Need to turn off broadcast SSID.

ThrobblefootSpectre: Okay, okay, wi-fi is popular and convenient. I'll stick with my blue cables strung along the floorboards. And get off my lawn.

I would not go so far as to call it convenient. There is a certain enjoyment in working out how to hide the cables and cables are far far more reliable (most of my network is cabled). Its annoying to end up getting a wifi only gadget

dittybopper: tgambitg: d3bug: tgambitg: ThrobblefootSpectre: mjl: There are some very good reasons to stick with ethernet, speed(1) and escape from interference are two of them Security comes third :-)

This. Wireless is nice for sitting in starbucks, but I don't get the facination with wireless at home. Plug in an ethernet cable. Bam, done in 2 seconds.

Buildings you rent, for one. Not allowed to put ethernet jacks in your apartment... They tend to get pissy about that.

why do you feel you need to install a jack to plug your computer into a router?

Because stringing a wire through a house is ugly? And a lot of devices on my network are set up for wireless? My Bluray, Wii, PS3, cell phone, laptop, etc...? Not everyone plops down the router next to their only computer... some of us use more than one device on our network.

A couple of points:

1. Stringing a wire is ugly if you don't have any imagination. I've got Cat5 and coax all over the house (the coax is for radios), and other than where they directly attach to devices you'd be hard pressed to find them.

2. You can have more than one device on a wired network.

Some devices either cannot or require more hardware to connect to a wired network (My Droid2 Global cannot connect to a wired network. My Wii requires a physical dongle to attach to a wired network). Also, to get a wire strung to one of my desktops would require a cable over the 100m recommended limit for cabling. The best way to get around that would be to either A. run a drop to the computer and install a jack (not a good option as I don't own the premises) or B. use wireless. I have over 25 devices that connect to my network, only 4 of them are wired.

As someone using stolen wifi to post this, because Rogers sucks donkey balls, kick, etc...

Years later and the same bad advice is being circulated in these threads: As the situation has not changed I'm just going to paste comments I've made before:

In general:

MAC filtering
No. Don't bother, it is trivial to bypass and a pain to maintain if you have any guests. BTW, your MAC address is visible all the time, regardless of what WEP/WPA/WPA2 you have running, your MAC is right out there for all to see on every packet you send or receive.

SSID broadcasts
Leave them on. Turning them off only hides you if you have no traffic going on or your tools for searching suck. Besides, they were designed for a reason, to announce that you're using that channel. If your neighbors on either side see channel 11 open because you're not broadcasting your SSID, they may very well (and understandably) both choose that channel, and your performance will suffer drastically.

What you should do - WPA2, strong passwords, and unique SSID
1. Use WPA2 AES. If you're a corporate user than use "Enterprise" rather than a PSK.
2. Make sure you're using a strong (and long) password (at least 12 characters, but I'd suggest a long pass-phrase), and make your SSID fairly unique - instead of home, make it home512291 (I'll explain why below).

The only attack against WPA/WPA2 currently is a brute-force dictionary attack, so your password becomes by far the weakest link in the chain, so as long as your password is strong you're okay. Length is huge here, so a pass-phrase:

"You're driving me crazy, when are you coming home?" is the idea.

Of course you can make it more complicated if you like with number substitution, more upper-case/lower-case combinations, more punctuation, etc... But this would be secure enough for just about any home.

3. The one addendum to this is your SSID. In WPA your SSID is used as a salt in generating your encryption key, if you don't know what a salt is that's fine, just know that it plays a role in the strength of your security. People have generated huge pre-computed tables to make it much faster to attack WPA systems with weak passwords (http://www.renderlab.net/projects/WPA-tables/ - sorry fark is throwing away this link as unfetchable, which it isn't), but they have to generate a huge table for every SSID, so if your SSID is long and unique you can be pretty much guaranteed there will be no pre-computed table for it.

4. Finally, you should make sure your router itself (as opposed to your wpa2 key) has a strong password as well.

/do these four things and your wifi network will be fine.

moothemagiccow: tgambitg: ThrobblefootSpectre: mjl: There are some very good reasons to stick with ethernet, speed(1) and escape from interference are two of them Security comes third :-)

This. Wireless is nice for sitting in starbucks, but I don't get the facination with wireless at home. Plug in an ethernet cable. Bam, done in 2 seconds.

Buildings you rent, for one. Not allowed to put ethernet jacks in your apartment... They tend to get pissy about that.

