Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Wireless Networking > Home wireless router security by limiting the number of available IP addresses

Reply
Thread Tools

Home wireless router security by limiting the number of available IP addresses

 
 
Roger Harrison
Guest
Posts: n/a
 
      06-17-2007
On Sat, 16 Jun 2007 15:29:20 GMT, John Navas wrote:
>>>> That is, if I have three computers and I set the DHCP range from
>>>> 192.168.1.1 to 192.168.1.3 - doesn't that protect me from intrustion by
>>>> a fourth computer?

>>How can someone set an IP address manually?

> Properties for the network connection.


Hmmm... I've never heard of "security" by limiting the available IP
addresses on the wireless router ... so there MUST be a fatal flaw in my
argument below ... but here it is ... for an expert to find the flaw (I
can't find it) ...

a. Assume the "bad guy" wardrivers CAN change their IP address (a la John
Navas' suggestion) ... but also assume the following two conditions ...

b. The Wireless router is assigned to an "arbitrary" range, say the 3 IP
addresses can be assigned to a limited contiguopus range that the "bad
guys" don't (yet) know (e.g., 192.168.145.128 to 192.168.145.130).

c. Assume that all three PCs are on the home network so there are now zero
available IP addresses to be handed out by the router ...

My security question:
How can the bad guy wardrivers get in given those three assumptions above?

If we can't figure out how (and of course, if we can't do it ourselves),
then we've just uncovered an heretofore unknown wireless security method
that has never before been seen in print!
 
Reply With Quote
 
 
 
 
Roger Harrison
Guest
Posts: n/a
 
      06-17-2007
On Sat, 16 Jun 2007 21:16:21 -0700, Jeff Liebermann wrote:
> You left out far too many conditions and considerations:

Thank you for asking. I will try to faithfully answer the questions.

> 1. Is the link encrypted?

I'm not sure what that means. I'm not using VPN if that's what you're
asking, but I am using standard WPA2-PSK authentication & AES data
encyption as set up on the router and windows xp machine.

> 2. What's the LAN netmask?

On the router, it is 255.255.255.0 and the router IP address is set to
192.168.100.100 and changed weekly.

> 3. Where's the DHCP address pool?

I'm not sure what this means. On my Linksys router, there is a setting for
"Maximum Number of DHCP Users" which I've set to "3". Is that the DHCP
pool?

> 4. Is there a MAC address filter?

Yes. I currently have DEADBEEFCAFE, 0BADFEEDBEEF, & 00BADCODEFAD as my
three MAC addresses on my windows computers and the MAC address filter in
the router is set to only accept those three MAC addresses and they are
changed weekly.

> 5. Any 802.1x authentication? RADIUS authorization/authentication?

I do not have the "Enable IEEE 801.1x authentication for this network" set
in the Windows network application for the wireless network. Neither do I
have Radius for my home network. I just use WPA2-PSK.

> 6. Any secure tunnels (VPN)?

No, I am not using VPN.

> In my never humble opinion, the only real security available is WPA or
> WPA2 encryption. Even that has a problem in that shared keys can be
> extracted from the client machines.

I am using WPA2-PSK so shared keys can be extracted, I guess.

Given this information, how can anyone connect to my network when the only
three available DHCP addresses are in use by my three PCs?
 
Reply With Quote
 
 
 
 
Bit Twister
Guest
Posts: n/a
 
      06-17-2007
On Sun, 17 Jun 2007 06:30:25 GMT, Roger Harrison wrote:
> Given this information, how can anyone connect to my network when the only
> three available DHCP addresses are in use by my three PCs?


My SWAG, one cracked, box, emails/p2p's black hat the keys/mac addy/whatnot
first thing during shutdown. Now cracker knows todays mac/key values
and that there is a free lease slot open.

You are getting the WAN security tighten down, but crackers are going
after apps on the pc because WAN side is getting harder to bypass.
So you have possible problems on both sides of the connection.

Last stats I saw indicated for first quarter of 2007, daily average 222 new
malware and cracked 5,0000 web pages handing out malware. It is
getting ugly for the Micro$oft users.

http://news.bbc.co.uk/go/pr/fr/-/2/h...gy/6591183.stm

I can just see bot hearders renting out open connection to local crackers.
 
Reply With Quote
 
Andy Walker
Guest
Posts: n/a
 
      06-17-2007
Roger Harrison wrote:

>My security question:
> How can the bad guy wardrivers get in given those three assumptions above?


Masquerade as your WAP and send an 802.11 control frame telling your
computers to get off, then masquerade as one of your computers. It's
done all the time.
 
Reply With Quote
 
Robert
Guest
Posts: n/a
 
      06-30-2007
On Sun, 17 Jun 2007 06:30:25 +0000, Roger Harrison wrote:

> Given this information, how can anyone connect to my network when the only
> three available DHCP addresses are in use by my three PCs?


Please do not assume that just because you only have 3 DHCP ip address
that someone cannot use your Wireless. Linksys defaults to 192.168.1.0/24
and just about everyone knows this. No one needs a DHCP server to give
them an ip address when they know your network and mask.

Also do not assume that just because you locked down your wireless with
MAC Addresses that someone cannot break in. Just sitting and listening to
what wireless traffic is being passed one can get the MAC addresses in use.

To help you could set your linksys to not broadcast the SSID. Also use
WPA or WPA2 and TKIP security. Make your Shared key something that isn't
a word and mix it up. It is hard to hide your ip addresses or mac
addresses one wireless but you could cut down on the amount of ip address
allowed on the network and change the the network too from the default.

These are just some of the things you can do to slow them down. Sitting
long enough anyone can figure out your SSID, IP Addresses being used and
MAC Addresses. A good shared key will be about the only thing that will
stop all but the determined.


--

Regards
Robert

Smile... it increases your face value!


----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
6500: User-Based Rate Limiting AND Total Rate Limiting Patrick Cervicek Cisco 0 08-07-2007 03:07 PM
Home wireless router security by limiting the number of available IP addresses Roger Harrison Computer Security 3 06-17-2007 05:26 PM
How to implement a firewall for Windows platform that blocks based on Mac addresses instead of IP addresses cagdas.gerede@gmail.com C Programming 1 12-07-2006 04:30 AM
Physical Addresses VS. Logical Addresses namespace1 C++ 3 11-29-2006 03:07 PM
Connect via wireless router and ip addresses FJDx Computer Support 6 06-08-2005 12:17 AM



Advertisments