Re: [H] Windows 7 ?

[Robert Martin Jr.]

It's already in the wild :)
I was however using a legit beta before I wiped it.

lopaka

--- On Tue, 4/28/09, tmse...@rlrnews.com  wrote:
From: tmse...@rlrnews.com 
Subject: Re: [H] Windows 7 ?
To: hardware@hardwaregroup.com
Date: Tuesday, April 28, 2009, 7:32 PM

Oh, there is a neat trick... Forget repair install, it does an install
migration, and it is slick.  For those that wonder, may 4 the rc goes public. 
Sent via BlackBerry 

-Original Message-
From: FORC5 

Date: Tue, 28 Apr 2009 19:18:33 
To: 
Subject: [H] Windows 7 ?


Been messing with Windows 7 a little for a month or so, not too bad I must
say.

Wanted to see how it handled change so I plugged the drive into a different
computer, was very impressed with the repair/restore screen it takes me too
other then the fact it would not repair. 
I suppose if it was on the same hw the repair would have been fine. Booted to
the cd and attempted a repair, same result.

I suppose we are not allowed to change MB's in MS's future, huh ? But
this is a pre release.

Have not done this with Vista, I would guess the same result but I wonder if
Vista has this boot to repair option without using the disk ( like needed with 
XP ) This will be tested soon, server to be updated. If Vista will not repair or
run I think XP64 or Server 2003 is in order to replace it.

strange thing though, drive was c: in other box but saw the OS ( after driver
install, OLD hw) it saw the os on E: Have no idea why. only drive in system.
Only thing I can think of it is a older system with two PATA channels and
supposed it was picking up E ( would be the logical 4th drive) Old Asus a7n8x
deluxe, still runs the 3200 barton like a top and does OK with Vista and 2 gig
ram other then I have been plagued with BSOD's, suspect Vista does not like
the old HW. But it did run fine for a very long time.

any one else playing with 7  ( not 7 of 9 ) :-D
fp

-- 
Tallyho ! ]:8)
Taglines below !
--
In war there is no substitute for victory.

Re: [H] Windows 7 ?

[Robert Martin Jr.]

Yeah, I ran windows 7 for a little while but I found that most of the 
applications I needed for work wouldn't run on it even in compatibility modes. 
It ran really fast on an SSD primary, ran all my games pretty well, but I took 
if off and put XP x64 since everything I need runs right.

Lately I tend to use portable applications and have either hacked them myself 
or picked up versions of "almost" everything I use on a regular basis. I've 
come to the conclusion that there is no possible need for all the bloatware 
that most of the programs are turning into, and especially no need for a bunch 
of crap being written to the registry whenever software is loaded.   
:)

lopaka

--- On Tue, 4/28/09, FORC5  wrote:
From: FORC5 
Subject: [H] Windows 7 ?
To: hardware@hardwaregroup.com
Date: Tuesday, April 28, 2009, 7:18 PM

Been messing with Windows 7 a little for a month or so, not too bad I must say.

Wanted to see how it handled change so I plugged the drive into a different
computer, was very impressed with the repair/restore screen it takes me too
other then the fact it would not repair. 
I suppose if it was on the same hw the repair would have been fine. Booted to
the cd and attempted a repair, same result.

I suppose we are not allowed to change MB's in MS's future, huh ? But
this is a pre release.

Have not done this with Vista, I would guess the same result but I wonder if
Vista has this boot to repair option without using the disk ( like needed with 
XP ) This will be tested soon, server to be updated. If Vista will not repair or
run I think XP64 or Server 2003 is in order to replace it.

strange thing though, drive was c: in other box but saw the OS ( after driver
install, OLD hw) it saw the os on E: Have no idea why. only drive in system.
Only thing I can think of it is a older system with two PATA channels and
supposed it was picking up E ( would be the logical 4th drive) Old Asus a7n8x
deluxe, still runs the 3200 barton like a top and does OK with Vista and 2 gig
ram other then I have been plagued with BSOD's, suspect Vista does not like
the old HW. But it did run fine for a very long time.

any one else playing with 7  ( not 7 of 9 ) :-D
fp

-- 
Tallyho ! ]:8)
Taglines below !
--
In war there is no substitute for victory.

Re: [H] Windows 7 ?

[tmservo]

Oh, there is a neat trick... Forget repair install, it does an install 
migration, and it is slick.  For those that wonder, may 4 the rc goes public. 
Sent via BlackBerry 

-Original Message-
From: FORC5 

Date: Tue, 28 Apr 2009 19:18:33 
To: 
Subject: [H] Windows 7 ?


Been messing with Windows 7 a little for a month or so, not too bad I must say.

Wanted to see how it handled change so I plugged the drive into a different 
computer, was very impressed with the repair/restore screen it takes me too 
other then the fact it would not repair. 
I suppose if it was on the same hw the repair would have been fine. Booted to 
the cd and attempted a repair, same result.

I suppose we are not allowed to change MB's in MS's future, huh ? But this is a 
pre release.

Have not done this with Vista, I would guess the same result but I wonder if 
Vista has this boot to repair option without using the disk ( like needed with  
XP ) This will be tested soon, server to be updated. If Vista will not repair 
or run I think XP64 or Server 2003 is in order to replace it.

strange thing though, drive was c: in other box but saw the OS ( after driver 
install, OLD hw) it saw the os on E: Have no idea why. only drive in system. 
Only thing I can think of it is a older system with two PATA channels and 
supposed it was picking up E ( would be the logical 4th drive) Old Asus a7n8x 
deluxe, still runs the 3200 barton like a top and does OK with Vista and 2 gig 
ram other then I have been plagued with BSOD's, suspect Vista does not like the 
old HW. But it did run fine for a very long time.

any one else playing with 7  ( not 7 of 9 ) :-D
fp

-- 
Tallyho ! ]:8)
Taglines below !
--
In war there is no substitute for victory.

[H] Windows 7 ?

[FORC5]

Been messing with Windows 7 a little for a month or so, not too bad I must say.

Wanted to see how it handled change so I plugged the drive into a different 
computer, was very impressed with the repair/restore screen it takes me too 
other then the fact it would not repair. 
I suppose if it was on the same hw the repair would have been fine. Booted to 
the cd and attempted a repair, same result.

I suppose we are not allowed to change MB's in MS's future, huh ? But this is a 
pre release.

Have not done this with Vista, I would guess the same result but I wonder if 
Vista has this boot to repair option without using the disk ( like needed with  
XP ) This will be tested soon, server to be updated. If Vista will not repair 
or run I think XP64 or Server 2003 is in order to replace it.

strange thing though, drive was c: in other box but saw the OS ( after driver 
install, OLD hw) it saw the os on E: Have no idea why. only drive in system. 
Only thing I can think of it is a older system with two PATA channels and 
supposed it was picking up E ( would be the logical 4th drive) Old Asus a7n8x 
deluxe, still runs the 3200 barton like a top and does OK with Vista and 2 gig 
ram other then I have been plagued with BSOD's, suspect Vista does not like the 
old HW. But it did run fine for a very long time.

any one else playing with 7  ( not 7 of 9 ) :-D
fp

-- 
Tallyho ! ]:8)
Taglines below !
--
In war there is no substitute for victory.

Re: [H] MAC Address Filter

[Bino Gopal]

