[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OT: unathorized network user.



All this talk of locking networks down is odd for an open source
community.  (Business networks are different)

I run dd-wrt running nocat auth w/ 5 wds nodes placed around the
block. At any given time i have a half dozen people who I don't know
doing I don't know what on my network.

I don't block p2p, smtp .... anything.  I even have my printer on the
network w/ instructions on how to print to it.

Am I personally at risk? Yes. But I think it is a small price to pay
to cultivate an open community where information isn't kept from
others.

-bazooka

2008/1/24 Mikkel L. Ellertson <mikkel infinity-ltd com>:
> Dave Ihnat wrote:
> >
> > Similarly, leaving SSID on doesn't stop the determined hacker with tools.
> > But none of the common WiFi connection agents on laptops will show a
> > non- broadcast SSID; you have to go out, get the tools, and work on it.
> Well, the connection management for XP that came with my Toshiba
> laptop do show access points that do not broadcast their SSID. I
> would have to check, but I think the connection management software
> supplied by AT&T if you have their WiFi service will also do this.
> (I have to connect to an AT&T access point to re-activate the software.)
>
> > Restricting MAC addresses can easily be overcome--but you have to have
> > gotten the tools to do so.
> Getting around the blocking of a specific MAC address is easy with
> the standard tools on both Linux and Windows. To discover the MAC
> addresses in use does require a bit of work, but the software is so
> easy to find. So that is about like closing your door - it keeps
> people from wandering in, but not much else. So it may or may not be
> worth the effort. If you have visitors that you want to give access,
> it is a lot more complicated then just giving then a USB key with
> the network configuration, or a pass phrase so that they can hook
> up. You also have to copy their MAC address to the router.
>
> What I am trying to say is that things like this can be handy in
> keeping honest people honest, but they may not be worth the trouble.
> Things like disabling the SSID can cause you trouble without adding
> any benefit. Changing the default SSID will stop accidental
> connections, and allow auto-connection by authorized computers. But
> you are not talking about something that will slow down someone
> trying to crack your network. The danger is in someone thinking that
> it will, and not taking real security precautions.
>
> It can also backfire on you, in that it can make you a more tempting
> target for someone that is learning to crack wireless networks,
> because it is more of a challenge then an open network, but is not
> as intimidating as a WPA protected network. (Or I got this neat
> script that is supposed to grab the SSID and MAC address of the
> wireless connection. Here is one that is not broadcasting its SSID,
> lets try it out.)
>
> > DHCP--eh, it's too convenient to get rid of.
> > Logging--preferably with forwarding to an internal system--is useful.
> > But after all of these, let the cracker find the WPA encryption behind
> > all the lightweight stuff.  You've got to have someone who really wants
> > into your network at that point.
> >
> The trick is to secure your wireless network without making it too
> inconvenient for you to use. After all, if you wanted it totally
> secure, you would turn off the wireless part of the router
> completely, or only turn it on when you need it. You can also take
> some of the more complicated measures, like only allowing VPN
> connections between computers on your network, or putting a firewall
> between the wireless router and the rest of hte local network.
>
>
> Mikkel
> --
>
>    Do not meddle in the affairs of dragons,
> for thou art crunchy and taste good with Ketchup!
>
>
> --
> fedora-list mailing list
> fedora-list redhat com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]