OT: unathorized network user.

Karl Larsen k5di at zianet.com
Thu Jan 24 20:30:48 UTC 2008 

Bazooka Joe wrote:
> All this talk of locking networks down is odd for an open source
> community.  (Business networks are different)
>
> I run dd-wrt running nocat auth w/ 5 wds nodes placed around the
> block. At any given time i have a half dozen people who I don't know
> doing I don't know what on my network.
>
> I don't block p2p, smtp .... anything.  I even have my printer on the
> network w/ instructions on how to print to it.
>
> Am I personally at risk? Yes. But I think it is a small price to pay
> to cultivate an open community where information isn't kept from
> others.
>
> -bazooka
>
> 2008/1/24 Mikkel L. Ellertson <mikkel at infinity-ltd.com>:
>   
>> Dave Ihnat wrote:
>>     
>>> Similarly, leaving SSID on doesn't stop the determined hacker with tools.
>>> But none of the common WiFi connection agents on laptops will show a
>>> non- broadcast SSID; you have to go out, get the tools, and work on it.
>>>       
>> Well, the connection management for XP that came with my Toshiba
>> laptop do show access points that do not broadcast their SSID. I
>> would have to check, but I think the connection management software
>> supplied by AT&T if you have their WiFi service will also do this.
>> (I have to connect to an AT&T access point to re-activate the software.)
>>
>>     
>>> Restricting MAC addresses can easily be overcome--but you have to have
>>> gotten the tools to do so.
>>>       
>> Getting around the blocking of a specific MAC address is easy with
>> the standard tools on both Linux and Windows. To discover the MAC
>> addresses in use does require a bit of work, but the software is so
>> easy to find. So that is about like closing your door - it keeps
>> people from wandering in, but not much else. So it may or may not be
>> worth the effort. If you have visitors that you want to give access,
>> it is a lot more complicated then just giving then a USB key with
>> the network configuration, or a pass phrase so that they can hook
>> up. You also have to copy their MAC address to the router.
>>
>> What I am trying to say is that things like this can be handy in
>> keeping honest people honest, but they may not be worth the trouble.
>> Things like disabling the SSID can cause you trouble without adding
>> any benefit. Changing the default SSID will stop accidental
>> connections, and allow auto-connection by authorized computers. But
>> you are not talking about something that will slow down someone
>> trying to crack your network. The danger is in someone thinking that
>> it will, and not taking real security precautions.
>>
>> It can also backfire on you, in that it can make you a more tempting
>> target for someone that is learning to crack wireless networks,
>> because it is more of a challenge then an open network, but is not
>> as intimidating as a WPA protected network. (Or I got this neat
>> script that is supposed to grab the SSID and MAC address of the
>> wireless connection. Here is one that is not broadcasting its SSID,
>> lets try it out.)
>>
>>     
>>> DHCP--eh, it's too convenient to get rid of.
>>> Logging--preferably with forwarding to an internal system--is useful.
>>> But after all of these, let the cracker find the WPA encryption behind
>>> all the lightweight stuff.  You've got to have someone who really wants
>>> into your network at that point.
>>>
>>>       
>> The trick is to secure your wireless network without making it too
>> inconvenient for you to use. After all, if you wanted it totally
>> secure, you would turn off the wireless part of the router
>> completely, or only turn it on when you need it. You can also take
>> some of the more complicated measures, like only allowing VPN
>> connections between computers on your network, or putting a firewall
>> between the wireless router and the rest of hte local network.
>>
>>
>> Mikkel
>> --
>>
>>    Do not meddle in the affairs of dragons,
>> for thou art crunchy and taste good with Ketchup!
>>
>>
>> --
>> fedora-list mailing list
>> fedora-list at redhat.com
>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>>
>>     
>
>   
    Open Source and protected by good passwords are a good thing. Yes we 
paid 0 dollars for our Linux but we put things in our Linux that we do 
not want to share with anyone. This is information on my bank holdings 
and Investments, for example.

    Good passwords are hard even for you to remember. I write mine down 
on the edge of my Monitor where I can find them, but no-one else can.

Karl


-- 

	Karl F. Larsen, AKA K5DI
	Linux User
	#450462   http://counter.li.org.
   PGP 4208 4D6E 595F 22B9 FF1C  ECB6 4A3C 2C54 FE23 53A7

More information about the fedora-list mailing list