, but the weird thing is, I'm getting it fine to my
> > >>> gmail, but NOT
> > >>> to my hotmail...anyone else running into this?
> > >>>
> > >>>
> > >>> > BINO
> > >>> >
> > >>> >P.S. I haven't been getting any HWG emails to my hotmail.com
> > >>> account since
> > >>> >4/12/09--none at all.  Anyone else on hotmail having this
> > >>> problem?  I also
> > >>> >have it sent to my gmail account and that's how I even saw this
> > >>> message...
> > >>> >
> > >>> >
> > >>> >
> > >>> >-Original Message-
> > >>> >From: hardware-boun...@hardwaregroup.com
> > >>> >[mailto:hardware-boun...@hardwaregroup.com] On Behalf Of
> > DHSinclair
> > >>> >Sent: Friday, April 24, 2009 2:58 PM
> > >>> >To: hardware@hardwaregroup.com
> > >>> >Subject: Re: [H] MAC Address Filter
> > >>> >
> > >>> >John,
> > >>> >I so appreciate your share. BUT, it seems to be focused at
> > >>> >Wire-less/AccessPoint/WLAN business.?
> > >>> >I do get this for a LAN that has WLAN access.  I do NOT.  Still
> > >>> moderately
> > >>> >confused...
> > >>> >
> > >>> >Is MAC Address Filter really ONLY good for WLAN?
> > >>> >
> > >>> >I freely accept that my current router is totally focused toward
> > >>> >WLAN!  And, Gaming!  Neither of which I use it for.  I bought it
> > >>> on the
> > >>> >recc from HayesElkins.
> > >>> >Best,
> > >>> >Duncan
> > >>> >
> > >>> >At 14:22 04/24/2009 -0700, you wrote:
> > >>> > >Most Wi-Fi access points and routers ship with a feature called
> > >>> hardware
> > >>> > >or MAC address filtering.
> > >>> > >This feature is normally turned "off" by the manufacturer,
> > >>> because it
> > >>> > >requires a bit of effort to set up properly.
> > >>> > >
> > >>> > >However, to improve the
> > >>> > >security of your Wi-Fi LAN (WLAN), strongly consider enabling
> > >>> and using
> > >>> > >MAC address filtering.
> > >>> > >
> > >>> > >Without MAC address filtering, any wireless client can join
> > >>> (authenticate
> > >>> > >with) a Wi-Fi network if they know the network name (also
> > >>> called the
> > >>> SSID)
> > >>> > >and perhaps a few other security parameters like encryption
> > keys.
> > >>> > >
> > >>> > >
> > >>> > >When
> > >>> > >MAC address filtering is enabled, however, the access point or
> > >>> router
> > >>> > >performs an additional check on a different parameter.
> > >>> Obviously the
> > >>> > >more checks that are made, the greater the likelihood of
> > >>> preventing
> > >>> > >network break-ins.
> > >>> > >
> > >>> > >To set up MAC address filtering, you as a WLAN administrator
> > >>> > >must configure a list of clients that will be allowed to join
> > the
> > >>> > >network. First, obtain the MAC addresses of each client from its
> > >>> > >operating system or configuration utility. Then, they enter
> > those
> > >>> > >addresses into a configuratin screen of the wireless access
> > >>> point or
> > >>> > >router. Finally, switch on the filtering option.
> > >>> > >
> > >>> > >Once enabled, whenever the wireless access point or router
> > >>> > >receives a request to join with the WLAN, it compares the MAC
> > >>> address
> > >>> > >of that client against the administrator's list. Clients on the
> > >>> list
> > >>> > >authenticate as normal; clients not on the list are denied any
> > >>> access
> > >>> > >to the WLAN.
> > >>> > >
> > >>> > >MAC addresses on wireless clients can't be changed as they are
> > >>> > >burned into the hardware. However, some wireless clients allow
> > >>> their
> > >>> > >MAC address to be "impersonated" or "spoofed" in software. It's
> > >>> > >certainly possible for a determined hacker to break into your
> > >>> WLAN by
> > >>> > >configuring their client to spoof one of your MAC addresses.
> > >>> Although
> > >>> > >MAC address filtering isn't bulletproof, still it remains a
> > >>> helpful
> > >>> > >additional layer of defense that improves overall Wi-Fi network
> > >>> > >security.
> > >>> > >  --
> > >>> > >JRS
> > >>> > >stei...@pacbell.net
> > >>> > >
> > >>> > >
> > >>> > >Facts do not cease to exist just
> > >>> > >because they are ignored.
> > >>> > >
> > >>> > >
> > >>> > >
> > >>> > >- Original Message 
> > >>> > > > From: DHSinclair 
> > >>> > > > To: Hardware Group 
> > >>> > > > Sent: Friday, April 24, 2009 1:42:04 PM
> > >>> > > > Subject: [H] MAC Address Filter
> > >>> > > >
> > >>> > > > I use a d-link dgl-4300 router.  I have disabled the wire-
> > less
> > >>> > > section.  I only
> > >>> > > > do wired LAN business.
> > >>> > > > The router is currently at F/W v1.8.  I do know that F/W 1.9
> > >>> is
> > >>> > > available, but
> > >>> > > > as I read the docs, it seems to only deal with wire-less
> > >>> > > > business/bug-fixes
> > >>> > > >
> > >>> > > > Can anyone point me to some reading about MAC Address
> > >>> Filters?  I do
> > >>> > > have one;
> > >>> > > > and, I DO use it.
> > >>> > > > But, now have questions :)
> > >>> > > >
> > >>> > > > MyCurrentUnderstanding: I 'think' that my router's MAF is
> > >>> what allows
> > >>> > > my LAN
> > >>> > > > objects to gain access to the WWW (thru my router) via my
> > >>> Service
> > >>> > > > Provider.(when enabled!)... Is this correct?
> > >>> > > >
> > >>> > > > AND, I accept that this MAF access is completely 2-Way, with
> > >>> agreed
> > >>> > > > comprehension of non-routeable IP-Addy's?
> > >>> > > >
> > >>> > > > I feel like I am walking into a black hole here.   :)
> > >>> > > > Best,
> > >>> > > > Duncan
> > >>> > >
> > >>> > >__ NOD32 4034 (20090424) Information __
> > >>> > >
> > >>> > >This message was checked by NOD32 antivirus system.
> > >>> > >http://www.eset.com
> > >>> >
> > >>> >
> > >>> >__ NOD32 4034 (20090424) Information __
> > >>> >
> > >>> >This message was checked by NOD32 antivirus system.
> > >>> >http://www.eset.com
> > >>>
> > >>>
> > >>> __ NOD32 4036 (20090427) Information __
> > >>>
> > >>> This message was checked by NOD32 antivirus system.
> > >>> http://www.eset.com
> > >>
> > >
> > >
> > >
>
>
>
>__ NOD32 4040 (20090428) Information __
>
>This message was checked by NOD32 antivirus system.
>http://www.eset.com

Re: [H] MAC Address Filter

[DHSinclair]

urity parameters like encryption
> keys.
> >>> > >
> >>> > >
> >>> > >When
> >>> > >MAC address filtering is enabled, however, the access point or
> >>> router
> >>> > >performs an additional check on a different parameter.
> >>> Obviously the
> >>> > >more checks that are made, the greater the likelihood of
> >>> preventing
> >>> > >network break-ins.
> >>> > >
> >>> > >To set up MAC address filtering, you as a WLAN administrator
> >>> > >must configure a list of clients that will be allowed to join
> the
> >>> > >network. First, obtain the MAC addresses of each client from its
> >>> > >operating system or configuration utility. Then, they enter
> those
> >>> > >addresses into a configuratin screen of the wireless access
> >>> point or
> >>> > >router. Finally, switch on the filtering option.
> >>> > >
> >>> > >Once enabled, whenever the wireless access point or router
> >>> > >receives a request to join with the WLAN, it compares the MAC
> >>> address
> >>> > >of that client against the administrator's list. Clients on the
> >>> list
> >>> > >authenticate as normal; clients not on the list are denied any
> >>> access
> >>> > >to the WLAN.
> >>> > >
> >>> > >MAC addresses on wireless clients can't be changed as they are
> >>> > >burned into the hardware. However, some wireless clients allow
> >>> their
> >>> > >MAC address to be "impersonated" or "spoofed" in software. It's
> >>> > >certainly possible for a determined hacker to break into your
> >>> WLAN by
> >>> > >configuring their client to spoof one of your MAC addresses.
> >>> Although
> >>> > >MAC address filtering isn't bulletproof, still it remains a
> >>> helpful
> >>> > >additional layer of defense that improves overall Wi-Fi network
> >>> > >security.
> >>> > >  --
> >>> > >JRS
> >>> > >stei...@pacbell.net
> >>> > >
> >>> > >
> >>> > >Facts do not cease to exist just
> >>> > >because they are ignored.
> >>> > >
> >>> > >
> >>> > >
> >>> > >- Original Message 
> >>> > > > From: DHSinclair 
> >>> > > > To: Hardware Group 
> >>> > > > Sent: Friday, April 24, 2009 1:42:04 PM
> >>> > > > Subject: [H] MAC Address Filter
> >>> > > >
> >>> > > > I use a d-link dgl-4300 router.  I have disabled the wire-
> less
> >>> > > section.  I only
> >>> > > > do wired LAN business.
> >>> > > > The router is currently at F/W v1.8.  I do know that F/W 1.9
> >>> is
> >>> > > available, but
> >>> > > > as I read the docs, it seems to only deal with wire-less
> >>> > > > business/bug-fixes
> >>> > > >
> >>> > > > Can anyone point me to some reading about MAC Address
> >>> Filters?  I do
> >>> > > have one;
> >>> > > > and, I DO use it.
> >>> > > > But, now have questions :)
> >>> > > >
> >>> > > > MyCurrentUnderstanding: I 'think' that my router's MAF is
> >>> what allows
> >>> > > my LAN
> >>> > > > objects to gain access to the WWW (thru my router) via my
> >>> Service
> >>> > > > Provider.(when enabled!)... Is this correct?
> >>> > > >
> >>> > > > AND, I accept that this MAF access is completely 2-Way, with
> >>> agreed
> >>> > > > comprehension of non-routeable IP-Addy's?
> >>> > > >
> >>> > > > I feel like I am walking into a black hole here.   :)
> >>> > > > Best,
> >>> > > > Duncan
> >>> > >
> >>> > >__ NOD32 4034 (20090424) Information __
> >>> > >
> >>> > >This message was checked by NOD32 antivirus system.
> >>> > >http://www.eset.com
> >>> >
> >>> >
> >>> >__ NOD32 4034 (20090424) Information __
> >>> >
> >>> >This message was checked by NOD32 antivirus system.
> >>> >http://www.eset.com
> >>>
> >>>
> >>> __ NOD32 4036 (20090427) Information __
> >>>
> >>> This message was checked by NOD32 antivirus system.
> >>> http://www.eset.com
> >>
> >
> >
> >



__ NOD32 4040 (20090428) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com

Re: [H] MAC Address Filter

[Greg Sevart]

While they may serve as a very minor deterrent to the casual passerby, I
guess that my point is that it's a waste of time, even on a home deployment,
to implement when you are hopefully deploying WPA (with AES, since there is
a vulnerability with TKIP) or WPA2 anyway. From the author's follow-up to
that article: "These aren't layered approaches; they're more like buying
overlapping warranty coverage, since any benefit against casual bandwidth
thieves is already covered by real security measures."