Ethernet cable is ridiculously cheap. Like 15$ for 50 feet

Wireless Routers are even cheaper, $50 for 150' of coverage, and no need to add more 'lines' to add devices. And no need to modify devices that don't have wired jacks, as stated above.

i'll just leave this here:

ceebeecates4: Live in 1400 sqft house, surrounded by neighbors. Can get 4-5 WAP's to choose from.

Is WAP some sort of xxx-phile term I don't know about? White Anglo saxon Protestant?

WayToBlue: Years later and the same bad advice is being circulated in these threads: As the situation has not changed I'm just going to paste comments I've made before:

In general:

MAC filtering
No. Don't bother, it is trivial to bypass and a pain to maintain if you have any guests. BTW, your MAC address is visible all the time, regardless of what WEP/WPA/WPA2 you have running, your MAC is right out there for all to see on every packet you send or receive.

SSID broadcasts
Leave them on. Turning them off only hides you if you have no traffic going on or your tools for searching suck. Besides, they were designed for a reason, to announce that you're using that channel. If your neighbors on either side see channel 11 open because you're not broadcasting your SSID, they may very well (and understandably) both choose that channel, and your performance will suffer drastically.

What you should do - WPA2, strong passwords, and unique SSID
1. Use WPA2 AES. If you're a corporate user than use "Enterprise" rather than a PSK.
2. Make sure you're using a strong (and long) password (at least 12 characters, but I'd suggest a long pass-phrase), and make your SSID fairly unique - instead of home, make it home512291 (I'll explain why below).

The only attack against WPA/WPA2 currently is a brute-force dictionary attack, so your password becomes by far the weakest link in the chain, so as long as your password is strong you're okay. Length is huge here, so a pass-phrase:

"You're driving me crazy, when are you coming home?" is the idea.

Of course you can make it more complicated if you like with number substitution, more upper-case/lower-case combinations, more punctuation, etc... But this would be secure enough for just about any home.

3. The one addendum to this is your SSID. In WPA your SSID is used as a salt in generating your encryption key, if you don't know what a salt is that's fine, just know that it plays a role in the strength of your security. People have generated huge pre-computed tables to make it much faster to attack WPA systems with weak passwords (http://www.renderlab.net/projects/WPA-tables/ - sorry fark is throwing away this link as unfetchable, which it isn't), but they have to generate a huge table for every SSID, so if your SSID is long and unique you can be pretty much guaranteed there will be no pre-computed table for it.

4. Finally, you should make sure your router itself (as opposed to your wpa2 key) has a strong password as well.

/do these four things and your wifi network will be fine.

This. So much This. Sufficient length and complexity passphrases are almost impossible to brute force attack.

Ed Finnerty
This is why, no matter which encryption you use, you should ALWAYS use a MAC address filter.
...
/Security Expert

I sincerely hope you're joking.

dittybopper: tgambitg: Also, to get a wire strung to one of my desktops would require a cable over the 100m recommended limit for cabling.

Where the fark do you live that you have 330 feet between devices, in a mansion? Besides which, they have these neat little devices called 'hubs' that can help with that.

330 Feet can easily add up when you are going around walls, and the router is at one end of the house and the computer is at the other. Also, I hope you mean switch and not a hub... The only valid use for a hub is in a network intrusion type situation. Besides, at that point, I've already spent as much on cable and the switch as I would have just putting in a wireless router.

I forgot all Farkers worked in IT

If this story is typical of media vocabulary usage, I'm guessing by "hacking" they mean "getting onto the network that he left unprotected with a password."

dittybopper: tgambitg: moothemagiccow: tgambitg: ThrobblefootSpectre: mjl: There are some very good reasons to stick with ethernet, speed(1) and escape from interference are two of them Security comes third :-)

This. Wireless is nice for sitting in starbucks, but I don't get the facination with wireless at home. Plug in an ethernet cable. Bam, done in 2 seconds.

Buildings you rent, for one. Not allowed to put ethernet jacks in your apartment... They tend to get pissy about that.

Ethernet cable is ridiculously cheap. Like 15$ for 50 feet

Wireless Routers are even cheaper, $50 for 150' of coverage, and no need to add more 'lines' to add devices. And no need to modify devices that don't have wired jacks, as stated above.

But, there is no guarantee that next year an exploit won't become widely available that can allow someone to break into it. Wired networks require physical access in order to be exploited, and that's much harder to do, and it will always remain so.

That's a huge "what-if"... WEP was around for years, and when the vulnerability for it was exposed, we already had not only WPA, but WPA2 out. Which most routers/access points supported. So, it really is a non-issue. The biggest weakness in WPA2 is math, and current computers aren't near fast enough to expoit it.

Has anyone pointed out this is a repeat from last week with a lamer headline.

