 Morac
join:2001-08-30
Riverside, NJ
kudos:1
 ·Comcast
1 edit | reply to Natoma
Re: Beware SSID Hiding I used to hide my SSID until I found that its very easy to determine if a network exists in the area using netstumbler even if the SSID is hidden. Once a network is found its trivial to discover the SSID.
What's worse is that my neighbors also have a wireless network and they would pick the same channel I was on because they couldn't see my network (causing problems).
Finally one of my wireless devices, while it would work with the SSID hidden, had connection problems and had a hard time finding my network when I changed channels. Unhiding my SSID seemed to fix that.
Right now I leave the SSID unhidden for the reasons above. I have encryption enabled, MAC filtering enabled, DHCP disabled and all the rest so I'm not too worried. |
|
 enOehTPremium
join:2003-05-17
Langhorne, PA | I think it is more secure to leave DHCP enabled and set the range to as many IPs as you have computers. In my case one. If you disable DHCP, then that leaves the possibility of picking any internal IP you like, and hard coding it. With my method, if someone broke through all my other security, if I was on the network, it would alert me that two devices were try to use the same IP. Hence I would be alerted to the situation right away. |
|
|
|
Morac
join:2001-08-30
Riverside, NJ
kudos:1 Reviews:
·Comcast
| That's true if all the devices on the network are always on (and therefore have an IP). Some of my devices like my PS2 aren't always on. If I enabled DHCP I'd be giving out an IP to an intruder.
I forgot to mention my netmask is 255.255.255.248 which only allows 6 ip addresses per subnet (5 other than the router). I also changed my network address. This makes guessing a valid IP a lot harder. |
|
 keith2468Premium,MVM
join:2001-02-03
Winnipeg, MB | Use all available precautions you have support for You guys ought to give a once over to the FAQ referenced above and the 2 in-depth articles that are linked to in the body of the FAQ.
SSIDs are included in a part of normal transmissions. So a hacker can see them even if beconing is turned off. However:
1. Turning off beaconing does mean someone won't accidentally hook into your LAN. (Accidents happen more often than crackers.)
2. Turning off beaconing means your network isn't so visible when not in active use.
WEP can be cracked with freeware decryption tools listening to the volume of traffic that may pass by in a few hours or days, depending on the key and the business of your network. Still, WEP will slow down any cracker, and will stop casual infiltration.
4. Windows XP has been extended to cover WPA, you just need to run Windows update. |
|
| reply to enOehT
Re: Beware SSID Hiding Enabling DHCP and setting the range to match the number of computers does NOTHING to prevent someone from picking an address that is not allocated by DHCP. It's perfectly valid (and actually a good network design technique when used properly).
The only way to restrict the number of available IP address is to shrink your subnet. |
|
