OT Wonders of wireless

This site contains affiliate links for which LandyZone may be compensated if you make a purchase.
D

Dave R

Guest
I'd just thought i'd share with you all the joy of getting the wireless
working on the new laptop. No more hunched over the desk in the worlds
most uncomfortable chair, and no more having to "hide away" in the back
room just to write some posts.

All i need to do now is to find out whether the range will extend
outside to the garage!

I don't suppose if anybody knows, what stops someone else logging into
"my" wireless?

Dave

 

"Dave R" <[email protected]> wrote in message
news:[email protected]...
: I'd just thought i'd share with you all the joy of getting the wireless
: working on the new laptop. No more hunched over the desk in the worlds
: most uncomfortable chair, and no more having to "hide away" in the back
: room just to write some posts.
:
: All i need to do now is to find out whether the range will extend
: outside to the garage!
:
: I don't suppose if anybody knows, what stops someone else logging into
: "my" wireless?
:
: Dave

Several things you can do Dave

1) set an access control list on the router, so that only your kit can
use it
2) Don't just use WEP to encrypt the data between your laptop and router,
make sure that you are at least running WPA-PSK (Wi-Fi Protected Access
Pre-Shared Key), with a good phrase as the key, not just a word.
3) Once you're up and running, stop broadcasting the SSID

I have a great piece of kit called Air Defense, and sitting in the front
room, I can find 24 wireless access points, of which 3 are secure, and
judging by the names in use, the majority of these have been supplied by
ISP's. Keep meaning to go for wander and offer to sort it out for them (for
a price of course)

Si


 
Dave R wrote:
> I'd just thought i'd share with you all the joy of getting the wireless
> working on the new laptop. No more hunched over the desk in the worlds
> most uncomfortable chair, and no more having to "hide away" in the back
> room just to write some posts.
>
> All i need to do now is to find out whether the range will extend
> outside to the garage!
>
> I don't suppose if anybody knows, what stops someone else logging into
> "my" wireless?

Filter by MAC address at the access point.
 
EMB wrote:
> Dave R wrote:
>
>> I'd just thought i'd share with you all the joy of getting the wireless
>> working on the new laptop. No more hunched over the desk in the worlds
>> most uncomfortable chair, and no more having to "hide away" in the back
>> room just to write some posts.
>>
>> All i need to do now is to find out whether the range will extend
>> outside to the garage!
>>
>> I don't suppose if anybody knows, what stops someone else logging into
>> "my" wireless?
>
>
> Filter by MAC address at the access point.

Have you got a light, Mac?

No, but I've got a dark brown overcoat.*

Stuart
* Bonzo Dog Doo-Dah Band
 
Srtgray wrote:
> EMB wrote:
>> Dave R wrote:
>>
>>> I'd just thought i'd share with you all the joy of getting the wireless
>>> working on the new laptop. No more hunched over the desk in the worlds
>>> most uncomfortable chair, and no more having to "hide away" in the back
>>> room just to write some posts.
>>>
>>> All i need to do now is to find out whether the range will extend
>>> outside to the garage!
>>>
>>> I don't suppose if anybody knows, what stops someone else logging into
>>> "my" wireless?
>>
>>
>> Filter by MAC address at the access point.
>
> Have you got a light, Mac?
>
> No, but I've got a dark brown overcoat.*
>
> Stuart
> * Bonzo Dog Doo-Dah Band

Death-Cab for Cutie ...I have it on the Gorilla LP :)

Karen

--
"Sometimes I think I have a Guardian Idiot - a little invisible spirit
just behind my shoulder, looking out for me ... only he's an imbecile" -
Jake Stonebender
 
Dave R came up with the following;:
> I'd just thought i'd share with you all the joy of getting the wireless
> working on the new laptop. No more hunched over the desk in the worlds
> most uncomfortable chair, and no more having to "hide away" in the back
> room just to write some posts.
>
> All i need to do now is to find out whether the range will extend
> outside to the garage!

