On Wed, Jul 26, 2006 at 09:23:25AM +1200, Steve Holdoway wrote: > I'd suggest temporarily removing all security from your ap, and getting > everything working, then upping to WEP, and so on.
I've not been following this thread, and I'm not fixing the DHCP issue, but I wanted to talk about wireless security ... Switch it all off, permanently. WEP takes ~5 minutes to crack, WPA would peobably only take a couple of hours and the time will be decreasing as CPU power goes up and the algorithms are exploited with increasing sophistication. The only people that WEP/WPA will keep out are the casual abusers, and your friends who bring wireless kit with them when they visit. Instead, leave the wireless network open, and assume that there will be attackers on it. Secure each machine on the network with its own firewall rules, and make sure that the router will only allow software VPN traffic through. Install OpenVPN on everything. A software VPN (as opposed to the firmware-based code in your router) can be easily updated/upgraded as attacks evolve. And OpenVPN is open source, and runs well on Linux, Mac and Windows, so all your visitors will be able to join onto your network with a small harmless software install. As an aside, you might consider allowing anonymous access to your wireless to go out to the Internet, for HTTPS and POP3S, at a really slow data rate that won't result in too much of your valuable $$$ bandwidth being used - a couple of K per second perhaps. That'll also be handy for visitors, and not so much fun that freeloaders will stay for long. Allow only TLS protocols, so you are at least encouraging your visitors to secure themselves just a little bit :-) -jim
