http://www.dslreports.com/forum/r20288399 en Fri, 25 Jul 2008 18:14:02 EDT Fri, 25 Jul 2008 18:14:02 EDT http://www.dslreports.com/forum/remark,20464200 t1n0m3n : Hmm, interesting.

Speaking on purely academic terms (I have not tried this) I think that (unless dampened) this AP could be easily broken.

Even if this AP is not used, the attacker could generate his own traffic to cause IV generation. But first... the MAC address. How difficult would it be create a program to scan ALL mac addresses? "Not very" I would imagine since a MAC address is 12 characters long and each character only has 16 combinations.

So the attacker scans the network with all MAC addresses, finds a valid mac address (because it associated) and then starts generating traffic to break the IV.

I think you are better off buying a non wireless router.]]> http://www.dslreports.com/forum/remark,20464200 Sun, 11 May 2008 03:05:35 EDT http://www.dslreports.com/forum/remark,20431519 docrice : To summarize, you're only concerned about using your wired network and really trying to "logically" disable the wireless functionality (with the limited disabling ability you have on the device), right?

The only way for an attacker in your scenario to see traffic that's on the wired network is to associate / bridge herself to your overall network. To be able to do that, they'd need to plug into a physical wired port (not practically possible, obviously) or obtain the proper WEP key. Since you're not connecting a client wirelessly to the access point at all, you're not generating any frames (and thus IV values) that an attacker can capture and decipher your key with. And since there's no authorized client associated to the access point at any time, there's really no MAC address visible to spoof.

You're kind of an exception to the rule because although you have a wireless-capable device, you're not using it at all. In your case, the risk comes into picture when you actually do use a wireless connection with WEP enabled (and / or using MAC filtering).

The only thing that your idle access point throws out into the air is the 802.11 beacon frames which contain the SSID value and other informational elements such as supported attributes. These get broadcasted out about 10 times a second typically. There's also the 802.11 control frames (RTS, CTS, ACK), but other than that, there's nothing being leaked out unless the attacker actually bridges to the network through 802.11 association or by deciphering your key value(s) based on existing wireless traffic by legitimate clients. They could, of course, also guess at your WEP key by trying every possible string permutation which isn't as practical as just deciphering the key value based on existing traffic. And then if you have a MAC filter set, they'd have to guess at that too since there's no clients ever associating to it.

If you really want to see it all in action, use AirPCap or a Linux distribution like BackTrack combined with a supported wireless card and observe the layer 2 traffic taking place on the radio channel the AP's operating on.

All this trouble could have been alleviated if the vendor would allow a simple function like turning off the radio.]]> http://www.dslreports.com/forum/remark,20431519 Sun, 04 May 2008 20:04:19 EDT http://www.dslreports.com/forum/remark,20431254 caribconsult : DOCRICE: Do I understand you to say that if MAC filtering is used (allow only listed), then a snooper might see my wireless net via the SSID broadcast, but would not be able to obtain any information such as active or valid MAC addresses, IP addressing, whatever? That they'd see packets of stuff zipping around but have no access to any of it?

I've seen many posts, on this forum and others, describing how easy it is to penetrate this - that all this stuff is just flying around in the clear and anyone who had the right software could spoof a valid MAC address off my net even though his existing MAC is not authorized. What's the real deal here?

Thanks for your help.
--
Franklin CDU680/Assent MBR400 combo, CAY1912 panel antenna, Millenicom, 4 XPPro stations, Mozilla everywhere.]]> http://www.dslreports.com/forum/remark,20431254 Sun, 04 May 2008 18:49:21 EDT http://www.dslreports.com/forum/remark,20289441 docrice : It's quite unfortunate that Belkin didn't put in the capability to turn off the radio. In your case, I'd enable WEP (just for the hell of it) and throw in a MAC address on your list that couldn't normally exist in a client machine. Kinda like:

00:09:25:87:be:c8

I just created that via macchanger. It's a hardware address that may be identified as a VSN Systemen BV device. Assuming you never use your wireless, I guess it's something else an attacker would have to guess at. Cover your AP so the radio is dampened. This is all just security through obscurity.

I'd check the Belkin site and see if they have a newer firmware release which may provide you with WPA. Otherwise, you can probably pick up an older non-wireless router for cheap these days instead.]]> http://www.dslreports.com/forum/remark,20289441 Sat, 05 Apr 2008 21:11:08 EDT http://www.dslreports.com/forum/remark,20289370 rusty1989 : Thanks for the replies. The router is an old Belkin and only has WEP. That is why I was looking to MAC filtering as a second layer of protection.]]> http://www.dslreports.com/forum/remark,20289370 Sat, 05 Apr 2008 20:52:53 EDT http://www.dslreports.com/forum/remark,20289296 docrice : If your intention is to "disable" Wi-Fi without logically disabling by software, you could (as mentioned by Anav) set a really long and random-string WPA key and leave it at that. You could also (if this is physically possible on your access point) remove the antenna to shorten the coverage range.

As for seeing MAC address information on your wired network from the wireless side, this won't be possible since visibility is not available via radio unless one is able to associate to the network first (via the 802.11 connection) and perform the necessary ARP requests or see other broadcasts within the collision domain. The only thing someone listening to the radio can see are the 802.11 management frames (specifically, the beacons and any probe responses). It's not like the AP is going to "leak out" information on the wire to the radio antenna.]]> http://www.dslreports.com/forum/remark,20289296 Sat, 05 Apr 2008 20:32:18 EDT http://www.dslreports.com/forum/remark,20289192 Anav : No idea but if afraid just enable WPA with a strong key and you would be safe. Which model brand of router do you have?]]> http://www.dslreports.com/forum/remark,20289192 Sat, 05 Apr 2008 19:57:39 EDT http://www.dslreports.com/forum/remark,20288399 rusty1989 : I understand that MAC filtering is vulnerable because an attacker can spoof a MAC address. My question is, If I enable MAC filtering for wireless clients, but enter no MAC address, does this prevent someone from getting into my network because there is no MAC to spoof? Can someone still see my wired clients MAC address? I have a wireless router with no easy option to disable the wireless. I use no wireless clients. I am thinking that enabling MAC filtering with no addresses would prevent a hack.]]> http://www.dslreports.com/forum/remark,20288399 Sat, 05 Apr 2008 16:39:44 EDT