Important For Wireless Router Users !!!!!!!!

[vindictive666 (John)]

hi all



i just got this from a news letter i subscribe to



some of you may already know ?


"Wireless Security: Hacked
I have written several different articles about securing your wireless connections. Having an insecure wireless network is like getting a megaphone and announcing your social security number to your whole neighborhood. When your wireless network is not encrypted, anyone within range can gain access to your data fairly easily.
A few days ago, some bad news came through the line. It seems like one method of wireless encryption has been broken. A hacker has been able to break the encryption and gain access to data, even when the security is turned on. The encryption type that has been broken is called WPA-TKIP. It's one of the most common types of wireless network encryption, which means many wireless networks could be at risk.
Luckily, I'm sharing this information with you well before anyone can get to your data. It seems as if the hacker who has broken the wireless security is the only one so far. In a week or so, he will tell the rest of the world how he did it. After that, others will be able to use his technique and hack wireless connections around the world.
So, how can you protect yourself? Allow me to explain!
Many wireless routers come with different types of security. The three main types are called WEP, WPA and WPA2. WEP and WPA are now vulnerable to attack. WEP has been known as a weak system for some time and WPA was just hacked a few days ago. On the other hand, WPA2 has not been affected. That means if you change your wireless security to WPA2, you'll be safe.
If you want to check and see what security you have on your wireless connection, you'll need the manual for your wireless router. Look in the manual for directions on how to set up the wireless security. Once you find that information, look to see which method you're currently using. If you're using WEP or WPA, you should change to WPA2. If you're not using any at all, please activate WPA2!
While most routers support WPA2, some do not. If your router doesn't support WPA2, you should continue to use WPA. Yes, it has been hacked, but it's far better than using nothing at all. Until next time, stay safe out there, my friends!"






regards john

[Octane (Humayun)]

I had been using WEP for a little while and then moved on to WPA2.

Then, just hardened the network down by MAC address.

Regards,
Humayun

[GeoffW1 (Geoff)]

Quote:

Originally Posted by Octane

just hardened the network down by MAC address.

Regards,
Humayun

Hi,

What does that mean?

Cheers

[Zuts]

Hi,

Who cares? If someone wants to park a car outside my house and churn through gigabytes of data in the hope that they may catch some data then good luck to them; i have NOTHING to hide.

Furthermore whether i use WEP or not my banking sessions are ecrypted automatically using HTTPS so are safe.

In fact I leave my network unencrypted; and only lock down the machines that are allowed to access the network by enetering there MAC addresses into my router.

Cheers
Paul

[Dennis]

Based on my very basic understanding of Routers, I think that MAC addresses are not encrypted under WEP, so they can be spoofed? Although most Routers seem to have a defence against this by means of SPI (Stateful Packet Inspection).

Cheers

Dennis

[Octane (Humayun)]

Quote:

Originally Posted by GeoffW1

Hi,

What does that mean?

Cheers

Geoff,

Most wireless routers will allow you to enter the MAC address details of the interface (network card) of the machines that you want to allow to connect to the network.

To obtain the MAC address of your interface, in Windows:

Click Start, go to Run, and type "cmd" without the quotes and hit Enter.
In the black screen that comes up, type, "ipconfig /all" without the quotes.

Somewhere in there, will be a MAC address. Simply enter that in your wireless router's allowed MAC addresses list. Repeat for each of your machines that you want to allow, and, that's it.

If you look up the manual for the brand and model of your wireless router, the details will be all there for you.

Regards,
Humayun

[Octane (Humayun)]

Paul,

Having nothing to hide is all well and good, but, I certainly wouldn't want a wardriver to use up my data allowance leaving me crippled at 8 K/s for the rest of my billing cycle.

I have the family's network set to access via MAC addresses, and have topped it off with WPA2, just in case.

Regards,
Humayun

Quote:

Originally Posted by Zuts

Hi,

Who cares? If someone wants to park a car outside my house and churn through gigabytes of data in the hope that they may catch some data then good luck to them; i have NOTHING to hide.

Furthermore whether i use WEP or not my banking sessions are ecrypted automatically using HTTPS so are safe.

In fact I leave my network unencrypted; and only lock down the machines that are allowed to access the network by enetering there MAC addresses into my router.

Cheers
Paul

[Miaplacidus (Brian)]

Hi Paul,

Um... whereabout do you live?

[Starkler (Geoff)]

Quote:

Originally Posted by Zuts

Hi,

Who cares? If someone wants to park a car outside my house and churn through gigabytes of data in the hope that they may catch some data then good luck to them; i have NOTHING to hide.

If your neighbour likes downloading illegal materials online, then it can only be traced back as far as you.

[GeoffW1 (Geoff)]

Quote:

Originally Posted by Octane

Geoff,

Most wireless routers will allow you to enter the MAC address details of the interface (network card) of the machines that you want to allow to connect to the network.