Mine can ... ;)

> I don't suppose if anybody knows, what stops someone else logging into
> "my" wireless?

Nothing ... though you can seriously limit casual 'passers by' and cause
professionals to think twice and move on.

Use the 'Access Control' register in the security settings (depends on kit
and software) somewhere, to setup the mac addresses of wireless kit that can
access the router and lock out all others. Use WPA-PSK, not WEP, and use an
as long as feasible unrememberable passkey which uses alpha and numeric
characters ... but be careful that you _know_ what it is. :) Hide the SSID
once everything works. It'll still show up on your kit because it already
'knows' what it is, but others won't see it properly. Turn off the wireless
bit when you've finished, if possible.

There are a number of softwares that can de-crypt almost anything, and WEP
is a piece of pee to de-code, WPA-PSK is harder but still decipherable,
given time. All you can do is limit your exposure and doing the above
things means your setup is _probably_ much more secure than next-doors, so
most casual hackers would simply move on to something easier, and quicker,
to get into. There are so many open connections available there's
absolutely no need to break into yours, unless you have enemies and/or
you're paranoid ... ;)

--
Paul ...
(8(|) Homer Rules ..... Doh !!!



 
On 2006-07-13, EMB <[email protected]> wrote:

> Filter by MAC address at the access point.

Less reliable than current encryption methods, if I had to rely on one
method I'd go for encryption, as MAC addresses can be changed on some
cards, most of them in fact, but the software supplied generally
doesn't allow it.

--
Blast off and strike the evil Bydo empire!
 
Karen Gallagher wrote:
> Srtgray wrote:
>
>> EMB wrote:
>>
>>> Dave R wrote:
>>>
>>>> I'd just thought i'd share with you all the joy of getting the wireless
>>>> working on the new laptop. No more hunched over the desk in the worlds
>>>> most uncomfortable chair, and no more having to "hide away" in the back
>>>> room just to write some posts.
>>>>
>>>> All i need to do now is to find out whether the range will extend
>>>> outside to the garage!
>>>>
>>>> I don't suppose if anybody knows, what stops someone else logging into
>>>> "my" wireless?
>>>
>>>
>>>
>>> Filter by MAC address at the access point.
>>
>>
>> Have you got a light, Mac?
>>
>> No, but I've got a dark brown overcoat.*
>>
>> Stuart
>> * Bonzo Dog Doo-Dah Band
>
>
> Death-Cab for Cutie ...I have it on the Gorilla LP :)
>
> Karen
>
I think it was "Bigshot"

Stuart
 
On 2006-07-13, Paul - xxx <[email protected]> wrote:

> Use WPA-PSK, not WEP, and use an
> as long as feasible unrememberable passkey which uses alpha and numeric
> characters ...

IIRC WPA has a cryptographic weakness when using passkeys, but it's
only a problem with passkeys of less than 22 characters long. The
pass key doesn't really have to be totally random characters, a phrase
that you can remember is OK. While this is easier to guess than
totally random characters, it's still strong enough to require them to
spend a heck of a lot of time trying to break in. Checking for failed
logins once a week will show up whether someone is trying to do this.
Adding a few numbers onto the end and beginning of the phrase helps a
lot, or even replacing the spaces in the phrase with a digit that
forms a number you can remember.

> There are a number of softwares that can de-crypt almost anything, and WEP
> is a piece of pee to de-code,

It needs a fair amount of traffic to do it normally, the attacker
might get lucky and get enough WEP IVs to start the cryptographic
attack with just a few megabytes of information flowing, but I've
normally seen several gigabytes of information needed in order to get
enough IVs. That takes a while so for a residential user the main
thing to fear is neighbours as they have enough time to leave their
computers on and trying to break in.

WEP is still better than relying on mac address filtering. People
underestimate the difficulty of breaking encryption, just because it
can be done doesn't mean it's practical. WEP alone will stop anyone
who doesn't really really want to break into *your* network. WPA will
stop anyone who's not extremely extremely keen, but in a residential
setting they'd be better off just smashing a window and stealing the
computer, far easier.