False Positives help too. I took an old Linksys wireless router and plugged it in. I just put an old lappy converted to a sniffer on there. Voila. It is like a barking dog for WiFi thieves.

Change your Wireless network name to "FBI Steakout Van #1"

"Paranoia will Destroy yaaahhh"

Besides, we're talking about home access, not business access... Unless you are specifically being targeted, an intruder will not waste his/her time on your network once a certain level of security is achieved, they will move on to the next network in the area. If you are being specifically targeted, no amount of security, wired/wireless, will stop them. They will either get in eventually or be caught doing it.

So what if we're using something like a DS, which is incapable of handling more than WEP? Is there anything I can do to lock my router's WEP access down as hard as the WPA-2, or should I just make it only broadcast when I need it to?

tgambitg: dittybopper: crazytrpr: dittybopper: deanayer: I switched to WPA from WEP after reading about how vulnerable it was but I don't know how tough WPA is. Is it "unbreakable" - I am not talking about the NSA but to the average mid-level cyber-douche/former script kiddie types.

Go wired and just don't worry about it.

Fark wired, go fiber ;o)

Same thing from a security standpoint. I meant a physical connection as opposed to a wireless one.

Actually, fiber is even more secure than copper... you can't splice fiber nearly as easily... and there are no fiber hubs to flood packets to sniff....

I was yanking his chain, but for the truely paranoid fiber and shielding you computer equipment is the way to go

The next Republican president will give this guy a pardon and a job at the RNC.

Telemetry: So what if we're using something like a DS, which is incapable of handling more than WEP? Is there anything I can do to lock my router's WEP access down as hard as the WPA-2, or should I just make it only broadcast when I need it to?

Separate router, separate subnet, limited access to the net, or the nintendo dongle. Though some routers offer mixed mode WEP/WPA solutions... but I personally don't like them...

TimGuy: Change your Wireless network name to "FBI Steakout Van #1"

"Paranoia will Destroy yaaahhh"



Steak?

Kevin72: This whole thing started because the family let their 4 year old just walk into Aldorf's house. At least they could have thanked him for returning the kid unharmed. And even if he did kiss the kid, calling the police instead of talking to the man privately about any concerns about kissing the kid .... could lead to exactly what happened. "Be kind to your neighbor. He knows where you live".

its incredibly inappropriate to kiss anybody's kids but your own especially on the lips..a sideways hugs does it for me when i meet other relatives kids that i'm familiar with..and even if its your own kids anything longer than a peck is very disturbing. the guy fta is obviously disturbed and probably a perv.

/my daughter is 7, an occasional eskimo kiss or a peck is enough.

danny_kay

WayToBlue: 4. Finally, you should make sure your router itself (as opposed to your wpa2 key) has a strong password as well.

You mean, like, the admin interface of the router?

Yes, the admin interface.

dittybopper: tgambitg: Besides, we're talking about home access, not business access... Unless you are specifically being targeted, an intruder will not waste his/her time on your network once a certain level of security is achieved, they will move on to the next network in the area. If you are being specifically targeted, no amount of security, wired/wireless, will stop them. They will either get in eventually or be caught doing it.

There is a difference, though: I can keep hammering at your wireless network pretty much at my leisure. Breaking into your house and installing hardware is a whole 'nother level of difficulty.

With a sufficiently long enough and complex passphrase, you're not going to get in though, not with current computer architectures... Which makes it prohibitively expensive for you to do so. Certainly not worth it. Certainly enough to make you look for another network.

crazytrpr: Grass Hopper: And this, ladies and gentlemen, is why I put up with wires and keep my WiFi disabled. Call me a luddite if you want, at least my neighbours would find it hard to get on my network.

You're not a luddite. You just understand the limits and uses for wireless

You're not kidding. I've walked down the stairs in my apartment building to find people sitting on the stairs with a laptop, plugged into someone else's WIFI.

danny_kay

WayToBlue: danny_kay

WayToBlue: 4. Finally, you should make sure your router itself (as opposed to your wpa2 key) has a strong password as well.

You mean, like, the admin interface of the router?

Yes, the admin interface.

Ten characters of alphanumeric gobbledygook!

Yeah that's plenty: what you're really concerned with on this one is someone using your browser to attack your local router via CSRF (either because you followed a malicious link or because they found XSS on a site you visit). They mostly rely on default passwords for attacks like this, but they could use JavaScript to actually try to bruteforce it. The reality is though it's a fairly slow kind of attack and it would take a LONG time to brute-force 10 characters as long as they really are at least random lower-upper-digit.

batcookie: viscount02: "The FBI got a search warrant for Ardolf's house and computer, and found reams of evidence, including copies of data swiped from the Kostolniks' computer, and hacking manuals with titles such as Cracking WEP Using Backtrack: A Beginner's Guide"

That made me LOL. A beginners guide. What an idiot.

