dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
31

norwegian
Premium Member
join:2005-02-15
Outback

norwegian

Premium Member

Re: Router security

WPA is enabled.

I guess my next question on MAC addressing, is there an easy way to scan locally to get a list of MAC's and so you have a list to cross reference all the hardware across the air as well as hardwired ?
norwegian

norwegian

Premium Member

Never mind, this link was enough to make me go and dig around the router itself.

This recent topic on ARP had me wondering and now I have numerous wireless and hard wired items, not just hardwired, thought It worth checking up on as near all routers are wireless off the shelf now.

Juggernaut
Irreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC

Juggernaut to norwegian

Premium Member

to norwegian
All of the connected HW should be visible in your router interface. Wireless, and wired.

If you have a guest network, don't forget to secure that as well.

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

antdude to norwegian

Premium Member

to norwegian
said by norwegian:

WPA is enabled...

I hope that's not the original weak WAP!

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

NormanS

MVM

said by antdude:

said by norwegian:

WPA is enabled...

I hope that's not the original weak WAP!

Wasn't the original weak security, "WEP"?

StuartMW
Premium Member
join:2000-08-06

StuartMW

Premium Member

said by NormanS:

Wasn't the original weak security, "WEP"?

Yup, although WAP might better a better acronym. WAP = Wide-open Access Point
Shady Bimmer
Premium Member
join:2001-12-03

Shady Bimmer

Premium Member

said by StuartMW:

said by NormanS:

Wasn't the original weak security, "WEP"?

Yup, although WAP might better a better acronym. WAP = Wide-open Access Point

WAP = Wireless Access Point, and has nothing to do with security (It could also refer to Wireless Application Protocol in a slightly different context but still has nothing to do with security)
WEP = Wired Equivalent Privacy, an original security protocol for wireless networks. Considered very weak.
WPA = Wi-Fi Protected Access, the next-generation security protocol after WEP. WPA has been deemed weak against brute-force attacks.
WPA2 = Wi-Fi Protected Access 2, the next generation security protocol after WPA.

Juggernaut
Irreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC

1 recommendation

Juggernaut

Premium Member

Humour. You missed it.

StuartMW
Premium Member
join:2000-08-06

StuartMW

Premium Member

Yup, even the didn't make the point
Shady Bimmer
Premium Member
join:2001-12-03

1 edit

Shady Bimmer

Premium Member

said by StuartMW:

Yup, even the didn't make the point

Except that WAP has nothing to do with security. WAP by itself is wide open already and does in fact equate to "wide open". That is well known and even explicitly stated so I'm not sure where the humor is. This is why there are so many recommendations to actually enable security, since wireless by itself has no security at all.

Edit: BTW: WAP and WEP or WPA are not mutually exclusive. In fact unless a peer-peer ad-hoc network is used between two wireless clients, communiction is done with a WAP, and should use some form of security with that WAP, such as WEP, WPA, or WPA2.

In other words, the majority of wireless clients will connect with some type of wireless access point (WAP), and may optionally use security such as WEP, WPA, or WPA2 to protect its communications with that WAP.

Juggernaut
Irreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC

Juggernaut

Premium Member

Missed it again. Are you an engineer, by chance?
Expand your moderator at work
Shady Bimmer
Premium Member
join:2001-12-03

Shady Bimmer to Juggernaut

Premium Member

to Juggernaut

Re: Router security

said by Juggernaut:

Missed it again. Are you an engineer, by chance?

By its definition, a WAP is already "wide-open" unless some additional features are leveraged.

Earlier, it was noted "I hope that's not the original weak WAP". WPA2 is done with a WAP. In that case a WAP is not "weak". WAP is not a protocol. It is the other end of a wireless connection.

This is like saying fruit is not orange in color. . .Why is that funny?

StuartMW
Premium Member
join:2000-08-06

1 recommendation

StuartMW

Premium Member

Ok. Let me try and explain.

WEP is crackable in seconds. Most people know that.
Crackable in seconds ==> Wide-open

Thus using the original error (of WAP = WEP) by antdude See Profile above.

WAP = Wide-open Access Point

Get it?

. o O (Got a live one here)
Expand your moderator at work
Shady Bimmer
Premium Member
join:2001-12-03

Shady Bimmer to StuartMW

Premium Member

to StuartMW

Re: Router security

said by StuartMW:

WEP is crackable in seconds. Most people know that.
Crackable in seconds ==> Wide-open

I don't think I disputed that, and in fact stated WEP is known to be very weak. Regardless it has nothing to do with a WAP.