Greg

> -Original Message-
> From: hardware-boun...@hardwaregroup.com [mailto:hardware-
> boun...@hardwaregroup.com] On Behalf Of Bino Gopal
> Sent: Tuesday, April 28, 2009 5:22 PM
> To: hardware@hardwaregroup.com
> Subject: Re: [H] MAC Address Filter
> 
> I wouldn't say *utterly* pointless.  The article is good in pointing
> out the
> issues and people who think using these measures=security (which it
> doesn't), but his points are more tailored to an *enterprise* rather
> than a
> home user with an AP...
> 
> To wit, MAF is pointless in a work environment, but again, using simple
> psychology, which AP is a person looking for free wireless going to
> target-the one that's broadcasting the SSID and has no MAF, or yours
> that
> requires a sniffer to find the SSID and a MAC to steal!
> 
> As per http://www.lanarchitect.net/Articles/Wireless/SecurityRating/ if
> a
> bored hacker is trying to get in, even L2 will protect you since they
> have
> to steal your password to get in.  And if that hacker is really
> targeting
> you, then even L3 will protect you; but no one needs that for home use
> (but
> at least use WPA2 since WPA can be cracked now; and forget WEP!).
> 

Re: [H] MAC Address Filter

[DHSinclair]

ky/smart here.  So all I was
>>>> trying to say was that having MAF for wired connections is kind of
>>>> pointless, since the point at which MAF for wired matters, someone you
>>>> don't
>>>> know has to have physical access to plug in a cable and then you have
>>>> bigger
>>>> problems (b/c they've broken in at that point, etc), see?
>>>>
>>>> To put it another way, since you don't have random people coming in off
>>>> the
>>>> street trying to plug cables into your network, MAF for wired
>>>> connections
>>>> doesn't really buy you anything!  Does that make it more clear?  Sorry
>>>> for
>>>> being too snarky! ;P
>>>>
>>>>
>>>> P.S.  HWG email has been spotty for some time.Stuff happens.  The
>>>> BIG
>>>> PERSON only knows what is going on.. :)  I read this as
>>>> "dead-time."  But, that is JMHO.
>>>>
>>>>
>>>> BG1> Yeah, but the weird thing is, I'm getting it fine to my gmail, but
>>>> NOT
>>>> to my hotmail...anyone else running into this?
>>>>
>>>>
>>>> > BINO
>>>> >
>>>> >P.S. I haven't been getting any HWG emails to my hotmail.com account
>>>> since
>>>> >4/12/09--none at all.  Anyone else on hotmail having this problem?  I
>>>> also
>>>> >have it sent to my gmail account and that's how I even saw this
>>>> message...
>>>> >
>>>> >
>>>> >
>>>> >-Original Message-
>>>> >From: hardware-boun...@hardwaregroup.com
>>>> >[mailto:hardware-boun...@hardwaregroup.com] On Behalf Of DHSinclair
>>>> >Sent: Friday, April 24, 2009 2:58 PM
>>>> >To: hardware@hardwaregroup.com
>>>> >Subject: Re: [H] MAC Address Filter
>>>> >
>>>> >John,
>>>> >I so appreciate your share. BUT, it seems to be focused at
>>>> >Wire-less/AccessPoint/WLAN business.?
>>>> >I do get this for a LAN that has WLAN access.  I do NOT.  Still
>>>> moderately
>>>> >confused...
>>>> >
>>>> >Is MAC Address Filter really ONLY good for WLAN?
>>>> >
>>>> >I freely accept that my current router is totally focused toward
>>>> >WLAN!  And, Gaming!  Neither of which I use it for.  I bought it on the
>>>> >recc from HayesElkins.
>>>> >Best,
>>>> >Duncan
>>>> >
>>>> >At 14:22 04/24/2009 -0700, you wrote:
>>>> > >Most Wi-Fi access points and routers ship with a feature called
>>>> hardware
>>>> > >or MAC address filtering.
>>>> > >This feature is normally turned "off" by the manufacturer, because it
>>>> > >requires a bit of effort to set up properly.
>>>> > >
>>>> > >However, to improve the
>>>> > >security of your Wi-Fi LAN (WLAN), strongly consider enabling and
>>>> using
>>>> > >MAC address filtering.
>>>> > >
>>>> > >Without MAC address filtering, any wireless client can join
>>>> (authenticate
>>>> > >with) a Wi-Fi network if they know the network name (also called the
>>>> SSID)
>>>> > >and perhaps a few other security parameters like encryption keys.
>>>> > >
>>>> > >
>>>> > >When
>>>> > >MAC address filtering is enabled, however, the access point or router
>>>> > >performs an additional check on a different parameter. Obviously the
>>>> > >more checks that are made, the greater the likelihood of preventing
>>>> > >network break-ins.
>>>> > >
>>>> > >To set up MAC address filtering, you as a WLAN administrator
>>>> > >must configure a list of clients that will be allowed to join the
>>>> > >network. First, obtain the MAC addresses of each client from its
>>>> > >operating system or configuration utility. Then, they enter those
>>>> > >addresses into a configuratin screen of the wireless access point or
>>>> > >router. Finally, switch on the filtering option.
>>>> > >
>>>> > >Once enabled, whenever the wireless access point or router
>>>> > >receives a request to join with the WLAN, it compares the MAC address
>>>> > >of that client against the administrator's list. Clients on the list
>>>> > >authenticate as normal; clients not on the list are denied any access
>>>> > >to the WLAN.
>>>> > >
>>>> > >MAC addresses on wireless clients can't be changed as they are
>>>> > >burned into the hardware. However, some wireless clients allow their
>>>> > >MAC address to be "impersonated" or "spoofed" in software. It's
>>>> > >certainly possible for a determined hacker to break into your WLAN by
>>>> > >configuring their client to spoof one of your MAC addresses. Although
>>>> > >MAC address filtering isn't bulletproof, still it remains a helpful
>>>> > >additional layer of defense that improves overall Wi-Fi network
>>>> > >security.
>>>> > >  --
>>>> > >JRS
>>>> > >stei...@pacbell.net
>>>> > >
>>>> > >
>>>> > >Facts do not cease to exist just
>>>> > >because they are ignored.
>>>> > >
>>>> > >
>>>> > >
>>>> > >- Original Message 
>>>> > > > From: DHSinclair 
>>>> > > > To: Hardware Group 
>>>> > > > Sent: Friday, April 24, 2009 1:42:04 PM
>>>> > > > Subject: [H] MAC Address Filter
>>>> > > >
>>>> > > > I use a d-link dgl-4300 router.  I have disabled the wire-less
>>>> > > section.  I only
>>>> > > > do wired LAN business.
>>>> > > > The router is currently at F/W v1.8.  I do know that F/W 1.9 is
>>>> > > available, but
>>>> > > > as I read the docs, it seems to only deal with wire-less
>>>> > > > business/bug-fixes
>>>> > > >
>>>> > > > Can anyone point me to some reading about MAC Address Filters?  I
>>>> do
>>>> > > have one;
>>>> > > > and, I DO use it.
>>>> > > > But, now have questions :)
>>>> > > >
>>>> > > > MyCurrentUnderstanding: I 'think' that my router's MAF is what
>>>> allows
>>>> > > my LAN
>>>> > > > objects to gain access to the WWW (thru my router) via my Service
>>>> > > > Provider.(when enabled!)... Is this correct?
>>>> > > >
>>>> > > > AND, I accept that this MAF access is completely 2-Way, with
>>>> agreed
>>>> > > > comprehension of non-routeable IP-Addy's?
>>>> > > >
>>>> > > > I feel like I am walking into a black hole here.   :)
>>>> > > > Best,
>>>> > > > Duncan
>>>> > >
>>>> > >__ NOD32 4034 (20090424) Information __
>>>> > >
>>>> > >This message was checked by NOD32 antivirus system.
>>>> > >http://www.eset.com
>>>> >
>>>> >
>>>> >__ NOD32 4034 (20090424) Information __
>>>> >
>>>> >This message was checked by NOD32 antivirus system.
>>>> >http://www.eset.com
>>>>
>>>>
>>>> __ NOD32 4036 (20090427) Information __
>>>>
>>>> This message was checked by NOD32 antivirus system.
>>>> http://www.eset.com
>>>>
>>>
>>>
>>
>>
>>

__ NOD32 4040 (20090428) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com

Re: [H] Mobile phones - Moto v. Samsung

[Joe User]

Sorry for the double post - one of these was sent at around 8 AM my
time this morning and didn't appear to go through.