Same here, I laughed hard at that. I'm just imagining how ecstatic the cops must have been, I mean he essentially did their job for them. Can you imagine this situation with any other crime? "Well, we went to serve the search warrant on the murder suspect... we found several knife sets, written plans to stab a guy, pictures of the suspect stabbing a guy, detailed descriptions of him stabbing the guy, and as a bonus, a copy of 'Murdering For Dummies' on his desk."

AND evidence that he kneecapped that old lady he used to live across the street from. We never did find who did that.

dittybopper: ThrobblefootSpectre: I still prefer my rotary dial telephone too.

Pfft. I still use one of these:

[img396.imageshack.us image 540x358]

No, really, I actually do. Even while driving.

.-.. --- .-..

Cormee: dittybopper: ThrobblefootSpectre: I still prefer my rotary dial telephone too.

Pfft. I still use one of these:

[img396.imageshack.us image 540x358]

No, really, I actually do. Even while driving.

.-.. --- .-..

I just received your text...

dambis: in case you don't like the leo guy here is another page

http://www.zdnet.com/blog/ou/the-six-dumbest-ways-to-secure-a-wireless-lan/43

They list Mac Filtering, which by itself is not secure but it adds a layer of security to the network. Choose whatever security methods you want, adding MAC filter on top of that improves security.

Antenna placement, again by itself is not security although who is going to be easier to catch, the guy with a laptop on the bench outside, or the guy with a laptop and a 3' long 3" diameter tube pointed directly at my house?

802.11A, yet again, it's not more secure by itself but most laptops don't have it so it reduces the number of people who will target you. If the government is trying to get you, it won't help, if your next door neighbors kids are trying to hack your signal it might be all that's needed.

These techniques may not secure the network but they mitigate risk a bit, at a minimum you will have to be specifically targeted and will not just be the target of opportunity like your neighbor who is unsecured.

/I'm unsecured at home, not worried about it.

TiiiMMMaHHH: Personally, I don't use any encryption. I have named my SSID "noIP4u" (yes, a soup nazi reference), and I have MAC filtering on. My thought being that spoofing a specific MAC address to get into my network would be more difficult than cracking a password... can't wait to hear how wrong I am from all of the genius farkers out there, but that's my approach.

I can only hope you're a troll. It takes about 30 seconds of googling to break MAC filtering "security". Google it, give it a shot.

tgambitg: They will either get in eventually or be caught doing it.

THIS.

For most of us hackers going after our wireless router is like you and your buddy being chased by a bear, you just have to faster than your buddy.

If you are being specifically targeted somebody will get in eventually. There are easier exploits than brute force pass phrase cracking your router. Social engineering targeting your wife and kids for example. Some can hack you box while you are connected to the starbucks network etc...

Yunus
dambis: in case you don't like the leo guy here is another page

http://www.zdnet.com/blog/ou/the-six-dumbest-ways-to-secure-a-wireless-lan/43

They list Mac Filtering, which by itself is not secure but it adds a layer of security to the network. Choose whatever security methods you want, adding MAC filter on top of that improves security.

They correctly list mac filtering; it is security theater at its finest. It does not "add a layer of security," all it really adds is a layer of management hassle and the illusion of security.

MAC filtering is the TSA of wifi security.

dittybopper: tgambitg: With a sufficiently long enough and complex passphrase, you're not going to get in though, not with current computer architectures...

Unless there is a way to do it that we don't know about. And being a bit of a student of the history of various encryption schemes, I know enough to know that there is precisely *ONE* type of encryption that is safe, and it's impractical to implement it for things like this. All others are insecure to one degree or another, and calculations about how long it will take to break them don't impress me, as they don't take into account information that we don't know yet.

The perfect example is WEP itself: When introduced, it was believed to be secure, but it was broken just a few years later, and today any script kiddie can do it in a matter of a few minutes.


Which makes it prohibitively expensive for you to do so. Certainly not worth it. Certainly enough to make you look for another network.

Depends on who is doing it.

WEP was never truly secure, as it repeated the cipher after a while, which as computers got faster, they could decode it. As it used a 24-bit key, there were only 16777216 possible key combinations... even then, it only used a subset of those. Eventually, the code repeated. Which is why it was broken. WPA2 uses 128-bit keys... which has 3.4x10^38 keys.... and WPA2 uses significantly more of that keyspace than WEP used of it's keyspace. There's too much time between repetition for a pattern to emerge.