Wireless router security question

2007-07-10 18:21:21

#1

pasngr: Member; +50|6646

Just got a new Linksys router model WRT54GS and I think I've done a pretty good job of locking it down, but I was wondering if anyone had some other tips. What I've done:

Changed the default admin password
Set max # of concurrent DHCP sessions to 2 ( for my PC and laptop)
Enabled MAC filtering to only allow my PC and laptop
Disabled SSID broadcasting
Enabled WEP

I know WEP is pretty weak, but I will look into changing that soon. Any other ideas?

2007-07-10 20:08:27

#2

Scorpion0x17: can detect anyone's visible post count...; +691|6767|Cambridge (UK)

Other than using WPA instead of WEP, that's pretty much all you can do.

2007-07-10 20:27:28

#3

Brasso: member; +1,549|6631

Scorpion0x17 wrote:
Other than using WPA instead of WEP, that's pretty much all you can do.

Yeah. WPA is better, but less logical. For instance, the Nintendo DS can't connect to WPA routers, but can connect to WEP routers. Same with the Wii. And I'm sure with many other products as well.

I think you should just keep WEP.

Last edited by haffeysucks (2007-07-10 20:27:39)

"people in ny have a general idea of how to drive. one of the pedals goes forward the other one prevents you from dying"

2007-07-10 20:30:13

#4

Dauntless: Admin; +2,249|6743|London

pasngr wrote:
Enabled MAC filtering to only allow my PC and laptop

If you did that, nothing else is needed right?

2007-07-10 20:53:46

#5

Scorpion0x17: can detect anyone's visible post count...; +691|6767|Cambridge (UK)

haffeysucks wrote:
Scorpion0x17 wrote:
Other than using WPA instead of WEP, that's pretty much all you can do.
Yeah. WPA is better, but less logical. For instance, the Nintendo DS can't connect to WPA routers, but can connect to WEP routers. Same with the Wii. And I'm sure with many other products as well.

I think you should just keep WEP.

True, but looking at the other things he's done, I don't think he's worried about that.

2007-07-11 04:17:51

#6

jaymz9350: Member; +54|6578

the only other thing i do to add to yours (other than using wpa as already stated) is to change the ip of the router from the default 192.168.1.1

ever router come with this as the default(at least every one i've seen) this will make it harder to find your router should someone gain access to the wirless signal somehow.

2007-07-11 04:21:31

#7

jsnipy: ...; +3,276|6523|...

Dauntless wrote:
pasngr wrote:
Enabled MAC filtering to only allow my PC and laptop
If you did that, nothing else is needed right?

Mac addresses can be spoofed, but it greatly helps.

2007-07-11 16:40:30

#8

pasngr: Member; +50|6646

Scorpion0x17 wrote:
haffeysucks wrote:
Scorpion0x17 wrote:
Other than using WPA instead of WEP, that's pretty much all you can do.
Yeah. WPA is better, but less logical. For instance, the Nintendo DS can't connect to WPA routers, but can connect to WEP routers. Same with the Wii. And I'm sure with many other products as well.

I think you should just keep WEP.
True, but looking at the other things he's done, I don't think he's worried about that.

Bingo. BF2 is my only game. Until Crysis comes out, at least.

I will change the default IP, thanks jaymz9350.

2007-07-11 16:45:52

#9

FathomsDown: Member; +19|6652|England

WEP was cracked recently (it can be broken in about five minutes with very few IVs) and MAC addresses are pretty trivial to spoof. The best thing to do is put a decent firewall bewteen the router and your network and set up a VPN on it. You can get a basic VPN capable router for about £30.

Or better still.... use a (shock horror!) wire!

2007-07-11 16:49:59

#10

pasngr: Member; +50|6646

Dauntless wrote:
pasngr wrote:
Enabled MAC filtering to only allow my PC and laptop
If you did that, nothing else is needed right?

Nope

2007-07-11 16:52:14

#11

weerdfoo1: Banned; +26|6166|California

and make sure that remote access is disabled in your router to ensure that it could only be accessed from your lan.

2007-07-11 17:03:36

#12

Cheez: Herman is a warmaphrodite; +1,027|6440|King Of The Islands

jsnipy wrote:
Dauntless wrote:
pasngr wrote:
Enabled MAC filtering to only allow my PC and laptop
If you did that, nothing else is needed right?
Mac addresses can be spoofed, but it greatly helps.

Not to mention you still need encryption so people can't sniff your data (easily).

My state was founded by Batman. Your opinion is invalid.

2007-07-12 05:24:22

#13

Inimicus_7: Member; +26|6363|England, UK

Burn your router.

I'm currently holding my Linksys WAG54G v.2 in my hand, cursing it.
It's blow'd up.

You won't have to worry about wireless security, it doesn't let anything that's not Linksys branded connect to it, without having a hissy fit.
Also, the ethernet ports will give out after a few months.

