Wireless security set up question

[9fingers]

A friend has become concerned that his wireless connection is insecure and has asked me to help him enable the basic WEP security.

He has a D link router which asks for 10 hexadecimal digits as the key for 64bit encryption and more characters for for higher encryption.

I think I am OK with that end of the link

When I look at his XP laptop, under the properties of the wireless adaptor, I can select either none or WEP but it does not specify the number of bits for the encryption or key length.

Does XP work it out from the length of the key supplied?

Can anyone shed any light on this please?

TIA

Bob

 

[chingerspy]

Yep the router determines the key length Bob. You just tap the correct one into the windows dialogue box and if everything matches up you should connect.

 

[9fingers]

OK Thanks Tone,

I'll give that a try next time I go round there.

Cheers

Bob

 

[chingerspy]

I'd advise you do a trial run with an easy code first though Bob something like (26?) zeros i.e. 00000000000000000000000000. Much quicker to tap in at first. If that works then you can really lock it down with a generated hex string that no one including the owner will remember. S'ok though can always be reset as long as they know the router login

 

[wizer]

Indeed. Whether it's WEP or WPA it doesn't really matter unless he's some sort of business. No ones's going to waste their time hacking a bog standard household wireless connection. I wonder if there are still people driving about with home made ariels trying to hack people? What was that called again? War Driving or something? People think we're sad :roll:

 

[chingerspy]

lol yeah I remember that I guess it might hack some people off when BT or whoever cap them or send a nasty letter because of illegal spamming or downloading too much though. I lock mine down but not generated hex key tight, too much hassel when somone stays over and you have to type the key in 5 times before it works I use a WPA passphrase now for that reason. Just seeing the padlock icon when searching for SSID's puts people off these days, they can find a free one down the road outside "Le Caffeine" if needs be.

 

[9fingers]

On my own wireless network, I have just used MAC address filtering. I'm sure it is not that secure but it does stop the casual person cruising by my house from using my connection.
The other advantage is that if we have a house guest, I just turn off the MAC filter briefly, the new computer then joins the network, I can capture it's MAC address and turn the MAC filter back on.

Works for me anyway.

I'm not sure if all routers have such filters - I could not find it on my mates D-link box the other day.

Bob

 

[TrimTheKing]

On my own wireless network, I have just used MAC address filtering. I'm sure it is not that secure but it does stop the casual person cruising by my house from using my connection.
The other advantage is that if we have a house guest, I just turn off the MAC filter briefly, the new computer then joins the network, I can capture it's MAC address and turn the MAC filter back on.

Works for me anyway.

I'm not sure if all routers have such filters - I could not find it on my mates D-link box the other day.

Bob

MAC filters are a good deterrent for the home as you say, but I have an app on my machine that will spoof a MAC and get past it in 5 seconds. It is used for work so it's legit, but as most people have said, IBBand is so prevelant now that I can't imagine there are still people leeching others connections. Eh Tom?

 

[wizer]

Eh Tom?

*cough, cough*

 

[9fingers]

On my own wireless network, I have just used MAC address filtering. I'm sure it is not that secure but it does stop the casual person cruising by my house from using my connection.
The other advantage is that if we have a house guest, I just turn off the MAC filter briefly, the new computer then joins the network, I can capture it's MAC address and turn the MAC filter back on.

Works for me anyway.

I'm not sure if all routers have such filters - I could not find it on my mates D-link box the other day.

Bob

MAC filters are a good deterrent for the home as you say, but I have an app on my machine that will spoof a MAC and get past it in 5 seconds. It is used for work so it's legit, but as most people have said, IBBand is so prevelant now that I can't imagine there are still people leeching others connections. Eh Tom?

So how does your code scan 2.8 x 10^14 mac addresses in 5 seconds then?
Bob

 

[Oryxdesign]

On my own wireless network, I have just used MAC address filtering. I'm sure it is not that secure but it does stop the casual person cruising by my house from using my connection.
The other advantage is that if we have a house guest, I just turn off the MAC filter briefly, the new computer then joins the network, I can capture it's MAC address and turn the MAC filter back on.

Works for me anyway.

I'm not sure if all routers have such filters - I could not find it on my mates D-link box the other day.

Bob

MAC filters are a good deterrent for the home as you say, but I have an app on my machine that will spoof a MAC and get past it in 5
seconds. It is used for work so it's legit, but as most people have said, IBBand is so prevelant now that I can't imagine there are still people leeching others connections. Eh Tom?

So how does your code scan 2.8 x 10^14 mac addresses in 5 seconds then?
Bob

Bob,I think TTK is talking about MAC filters not mac address'

 

[chris_d]

To be pedantic, protecting your WIFI network is more than just worrying about loosing a few megabits of bandwidth to a passer-by. An open WIFI network can be a convenient route to attack a PC and then install a key logger and screen grabber which could then be used to capture internet banking / ebay / paypal login credentials....

SSL encryption of an internet banking web session cannot protect you against a key logger. Furthermore, WEP encryption can be broken in minutes with freely available software - always use WPA if your hardware supports it as there is currently no publised attack vector against it. To protect yourself as best you can always:

1. Use WPA;
2. Use MAC filtering;
3. Don't broadcast your SSID;
4. Enable firewall protection on your WIFI router and PC OS;
5. Install AV software and make sure it is regularly updated;
6. Change passwords regularly.

