Glen Turner wrote:
You really can go too far, and wireless security is a prime example
of pointless defence in depth. All that not using a ESSID broadcast,
no DHCP, MAC address filtering do is the raise the time and hassle it
takes to get on the network. Which means that there is (or soon will
On Tue, Jun 24, 2008, Daniel Morrison wrote:
I have never understood that whole don't broadcast your ESSID thing.
Security by obscurity, surely?
I had one place in dim memory that implemented that specifically so arbitrary
devices wouldn't associate-by-passing and tie up valuable slots on
Jonathan Lange wrote:
Recent events have reminded us that randomness is just as important in
SSH key generation. I'd save my dice (and my time) for things that
actually guard my data.
The entire strength of WPA2-PSK depends on the shared key being
unguessable; that is, random. So the WPA2-PSK
Jonathan Lange wrote:
Of course, the more interesting question is WHY!?!?!
Apologies, I had thought it was obvious.
Keys are often given in a hexadecimal representation.
Each 4 bits is a hex digit, written using 0...9A...F.
So a d16 will generate a hex digit of randomness. Two
d16s will
Glen Turner wrote:
They avoid number at the extremes
and avoid repeated digits (a 60 byte string would have
a run of 6 repeated digits about one time in five).
The result is very non-random.
Yes indeed. I've read about complaints from consumers
about seemingly non-random behaviour in the
20/20 Filmsight
http://moviecritic.com.au
--- On Mon, 6/23/08, Rick Welykochy [EMAIL PROTECTED] wrote:
From: Rick Welykochy [EMAIL PROTECTED]
Subject: Re: [SLUG] Is someone is snooping my wireless?
To: Glen Turner [EMAIL PROTECTED]
Cc: Jonathan Lange [EMAIL PROTECTED], slug
Quoting Cibby Pulikkaseril [EMAIL PROTECTED]:
I'd just like to add an anecdote on pseudo-random number generation:
several years ago, a group of Canadian comp. sci. students were
arrested for fraud. .
...
Good story..
I can't seem to find a link to this story, though. Is it bogus?
On Mon, Jun 23, 2008 at 8:47 PM, Glen Turner [EMAIL PROTECTED] wrote:
Jonathan Lange wrote:
Of course, the more interesting question is WHY!?!?!
Apologies, I had thought it was obvious.
You've missed the spirit of my question, I think. I looked only at
Kenneth's post and saw something that
Jonathan Lange wrote:
Recent events have reminded us that randomness is just as important in
SSH key generation. I'd save my dice (and my time) for things that
actually guard my data.
An old favourite is to pick a song you know well and grab the
first letters of a line or two in the song.
Quoting Jonathan Lange [EMAIL PROTECTED]:
More broadly, generating your wireless key with a cryptographically
secure RNG seems to me to be overkill for most people. Buying
specialty dice for it seems plain silly.[1] Flipping a coin eight
times doesn't take much longer than rolling 4d4, 2d16 or
You really can go too far, and wireless security is a prime example
of pointless defence in depth. All that not using a ESSID broadcast,
no DHCP, MAC address filtering do is the raise the time and hassle it
takes to get on the network. Which means that there is (or soon will
be) a script
On Mon, 2008-06-23 at 12:19 +0930, Glen Turner wrote:
If you find youself being dragged along by the Dungeons and Dragons
crowd to the shops one day, then grab a pair of 16-sided dice. Each
throw will give one byte of randomness for keys.]
Should that closing bracket have been a
On Mon, Jun 23, 2008 at 3:45 PM, Kenneth Caldwell
[EMAIL PROTECTED] wrote:
Surely a fair die could have only 4, 6, 8, 12 or 20 faces.
I guess one solution would be to throw three dice consisting of two
octahedrons and a tetrahedron and multiply the results. Is there a more
elegant solution?
why not have a little fun instead of locking everything down immediately :)
http://ex-parrot.com/~pete/upside-down-ternet.html
and anyway, setting up a proxy server, forcing them through it and logging
all requests may give you an insight into what they are doing on your
network, and maybe who
Tony Sceats wrote:
why not have a little fun instead of locking everything down immediately :)
http://ex-parrot.com/~pete/upside-down-ternet.html
and anyway, setting up a proxy server, forcing them through it and
logging all requests may give you an insight into what they are doing on
your
Looks like it is going to be a boring day on slug from now on cos this
one was really great...
does kindof makes you think about all sorts of bizzarre possibilities...
I've been working with regexes and search and replace... mixing that
in with the http streaming (changing words in web
Rick Welykochy wrote:
A new icon I have never seen before for a PC connection to my
wireless LAN has alerted me that someone the area is attempting
to connect. The icon only indicates that it is a PC. No IP or
any info like that.
What I am after is intrusion detection software for a wireless
This may be off topic, but there is a lot of networking talent
on SLUG. And the answers to this query will be very useful in
general.
A new icon I have never seen before for a PC connection to my
wireless LAN has alerted me that someone the area is attempting
to connect. The icon only indicates
Hi Rick
if someone is 'trying to connect' then fortunately they arent actually
connecting. there isnt much you can do about people attempting to
connect (unless you hire some sort of sniper on top of your building).
however.
if someone is actually attaching to your wireless lan, that is a
DaZZa wrote:
You should make sure you take the simple steps which *everyone*
running wireless should do.
1) Disable SSID broadcast
2) Disable DHCP unless you absolutely *have* to use it.
Already do the above two. SSID should only be used for public nets,
I presume. And no DHCP.
3) Make
Dean Hamstead wrote:
(unless you hire some sort of sniper on top of your building).
Good idea! That mob from the APEC summit must be bored these days.
firstly.
use MAC filtering
Yup. I have an ACL for MAC addrs. Can that be cracked? i.e. keep
trying the *huge* MAC address space until they
On Tue, Jun 17, 2008 at 2:49 PM, Rick Welykochy [EMAIL PROTECTED] wrote:
You should make sure you take the simple steps which *everyone*
running wireless should do.
1) Disable SSID broadcast
2) Disable DHCP unless you absolutely *have* to use it.
Already do the above two. SSID should only
DaZZa [EMAIL PROTECTED] writes:
On Tue, Jun 17, 2008 at 2:49 PM, Rick Welykochy [EMAIL PROTECTED] wrote:
You should make sure you take the simple steps which *everyone*
running wireless should do.
1) Disable SSID broadcast
2) Disable DHCP unless you absolutely *have* to use it.
Already do
Daniel beat me to the punch on all counts, and have to agree.
Locking down MAC addresses and not using DHCP are probably the most easily
circumventing - the former can be done by just configuring you NIC with that
MAC address, and overriding a fixed IP address is basically as trival as
responding
Rick,
It isn't clear what you are seeing. Is this just an *available* adhoc
network appearing in network-manager? This just means that there is someone
nearby advertising their PC as an ad-hoc network. It is then up to you to
decide if you want to connect to them.
Martin
On Tue, Jun 17, 2008 at
Rick Welykochy wrote:
firstly.
use MAC filtering
Yup. I have an ACL for MAC addrs. Can that be cracked? i.e. keep
trying the *huge* MAC address space until they get in? Must take
until the heat death of the universe to do that.
If an attacker has successfully associated with your access
Martin Visser wrote:
It isn't clear what you are seeing. Is this just an *available* adhoc
network appearing in network-manager? This just means that there is
someone nearby advertising their PC as an ad-hoc network. It is then up
to you to decide if you want to connect to them.
I strongly
27 matches
Mail list logo
