Wireless router security question..

Discussion in 'NZ Computing' started by Max Burke, Sep 28, 2009.

  1. Max Burke

    Max Burke Guest

    I have a D-Link dir-300 wired/wireless router that I'm using for my home
    network.

    So far I have changed the user ID and password from the factory defaults
    to my own user ID and strong password.
    I have enabled that highest encryption it has wpa/wpa2, changed the SSID
    from the factory default, changed the network key to my own one, and
    enabled hidden wireless.

    I have also disabled WAN ping respond, enabled Wi-Fi protected status,
    enabled SPI, and configured MAC filtering.

    Is there anything else I need to do to secure my wireless connection,
    and network?

    --

    Replace the obvious with paradise.net to email me
    Found Images
    http://homepages.paradise.net.nz/~mlvburke
    Max Burke, Sep 28, 2009
    #1
    1. Advertising

  2. Max Burke

    Sailor Sam Guest

    Max Burke wrote:
    > I have a D-Link dir-300 wired/wireless router that I'm using for my home
    > network.
    >
    > So far I have changed the user ID and password from the factory defaults
    > to my own user ID and strong password.
    > I have enabled that highest encryption it has wpa/wpa2, changed the SSID
    > from the factory default, changed the network key to my own one, and
    > enabled hidden wireless.
    >
    > I have also disabled WAN ping respond, enabled Wi-Fi protected status,
    > enabled SPI, and configured MAC filtering.
    >
    > Is there anything else I need to do to secure my wireless connection,
    > and network?
    >


    Should be ok, if anything goes wrong blame Linux.
    Sailor Sam, Sep 28, 2009
    #2
    1. Advertising

  3. Max Burke

    Max Burke Guest

    Sailor Sam wrote:
    > Max Burke wrote:
    >> I have a D-Link dir-300 wired/wireless router that I'm using for my
    >> home network.
    >>
    >> So far I have changed the user ID and password from the factory
    >> defaults to my own user ID and strong password.
    >> I have enabled that highest encryption it has wpa/wpa2, changed the
    >> SSID from the factory default, changed the network key to my own one,
    >> and enabled hidden wireless.
    >>
    >> I have also disabled WAN ping respond, enabled Wi-Fi protected status,
    >> enabled SPI, and configured MAC filtering.
    >>
    >> Is there anything else I need to do to secure my wireless connection,
    >> and network?
    >>

    >
    > Should be ok, if anything goes wrong blame Linux.


    Why, do D-Link routers have an embedded Linux OS?

    --

    Replace the obvious with paradise.net to email me
    Found Images
    http://homepages.paradise.net.nz/~mlvburke
    Max Burke, Sep 28, 2009
    #3
  4. Max Burke

    Sailor Sam Guest

    Max Burke wrote:
    > Sailor Sam wrote:
    >> Max Burke wrote:
    >>> I have a D-Link dir-300 wired/wireless router that I'm using for my
    >>> home network.
    >>>
    >>> So far I have changed the user ID and password from the factory
    >>> defaults to my own user ID and strong password.
    >>> I have enabled that highest encryption it has wpa/wpa2, changed the
    >>> SSID from the factory default, changed the network key to my own one,
    >>> and enabled hidden wireless.
    >>>
    >>> I have also disabled WAN ping respond, enabled Wi-Fi protected
    >>> status, enabled SPI, and configured MAC filtering.
    >>>
    >>> Is there anything else I need to do to secure my wireless connection,
    >>> and network?
    >>>

    >>
    >> Should be ok, if anything goes wrong blame Linux.

    >
    > Why, do D-Link routers have an embedded Linux OS?
    >


    No, but you like to blame that which you do not understand.
    Sailor Sam, Sep 28, 2009
    #4
  5. Max Burke

    Enkidu Guest

    Max Burke wrote:
    > Sailor Sam wrote:
    >> Max Burke wrote:
    >>> I have a D-Link dir-300 wired/wireless router that I'm using for
    >>> my home network.
    >>>
    >>> So far I have changed the user ID and password from the factory
    >>> defaults to my own user ID and strong password. I have enabled
    >>> that highest encryption it has wpa/wpa2, changed the SSID from
    >>> the factory default, changed the network key to my own one, and
    >>> enabled hidden wireless.
    >>>
    >>> I have also disabled WAN ping respond, enabled Wi-Fi protected
    >>> status, enabled SPI, and configured MAC filtering.
    >>>
    >>> Is there anything else I need to do to secure my wireless
    >>> connection, and network?
    >>>

    >>
    >> Should be ok, if anything goes wrong blame Linux.