-- 
Regards,
 joeuser - Still looking for the 'any' key...

"...now these points of data make a beautiful line..."

Re: [H] MAC Address Filter

[Bino Gopal]

I wouldn't say *utterly* pointless.  The article is good in pointing out the
issues and people who think using these measures=security (which it
doesn't), but his points are more tailored to an *enterprise* rather than a
home user with an AP...

To wit, MAF is pointless in a work environment, but again, using simple
psychology, which AP is a person looking for free wireless going to
target-the one that's broadcasting the SSID and has no MAF, or yours that
requires a sniffer to find the SSID and a MAC to steal!  

As per http://www.lanarchitect.net/Articles/Wireless/SecurityRating/ if a
bored hacker is trying to get in, even L2 will protect you since they have
to steal your password to get in.  And if that hacker is really targeting
you, then even L3 will protect you; but no one needs that for home use (but
at least use WPA2 since WPA can be cracked now; and forget WEP!).

So I'd still maintain that it's worth it to keep out nosy neighbors or
random passers-by to disable SSID broadcast and use MAF on the wireless;
just don't think it'll truly make you secure...so not *utterly* pointless!
;)

BINO

P.S. Btw, I didn't realize Cisco LEAP was specifically that bad; so it's
definitely better to use EAP-TLS as I was saying in my other post. ;)


-Original Message-
From: hardware-boun...@hardwaregroup.com
[mailto:hardware-boun...@hardwaregroup.com] On Behalf Of Greg Sevart
Sent: Tuesday, April 28, 2009 9:11 AM
To: hardware@hardwaregroup.com
Subject: Re: [H] MAC Address Filter

Ding ding. Disabling the SSID beacon and MAC filtering are utterly
pointless.

"The six dumbest ways to secure a wireless LAN"
http://blogs.zdnet.com/Ou/index.php?p=43

Greg

> -Original Message-
> From: hardware-boun...@hardwaregroup.com [mailto:hardware-
> boun...@hardwaregroup.com] On Behalf Of Brian Weeden
> Sent: Tuesday, April 28, 2009 9:47 AM
> To: hwg
> Cc: hwg
> Subject: Re: [H] MAC Address Filter
> 
> Turning off the said broadcast doesn't really work.  I'm pretty sure
> the ssid is in all the packet headers so anyone with a sniffer will
> still see it.
> 
> Same thing with filtering by mac address - the allowed macs are in all
> the packet headers so all you have to do is sniff and then spoof your
> mac address.
> 
> The only true security for wireles is WPA.
> 
> ---
> Brian Weeden
> Technical Consultant
> Secure World Foundation
> 
> Sent from my iPhone
> 
> On 28-Apr-09, at 4:01 PM, Gary Jackson  wrote:
> 
> >
> >Two tips I have always heard for *wireless* networks, 1)  Turn
> > off SSID broadcasting and use a unique SSID.  2)  If you have a
> > static network ( meaning that you are not adding and deleting a lot
> > of devices ) use Mac Address Filtering.
> >
> > As a former Network Admin, I have not encountered the use of Mac
> > Address Filtering as a security method for wired networks, probably
> > because keeping it up to date would be more of a pain then it is
> > worth.
> >
> > If you have disabled the wireless side of your router, I don't
> > think you need to worry about it as it isn't accessible.
> >
> > Regards.Gary
> >
> >
> > At 12:21 PM 4/27/2009, It was written by DHSinclair that this shall
> > come to pass:
> >> Bino,
> >> OK.  I have back thru this whole thing. Thank you for your help,
> >> but I am still confused.  I see nothing in my docs for the router
> >> that explicitly indicate that using MAF is truly for WLAN only.  I
> >> will dig more later today.
> >>
> >> Anyway. I can confirm that if I now drop my current clients off the
> >> MAF, none of them will ever get thru the router to the WWW.  This I
> >> have confirmed several times. And, I have re-confirmed that I have
> >> all WLAN business in the router disabled; I even left the external
> >> antennas in the box!
> >>
> >> Yes, there is a new f/w available for my router (v1.9). I currently
> >> use v1.8.  I have read and re-read the release notes and do NOT see
> >> any patches/bug fixes for a Wired LAN.  Everything I read is for
> >> WLAN and VPN tunnels.  I use neither at all.  So, I see little push
> >> to update the f/w of my router ATM.
> >> But, as you have mentioned some segregation between Wired and
> >> Wireless NOW in the MAF logic, I will now go back and dig
> >> deeper.perhaps I missed something.  Not like this has
> >> ever happened before.. LOL!
> >>
> >> Still listening.
> >> Best,
> >> Duncan
> >>
> >> At 09:28 04/27/2009 -0700, you wrote:
> >>> Ok, going inline with BG1> before my responses; the 1 is if we
> >>> continue;
> >>> then those will be BG2> and so on... ;)
> >>>
> >>>
> >>> -Original Message-
> >>> From: hardware-boun...@hardwaregroup.com
> >>> [mailto:hardware-boun...@hardwaregroup.com] On Behalf Of DHSinclair
> >>> Sent: Friday, April 24, 2009 8:23 PM
> >>> To: hardware@hardwaregroup.com
> >>> Subject: Re: [H] MAC Address Filter
> >>>
> >>> Bino,
> >>> I gotta go inline below.
> >>>

Re: [H] Contact info for Jim?

[Steve Tomporowski]

Bino,

On your hotmail, check your junkmail settings.  They could be set for 
immediate deletion. Hotmail, at random, will decide that some of your 
'safe' mail is junk at any time.  Then you could be getting list mail, 
but you'd never know it!


Steve

Rick Glazier wrote:

See the e-mail headers of any message:
List-Help: 

From: "Bino Gopal"
Anyone have contact info for Jim?  Wanted to ask him if he knew why I 
wasn't

getting HWG email to my hotmail account, but it works fine on my
gmail.anyone else have this problem btw?  Though if you have a hotmail
account and are having the problem I am, you won't see this message, 
so it's

kind of pointless unless you have another account subscribed like me. ;P

Re: [H] MAC Address Filter

[Brian Weeden]

Duncan -

I was traveling so I missed the first part of this thread.  To clear up a
couple of things that I hinted at in my previous message:

- MAF is only useful for keeping pesky neighbors from hogging your wifi.  it
will NOT prevent hackers or anyone who really wants to get in.
- same thing applies to turning off SSID broadcast and/or using a screwy
name.  will only stop casual people, not hackers

I am not sure why you are concerned with using MAF on your wired LAN to
begin with.  If you have the wireless disabled, then the only way someone
can get into your LAN is to walk into your house and plug in their machine.

And if they can do that you have bigger problems.

---
Brian

On Tue, Apr 28, 2009 at 4:47 PM, Brian Weeden wrote:

> Turning off the said broadcast doesn't really work.  I'm pretty sure the
> ssid is in all the packet headers so anyone with a sniffer will still see
> it.
>
> Same thing with filtering by mac address - the allowed macs are in all the
> packet headers so all you have to do is sniff and then spoof your mac
> address.
>
> The only true security for wireles is WPA.
>
> ---
> Brian Weeden
> Technical Consultant
> Secure World Foundation
>
> Sent from my iPhone
>
> On 28-Apr-09, at 4:01 PM, Gary Jackson  wrote:
>
>
>>   Two tips I have always heard for *wireless* networks, 1)  Turn off SSID
>> broadcasting and use a unique SSID.  2)  If you have a static network (
>> meaning that you are not adding and deleting a lot of devices ) use Mac
>> Address Filtering.
>>
>>As a former Network Admin, I have not encountered the use of Mac
>> Address Filtering as a security method for wired networks, probably because
>> keeping it up to date would be more of a pain then it is worth.
>>
>>If you have disabled the wireless side of your router, I don't think
>> you need to worry about it as it isn't accessible.
>>
>> Regards.Gary
>>
>>
>> At 12:21 PM 4/27/2009, It was written by DHSinclair that this shall come
>> to pass:
>>
>>> Bino,
>>>
>>> OK.  I have back thru this whole thing. Thank you for your help, but I am
>>> still confused.  I see nothing in my docs for the router that explicitly
>>> indicate that using MAF is truly for WLAN only.  I will dig more later
>>> today.
>>>
>>> Anyway. I can confirm that if I now drop my current clients off the MAF,
>>> none of them will ever get thru the router to the WWW.  This I have
>>> confirmed several times. And, I have re-confirmed that I have all WLAN
>>> business in the router disabled; I even left the external antennas in the
>>> box!
>>>
>>> Yes, there is a new f/w available for my router (v1.9). I currently use
>>> v1.8.  I have read and re-read the release notes and do NOT see any
>>> patches/bug fixes for a Wired LAN.  Everything I read is for WLAN and VPN
>>> tunnels.  I use neither at all.  So, I see little push to update the f/w of
>>> my router ATM.
>>> But, as you have mentioned some segregation between Wired and Wireless
>>> NOW in the MAF logic, I will now go back and dig deeper.perhaps
>>> I missed something.  Not like this has ever happened
>>> before.. LOL!
>>>
>>> Still listening.
>>> Best,
>>> Duncan
>>>
>>> At 09:28 04/27/2009 -0700, you wrote:
>>>
 Ok, going inline with BG1> before my responses; the 1 is if we continue;
 then those will be BG2> and so on... ;)


 -Original Message-
 From: hardware-boun...@hardwaregroup.com
 [mailto:hardware-boun...@hardwaregroup.com] On Behalf Of DHSinclair
 Sent: Friday, April 24, 2009 8:23 PM
 To: hardware@hardwaregroup.com
 Subject: Re: [H] MAC Address Filter

 Bino,
 I gotta go inline below.
 At 15:32 04/24/2009 -0700, you wrote:
 >According to the DGL-4300 manual (found the pdf online) the Filter
 settings
 >section (Advanced -> MAC Address Filter) lets you pick from filtering
 >wireless and wired clients separate from each other p.39).

