Re: Secure wireless

[Shaun Jones]

Yeah, I was speaking of hacking in general. Nothing can really protect  
someone from getting in that really wants to but address spoofing  
could be accomplished by just waitting until the real Mac address is  
offline and using the fake one. I like the analogy though.
On Jun 21, 2008, at 12:28 PM, Scott Bresnahan wrote:

Hi, Sean,
I'd say the better analogy is like locking your doors at night, but  
leaving your windows open for some fresh air.  I personally use only  
MAC security without encryption.  WEP and WPA won't stop a true  
hacker.  I want to keep honest people honest.

In addition, if one did spoof a MAC address, and you had two devices  
on the network with the same MAC, routing would go bonkers.  Not to  
mention, he'd have to be in close proximity to my house.


My physical security is more easily breached.  Break the ethernet  
wire outside my house and tap in.

--Scott





A hacker could just spoof your Mac addresses and cloan it so when  
he logs on your router would think it's actually your white listed  
device. That goes for cell phones, printers, NAS and other devices  
like TIVO's and any other connected wireless device. This is bad,  
very bad. You are basically saying the screen door is closed but  
the main door is open.
On Jun 20, 2008, at 1:41 PM, Esther wrote:

Hi Chris,

You wrote:
Has anyone tried just using MAC address whitelisting instead of  
all the
WPA WEP etc? That's what I do at home. I have no
encryption/authentication stuff on my wireless router. Instead I  
have an
allow list that only accepts connections from machines that have a
specific MAC address. If you're not familiar, every network  
device has a
sort of serial number burned into them by the manufacturer. It's  
a 6
byte string and every manufacturer gets a block of them to use.  
Most
routers will let you use this for access control on a whitelist (at
least my Linksys does). Seems to work for me but maybe I'm opening
myself up for issues.?

There's an old (2003) article on the O'Reilly site titled:
"Dispelling the Myth of Wireless Security"

http://www.oreillynet.com/pub/a/wireless/excerpt/wirlsshacks_chap1/

where the author tested cracking into his own (Mac) network which
he set up as closed (no broadcast SSID), WEP-encrypted, and MAC- 
filtered
wireless network.

The SSID discovery was near-instantaneous.  The MAC-filtering crack
took only seconds, the WEP crack took longest, but was also doable.
(This was back in 2003, remember).  I use WPA encryption.

This also reminds me that I wanted to pass on to David (who probably
knows this already), that extending WPA encryption on wireless  
networks
that are running with Windows machines (XP), may need you to
run a couple of Fixes (on XPSP2): KB917021(Wireless Client Update),
and KB893357 (to upgrade to WPA2 capability)

http://support.microsoft.com/kb/917021
(KB917021)

http://www.pcworld.com/downloads/file/fid,30721-order,1-page,1/description.html
(KB893357)

Of course, this may be old information with XPSP3 out.  Gee, I'm
glad I don't have to do anything with XP!

CB

David Poehlman wrote:
actually, I cannot get ae and netgear to communicate under wep.
WPA works.
This is dismaying news but I am using Macs with my wpn82-v2 just  
fine.  I am
not able to do all things with it using the Mac but certainly i  
can
configure it in windows and then use the AE to stream my audio.   
I am
pondering a new router at any rate since I have growing needs.

----- Original Message -----
From: "Esther" <[EMAIL PROTECTED]>
To: "General discussions on all topics relating to the use of  
Mac OS X by
theblind" <discuss@macvisionaries.com>
Sent: Thursday, June 19, 2008 3:03 PM
Subject: Re: summary of progress to
date:Re:HowtosetupAirTunesStreamingwithan
AirPortExpress(long) 
[wasRe:AirPortStreaminginiTunes[wasRe:NavigatingwithVO 
+arrowkeysandalternatives[wasRe:voiceoverquestion]]]


Hi David,

I'm still surprised about the difficulties using your AirPort  
Express joined
to
your NetGear router when you use WPA encryption, since you've been
able to get it working under WEP.  However, today's MacInTouch  
reader
report about "Mac Marginalization" had some dismaying news about
NetGear's future support (or lack thereof) plans for the Mac:

http://www.macintouch.com/readerreports/macmarginalization/index.html#d19jun2008
(MacInTouch Reader Reports: Mac Marginatlization)

<begin excerpt>
I have a very nice NetGear Router, an FR114. So, wanting a  
wireless router,
I bought a NetGear WNR834M. It was very nice, and very fast,  
although it
would only accept ten expressions in the "block these sites"  
feature,
whereas the old one I had would accept an unlimited number.
BUT - although I was able to store the router configuration  
settings, I was
completely unable to restore them!

Worse, I was also unable to upgrade the firmware, leaving me  
stuck with the
original version (there have been FIVE upgrades published since  
the
original).

I contacted tech support for NetGear. They replied promptly  
(although they
insisted on phone communication instead of the email that I  
prefer).
Unfortunately their reply was, incredibly, that those two  
features, upgrade
and setting restoration, were supported *only using Windows*!
Moreover they stated that they had no plans to ever support the  
Mac - or
Unix of Linux for that matter!
<end excerpt>

Cheers,

Esther

On June 16, 2008, at 06:11AM, David Poehlman wrote:

Hi Tim,

I reset it with the reset button and plugged it into the cabel  
modem.  The
address is dhcp and dynamic so once it found the ae, my modem  
allowed me to
connect to the internet and I was able to access the ae from  
all of my
computers with a security of none.  I was able to use airtunes  
just fine.
I
went through the setup and chose join a wireless network, web  
128-bit which
is what I am trying now due to device constraints.   It failed  
to come back
once the settings were updated.  I am really at a loss now but  
there is one
more thing I might try.  I was able to set up my printer  
wirelessly so do
not understand why the AE will not come back after being updated.

----- Original Message -----
From: "Tim Kilburn" <[EMAIL PROTECTED]>
To: "General discussions on all topics relating to the use of  
Mac OS X by
theblind" <discuss@macvisionaries.com>
Sent: Monday, June 16, 2008 9:09 AM
Subject: Re: summary of progress to date:Re: How
tosetupAirTunesStreamingwithan AirPort Express
(long)[wasRe:AirPortStreaminginiTunes[wasRe:NavigatingwithVO 
+arrowkeysandalternatives[wasRe:voiceoverquestion]]]


Hi David,

* When you connect the AE directly to the cable modem, did you  
mean
that the AE would not broadcast properly?

* Was that with a fresh configuration of the AE?

* Do you have a static or dynamic IP with your ISP?

Later...

Tim Kilburn
& Carter the Canine
Fort McMurray, AB Canada











--
--Scott