Sorry if this is a granny egg sucking exercise...

Cheers,
C

 

[wizer]

A lot of paranoia about these days. :roll: I have nothing worth nicking in terms of finances. But I use WPA2 because that's all that's available on my router.

 

[chris_d]

So how does your code scan 2.8 x 10^14 mac addresses in 5 seconds then?
Bob

It doesn't - if you are transmitting ethernet frames without encryption then TTK can place his device into promiscuous mode and capture all frames, extract a currently used MAC address and then force his device to use the same MAC address for subsequent 'illicit' communications.

HTH,
C

 

[TrimTheKing]

On my own wireless network, I have just used MAC address filtering. I'm sure it is not that secure but it does stop the casual person cruising by my house from using my connection.
The other advantage is that if we have a house guest, I just turn off the MAC filter briefly, the new computer then joins the network, I can capture it's MAC address and turn the MAC filter back on.

Works for me anyway.

I'm not sure if all routers have such filters - I could not find it on my mates D-link box the other day.

Bob

MAC filters are a good deterrent for the home as you say, but I have an app on my machine that will spoof a MAC and get past it in 5 seconds. It is used for work so it's legit, but as most people have said, IBBand is so prevelant now that I can't imagine there are still people leeching others connections. Eh Tom?

So how does your code scan 2.8 x 10^14 mac addresses in 5 seconds then?
Bob

It doesn't! Your wireless antenna has a MAC, when it broadcasts the SSID it also shows its MAC address in the layer 2 header, the MAC spoofing software tells you what MAC's addresses it can see, you 'spoof' the MAC address over your own on the laptop and the router thinks your machine is it, regardless of the fact that there should be a MAC address clash.

I didn't write it, much cleverer people than me came up with it, I just know it works. :-k

 

[TrimTheKing]

So how does your code scan 2.8 x 10^14 mac addresses in 5 seconds then?
Bob

It doesn't - if you are transmitting ethernet frames without encryption then TTK can place his device into promiscuous mode and capture all frames, extract a currently used MAC address and then force his device to use the same MAC address for subsequent 'illicit' communications.

HTH,
C

Beat me to it

 

[TrimTheKing]

To be pedantic, protecting your WIFI network is more than just worrying about loosing a few megabits of bandwidth to a passer-by. An open WIFI network can be a convenient route to attack a PC and then install a key logger and screen grabber which could then be used to capture internet banking / ebay / paypal login credentials....

SSL encryption of an internet banking web session cannot protect you against a key logger. Furthermore, WEP encryption can be broken in minutes with freely available software - always use WPA if your hardware supports it as there is currently no publised attack vector against it. To protect yourself as best you can always:

1. Use WPA;
2. Use MAC filtering;
3. Don't broadcast your SSID;
4. Enable firewall protection on your WIFI router and PC OS;
5. Install AV software and make sure it is regularly updated;
6. Change passwords regularly.

Sorry if this is a granny egg sucking exercise...

Cheers,
C

To be even more pedantic , not broadcasting your SSID makes no difference at all to anyone who actually wants to hack you. When any machine on the wireless network transmits you could capture the packets and pick the SSID out of the TCP packet in seconds too.

It only works if the network isn't transmitting at all, and for that to be happening you wouldn't be able to use it anyway.

 

[big soft moose]

A lot of paranoia about these days. :roll: I have nothing worth nicking in terms of finances.

you'd be suprised - if someone hijacked your internet banking they could spend up an unauthorised overdraft probably to about a thousand or so if the bank didnt stop it early, plus credit cards and stuff - an not to mention the possiblity of xtending your mortage or applying for loans and consumer credit in your name.

I think a decent dose of paranoia is healthy these days - I dont bank online, dont have a paypal account, and only use one low limit credit card for unavoidable internet purchases - I also use only credit or account cards to buy fuel , only use cash machines inside banks, and use cash in pubs , resteraunts, and clubs.

 

[wizer]

A lot of paranoia about these days. :roll: I have nothing worth nicking in terms of finances.

you'd be suprised - if someone hijacked your internet banking they could spend up an unauthorised overdraft probably to about a thousand or so if the bank didnt stop it early, plus credit cards and stuff - an not to mention the possiblity of xtending your mortage or applying for loans and consumer credit in your name.
.

absolutely no chance of any of that happening with me.

 

[9fingers]

The next Chapter!

I went round to my pal yesterday to try and set up his wireless router

it is a D Link DSL-G624T integrated ADSL Modem, 4 way router plus wireless.

I used my laptop into one of the wired ports and set up 64 bit WEP with a 10 digit (hex) password. Did a soft re-boot as per the instructions and then configured his laptop with the same password.

The link worked fine and announced itself as a secured link as distinct from before when it was unsecured.

We re-booted the laptop and it automatically connected OK

Sorted - we thought.

However I got a call from him this morning saying the link has reverted to unsecured today!

The only thing he has done differently from yesterday is to have switched the router off overnight- something he wants to be able to do.

So how do I make the router remember its settings???

TIA

Bob