Besides, unsecured wireless connections are a boon to those of us who
have to work away from home sometimes, it's very useful to be able to
get a free internet connection for reading our email ;-)

--
Blast off and strike the evil Bydo empire!
 
On Thu, 13 Jul 2006 10:03:25 +0100, Ian Rawlings
<[email protected]> wrote:

>Less reliable than current encryption methods, if I had to rely on one
>method I'd go for encryption, as MAC addresses can be changed on some
>cards, most of them in fact, but the software supplied generally
>doesn't allow it.

This is where I start getting that "let's keep our eye on the ball"
feeling. For the purpose, simple filter on the MAC will be fine.

Trying to spoof, guess or sniff the acceptable MAC isn't something
that anyone in their right mind would really want to do IMO. Yes, use
other protection too if you like, but it's not necessary to view
progress as our ability to complicate simplicity.


--
!!UNOFFICIAL!! http://www.ulrc.net !!UNOFFICIAL!!
!!UNOFFICIAL!! Now in beta :) !!UNOFFICIAL!!
!!UNOFFICIAL!! !!UNOFFICIAL!!
!!UNOFFICIAL!! Join Online Free! !!UNOFFICIAL!!
 
On Thu, 13 Jul 2006 10:40:46 +0100, Ian Rawlings
<[email protected]> wrote:

>Besides, unsecured wireless connections are a boon to those of us who
>have to work away from home sometimes, it's very useful to be able to
>get a free internet connection for reading our email ;-)

I leave an open wifi connection for all to use here. It is on the
other side of anything else here, and has a content filter, but
otherwise, fully open to anyone who wants to use it. Ove the last 12
odd months, only two of the neighbours have done so, and only then by
accident.


--
!!UNOFFICIAL!! http://www.ulrc.net !!UNOFFICIAL!!
!!UNOFFICIAL!! Now in beta :) !!UNOFFICIAL!!
!!UNOFFICIAL!! !!UNOFFICIAL!!
!!UNOFFICIAL!! Join Online Free! !!UNOFFICIAL!!
 
Ian Rawlings came up with the following;:
> On 2006-07-13, Paul - xxx <[email protected]> wrote:
>
>> Use WPA-PSK, not WEP, and use an
>> as long as feasible unrememberable passkey which uses alpha and numeric
>> characters ...
>
> IIRC WPA has a cryptographic weakness when using passkeys, but it's
> only a problem with passkeys of less than 22 characters long. The
> pass key doesn't really have to be totally random characters, a phrase
> that you can remember is OK.

Agreed, I use a four word phrase, the words of which would need a real stab
in the dark to connect them, and intimate knowledge of one member of our
family ...;)

> While this is easier to guess than
> totally random characters, it's still strong enough to require them to
> spend a heck of a lot of time trying to break in. Checking for failed
> logins once a week will show up whether someone is trying to do this.
> Adding a few numbers onto the end and beginning of the phrase helps a
> lot, or even replacing the spaces in the phrase with a digit that
> forms a number you can remember.

Yup.

>> There are a number of softwares that can de-crypt almost anything, and
>> WEP is a piece of pee to de-code,
>
> It needs a fair amount of traffic to do it normally, the attacker
> might get lucky and get enough WEP IVs to start the cryptographic
> attack with just a few megabytes of information flowing, but I've
> normally seen several gigabytes of information needed in order to get
> enough IVs.

I saw an article from one of the trade fairs that showed WEP being cracked
in a couple of minutes in a 'normal' browser style situation, have to dig it
out again, and with very small amounts of data. I don't know the
technicalities of it, but it was reckoned that so long as 'the target' is
browsing and visiting different websites, it can be done quite easily and
quickly.