 OK. Fair. I will go back to the docs once again.. :)

 >John is right that some routers usually only let you do it for wireless
 >clients, but as it turns out yours definitely let's you do it for both.

 I am going to, ATM, trust you on this.. :)
 My router did/does NOT give me a choice between WLAN / LAN


 BG1> IF you have a DGL-4300, since I found the pdf manual online and it
 had
 a screenshot that clearly showed selecting b/w wireless and wired
 clients
 for the MAF, then either you have a different model which doesn't have
 it,
 or you need a firmware update to enable that.


 >Oh and btw, your understanding of the MAF you wrote below is completely
 >wrong (just fyi).

 OMG!!!  Please enlighten

 >   What you described was NAT (Network Address
 >Translation)-that's what takes the PCs on the private address space of
 your
 >home network and translates 

[H] Mobile phones - Moto v. Samsung

[Joe User]

Hello,

We got an offer from Alltel to upgrade our phones. We've had our
current phones for quite a few years now. Kyocera SOHO's - they serve
us well. Anyway, they offer Motorazr V3a for 29.99 and Samsung Hue II
for 39.99. I like both companies and I know it seems like everyone has
the Motorazr's. Never seen the Samsungs before though.

These phones look like they have cameras etc. In my experience all
this does is give them more ways to charge you for this and that - buy
new cords to plug into a computer to get pictures off - or pay a fee
to email them - etc. Is this still how it is?

Other question - which of these phones is better? Moto or Samsung?
Based off features, usage, and what-not.


-- 
Regards,
 joeuser - Still looking for the 'any' key...

"...now these points of data make a beautiful line..."

Re: [H] Opinions sought (email)?

[DHSinclair]

OK,
Hope you are right :)
Best,
Duncan

At 11:16 04/28/2009 -0700, you wrote:

pop3 be pop3, should not matter
fp

At 09:37 AM 4/28/2009, DHSinclair Poked the stick with:
>It is April and I am slow... :)
>It seems that back in FEB, ATT decided to enable the shift of MY email 
connection from x.bellsouth.net to x.att.yahoo.com.

>
>OK, I know I now have to do some online "subscription" business first.
>
>But, I use Eudora and Thunderbird...
>ATT does not seem to recognize these email clients in their FAQs.
>ATT seems to recognize only:
>
>* Entourage
>* Mac OS X Mail (10.1-10.4)
>* Mac OS X Mail (10.5)
>* Outlook 2000
>* Outlook 2002
>* Outlook 2003
>* Outlook 2007
>* Outlook Express
>* Windows Mail
>
>Seeking opinions from the collective on which of the above clients are 
close enough to Eudora and/or Thunderbird, so I can refer to one of 
"ATT's Mail Client Set-up" after I complete the subscription 
business... :)
>And, I do not have the patience to deal with a script-reader in SE 
Asia :)

>
>Thank you for your suggestions in advance.
>Best,
>Duncan

--
Tallyho ! ]:8)
Taglines below !
--
Proofread carefully to see if you any words out.


__ NOD32 4040 (20090428) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com

[H] Mobile phones - Moto v. Samsung

[Joe User]

Hello,

We got an offer from Alltel to upgrade our phones. We've had our
current phones for quite a few years now. Kyocera SOHO's - they serve
us well. Anyway, they offer Motorazr V3a for 29.99 and Samsung Hue II
for 39.99. I like both companies and I know it seems like everyone has
the Motorazr's. Never seen the Samsungs before though.

These phones look like they have cameras etc. In my experience all
this does is give them more ways to charge you for this and that - buy
new cords to plug into a computer to get pictures off - or pay a fee
to email them - etc. Is this still how it is?

Other question - which of these phones is better? Moto or Samsung?
Based off features, usage, and what-not.


-- 
Regards,
 joeuser - Still looking for the 'any' key...

"...now these points of data make a beautiful line..."

Re: [H] Opinions sought (email)?

[FORC5]

pop3 be pop3, should not matter
fp

At 09:37 AM 4/28/2009, DHSinclair Poked the stick with:
>It is April and I am slow... :)
>It seems that back in FEB, ATT decided to enable the shift of MY email 
>connection from x.bellsouth.net to x.att.yahoo.com.
>
>OK, I know I now have to do some online "subscription" business first.
>
>But, I use Eudora and Thunderbird...
>ATT does not seem to recognize these email clients in their FAQs.
>ATT seems to recognize only:
>
>* Entourage
>* Mac OS X Mail (10.1-10.4)
>* Mac OS X Mail (10.5)
>* Outlook 2000
>* Outlook 2002
>* Outlook 2003
>* Outlook 2007
>* Outlook Express
>* Windows Mail
>
>Seeking opinions from the collective on which of the above clients are close 
>enough to Eudora and/or Thunderbird, so I can refer to one of "ATT's Mail 
>Client Set-up" after I complete the subscription business... :)
>And, I do not have the patience to deal with a script-reader in SE 
>Asia :)
>
>Thank you for your suggestions in advance.
>Best,
>Duncan

-- 
Tallyho ! ]:8)
Taglines below !
--
Proofread carefully to see if you any words out.

Re: [H] MAC Address Filter

[DHSinclair]

