Reply to: wifi hijacker

It's because security is not considered until the product is finished. That's the way it is currently and that's what keeps us in work. I can't see that changing in the foreseeable future.

ker'ching...

Similar to BT FON etc...

You'd have to set it up so there was only one IP address available on the subnet, permanently assigned to the radio. It's not perfect but anyone trying to connect to the WEP would either be unable to get an IP address at all or, if they tried to use the radio's address, would get continual conflicts interrupting what ever they were tyring to do.

Cabling the network would be no different to running a second vlan, the wireless lan for the radio would still be your weakpoint and allow access to your internet service.

That makes sense. Don't know if I could do it but the idea makes sense.

Wait: what good would that do? I guess it would secure my PCs, but not my broadband connection?

Anyway radio now seems to support WPA1. I still note that otherwise I could do the whole network only cabled, apart from that. Hmm.

Depending on your router you *may* be able to set up a second SSID on a seperate vlan to run WEP and allow the radio access. You'd have to ensure that the WEP vlan was secured to prevent access to the WPA vlan but otherwise it shuold work, if your router supports it.

Thanks. I do most of those. Fixed IP only for the printer so far (else router reboot ==> new IP, PCs can't find it any more), will do it for all. Haven't thought to disable ping.

BTW the Wifi radio, only device in the house that can't (or couldn't) use WPA, is also the only device that can't be wired. Maybe I should buy a new Wifi radio and wire the house. Or how about putting the wireless transmitter next to the radio and removing the aerial to restrict range? (I guess that's a really dumb idea?).


I sometimes wonder if it ever seems strange to anyone to regard this stuff as ready to sell to all and sundry, when even technically-aware people can have a bit of a discussion about how to keep it safe, or even whather it can be made safe.

Wep is useless. If you're surfing the net at the time, someone can crack it in about 2 minutes using an arp replay attack. If you're not on the net, then it'll take them about 2 to 3 hours to generate enough IV's to crack your key.

Mac filtering is pointless, all the attacker will do is scan your network until someone fires up an authorised computer and spoof that Mac.

The only failsafe method apart from Cat 6 is WPA. Make sure you use a password that is not in the dictionary and contains all three character sets, i.e. letters, numbers and special characters. WPA can be cracked by brute force by running a captured packet through a checker. Something like
fr6%%asvjtyi^&*frrwsk09)+ isn't going be in that list.

A note to those using Sky/BT/Orange/BeBox with WPA, always change the default key. These are generated using a unique identifier to your router and all it takes is someone to crack the algorithm and publish it for your WPA to effectively be rendered useless.

Linky

And then it becomes open season on your router. Here's an example of a site that allows you to resolve a Sky default WPA key from the router mac address.

• Use WPA,
• Turn off SSID broadcast,
• Turn of ICMP Ping response,
• Use fixed IP addressges not DHCP,
• Use MAC filtering.

No one of those will solve the problem on their own but do them all and you will be tough enough to crack to discourage your average wardriver, especially if he can see an easier target nearby.

You can't get 100% secure but you can be secure enough that the cost benefit ratio is in your favour.

Yeah, I seem to recall it might have been added in a firmware update?

A multi-purpose personal computer that can access internet radio sites, while strictly speaking able to perform the required technical function, is not within the remit of the user's requirements.

Get a Mac.

Scooterscot

unless you haven't got unlimited broadband and they exceed your download limit and cost you money

There's those that argue why bother? Evidential weight is on your side if anything nefarious happens over your broadband connection and you have an open wifi net at the end of it.

I would personally ensure all your endpoints are secure instead of worrying about someone jumping on your internet connection. But hey - that's just me!!

I'm sure you're right, and that's the ironic bit. So what should I do to keep my broadband mine?

Why not put bananas in the exhaust pipe? That would have prevented the getaway upon calling the law

Come on people...