dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5775
share rss forum feed


fonzbear2000
Premium
join:2005-08-09
Saint Paul, MN

Is there a way to block outside people from my router's signal?

I have a Belkin N+ router. I'm wondering if there's a way to make it so a someone driving by can't see my router on their device. Yes I do have it secure with a password, but I do know that can be hacked and want to be as safe as possible.
--
I love my autistic brother so much!



SoonerAl
Premium,MVM
join:2002-07-23
Norman, OK
kudos:5

2 recommendations


63-character random ASCII key example
Not really. You can turn off the SSID broadcast but there are tools out there that will still find the SSID. Also doing that can cause you connectivity issues...

The best solution is to use the strongest encryption possible. For example I use WPA2-Personal, aka WPA2-PSK [AES], with a long 63-character random ASCII key/password/passphrase for my home wireless networks. See the screen shot for an example...


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

1 recommendation

reply to fonzbear2000

A drive-by would have trouble accessing my router.

To a first approximation, I live in a Faraday cage. That is, I have aluminum siding. The signal drops of very quickly once outside.

Apart from something like that, there isn't much you can do other than use a strong password.
--
AT&T Uverse; Buffalo WHR-300HP router (behind the 2wire gateway); openSuSE 12.3; firefox 24.0


HELLFIRE
Premium
join:2009-11-25
kudos:18

2 recommendations

reply to fonzbear2000

SSID hiding / MAC filtering are low hanging fruit and provide a false sense of security, as the previous
posters said and alluded to. I rather like nwrickert See Profile 's suggestion of a Faraday cage, but that's
a bigger expense than its worth... don't believe me? Look up TEMPESTing on your searchengine of choice.

About the only other suggestion I can offer is to shut the wireless off entirely... or yank the antenna.
No signal broadcast? No hacky-hanky-panky can happen.

My 00000010bits

Regards



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to fonzbear2000

The point here is that other than WPA2, there are no bonafide security schemes available. If you can limit the power of your AP (so that its fine inside but diminished outside, that may also prove useful. You should have no concern with WPA2 envoked. Drive buys will see the security and look for other unprotected systems.



SoonerAl
Premium,MVM
join:2002-07-23
Norman, OK
kudos:5

2 recommendations

reply to fonzbear2000

I forgot to add that you might consider disabling WPS on the router. In the recent past some security vulnerabilities with WPS have been found in a number of consumer grade routers...



Carpie

join:2012-10-19
united state
kudos:4
reply to HELLFIRE

said by HELLFIRE:

SSID hiding / MAC filtering

This is possibly all the OP needs. They may just have some freeloading neighbors. Doesn't have mean they are trying to keep Neo out of the Matrix.
--
www.Absölution.com
Absolution -- MSV: 6/6 0/6H -- HoF: 4/6 -- ToES: 4/4 -- ToT: 12/12 -- SoO: 9/14F 8/14


fonzbear2000
Premium
join:2005-08-09
Saint Paul, MN

said by Carpie:

said by HELLFIRE:

SSID hiding / MAC filtering

This is possibly all the OP needs. They may just have some freeloading neighbors. Doesn't have mean they are trying to keep Neo out of the Matrix.

Actually, I live in a house surrounded by farm fields with no neighbors. I'm worried about cars driving by and trying to use my signal. How do I hide my SSID and filter my MAC?
--
I love my autistic brother so much!


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

2 recommendations

said by fonzbear2000:

How do I hide my SSID and filter my MAC?

Don't bother.

The people who drive by in cars, and try to access your WiFi, know how to get around those restriction. SSID hiding and MAC filtering might stop the neighbor's kids, but it won't stop the professional wardrivers.
--
AT&T Uverse; Buffalo WHR-300HP router (behind the 2wire gateway); openSuSE 12.3; firefox 24.0


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

3 recommendations

reply to Carpie

said by Carpie:

said by HELLFIRE:

SSID hiding / MAC filtering

This is possibly all the OP needs. They may just have some freeloading neighbors. Doesn't have mean they are trying to keep Neo out of the Matrix.

What your suggesting is worse than no security its false security and has no business being suggested in this forum
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable
reply to nwrickert

said by nwrickert:

said by fonzbear2000:

How do I hide my SSID and filter my MAC?

Don't bother.

The people who drive by in cars, and try to access your WiFi, know how to get around those restriction. SSID hiding and MAC filtering might stop the neighbor's kids, but it won't stop the professional wardrivers.

I wonder how often those people come by.
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


weaseled386

join:2008-04-13
Edgewater, FL
Reviews:
·Bright House
·AT&T U-Verse

1 recommendation

reply to fonzbear2000

I just moved from a house that was in the middle of a busy city, and across the street from a very busy public park. I had an external access point that was easily picked up 150 yards into the park. I had thousands of cars pass the house daily, and hundreds would pull into the park. On a busy day I'd have less than half dozen people jump on the AP. There were also several days in a row where no one would try to use it. Keep in mind this was an open network. Although it was completely isolated from my home LAN, and I throttled speeds waaaaaaay down.