eally buy you anything!  Does that make it more clear?
>>> Sorry for
>>> being too snarky! ;P
>>>
>>>
>>> P.S.  HWG email has been spotty for some time.Stuff happens.
>>> The BIG
>>> PERSON only knows what is going on.. :)  I read this as
>>> "dead-time."  But, that is JMHO.
>>>
>>>
>>> BG1> Yeah, but the weird thing is, I'm getting it fine to my
>>> gmail, but NOT
>>> to my hotmail...anyone else running into this?
>>>
>>>
>>> > BINO
>>> >
>>> >P.S. I haven't been getting any HWG emails to my hotmail.com
>>> account since
>>> >4/12/09--none at all.  Anyone else on hotmail having this
>>> problem?  I also
>>> >have it sent to my gmail account and that's how I even saw this
>>> message...
>>> >
>>> >
>>> >
>>> >-Original Message-
>>> >From: hardware-boun...@hardwaregroup.com
>>> >[mailto:hardware-boun...@hardwaregroup.com] On Behalf Of DHSinclair
>>> >Sent: Friday, April 24, 2009 2:58 PM
>>> >To: hardware@hardwaregroup.com
>>> >Subject: Re: [H] MAC Address Filter
>>> >
>>> >John,
>>> >I so appreciate your share. BUT, it seems to be focused at
>>> >Wire-less/AccessPoint/WLAN business.?
>>> >I do get this for a LAN that has WLAN access.  I do NOT.  Still
>>> moderately
>>> >confused...
>>> >
>>> >Is MAC Address Filter really ONLY good for WLAN?
>>> >
>>> >I freely accept that my current router is totally focused toward
>>> >WLAN!  And, Gaming!  Neither of which I use it for.  I bought it
>>> on the
>>> >recc from HayesElkins.
>>> >Best,
>>> >Duncan
>>> >
>>> >At 14:22 04/24/2009 -0700, you wrote:
>>> > >Most Wi-Fi access points and routers ship with a feature called
>>> hardware
>>> > >or MAC address filtering.
>>> > >This feature is normally turned "off" by the manufacturer,
>>> because it
>>> > >requires a bit of effort to set up properly.
>>> > >
>>> > >However, to improve the
>>> > >security of your Wi-Fi LAN (WLAN), strongly consider enabling
>>> and using
>>> > >MAC address filtering.
>>> > >
>>> > >Without MAC address filtering, any wireless client can join
>>> (authenticate
>>> > >with) a Wi-Fi network if they know the network name (also
>>> called the
>>> SSID)
>>> > >and perhaps a few other security parameters like encryption keys.
>>> > >
>>> > >
>>> > >When
>>> > >MAC address filtering is enabled, however, the access point or
>>> router
>>> > >performs an additional check on a different parameter.
>>> Obviously the
>>> > >more checks that are made, the greater the likelihood of
>>> preventing
>>> > >network break-ins.
>>> > >
>>> > >To set up MAC address filtering, you as a WLAN administrator
>>> > >must configure a list of clients that will be allowed to join the
>>> > >network. First, obtain the MAC addresses of each client from its
>>> > >operating system or configuration utility. Then, they enter those
>>> > >addresses into a configuratin screen of the wireless access
>>> point or
>>> > >router. Finally, switch on the filtering option.
>>> > >
>>> > >Once enabled, whenever the wireless access point or router
>>> > >receives a request to join with the WLAN, it compares the MAC
>>> address
>>> > >of that client against the administrator's list. Clients on the
>>> list
>>> > >authenticate as normal; clients not on the list are denied any
>>> access
>>> > >to the WLAN.
>>> > >
>>> > >MAC addresses on wireless clients can't be changed as they are
>>> > >burned into the hardware. However, some wireless clients allow
>>> their
>>> > >MAC address to be "impersonated" or "spoofed" in software. It's
>>> > >certainly possible for a determined hacker to break into your
>>> WLAN by
>>> > >configuring their client to spoof one of your MAC addresses.
>>> Although
>>> > >MAC address filtering isn't bulletproof, still it remains a
>>> helpful
>>> > >additional layer of defense that improves overall Wi-Fi network
>>> > >security.
>>> > >  --
>>> > >JRS
>>> > >stei...@pacbell.net
>>> > >
>>> > >
>>> > >Facts do not cease to exist just
>>> > >because they are ignored.
>>> > >
>>> > >
>>> > >
>>> > >- Original Message 
>>> > > > From: DHSinclair 
>>> > > > To: Hardware Group 
>>> > > > Sent: Friday, April 24, 2009 1:42:04 PM
>>> > > > Subject: [H] MAC Address Filter
>>> > > >
>>> > > > I use a d-link dgl-4300 router.  I have disabled the wire-less
>>> > > section.  I only
>>> > > > do wired LAN business.
>>> > > > The router is currently at F/W v1.8.  I do know that F/W 1.9
>>> is
>>> > > available, but
>>> > > > as I read the docs, it seems to only deal with wire-less
>>> > > > business/bug-fixes
>>> > > >
>>> > > > Can anyone point me to some reading about MAC Address
>>> Filters?  I do
>>> > > have one;
>>> > > > and, I DO use it.
>>> > > > But, now have questions :)
>>> > > >
>>> > > > MyCurrentUnderstanding: I 'think' that my router's MAF is
>>> what allows
>>> > > my LAN
>>> > > > objects to gain access to the WWW (thru my router) via my
>>> Service
>>> > > > Provider.(when enabled!)... Is this correct?
>>> > > >
>>> > > > AND, I accept that this MAF access is completely 2-Way, with
>>> agreed
>>> > > > comprehension of non-routeable IP-Addy's?
>>> > > >
>>> > > > I feel like I am walking into a black hole here.   :)
>>> > > > Best,
>>> > > > Duncan
>>> > >
>>> > >__ NOD32 4034 (20090424) Information __
>>> > >
>>> > >This message was checked by NOD32 antivirus system.
>>> > >http://www.eset.com
>>> >
>>> >
>>> >__ NOD32 4034 (20090424) Information __
>>> >
>>> >This message was checked by NOD32 antivirus system.
>>> >http://www.eset.com
>>>
>>>
>>> __ NOD32 4036 (20090427) Information __
>>>
>>> This message was checked by NOD32 antivirus system.
>>> http://www.eset.com
>>
>
>
>


__ NOD32 4040 (20090428) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com

Re: [H] MAC Address Filter

[Christopher Fisk]

On Tue, 28 Apr 2009, JRS wrote:


If someone wanted to bad enuff, they could still get in,
but I have not had any issues yet.  :)


Exactly true.  While I wouldn't rely on that for stuff that *really* 
needed to be secure, consider what else is around, if someone else has an 
unsecured wireless and you have something with WEP, which do you think the 
freeloaders are going to use?




Christopher Fisk
--
Cleveland:  Public urination is just wrong. Except during the Million Man 
March when protestors burned down our porta-potties and I used my stream 
of justice to put out the hate.


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: [H] MAC Address Filter

[Scott Sipe]

If you change channel (which can definitely be a good idea if you're  
in an area with interference/other networks, etc), I would generlaly  
stick to channel 1,6, or 11. These are the only 3 channels that don't  
overlap with other channels.


Not always straightforward though -- at my last apartment there were a  
lot of wireless networks showing up on channels 6 and 11, so I changed  
my wrt54g to channel 1. Problem is, laptops would just drop the signal  
every so often, even though I saw no other networks on channel 1.  
Putting back to channel 6 or 11 made the dropping stop.


Scott

On Apr 28, 2009, at 11:03 AM, JRS wrote:



Yep, That's how I also do my wireless setups.

Change the SSID, no broadcast, MAC address filtering,
and I also change the channel since everyone mostly
seems to just leave them on channel 6..  :)


If someone wanted to bad enuff, they could still get in,
but I have not had any issues yet.  :)


--
JRS
stei...@pacbell.net

Re: [H] MAC Address Filter

[Bino Gopal]

Right; no one should think those methods alone will secure them, but they
make it just that *little* bit harder, such that if someone is being lazy
(or a novice who's trying to learn), you're less likely to get picked than
the guy who is broadcasting their SSID in the open and not doing MAF, right?

And even with WPA there were flaws in the TKIP protocol, so you should
really use WPA2.  But even with WPA2 you can still do 802.1x with a Radius
server and client certs on your machines (or even smartcards) using EAP-TLS
if you want to be truly secure (or 802.11i)! ;)

BINO


-Original Message-
From: hardware-boun...@hardwaregroup.com
[mailto:hardware-boun...@hardwaregroup.com] On Behalf Of Brian Weeden
Sent: Tuesday, April 28, 2009 7:47 AM
To: hwg
Cc: hwg
Subject: Re: [H] MAC Address Filter

Turning off the said broadcast doesn't really work.  I'm pretty sure  
the ssid is in all the packet headers so anyone with a sniffer will  
still see it.

Same thing with filtering by mac address - the allowed macs are in all  
the packet headers so all you have to do is sniff and then spoof your  
mac address.

The only true security for wireles is WPA.

---
Brian Weeden
Technical Consultant
Secure World Foundation

Sent from my iPhone

On 28-Apr-09, at 4:01 PM, Gary Jackson  wrote:

>
>Two tips I have always heard for *wireless* networks, 1)  Turn  
> off SSID broadcasting and use a unique SSID.  2)  If you have a  
> static network ( meaning that you are not adding and deleting a lot  
> of devices ) use Mac Address Filtering.
>
> As a former Network Admin, I have not encountered the use of Mac  
> Address Filtering as a security method for wired networks, probably  
> because keeping it up to date would be more of a pain then it is  
> worth.
>
> If you have disabled the wireless side of your router, I don't  
> think you need to worry about it as it isn't accessible.
>
> Regards.Gary
>
>
> At 12:21 PM 4/27/2009, It was written by DHSinclair that this shall  
> come to pass:
>> Bino,
>> OK.  I have back thru this whole thing. Thank you for your help,  
>> but I am still confused.  I see nothing in my docs for the router  
>> that explicitly indicate that using MAF is truly for WLAN only.  I  
>> will dig more later today.
>>
>> Anyway. I can confirm that if I now drop my current clients off the  
>> MAF, none of them will ever get thru the router to the WWW.  This I  
>> have confirmed several times. And, I have re-confirmed that I have  
>> all WLAN business in the router disabled; I even left the external  
>> antennas in the box!
>>
>> Yes, there is a new f/w available for my router (v1.9). I currently  
>> use v1.8.  I have read and re-read the release notes and do NOT see  
>> any patches/bug fixes for a Wired LAN.  Everything I read is for  
>> WLAN and VPN tunnels.  I use neither at all.  So, I see little push  
>> to update the f/w of my router ATM.
>> But, as you have mentioned some segregation between Wired and  
>> Wireless NOW in the MAF logic, I will now go back and dig  
>> deeper.perhaps I missed something.  Not like this has  
>> ever happened before.. LOL!
>>
>> Still listening.
>> Best,
>> Duncan
>>
>> At 09:28 04/27/2009 -0700, you wrote:
>>> Ok, going inline with BG1> before my responses; the 1 is if we  
>>> continue;
>>> then those will be BG2> and so on... ;)
>>>
>>>
>>> -Original Message-
>>> From: hardware-boun...@hardwaregroup.com
>>> [mailto:hardware-boun...@hardwaregroup.com] On Behalf Of DHSinclair
>>> Sent: Friday, April 24, 2009 8:23 PM
>>> To: hardware@hardwaregroup.com
>>> Subject: Re: [H] MAC Address Filter
>>>
>>> Bino,
>>> I gotta go inline below.
>>> At 15:32 04/24/2009 -0700, you wrote:
>>> >According to the DGL-4300 manual (found the pdf online) the  
>>> Filter settings
>>> >section (Advanced -> MAC Address Filter) lets you pick from  
>>> filtering
>>> >wireless and wired clients separate from each other p.39).
>>>
>>> OK. Fair. I will go back to the docs once again.. :)
>>>
>>> >John is right that some routers usually only let you do it for  
>>> wireless
>>> >clients, but as it turns out yours definitely let's you do it for  
>>> both.
>>>
>>> I am going to, ATM, trust you on this.. :)
>>> My router did/does NOT give me a choice between WLAN /  
>>> LAN
>>>
>>>
>>> BG1> IF you have a DGL-4300, since I found the pdf manual online  
>>> and it had
>>> a screenshot that clearly showed selecting b/w wireless and wired  
>>> clients
>>> for the MAF, then either you have a different model which doesn't  
>>> have it,
>>> or you need a firmware update to enable that.
>>>
>>>
>>> >Oh and btw, your understanding of the MAF you wrote below is  
>>> completely
>>> >wrong (just fyi).
>>>
>>> OMG!!!  Please enlighten
>>>
>>> >   What you described was NAT (Network Address
>>> >Translation)-that's what t