Regards,
Humayun

Hi,

Thanks for posting this detail, I think it may help a few here.

Here's a bit more, for anyone interested.

http://www.windowsnetworking.com/kba...ssFilters.html

Cheers

[Jen]

thats why i havnt gone to wireless yet im too scared too

[Zuts]

Quote:

Originally Posted by Starkler

If your neighbour likes downloading illegal materials online, then it can only be traced back as far as you.

If they can connect to your network; which they cant if you have mac filtering.

It's a big if as well, you are talking about my immediate neighbours in range of the router, a young professional couple on one side and some female law students on the other, and assuming they would do such a thing and have knowledge of how to (1) find out my MAC address and (2) spoof it.

Cheers
Paul

[Dooghan (Dooghan)]

It's a load of BS. The story was that WPA and WAP2 had been cracked. It's just not true. You still have to use brute force to crack WPA and WPA2. A company by the name of Elcomsolf http://www.elcomsoft.com/news/268.html is using the GPU to speed up brute force attacks. Now if you use a random 63 character password it will still take billions of years to crack using the GPU.

Also have a read of this transcript from the Security Now podcast. You don't have to go to far into it to fine where they are talking about it. http://www.grc.com/sn/sn-167.htm

[casstony]

I have my wireless set to minimum power so that it drops out before reaching any other houses and is very weak at the street.

[Dooghan (Dooghan)]

Quote:

Originally Posted by Zuts

If they can connect to your network; which they cant if you have mac filtering.

It's a big if as well, you are talking about my immediate neighbours in range of the router, a young professional couple on one side and some female law students on the other, and assuming they would do such a thing and have knowledge of how to (1) find out my MAC address and (2) spoof it.

Cheers
Paul

My 8 year son could have your MAC address and be in your network in 5 sec. It so easy to get around MAC filtering. Every pack of data that is sent to your router has your MAC address in the clear and un-encrypted. I change my MAC address to your MAC address, which is easily done, and you router doesn't know anything different. I go and hack some Fed Gov site and the AFP has a chat to you instead of me. MAC filtering is next to useless along with turning off your SSID

[Zuts]

Quote:

Originally Posted by Dooghan

My 8 year son could have your MAC address and be in your network in 5 sec. It so easy to get around MAC filtering. Every pack of data that is sent to your router has your MAC address in the clear and un-encrypted. I change my MAC address to your MAC address, which is easily done, and you router doesn't know anything different. I go and hack some Fed Gov site and the AFP has a chat to you instead of me. MAC filtering is next to useless along with turning off your SSID

I suppose your 8 year old son drives and is going to park in front of my house and steal my bandwidth, i should be worried?

I got my computer science degree in 1978 and have been in the industry since that time. The number of people who know anything about computers or even care about them (except as a device to use) are vanishingly small. I will say it again, MAC filtering, non broadcasting SSID's etc are generally sufficient to protect a home network. Your mileage may vary, but as i said I have two neighbours within range whom i know well and neither are likely to steal my bandwidth.

What are the odds of
(1) more than 20 people within range of your router
(2) some of the 20 having any computer knowledge at all
(3) some of those having the knowledge and desire to hack your wireless connection
(4) some of those being of any interest whatsoever to the AFP

I reckon you have better odds of winning tattslotto than of getting your home wireless router hacked.

Cheers
Paul

[Wavytone]

Where I am my iMac lists >40 wireless base stations in neighbouring apartments. Some are unsecured, wide open to all comers.
In a highrise it can be quite surprising how many you can find when you're up 20-30 floors.

Add to this that a hefty percentage of domestic PC's are insecure and easily hacked into - quite a few have their network settings set to share their wireless connection so i can connect directly to their PC, bypassing any base station they may have... Dills. Now, where's that keystroke logger I wrote a while back...

[dugnsuz (Doug)]

If someone has to park as close to your house as possible to access your Wireless connection - relax...you're gonna know!!!!
If you're in a flat where others can access your connection easily - secure it!

[Terry B]

Mine is unsecured because it refuses to talk to my computers if I secure it. As the closest house or road to me is about 1km away I'm pretty safe. I can't pick up the thing myself from my observatory some 150m away.

[wraithe]

Its not that difficult to hack a wireless network if its not secured with a good password, ie more than 8 digits...but at the same time you do need some pretty good applications to do it...
on another note to that, there are so many insecure networks around that when it comes down to it, why bother with a secure one when you can easily find an insecure one...(I have had to block two around me and even contacted them to set there security, dumb buggers just dont listen)
My wireless will reach about 100 or so metres up the road...
mac filtering is a good secure way to go, but I share my connection with a few friends and 100 metres only just gives my best mate 30% signal, not quite enough to stay stable...A new antennae will fix that...
I use WPA2 with 11 digits but can use up to 63 digits...to hack that would take some doing...

You can never be too secure, but you can be insecure easily...