Thus using the original error (of WAP = WEP) by antdude See Profile above.

Ah, so you are assuming that when antdude See Profile stated 'WAP' that he actually meant 'WEP'? I don't see why you would assume that.

WEP/WPA/WPA2 are security protocols. WAP is a physical object that provides wireless network connectivity. Completely unrelated.

Get it?

WAP = Wireless Access Point, which is by definition wide open already. I still don't get why you think that is humorous, other than that you may have misread/misinterpreted a previous post.
Expand your moderator at work

norwegian
Premium Member
join:2005-02-15
Outback

norwegian to Juggernaut

Premium Member

to Juggernaut

Re: Router security

said by Juggernaut:

All of the connected HW should be visible in your router interface. Wireless, and wired.

I've found the location in the router for that and once everything is set up I will try to apply this comment of yours.

MAC's are easily spoofed.

I'm gathering at some point if internally infected, an external computer that is communicating back and forth can spoof the internal MAC address and the router will then allow more communication? Not quite DMZ status but it would surely be close?

Juggernaut
Irreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC

Juggernaut

Premium Member

said by norwegian:

I'm gathering at some point if internally infected, an external computer that is communicating back and forth can spoof the internal MAC address and the router will then allow more communication? Not quite DMZ status but it would surely be close?

Even if you spoof a MAC to a 'known' device, if the router is secured, you still need to have the login, and PW to gain access to WIFI, or the router.

If it is not secured, and have only a MAC filter, you're toast. You can spoof a MAC with a program. WIFI (and blue tooth) broadcasts them.

KodiacZiller
Premium Member
join:2008-09-04
73368

1 recommendation

KodiacZiller to Shady Bimmer

Premium Member

to Shady Bimmer
said by Shady Bimmer:

WPA = Wi-Fi Protected Access, the next-generation security protocol after WEP. WPA has been deemed weak against brute-force attacks.

Only partially true. WPA only has weaknesses when used in TKIP mode. If you enable CCMP/AES mode, those weaknesses do not exist.

norwegian
Premium Member
join:2005-02-15
Outback

norwegian to Juggernaut

Premium Member

to Juggernaut
said by Juggernaut:

Even if you spoof a MAC to a 'known' device, if the router is secured, you still need to have the login, and PW to gain access to WIFI, or the router.

If it is not secured, and have only a MAC filter, you're toast. You can spoof a MAC with a program. WIFI (and blue tooth) broadcasts them.

This is set up with a default SSID but the passphase is my own.

Juggernaut
Irreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC

Juggernaut

Premium Member

That's an important part.

But, if it's your telco's unit, they have a backdoor to reset it for access. Better to have your router in between it, and your network.

StuartMW
Premium Member
join:2000-08-06

StuartMW

Premium Member

said by Juggernaut:

But, if it's your telco's unit, they have a backdoor...

And if they do so does ASIO/The NSA/et al But if you have a "Bob2" that's a given.

norwegian
Premium Member
join:2005-02-15
Outback

norwegian to Juggernaut

Premium Member

to Juggernaut
said by Juggernaut:

That's an important part.

But, if it's your telco's unit, they have a backdoor to reset it for access. Better to have your router in between it, and your network.

So I should have set up my own router and wireless access point and not gone the path of "bundled package". Even if it does leave me to diagnose my own hardware which I think isn't a hard task.

Juggernaut
Irreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC

Juggernaut

Premium Member

Yes. I have my own router, and my ISP's modem. And no, it's not a hard task.

norwegian
Premium Member
join:2005-02-15
Outback

norwegian

Premium Member

said by Juggernaut:

Yes. I have my own router, and my ISP's modem. And no, it's not a hard task.

I guess my problem is:

Modem is broken, invested in an all in one - Bob2

I have an old modem Netcomm 4+ replaced with Dlink (started playing up) to work with. I also have a Belkin wireless router and a plain router.

Maybe I need to revisit using the old gear or turning off the wireless in Bob2 and making it a bridge to the next router. Bit of playing around but might be worth looking at.

Whether it stops the beeps who knows, but this Bob2 modem/wireless router does have a beep no other hardware had.
Guess I need to test electrical currents to see if there is an issue for the hardware there.