> That takes a while so for a residential user the main
> thing to fear is neighbours as they have enough time to leave their
> computers on and trying to break in.
>
> WEP is still better than relying on mac address filtering. People
> underestimate the difficulty of breaking encryption, just because it
> can be done doesn't mean it's practical. WEP alone will stop anyone
> who doesn't really really want to break into *your* network. WPA will
> stop anyone who's not extremely extremely keen, but in a residential
> setting they'd be better off just smashing a window and stealing the
> computer, far easier.

LOL, true. I guess when you've seen it happen a few times, you err on the
cautious side, but, like I said, "most casual hackers would simply move on
to something easier, and quicker, to get into. There are so many open
connections available there's absolutely no need to break into yours"

> Besides, unsecured wireless connections are a boon to those of us who
> have to work away from home sometimes, it's very useful to be able to
> get a free internet connection for reading our email ;-)

Heheheh, <nods and winks> We're in Oswestry this weekend ... ;)

--
Paul ...
(8(|) Homer Rules ..... Doh !!!



 
On 2006-07-13, Mother <"@ {mother} @"@101fc.net> wrote:

> This is where I start getting that "let's keep our eye on the ball"
> feeling. For the purpose, simple filter on the MAC will be fine.

Personally I think typing the same password into both ends of the link
is easier still and more reliable, as you can then use different
cards, so MAC filtering seems to be a waste of time.

Still, if that's what you've set up then fine ;-)

> Trying to spoof, guess or sniff the acceptable MAC isn't something
> that anyone in their right mind would really want to do IMO.

Not had any trouble getting the MACs in the past, my wireless gear is
defunct now, must fire it up again sometime.

--
Blast off and strike the evil Bydo empire!
 
On 2006-07-13, Mother <"@ {mother} @"@101fc.net> wrote:

> I leave an open wifi connection for all to use here. It is on the
> other side of anything else here, and has a content filter, but
> otherwise, fully open to anyone who wants to use it. Ove the last 12
> odd months, only two of the neighbours have done so, and only then by
> accident.

I did the same for a while, but given that moving to the next *room*
makes the connection drop I dropped the whole wireless idea. I think
there must be chickenwire in the walls!

--
Blast off and strike the evil Bydo empire!
 
On 2006-07-13, Paul - xxx <[email protected]> wrote:

> I saw an article from one of the trade fairs that showed WEP being cracked
> in a couple of minutes in a 'normal' browser style situation, have to dig it
> out again, and with very small amounts of data. I don't know the
> technicalities of it, but it was reckoned that so long as 'the target' is
> browsing and visiting different websites, it can be done quite easily and
> quickly.

A WEP implementation can in theory be criminally stupid, in such a
case, where they're supposed to be using a random number with good
entropy, they could use a simple incrementing counter, meaning they
can be broken extremely easily. I've never come across such an
implementation though. I've also not read up on WEP anyway for a fair
few months, as I don't tend to advise customers to use it.

> Heheheh, <nods and winks> We're in Oswestry this weekend ... ;)

There's some argument for leaving an open access point on your network
too, what with the guilty-until-proven-innocent culture we're moving
towards, and the way that things that are legal are being made illegal
through the back door, it can be handy to have a get-out clause.
Whether an open access point would help or not is another matter!

--
Blast off and strike the evil Bydo empire!
 
Srtgray wrote:
> Karen Gallagher wrote:
>> Srtgray wrote:
>>
>>> EMB wrote:
>>>
>>>> Dave R wrote:
>>>>
>>>>> I'd just thought i'd share with you all the joy of getting the
>>>>> wireless
>>>>> working on the new laptop. No more hunched over the desk in the worlds
>>>>> most uncomfortable chair, and no more having to "hide away" in the
>>>>> back
>>>>> room just to write some posts.
>>>>>
>>>>> All i need to do now is to find out whether the range will extend
>>>>> outside to the garage!
>>>>>
>>>>> I don't suppose if anybody knows, what stops someone else logging into
>>>>> "my" wireless?
>>>>
>>>>
>>>>
>>>> Filter by MAC address at the access point.
>>>
>>>
>>> Have you got a light, Mac?
>>>
>>> No, but I've got a dark brown overcoat.*
>>>
>>> Stuart
>>> * Bonzo Dog Doo-Dah Band
>>
>>
>> Death-Cab for Cutie ...I have it on the Gorilla LP :)
>>
>> Karen
>>
> I think it was "Bigshot"
>
> Stuart

Oops, checked the LP, yes, Bigshot. Same LP, so many classics on that one.