Hide your SSID, and use a decent password. Lower your broadcast power to a point where a device on the far end of your house has acceptable coverage/speed. Then walk outside (with a laptop or smartphone) and see how far you're able to pick it up. That is what I've done in my current house, and someone would have to be in my front yard to us my wireless network.



aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:7
Reviews:
·PenTeleData
·Verizon Online DSL

2 recommendations

said by weaseled386:

Hide your SSID...

Oh, please I point to

»www.howtogeek.com/howto/28653/

Debunking Myths: Is Hiding Your Wireless SSID Really More Secure?

said by weaseled386:

Lower your broadcast power to a point where a device on the far end of your house has acceptable coverage/speed.

Oh, please I point to »www.zdnet.com/blog/ou/the-six-du···s-lan/43 where it says talks about Antenna placement and making the signal weaker.
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.


SoonerAl
Premium,MVM
join:2002-07-23
Norman, OK
kudos:5

4 recommendations

reply to fonzbear2000

said by fonzbear2000:

Actually, I live in a house surrounded by farm fields with no neighbors. I'm worried about cars driving by and trying to use my signal. How do I hide my SSID and filter my MAC?

From that I think your trying to solve a problem that does not exist. In actuality how many times have you seen anyone parked on the road appearing to access/hack your home WiFi signal?


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

2 recommendations

I have been known to put antennas disguised as antlers on cows in order to hack into unsuspecting farmers wifi. Knowing when they are going to milk bessy is critical to the dairy industry.



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable
reply to SoonerAl

said by SoonerAl:

said by fonzbear2000:

Actually, I live in a house surrounded by farm fields with no neighbors. I'm worried about cars driving by and trying to use my signal. How do I hide my SSID and filter my MAC?

From that I think your trying to solve a problem that does not exist. In actuality how many times have you seen anyone parked on the road appearing to access/hack your home WiFi signal?

I have seen this happened. :/
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


Thane_Bitter
Inquire within
Premium
join:2005-01-20
Reviews:
·Bell Sympatico

2 recommendations

reply to fonzbear2000

Read the manual for your router, it is all in there.

Given the speeds people drive at these days, unless you are not using any encryption, they would not have time to pick up, connect and surf as they fly down the road.

Just to rehash the good advice which you apparently have overlooked:
0) Use a unique SSID that doesn’t ID you, anything you own or appear on any of the rainbow tables floating around the net (these are mostly dead stupid common default names of common phrases)
1) Use WPA2 AES (not TKIP) - Have any devices that only do WEP – toss them or run them on wire only.
2) Turn of WPS – the dumbest idea ever.
3) Use a password/Phrase of random letters/characters/numbers/symbols in upper and lower case
4) Reduce power (if able) to reduce signal bleed to the road, or use a different antenna such as a directional one, or move the router to a more central location.
5) change the key renewal to half the current value (typically the default is 3600 seconds) this has a hit on performance but causes the key to change at a shorter interval making a brute force attack less successful.
6) Use a laptop and wander around your yard and see how far away from your home you can still connect to your network, if your home is brick, stone, or metal clad it may have attenuated the signal to the point it is useless out by the road.
- If you do enable MAC filtering you need to know in advance the MAC address of every bit of wireless hardware you wish to connect to your network. The PITA factor outweighs any real gain in security since MACs can be cloned.
- Turning off the SSID does not make your signal disappear at all; it does nothing to improve network security.



weaseled386

join:2008-04-13
Edgewater, FL
Reviews:
·Bright House
·AT&T U-Verse
reply to aefstoggaflm

said by aefstoggaflm:

said by weaseled386:

Hide your SSID...

Oh, please I point to

»www.howtogeek.com/howto/28653/

Debunking Myths: Is Hiding Your Wireless SSID Really More Secure?

said by weaseled386:

Lower your broadcast power to a point where a device on the far end of your house has acceptable coverage/speed.

Oh, please I point to »www.zdnet.com/blog/ou/the-six-du···s-lan/43 where it says talks about Antenna placement and making the signal weaker.

Do you think every single person driving around looking for free access is using tools to see hidden networks? No. They're so common they'll cruise two houses down to see the next one.

Even if you see my network you'll be sitting in my front yard. Either I or my neighbors will ensure you're there no more than 30 seconds.

Anything else to add? This dude lives in the country in farm land....


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

2 recommendations

If you dont understand the futility of hiding SSID, or other mythical methods, then you shouldnt be posting on security related wifi questions.



aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:7
Reviews:
·PenTeleData
·Verizon Online DSL
reply to Thane_Bitter

said by Thane_Bitter:

- If you do enable MAC filtering you need to know in advance the MAC address of every bit of wireless hardware you wish to connect to your network. The PITA factor outweighs any real gain in security since MACs can be cloned.

