoft (after disabling the wireless and rebooting) through the cat5 (100 megabits/sec) is around 300-350 kbytes/sec.

Why is the wireless so much slower? It connects to my box at 54Mbps, the cat5 connects at 100Mbps, but the cable is 5x faster!
Light travels faster than sound, that's why some people seem bright until you hear them.