    >
    > Why, do D-Link routers have an embedded Linux OS?
    >

    Yes. Telnet to the router address, login as usual and do an 'ls'.

    Cheers,

    Cliff

    --

    The Internet is interesting in that although the nicknames may change,
    the same old personalities show through.
    Enkidu, Sep 28, 2009
    #5
  6. Max Burke

    Richard Guest

    Max Burke wrote:

    >> Should be ok, if anything goes wrong blame Linux.

    >
    > Why, do D-Link routers have an embedded Linux OS?


    Not sure about that one, but lots do.

    Oh, and turn ssid broadcast back on, otherwise you get issues connecting
    to it and the computers are constantly seeking it when you are out of
    range making them ripe for someone to spoof the AP and screw with you.

    Turning it off achieves nothing other then taking it out of the list of
    accesspoints on some computers.
    Richard, Sep 28, 2009
    #6
  7. Max Burke

    Max Burke Guest

    Richard wrote:
    > Max Burke wrote:
    >
    >>> Should be ok, if anything goes wrong blame Linux.


    >> Why, do D-Link routers have an embedded Linux OS?


    > Not sure about that one, but lots do.
    > Oh, and turn ssid broadcast back on, otherwise you get issues connecting
    > to it and the computers are constantly seeking it when you are out of
    > range making them ripe for someone to spoof the AP and screw with you.


    > Turning it off achieves nothing other then taking it out of the list of
    > accesspoints on some computers.


    I'm not using any wireless equipment currently, so is there any need to
    SSID Broadcast on?

    The only computers on the network are using a wired connection...

    --

    Replace the obvious with paradise.net to email me
    Found Images
    http://homepages.paradise.net.nz/~mlvburke
    Max Burke, Sep 28, 2009
    #7
  8. Max Burke

    Dave Doe Guest

    In article <h9pqou$4bp$-september.org>,
    says...
    > Richard wrote:
    > > Max Burke wrote:
    > >
    > >>> Should be ok, if anything goes wrong blame Linux.

    >
    > >> Why, do D-Link routers have an embedded Linux OS?

    >
    > > Not sure about that one, but lots do.
    > > Oh, and turn ssid broadcast back on, otherwise you get issues connecting
    > > to it and the computers are constantly seeking it when you are out of
    > > range making them ripe for someone to spoof the AP and screw with you.

    >
    > > Turning it off achieves nothing other then taking it out of the list of
    > > accesspoints on some computers.

    >
    > I'm not using any wireless equipment currently, so is there any need to
    > SSID Broadcast on?
    >
    > The only computers on the network are using a wired connection...


    Turn off wireless then!
    Dave Doe, Sep 28, 2009
    #8
  9. Max Burke

    Max Burke Guest

    > Crash wrote:
    >


    > On Mon, 28 Sep 2009 21:05:48 +1300, Max Burke
    > <> wrote:
    > [snip]
    >> I'm not using any wireless equipment currently, so is there any need to
    >> SSID Broadcast on?
    >> The only computers on the network are using a wired connection...


    > Why have a wireless network when it is not being used? If your D-LINK
    > router is a router that includes both wired (Ethernet) and wireless
    > capability then disable the wireless capability until it is needed.
    > This is by far the simplest way to ensure you have no wireless-related
    > security issues.


    > Or am I missing something here ;-)


    Possibly. Thats what I'm doing, and my OP was if I had done it right or
    if there was anything else I needed to do.

    I thought it was a straight forward question when I posted it.


    --

    Replace the obvious with paradise.net to email me
    Found Images
    http://homepages.paradise.net.nz/~mlvburke
    Max Burke, Sep 28, 2009
    #9
  10. Max Burke

    Enkidu Guest

    Max Burke wrote:
    > Richard wrote:
    >> Max Burke wrote:
    >>
    >>>> Should be ok, if anything goes wrong blame Linux.

