Home wireless router security by limiting the number of available IP addresses

Discussion in 'Wireless Networking' started by Roger Harrison, Jun 17, 2007.

  1. On Sat, 16 Jun 2007 15:29:20 GMT, John Navas wrote:
    >>>> That is, if I have three computers and I set the DHCP range from
    >>>> 192.168.1.1 to 192.168.1.3 - doesn't that protect me from intrustion by
    >>>> a fourth computer?

    >>How can someone set an IP address manually?

    > Properties for the network connection.


    Hmmm... I've never heard of "security" by limiting the available IP
    addresses on the wireless router ... so there MUST be a fatal flaw in my
    argument below ... but here it is ... for an expert to find the flaw (I
    can't find it) ...

    a. Assume the "bad guy" wardrivers CAN change their IP address (a la John
    Navas' suggestion) ... but also assume the following two conditions ...

    b. The Wireless router is assigned to an "arbitrary" range, say the 3 IP
    addresses can be assigned to a limited contiguopus range that the "bad
    guys" don't (yet) know (e.g., 192.168.145.128 to 192.168.145.130).

    c. Assume that all three PCs are on the home network so there are now zero
    available IP addresses to be handed out by the router ...

    My security question:
    How can the bad guy wardrivers get in given those three assumptions above?

    If we can't figure out how (and of course, if we can't do it ourselves),
    then we've just uncovered an heretofore unknown wireless security method
    that has never before been seen in print!
     
    Roger Harrison, Jun 17, 2007
    #1
    1. Advertising

  2. On Sat, 16 Jun 2007 21:16:21 -0700, Jeff Liebermann wrote:
    > You left out far too many conditions and considerations:

    Thank you for asking. I will try to faithfully answer the questions.

    > 1. Is the link encrypted?

    I'm not sure what that means. I'm not using VPN if that's what you're
    asking, but I am using standard WPA2-PSK authentication & AES data
    encyption as set up on the router and windows xp machine.

    > 2. What's the LAN netmask?

    On the router, it is 255.255.255.0 and the router IP address is set to
    192.168.100.100 and changed weekly.

    > 3. Where's the DHCP address pool?

    I'm not sure what this means. On my Linksys router, there is a setting for
    "Maximum Number of DHCP Users" which I've set to "3". Is that the DHCP
    pool?

    > 4. Is there a MAC address filter?

    Yes. I currently have DEADBEEFCAFE, 0BADFEEDBEEF, & 00BADCODEFAD as my
    three MAC addresses on my windows computers and the MAC address filter in
    the router is set to only accept those three MAC addresses and they are
    changed weekly.

    > 5. Any 802.1x authentication? RADIUS authorization/authentication?

    I do not have the "Enable IEEE 801.1x authentication for this network" set
    in the Windows network application for the wireless network. Neither do I
    have Radius for my home network. I just use WPA2-PSK.

    > 6. Any secure tunnels (VPN)?

    No, I am not using VPN.

    > In my never humble opinion, the only real security available is WPA or
    > WPA2 encryption. Even that has a problem in that shared keys can be
    > extracted from the client machines.

    I am using WPA2-PSK so shared keys can be extracted, I guess.

    Given this information, how can anyone connect to my network when the only
    three available DHCP addresses are in use by my three PCs?
     
    Roger Harrison, Jun 17, 2007
    #2
    1. Advertising

  3. Roger Harrison

    Bit Twister Guest

    On Sun, 17 Jun 2007 06:30:25 GMT, Roger Harrison wrote:
    > Given this information, how can anyone connect to my network when the only
    > three available DHCP addresses are in use by my three PCs?


    My SWAG, one cracked, box, emails/p2p's black hat the keys/mac addy/whatnot
    first thing during shutdown. Now cracker knows todays mac/key values
    and that there is a free lease slot open.

    You are getting the WAN security tighten down, but crackers are going
    after apps on the pc because WAN side is getting harder to bypass.
    So you have possible problems on both sides of the connection.

    Last stats I saw indicated for first quarter of 2007, daily average 222 new
    malware and cracked 5,0000 web pages handing out malware. It is
    getting ugly for the Micro$oft users.

    http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/6591183.stm

    I can just see bot hearders renting out open connection to local crackers. :(
     
    Bit Twister, Jun 17, 2007
    #3
  4. Roger Harrison

    Andy Walker Guest

    Roger Harrison wrote:

    >My security question:
    > How can the bad guy wardrivers get in given those three assumptions above?


    Masquerade as your WAP and send an 802.11 control frame telling your
    computers to get off, then masquerade as one of your computers. It's
    done all the time.
     
    Andy Walker, Jun 17, 2007
    #4
  5. Roger Harrison

    Robert Guest

    On Sun, 17 Jun 2007 06:30:25 +0000, Roger Harrison wrote:

    > Given this information, how can anyone connect to my network when the only
    > three available DHCP addresses are in use by my three PCs?


    Please do not assume that just because you only have 3 DHCP ip address
    that someone cannot use your Wireless. Linksys defaults to 192.168.1.0/24
    and just about everyone knows this. No one needs a DHCP server to give
    them an ip address when they know your network and mask.

    Also do not assume that just because you locked down your wireless with
    MAC Addresses that someone cannot break in. Just sitting and listening to
    what wireless traffic is being passed one can get the MAC addresses in use.

    To help you could set your linksys to not broadcast the SSID. Also use
    WPA or WPA2 and TKIP security. Make your Shared key something that isn't
    a word and mix it up. It is hard to hide your ip addresses or mac
    addresses one wireless but you could cut down on the amount of ip address
    allowed on the network and change the the network too from the default.

    These are just some of the things you can do to slow them down. Sitting
    long enough anyone can figure out your SSID, IP Addresses being used and
    MAC Addresses. A good shared key will be about the only thing that will
    stop all but the determined.


    --

    Regards
    Robert

    Smile... it increases your face value!


    ----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
    http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
    ----= East and West-Coast Server Farms - Total Privacy via Encryption =----
     
    Robert, Jun 30, 2007
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Everton
    Replies:
    1
    Views:
    434
  2. FrisbeeĀ®
    Replies:
    37
    Views:
    1,120
  3. Woody
    Replies:
    9
    Views:
    339
  4. Roger Harrison
    Replies:
    3
    Views:
    1,139
    Andy Walker
    Jun 17, 2007
  5. Patrick Cervicek
    Replies:
    0
    Views:
    817
    Patrick Cervicek
    Aug 7, 2007
Loading...

Share This Page