[H] Opinions sought (email)?

[DHSinclair]

It is April and I am slow... :)
It seems that back in FEB, ATT decided to enable the shift of MY email 
connection from x.bellsouth.net to x.att.yahoo.com.


OK, I know I now have to do some online "subscription" business first.

But, I use Eudora and Thunderbird...
ATT does not seem to recognize these email clients in their FAQs.
ATT seems to recognize only:

* Entourage
* Mac OS X Mail (10.1-10.4)
* Mac OS X Mail (10.5)
* Outlook 2000
* Outlook 2002
* Outlook 2003
* Outlook 2007
* Outlook Express
* Windows Mail

Seeking opinions from the collective on which of the above clients are 
close enough to Eudora and/or Thunderbird, so I can refer to one of "ATT's 
Mail Client Set-up" after I complete the subscription business... :)
And, I do not have the patience to deal with a script-reader in SE 
Asia :)


Thank you for your suggestions in advance.
Best,
Duncan

Re: [H] MAC Address Filter

[Greg Sevart]

Ding ding. Disabling the SSID beacon and MAC filtering are utterly
pointless.

"The six dumbest ways to secure a wireless LAN"
http://blogs.zdnet.com/Ou/index.php?p=43

Greg

> -Original Message-
> From: hardware-boun...@hardwaregroup.com [mailto:hardware-
> boun...@hardwaregroup.com] On Behalf Of Brian Weeden
> Sent: Tuesday, April 28, 2009 9:47 AM
> To: hwg
> Cc: hwg
> Subject: Re: [H] MAC Address Filter
> 
> Turning off the said broadcast doesn't really work.  I'm pretty sure
> the ssid is in all the packet headers so anyone with a sniffer will
> still see it.
> 
> Same thing with filtering by mac address - the allowed macs are in all
> the packet headers so all you have to do is sniff and then spoof your
> mac address.
> 
> The only true security for wireles is WPA.
> 
> ---
> Brian Weeden
> Technical Consultant
> Secure World Foundation
> 
> Sent from my iPhone
> 
> On 28-Apr-09, at 4:01 PM, Gary Jackson  wrote:
> 
> >
> >Two tips I have always heard for *wireless* networks, 1)  Turn
> > off SSID broadcasting and use a unique SSID.  2)  If you have a
> > static network ( meaning that you are not adding and deleting a lot
> > of devices ) use Mac Address Filtering.
> >
> > As a former Network Admin, I have not encountered the use of Mac
> > Address Filtering as a security method for wired networks, probably
> > because keeping it up to date would be more of a pain then it is
> > worth.
> >
> > If you have disabled the wireless side of your router, I don't
> > think you need to worry about it as it isn't accessible.
> >
> > Regards.Gary
> >
> >
> > At 12:21 PM 4/27/2009, It was written by DHSinclair that this shall
> > come to pass:
> >> Bino,
> >> OK.  I have back thru this whole thing. Thank you for your help,
> >> but I am still confused.  I see nothing in my docs for the router
> >> that explicitly indicate that using MAF is truly for WLAN only.  I
> >> will dig more later today.
> >>
> >> Anyway. I can confirm that if I now drop my current clients off the
> >> MAF, none of them will ever get thru the router to the WWW.  This I
> >> have confirmed several times. And, I have re-confirmed that I have
> >> all WLAN business in the router disabled; I even left the external
> >> antennas in the box!
> >>
> >> Yes, there is a new f/w available for my router (v1.9). I currently
> >> use v1.8.  I have read and re-read the release notes and do NOT see
> >> any patches/bug fixes for a Wired LAN.  Everything I read is for
> >> WLAN and VPN tunnels.  I use neither at all.  So, I see little push
> >> to update the f/w of my router ATM.
> >> But, as you have mentioned some segregation between Wired and
> >> Wireless NOW in the MAF logic, I will now go back and dig
> >> deeper.perhaps I missed something.  Not like this has
> >> ever happened before.. LOL!
> >>
> >> Still listening.
> >> Best,
> >> Duncan
> >>
> >> At 09:28 04/27/2009 -0700, you wrote:
> >>> Ok, going inline with BG1> before my responses; the 1 is if we
> >>> continue;
> >>> then those will be BG2> and so on... ;)
> >>>
> >>>
> >>> -Original Message-
> >>> From: hardware-boun...@hardwaregroup.com
> >>> [mailto:hardware-boun...@hardwaregroup.com] On Behalf Of DHSinclair
> >>> Sent: Friday, April 24, 2009 8:23 PM
> >>> To: hardware@hardwaregroup.com
> >>> Subject: Re: [H] MAC Address Filter
> >>>
> >>> Bino,
> >>> I gotta go inline below.
> >>> At 15:32 04/24/2009 -0700, you wrote:
> >>> >According to the DGL-4300 manual (found the pdf online) the
> >>> Filter settings
> >>> >section (Advanced -> MAC Address Filter) lets you pick from
> >>> filtering
> >>> >wireless and wired clients separate from each other p.39).
> >>>
> >>> OK. Fair. I will go back to the docs once again..
> :)
> >>>
> >>> >John is right that some routers usually only let you do it for
> >>> wireless
> >>> >clients, but as it turns out yours definitely let's you do it for
> >>> both.
> >>>
> >>> I am going to, ATM, trust you on this.. :)
> >>> My router did/does NOT give me a choice between WLAN /
> >>> LAN
> >>>
> >>>
> >>> BG1> IF you have a DGL-4300, since I found the pdf manual online
> >>> and it had
> >>> a screenshot that clearly showed selecting b/w wireless and wired
> >>> clients
> >>> for the MAF, then either you have a different model which doesn't
> >>> have it,
> >>> or you need a firmware update to enable that.
> >>>
> >>>
> >>> >Oh and btw, your understanding of the MAF you wrote below is
> >>> completely
> >>> >wrong (just fyi).
> >>>
> >>> OMG!!!  Please enlighten
> >>>
> >>> >   What you described was NAT (Network Address
> >>> >Translation)-that's what takes the PCs on the private address
> >>> space of your
> >>> >home network and translates them into the public IP that gives
> >>> them access
> >>> >to the internet.  And it's NOT 2-way; i.e. just b/c the PCs can
> >>> access the
> >>> >internet, that doesn't mean that things on t

Re: [H] MAC Address Filter

[JRS]

Yep, That's how I also do my wireless setups.
 
Change the SSID, no broadcast, MAC address filtering, 
and I also change the channel since everyone mostly 
seems to just leave them on channel 6..  :)


If someone wanted to bad enuff, they could still get in,
but I have not had any issues yet.  :)

 
-- 
JRS 
stei...@pacbell.net


Facts do not cease to exist just
because they are ignored.





From: Gary Jackson 
To: hardware@hardwaregroup.com
Sent: Tuesday, April 28, 2009 7:01:06 AM
Subject: Re: [H] MAC Address Filter


 Two tips I have always heard for *wireless* networks, 1)  Turn off 
SSID broadcasting and use a unique SSID.  2)  If you have a static network 
( meaning that you are not adding and deleting a lot of devices ) use Mac 
Address Filtering.

  As a former Network Admin, I have not encountered the use of Mac 
Address Filtering as a security method for wired networks, probably because 
keeping it up to date would be more of a pain then it is worth.

  If you have disabled the wireless side of your router, I don't think 
you need to worry about it as it isn't accessible.

Regards.Gary

Re: [H] MAC Address Filter

[Brian Weeden]

Turning off the said broadcast doesn't really work.  I'm pretty sure  
the ssid is in all the packet headers so anyone with a sniffer will  
still see it.