    >
    >>> Why, do D-Link routers have an embedded Linux OS?

    >
    >> Not sure about that one, but lots do.
    >> Oh, and turn ssid broadcast back on, otherwise you get issues
    >> connecting to it and the computers are constantly seeking it when you
    >> are out of range making them ripe for someone to spoof the AP and
    >> screw with you.

    >
    >> Turning it off achieves nothing other then taking it out of the list
    >> of accesspoints on some computers.

    >
    > I'm not using any wireless equipment currently, so is there any need to
    > SSID Broadcast on?
    >

    As I understand it, your computer then broadcasts to contact the router.
    Security on the computer end may be less stringent than the router end
    allowing anyone to pretend to be your router. Of course it isn't as
    simple as that but one end or the other has to broadcast and it is
    better that the router does it.

    Cheers,

    Cliff

    --

    The Internet is interesting in that although the nicknames may change,
    the same old personalities show through.
    Enkidu, Sep 28, 2009
    #10
  11. Max Burke

    Enkidu Guest

    Richard wrote:
    > Max Burke wrote:
    >
    >>> Should be ok, if anything goes wrong blame Linux.

    >>
    >> Why, do D-Link routers have an embedded Linux OS?

    >
    > Not sure about that one, but lots do.
    >

    My DLink has a Linux OS.

    Cheers,

    Cliff

    --

    The Internet is interesting in that although the nicknames may change,
    the same old personalities show through.
    Enkidu, Sep 28, 2009
    #11
  12. Max Burke

    Sailor Sam Guest

    Enkidu wrote:
    > Richard wrote:
    >> Max Burke wrote:
    >>
    >>>> Should be ok, if anything goes wrong blame Linux.
    >>>
    >>> Why, do D-Link routers have an embedded Linux OS?

    >>
    >> Not sure about that one, but lots do.
    >>

    > My DLink has a Linux OS.
    >
    > Cheers,
    >
    > Cliff
    >


    Are you sure it's a linux kernel?
    Sailor Sam, Sep 28, 2009
    #12
  13. Max Burke

    Enkidu Guest

    Sailor Sam wrote:
    > Enkidu wrote:
    >> Richard wrote:
    >>> Max Burke wrote:
    >>>
    >>>>> Should be ok, if anything goes wrong blame Linux.
    >>>>
    >>>> Why, do D-Link routers have an embedded Linux OS?
    >>>
    >>> Not sure about that one, but lots do.
    >>>

    >> My DLink has a Linux OS.

    >
    > Are you sure it's a linux kernel?
    >

    I believe so. It's possible it is a BSD variant, but it doesn't look and
    feel like it.

    Cheers,

    Cliff

    --

    The Internet is interesting in that although the nicknames may change,
    the same old personalities show through.
    Enkidu, Sep 28, 2009
    #13
  14. Max Burke

    Sailor Sam Guest

    Enkidu wrote:
    > Sailor Sam wrote:
    >> Enkidu wrote:
    >>> Richard wrote:
    >>>> Max Burke wrote:
    >>>>
    >>>>>> Should be ok, if anything goes wrong blame Linux.
    >>>>>
    >>>>> Why, do D-Link routers have an embedded Linux OS?
    >>>>
    >>>> Not sure about that one, but lots do.
    >>>>
    >>> My DLink has a Linux OS.

    >>
    >> Are you sure it's a linux kernel?
    > >

    > I believe so. It's possible it is a BSD variant, but it doesn't look and
    > feel like it.
    >
    > Cheers,
    >
    > Cliff
    >


    Hmm, depending on the functionality of the shell(s) installed/provided
    it may be a bugger to prove one way or the other.

    I nmapped (surely that's a word) my dodgy old dlink and got back
    No exact OS matches for host (If you know what OS is running on it, see
    http://nmap.org/submit/ ).

    The telnet and ftp banners weren't any help either.
    FTP:
    $ ftp 10.1.1.1
    Connected to 10.1.1.1.
    220 FTP Server (Version 1.0) ready.
    Name (10.1.1.1:sam): admin
    331 User name okay, need password.
    Password:
    230 User logged in, proceed.
    Remote system type is WINDOWS. <<--??????
    Sailor Sam, Sep 29, 2009
    #14
  15. Max Burke

    Max Burke Guest

    Richard wrote:
    > Enkidu wrote:
    >
    >> As I understand it, your computer then broadcasts to contact the
    >> router. Security on the computer end may be less stringent than the
    >> router end allowing anyone to pretend to be your router. Of course it
    >> isn't as simple as that but one end or the other has to broadcast and
    >> it is better that the router does it.