Also

#1 Regardless of the type of encryption, wireless (OR otherwise SSL) the MAC Address(es) are always sent in the clear.

#2 If you do not use wireless encryption and if some one does not know how to spoof/clone a MAC Address on their computer, while they can not get on your network - they can see what is going on.

quote:
4) Reduce power (if able) to reduce signal bleed to the road, or use a different antenna such as a directional one, or move the router to a more central location.

From »www.zdnet.com/blog/ou/the-six-du···s-lan/43 where it says talks about Antenna placement and making the signal weaker, one of the things that stuck out is

quote:
Remember, the hacker will always have a bigger antenna than you which can home in on you from a mile away. Making a wireless LAN so weak only serves to make the wireless LAN useless.

--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.


Thane_Bitter
Inquire within
Premium
join:2005-01-20

1 recommendation

Good stuff!
Now will the OP follow it?



weaseled386

join:2008-04-13
Edgewater, FL
Reviews:
·Bright House
·AT&T U-Verse
reply to Anav

said by Anav:

If you dont understand the futility of hiding SSID, or other mythical methods, then you shouldnt be posting on security related wifi questions.

Hiding your SSID, MAC filtering, and reducing power is no different than locking the doors and windows in your house. It doesn't nothing more than keep honest people honest... it keeps 9 out of 10 people out. If you want complete security go wired. The suggestions have been used (and have worked) for millions. If you don't like the suggestions too bad.


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

2 recommendations

reply to fonzbear2000

Wrong again and again and again.
WIFI with a secure password is adequate for the homeowner. Saying one has to go wired is extreme.

As I stated SSID is not security period, stop trying to weasel in any nuance of it, bad bad advice. You want accurate advice ........SSID = Door Left UNLOCKED!!!!!, a much better and accurate analogy would be its like simply turning off the porch light over the front step and thinking that the house is not visible and therefore no one is going to then open your unlocked door.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment



Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3

3 recommendations

reply to fonzbear2000

I might have mentioned this before a couple of time, but do I ever love wireless anything

Now I'm not too worried about people stealing our wifi here as we are in an under ground bunker complete with a multi layer active Faraday cage and 2 mile clear sighted kill zone around it and frequency scramblers topside (no radio or wireless device works here outside the bunker, hence the flight restriction zone). You know your getting close to work when the radio in your car starts playing snow and you sure the heck don't park to close to those scramblers if you want to drive your car home after work.

At home I welcome visitors on my wifi, can I help it if it turns into a man in the middle attack, as for whatever reason war drivers have this weird idea that they are the only 'clever' people on the planet and every wifi they visit is just a plum for their picking, always fun to hang a couple of purple hand grenades in the old plum tree just to keep things interesting

Now realistically WPA2 AES with a nice long randomly chosen password as suggested is about as good as its going to get (and you will want to ensure WPS, UPnP and remote admin are all disabled) and should cover off 99.9999% of the cases. Don't forget to change the default admin password on your router as well and if you see any llamas disguised as cows nearby, start shooting, llama steaks are quite good on the BBQ.

Dr. Evil
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4

said by Link Logger:

... Dr. Evil

Link Logger is Dr. Evil! :P


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to fonzbear2000

One would think he was jilted by a female llama, what with that hatred....... ;-P



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable

said by Anav:

One would think he was jilted by a female llama, what with that hatred....... ;-P

That would be you. :P


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

2 recommendations

Llama lifts leg, stamps remaining hoof on ground and feels the familiar and comfortable collision of warm fuzzy llama testicles on the grounded leg and can only think of Robert Dinero saying......... "Are ju talkin to me??



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable

1 edit

said by Anav:

Llama lifts leg, stamps remaining hoof on ground and feels the familiar and comfortable collision of warm fuzzy llama testicles on the grounded leg and can only think of Robert Dinero saying......... "Are ju talkin to me??

You forgot the spit part. Oh, and I found this »img.gawkerassets.com/img/17cy16r···inal.gif from »gawker.com/5883473/i-hate-cheese ... :P
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


Jackorama

join:2008-05-23
Kingston, ON
reply to Anav

said by Anav:

I have been known to put antennas disguised as antlers on cows in order to hack into unsuspecting farmers wifi. Knowing when they are going to milk bessy is critical to the dairy industry.

"Antlers on cows."

Bessy milk just came out my nose and all over my monitor. Crap, I hate when that happens, bugger to get off the screen.
--
"Whenever they invent something that's moron proof, someone comes by and invents a better moron."

"Ever stop to think, and forget to start again?"

"Those of you who think you know everything are annoying those of us who do."