NetGear ftw?

2007-07-12 05:37:31

#14

wah1188: You orrible caaaaaaan't; +321|6461|UK

I have a WAG54GS has lasted me almost two years, only problem is the off button paint has worn out. Tends to be gay some days all that requires is a off then on and its fine. Be warned though I think after a bit it just messes up and you have to set-up the network again only done it twice in like two years can't complain.

2007-07-12 05:45:37

#15

jsnipy: ...; +3,276|6523|...

Cheez wrote:
jsnipy wrote:
Dauntless wrote:

If you did that, nothing else is needed right?
Mac addresses can be spoofed, but it greatly helps.
Not to mention you still need encryption so people can't sniff your data (easily).

I would not think you could sniff packet data if you are not a member (with a valid ip) of the network you are attempting to monitor.

2007-07-12 06:00:58

#16

wah1188: You orrible caaaaaaan't; +321|6461|UK

This about it what is the chance of your neighbour knowing how to hack you WEP? If anything I think you can monitor what connects to your router and only let it connect when you allow it.

2007-07-12 07:50:21

#17

Titch2349: iz me!; +358|6353|uk

I don't see why people protect their wireless internet in all these ways.

Who is going to go on your internet? Someone is going to park outside your house and use your bandwith?

Your next door neighbours?

Its stupid.... but o well... if you want to you can do.

2007-07-12 09:44:19

#18

kylef: Gone; +1,352|6494|N. Ireland

Honestly, most of the people posting here are right. You've done all that, and if they get passed that they deserve to use your web for a few hours! Check for other nearby connections near you if you can, and you'll see that most probably have a master password and no more. With everything you have done, your "average joe" neighbours will probably have no idea how to access your network. Also, your router isn't particulary "space style" strong. In excess of even 150m people will have a hard time getting a decent connection!

2007-07-13 01:19:03

#19

pasngr: Member; +50|6646

Titch2349 wrote:
I don't see why people protect their wireless internet in all these ways.

Who is going to go on your internet? Someone is going to park outside your house and use your bandwith?

Your next door neighbours?

Its stupid.... but o well... if you want to you can do.

Ever hear of wardriving?

2007-07-13 06:40:06

#20

jaymz9350: Member; +54|6578

Titch2349 wrote:
I don't see why people protect their wireless internet in all these ways.

Who is going to go on your internet? Someone is going to park outside your house and use your bandwith?

Your next door neighbours?

Its stupid.... but o well... if you want to you can do.

i don't protect my router to keep people off my net, i do it to keep them off my network. with access to a persons home network someone can grab alot of info. there are people (well criminals i should say) that will drive around looking for unprotected networks to see what they can find out about someone and steal any valuable info.

all that being said protecting yourself all these ways stated will keepout most all people unless they are really smart at it and you piss them off. the commone kid hacker, criminal and what not either don't know how to get by all of it or don't want to hassle and will look for an easier target. the biggest thing if you want to be safe the only way to truly do that is turn off your wireless and unplug your router from the net.

Last edited by jaymz9350 (2007-07-13 06:41:42)

2007-07-13 08:18:35

#21

Scorpion0x17: can detect anyone's visible post count...; +691|6767|Cambridge (UK)

jaymz9350 wrote:
Titch2349 wrote:
I don't see why people protect their wireless internet in all these ways.

Who is going to go on your internet? Someone is going to park outside your house and use your bandwith?

Your next door neighbours?

Its stupid.... but o well... if you want to you can do.
i don't protect my router to keep people off my net, i do it to keep them off my network. with access to a persons home network someone can grab alot of info. there are people (well criminals i should say) that will drive around looking for unprotected networks to see what they can find out about someone and steal any valuable info.

all that being said protecting yourself all these ways stated will keepout most all people unless they are really smart at it and you piss them off. the commone kid hacker, criminal and what not either don't know how to get by all of it or don't want to hassle and will look for an easier target. the biggest thing if you want to be safe the only way to truly do that is turn off your wireless and unplug your router from the net.

And don't ever switch your PC on - it's possible to read your private data, remotely, straight of your screen... (it requires very fancy tech to 'listen' to the video signal, but it can be done)

BF2S Forums Wireless router security question

Scorpion0x17 wrote:

pasngr wrote:

haffeysucks wrote:

Scorpion0x17 wrote:

Dauntless wrote:

pasngr wrote:

Scorpion0x17 wrote:

haffeysucks wrote:

Scorpion0x17 wrote:

Dauntless wrote:

pasngr wrote:

jsnipy wrote:

Dauntless wrote:

pasngr wrote:

Cheez wrote:

jsnipy wrote:

Dauntless wrote:

Titch2349 wrote:

Titch2349 wrote:

jaymz9350 wrote:

Titch2349 wrote:

Board footer