Same thing with filtering by mac address - the allowed macs are in all  
the packet headers so all you have to do is sniff and then spoof your  
mac address.


The only true security for wireles is WPA.

---
Brian Weeden
Technical Consultant
Secure World Foundation

Sent from my iPhone

On 28-Apr-09, at 4:01 PM, Gary Jackson  wrote:



   Two tips I have always heard for *wireless* networks, 1)  Turn  
off SSID broadcasting and use a unique SSID.  2)  If you have a  
static network ( meaning that you are not adding and deleting a lot  
of devices ) use Mac Address Filtering.


As a former Network Admin, I have not encountered the use of Mac  
Address Filtering as a security method for wired networks, probably  
because keeping it up to date would be more of a pain then it is  
worth.


If you have disabled the wireless side of your router, I don't  
think you need to worry about it as it isn't accessible.


Regards.Gary


At 12:21 PM 4/27/2009, It was written by DHSinclair that this shall  
come to pass:

Bino,
OK.  I have back thru this whole thing. Thank you for your help,  
but I am still confused.  I see nothing in my docs for the router  
that explicitly indicate that using MAF is truly for WLAN only.  I  
will dig more later today.


Anyway. I can confirm that if I now drop my current clients off the  
MAF, none of them will ever get thru the router to the WWW.  This I  
have confirmed several times. And, I have re-confirmed that I have  
all WLAN business in the router disabled; I even left the external  
antennas in the box!


Yes, there is a new f/w available for my router (v1.9). I currently  
use v1.8.  I have read and re-read the release notes and do NOT see  
any patches/bug fixes for a Wired LAN.  Everything I read is for  
WLAN and VPN tunnels.  I use neither at all.  So, I see little push  
to update the f/w of my router ATM.
But, as you have mentioned some segregation between Wired and  
Wireless NOW in the MAF logic, I will now go back and dig  
deeper.perhaps I missed something.  Not like this has  
ever happened before.. LOL!


Still listening.
Best,
Duncan

At 09:28 04/27/2009 -0700, you wrote:
Ok, going inline with BG1> before my responses; the 1 is if we  
continue;

then those will be BG2> and so on... ;)


-Original Message-
From: hardware-boun...@hardwaregroup.com
[mailto:hardware-boun...@hardwaregroup.com] On Behalf Of DHSinclair
Sent: Friday, April 24, 2009 8:23 PM
To: hardware@hardwaregroup.com
Subject: Re: [H] MAC Address Filter

Bino,
I gotta go inline below.
At 15:32 04/24/2009 -0700, you wrote:
>According to the DGL-4300 manual (found the pdf online) the  
Filter settings
>section (Advanced -> MAC Address Filter) lets you pick from  
filtering

>wireless and wired clients separate from each other p.39).

OK. Fair. I will go back to the docs once again.. :)

>John is right that some routers usually only let you do it for  
wireless
>clients, but as it turns out yours definitely let's you do it for  
both.


I am going to, ATM, trust you on this.. :)
My router did/does NOT give me a choice between WLAN /  
LAN



BG1> IF you have a DGL-4300, since I found the pdf manual online  
and it had
a screenshot that clearly showed selecting b/w wireless and wired  
clients
for the MAF, then either you have a different model which doesn't  
have it,

or you need a firmware update to enable that.


>Oh and btw, your understanding of the MAF you wrote below is  
completely

>wrong (just fyi).

OMG!!!  Please enlighten

>   What you described was NAT (Network Address
>Translation)-that's what takes the PCs on the private address  
space of your
>home network and translates them into the public IP that gives  
them access
>to the internet.  And it's NOT 2-way; i.e. just b/c the PCs can  
access the
>internet, that doesn't mean that things on the internet can  
access your

PCs.

Thanks Bino.  No.  I do believe that NAT is THE clear concept  
here..
All my router's since 199x have use NAT. Perhaps NAT has  
changed...
Perhaps I may dick with it a bit, but I do believe I know what NAT  
logic

still purports to do..even with SPI now!!.. :)


BG1> NAT for the most part is the same as it was since 1999 or  
so...so if
you're clear on NAT and how it works and what it does, then you're  
fine.
Just remember that it doesn't automatically allow inbound  
connections back
to your PC (which is a good thing, b/c otherwise it'd be too easy  
to hack
people) unless you specifically set that up (well, AFAIK; maybe  
some newer
routers do this, but that would be a BAAAD thing to do by default  
w/o making

you enable it first...JM2C there).


>So the MAF restricts who can get ONTO your network in the first  
place.
>

Re: [H] MAC Address Filter

[Gary Jackson]

Two tips I have always heard for *wireless* networks, 1)  Turn off 
SSID broadcasting and use a unique SSID.  2)  If you have a static network 
( meaning that you are not adding and deleting a lot of devices ) use Mac 
Address Filtering.


 As a former Network Admin, I have not encountered the use of Mac 
Address Filtering as a security method for wired networks, probably because 
keeping it up to date would be more of a pain then it is worth.


 If you have disabled the wireless side of your router, I don't think 
you need to worry about it as it isn't accessible.


Regards.Gary


At 12:21 PM 4/27/2009, It was written by DHSinclair that this shall come to 
pass:

Bino,
OK.  I have back thru this whole thing. Thank you for your help, but I am 
still confused.  I see nothing in my docs for the router that explicitly 
indicate that using MAF is truly for WLAN only.  I will dig more later today.


Anyway. I can confirm that if I now drop my current clients off the MAF, 
none of them will ever get thru the router to the WWW.  This I have 
confirmed several times. And, I have re-confirmed that I have all WLAN 
business in the router disabled; I even left the external antennas in the box!


Yes, there is a new f/w available for my router (v1.9). I currently use 
v1.8.  I have read and re-read the release notes and do NOT see any 
patches/bug fixes for a Wired LAN.  Everything I read is for WLAN and VPN 
tunnels.  I use neither at all.  So, I see little push to update the f/w 
of my router ATM.
But, as you have mentioned some segregation between Wired and Wireless NOW 
in the MAF logic, I will now go back and dig deeper.perhaps I 
missed something.  Not like this has ever happened 
before.. LOL!


Still listening.
Best,
Duncan

At 09:28 04/27/2009 -0700, you wrote:

Ok, going inline with BG1> before my responses; the 1 is if we continue;
then those will be BG2> and so on... ;)


-Original Message-
From: hardware-boun...@hardwaregroup.com
[mailto:hardware-boun...@hardwaregroup.com] On Behalf Of DHSinclair
Sent: Friday, April 24, 2009 8:23 PM
To: hardware@hardwaregroup.com
Subject: Re: [H] MAC Address Filter

Bino,
I gotta go inline below.
At 15:32 04/24/2009 -0700, you wrote:
>According to the DGL-4300 manual (found the pdf online) the Filter settings
>section (Advanced -> MAC Address Filter) lets you pick from filtering
>wireless and wired clients separate from each other p.39).

OK. Fair. I will go back to the docs once again.. :)

>John is right that some routers usually only let you do it for wireless
>clients, but as it turns out yours definitely let's you do it for both.

I am going to, ATM, trust you on this.. :)
My router did/does NOT give me a choice between WLAN / LAN


BG1> IF you have a DGL-4300, since I found the pdf manual online and it had
a screenshot that clearly showed selecting b/w wireless and wired clients
for the MAF, then either you have a different model which doesn't have it,
or you need a firmware update to enable that.


>Oh and btw, your understanding of the MAF you wrote below is completely
>wrong (just fyi).

OMG!!!  Please enlighten

>   What you described was NAT (Network Address
>Translation)-that's what takes the PCs on the private address space of your
>home network and translates them into the public IP that gives them access
>to the internet.  And it's NOT 2-way; i.e. just b/c the PCs can access the
>internet, that doesn't mean that things on the internet can access your
PCs.

Thanks Bino.  No.  I do believe that NAT is THE clear concept here..
All my router's since 199x have use NAT. Perhaps NAT has changed...
Perhaps I may dick with it a bit, but I do believe I know what NAT logic
still purports to do..even with SPI now!!.. :)


BG1> NAT for the most part is the same as it was since 1999 or so...so if
you're clear on NAT and how it works and what it does, then you're fine.
Just remember that it doesn't automatically allow inbound connections back
to your PC (which is a good thing, b/c otherwise it'd be too easy to hack
people) unless you specifically set that up (well, AFAIK; maybe some newer
routers do this, but that would be a BAAAD thing to do by default w/o making
you enable it first...JM2C there).


>So the MAF restricts who can get ONTO your network in the first place.
>Typically it's more interesting/useful for wireless networks since anyone
>can try and connect to your network that way, whereas it's a little harder
>for random people to get the physical access to plug a cable into your
>router/switch! ;)

Yes, and this is why I still do NOT play Wire-less... :)


BG1> Well, if you don't broadcast your SSID, and then use MAF on wireless,
and uses WPA2-PSK and/or client certs, it's practically impossible to hack
your wireless network and it's a lot more convenient than running cables, or
if you have laptops.  But YMMV.


>