    >
    > Yes.
    >
    > The router is constansly sending its mac address out as broadcasts
    > anyway, what the ssid broadcast option (which is totally mal-named) does
    > is answer when there is a request for the network ANY with its name. If
    > thats off it only answers a request for the correct name, which means
    > you have to tick the option on the computer to connect even if the
    > network isnt broadcasting, which means constantly look for it when the
    > wifi adapter is on.


    > To be honest the whole way that ssids work is stupid and ill thought and
    > both ways are just as bad, its just that having broadcast on means you
    > will connect faster and if you have multiple APs on site will change
    > between them more reliably.


    I went through it's setup screens a bit more carefully and found the
    switch for wireless, that I had overlooked previously.
    It's no longer broadcasting or listening.

    But I learned how to secure it if/when I reactivate the wireless option.

    --

    Replace the obvious with paradise.net to email me
    Found Images
    http://homepages.paradise.net.nz/~mlvburke
    Max Burke, Sep 29, 2009
    #15
  16. Max Burke

    Enkidu Guest

    Sailor Sam wrote:
    > Enkidu wrote:
    >> Sailor Sam wrote:
    >>> Enkidu wrote:
    >>>> Richard wrote:
    >>>>> Max Burke wrote:
    >>>>>
    >>>>>>> Should be ok, if anything goes wrong blame Linux.
    >>>>>>
    >>>>>> Why, do D-Link routers have an embedded Linux OS?
    >>>>>
    >>>>> Not sure about that one, but lots do.
    >>>>>
    >>>> My DLink has a Linux OS.
    >>>
    >>> Are you sure it's a linux kernel?
    >> >

    >> I believe so. It's possible it is a BSD variant, but it doesn't look
    >> and feel like it.
    >>
    >> Cheers,
    >>
    >> Cliff
    >>

    >
    > Hmm, depending on the functionality of the shell(s) installed/provided
    > it may be a bugger to prove one way or the other.
    >
    > I nmapped (surely that's a word) my dodgy old dlink and got back
    > No exact OS matches for host (If you know what OS is running on it, see
    > http://nmap.org/submit/ ).
    >
    > The telnet and ftp banners weren't any help either.
    > FTP:
    > $ ftp 10.1.1.1
    > Connected to 10.1.1.1.
    > 220 FTP Server (Version 1.0) ready.
    > Name (10.1.1.1:sam): admin
    > 331 User name okay, need password.
    > Password:
    > 230 User logged in, proceed.
    > Remote system type is WINDOWS. <<--??????
    >

    According to this site : "D-Link DSL-G604T firmware is based on
    MontaVista Linux 2.4.17".

    http://www.seattlewireless.net/index.cgi/DlinkDslG604t#Linux

    Cheers,

    Cliff

    --

    The Internet is interesting in that although the nicknames may change,
    the same old personalities show through.
    Enkidu, Sep 29, 2009
    #16
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?dHV1Zg==?=

    Wireless router security changes network configuration

    =?Utf-8?B?dHV1Zg==?=, Oct 4, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    452
    =?Utf-8?B?cmljaA==?=
    Oct 5, 2005
  2. =?Utf-8?B?Y2hlc3Qgcm9ja3dlbGw=?=

    wireless router security

    =?Utf-8?B?Y2hlc3Qgcm9ja3dlbGw=?=, Nov 29, 2005, in forum: Wireless Networking
    Replies:
    2
    Views:
    517
    Ryan Younger
    Dec 1, 2005
  3. Rick Sears
    Replies:
    0
    Views:
    476
    Rick Sears
    Jul 29, 2003
  4. COMSOLIT Messmer

    IT-Security, Security, e-security

    COMSOLIT Messmer, Sep 5, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    562
    COMSOLIT Messmer
    Sep 5, 2003
  5. Bill
    Replies:
    2
    Views:
    650
    Nobody
    May 28, 2008
Loading...

Share This Page