OT: unathorized network user.

Tim ignored_mailbox at yahoo.com.au
Thu Jan 24 07:28:00 UTC 2008


On Wed, 2008-01-23 at 21:23 -0500, Jacques B. wrote:
> Use WPA, 

Reasonably good.  We'll see how long that lasts, someone will probably
come up with an easy hack at some stage.

> MAC filtering (only allow connections from ...), 

Virtually useless except for preventing *accidental* connections.

> don't broadcast SSID

Utterly useless.  You still transmit, you appear as *something* on the
list of available connections, just not named.  Hackers can still get
in, quite easily.

> (and don't use a SSID that provides someone with an indication of who
>  owns the AP - more for privacy reasons),

Bad advice, as it stands.  Yes, probably don't call it "Tim's AP" if you
don't want neighbours to know which is really which, but do pick some
unique name that identifies them apart (e.g. something like "ap2370" is
generic and unique).  Though, on the other hand, if you have problems
with channel interference, as some do, then it can be handy to work out
an arrangement with your neighbours about using different channels.
That's easier to do if you know who's running what.

Accidental connections are less likely if you broadcast an SSID that
obviously isn't the access point that they' want.  e.g. If all the
neighbours SSID were "netgearap" they couldn't easily tell which ones
they should be using.  I've seen places where there's three virtually
identical access points on the list, and where it wasn't appropriate to
just use anything.

Google around for the myths of wireless security.

-- 
(This computer runs FC7, my others run FC4, FC5 & FC6, in case that's
 important to the thread.)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.




More information about the fedora-list mailing list