Karen

--
"Sometimes I think I have a Guardian Idiot - a little invisible spirit
just behind my shoulder, looking out for me ... only he's an imbecile" -
Jake Stonebender
 
On Thu, 13 Jul 2006 11:06:00 +0100, Mother <"@ {mother} @"@101fc.net>
wrote:

>I leave an open wifi connection for all to use here. It is on the
>other side of anything else here, and has a content filter, but
>otherwise, fully open to anyone who wants to use it. Ove the last 12
>odd months, only two of the neighbours have done so, and only then by
>accident.

I find getting access on the move a problem and cannot understand why
B&Bs don't seem to offer something like the above.

How does is stand with a "normal" contract with an isp?

What dangers are there to the less technically competent?

How can you stop a "guest" from hogging bandwidth?

AJH

 
On 2006-07-13, AJH <[email protected]> wrote:

> How does is stand with a "normal" contract with an isp?

ISTR my ISP contract forbidding me from passing bandwidth on to
others, although this might only be if I charge for it, can't
remember. The concern is if someone starts doing something illegal
from your connection, how do you then prove it's not you? In theory
it has to be proven that it *is* you (innocent until proven guilty)
but that doesn't seem to be the way things work any more.

> What dangers are there to the less technically competent?

Someone abusing the connection to do something illegal, or to hack
your computer and get things like bank details etc for ID theft or to
rob your account.

> How can you stop a "guest" from hogging bandwidth?

Bandwidth capping on the wireless router, this needs a firewall with
the capability though.

--
Blast off and strike the evil Bydo empire!
 
Ian Rawlings wrote:
> On 2006-07-13, AJH <[email protected]> wrote:
>
>
>>How does is stand with a "normal" contract with an isp?
>
>
> ISTR my ISP contract forbidding me from passing bandwidth on to
> others, although this might only be if I charge for it, can't
> remember. The concern is if someone starts doing something illegal
> from your connection, how do you then prove it's not you? In theory
> it has to be proven that it *is* you (innocent until proven guilty)
> but that doesn't seem to be the way things work any more.
>

In most cases, the act of "logging on" is considered enough to prove
intent. However, how does one define "logging on" to an always-on
connection? The only way would be to rigidly enforce a logon/logoff
regime for all authorised users of the computer(s), and then produce the
logs in the event of a query. That would however involve using Windows
NT, 2000 or XP and ensuring that everyone was careful. Alternatively,
firewall/router logs could show that the computer used wasn't in the
normal run of your network - although with most using DHCP that would be
difficult. XP home assumes everyone wants to be administrator, you
can't even get home Linux users to logon as anything other than root, FFS!

Stuart
 
On 2006-07-13, Srtgray <[email protected]> wrote:

> In most cases, the act of "logging on" is considered enough to prove
> intent.

You are not a lawyer and I claim my free mars bar ;-)

--
Blast off and strike the evil Bydo empire!
 
You must log in or register to reply here.

Similar threads

300bhp/ton
P38A Should you lift a Range Rover? Air/Coil?
4 5 6
Replies
108
Views
20K
300bhp/ton
300bhp/ton
L
You can go fast. I can go anywhere
Replies
12
Views
3K
zeaphod
zeaphod
NiallRussell
Oman, Russia, Mongolia, Kazakstan, Norway, Sweden, Germany, France, Home?
Replies
18
Views
4K
NiallRussell
NiallRussell
domino
EAS - My tale of woe.
4 5 6
Replies
104
Views
15K
stopover
S
R
My disco camper, and when it got stuck
Replies
14
Views
24K
SteNova
SteNova
Back
Top