Sign in to follow this  
Followers 0
Farelf

Secure your router ...

15 posts in this topic

http://www.networkworld.com/community/blog...y_pm_2011-04-25

A Buffalo homeowner found himself facedown on the floor of his house, looking up a group of federal agents, who were looking at him over gun barrels. They were executing a warrant alleging he was downloading reams of child pornography over the Internet. He was baffled. ...
I think "baffled" would be a faint name for it, were it me!

Don't use wi-fi myself (but that seems to be the way the world is going, or large parts of it). The page for Securing a Linksys® router gives an idea of how to improve wireless network security:

http://www.linksysbycisco.com/EU/en/learni...cureYourNetwork

- it could pretty well serve as a template for the process with other types, it seems to me.

Other explanations, tutorials, tips and comments would probably be useful - quite a few of the problems for which members seek assistance in these forums could be due to hijacked/piggybacked connections. One source for all of that is:

http://whirlpool.net.au/wiki/Wireless_Home_Network_FAQ

Share this post


Link to post
Share on other sites
Don't use wi-fi myself (but that seems to be the way the world is going, or large parts of it). The page for Securing a Linksys® router gives an idea of how to improve wireless network security:

Really for WiFi one needs to consider buying a newer device particularly if its 2 years old or definitely if 5 yo or older (you provider may even supply one for FREE?). The security settings will be a lot more robust with much better speeds.

Share this post


Link to post
Share on other sites

Following the link to the original AP story, I'm going to go out on a limb here and say that the local Buffalo FBI office is full of compleat idiots, especially if you believe the claims of the man's lawyer as to what the agents said to him until they discovered the real culprit.

Furthermore, the Computerworld lede you quote illustrates the sad state of journalism and the lost art of clearly-worded prose. Face-down looking up?

I live in a dense urban area and my home office has a four-year-old unsecured router to support my digital widget. The router is no good for anything outside of the room. Call me crazy, call me impetuous, but I'm not going to be replacing or securing it anytime soon. Eventually of course I will have to replace it, and when I do the signal will be strong enough that I would be an idiot not to secure it.

According to many security experts there is no foolproof Wi-Fi security method, all can eventually be broken into. As my father used to say, "A lock only keeps an honest man out."

Just my US$.02 :lol:

Share this post


Link to post
Share on other sites
...I'm going to go out on a limb here and say that the local Buffalo FBI office is full of compleat idiots, especially if you believe the claims of the man's lawyer as to what the agents said to him until they discovered the real culprit....
It is always easier to prosecute the victim than the perpetrator. Just put yourself in the shoes of the investigator/enforcer. With the victim, you know where he lives and he's just had the stuffing knocked out of him. With the perpetrator you actually have to do some serious investigative work (and you just know this is going to be some sort of desperate individual if you do stumble across him). Fortunately, they aren't all like that.

Share this post


Link to post
Share on other sites

Currently woeking a similar issue from a surprising source .... a brother. Many conversations about things that needed to be done always countered with "too complicated" .. "not enough time" ... "not that important" ... he came home from work one night to find his (DSL) modem showing as 'disconnected.' Phone call and later e-mail to/from the tech support office to his Host resulted in his being informed that due to a request for data from the RIAA/MPAA folks, his system had been identified as someone who had been downloading movies from not-so-shiney places. He objected, they turned his access back on with the caveat that if that traffic was seen again, the accuont would be closed permanently. (just noting that a daughter in the family works at a video-rental store which allows staff to take movies home to watch, to include new releases available to them a week or so before the officil release dat, so illegally downloading movies wouuld seem to be a total waste of time and disk-space.) Anyway, he finally figured out that the data light on the router/modem fllashing like crazy even though the computers were all powered down probably indicated something. <g>

Spent about an hour there not getting too far. Packed up his modem/router and their primary laptop to bring home for some real work. Results are just novel. Back-end of the router worke just fine, read that as the (unsecured) wireless portion woks just great. The router portin does in fact pass traffic. However, access to the modem's control panel isn't available. At his house, I once pulled up the screen that had some content available in the left third of the control panel, but nothing actually worked (or at least displayed in the other two columns [or the top-most block, assumedly company logo stuff.]) Here, with 'my' cables, 'my' computers, I only once 'accidentally' managed to get the login screen to show up, but as sson as the fields were filled in, the next screen never arrived. Bottom line, his modem/router was mostly a brick, the part that was working 'perfectly' was unfortunately the unsecured wireless portion.

Picked up a new wireless router, configured it here, will head back over there to install it and go through his other computers and wireless printer to work wuth encryption in place. My assumption at this point is that most likely someone living in an apartment complex across the street is actually who was tapping into the wireless access point provided by the unsecured wireless router.

Share this post


Link to post
Share on other sites
Picked up a new wireless router, configured it here, will head back over there to install it and go through his other computers and wireless printer to work wuth encryption in place. My assumption at this point is that most likely someone living in an apartment complex across the street is actually who was tapping into the wireless access point provided by the unsecured wireless router.

A friend of mine repairs checks scales. It's handy for him to easily access unsecured wireless/WiFi as there is nowhere he goes he cannot (handy for him as he often needs a manual) ! There seems to be an endless suply of persons who aren't worried. Criminals are now using these to know when people aren't home and can read everything on those computers as well. There are many freeware programs that allow one to detect and use open wireless connections

Share this post


Link to post
Share on other sites
A friend of mine repairs checks scales. It's handy for him to easily access unsecured wireless/WiFi as there is nowhere he goes he cannot (handy for him as he often needs a manual) ! There seems to be an endless suply of persons who aren't worried [...]

Has anyone done a survey and posted numbers ?

I have recently acquired a Kindle 3G which will scan for Wi-Fi if asked or when there is no 3G/ GPRS/ EDGE signal.

Every time it has done so it showed 3-10 networks, but every network passworded.

Share this post


Link to post
Share on other sites
Has anyone done a survey and posted numbers ?

Every time it has done so it showed 3-10 networks, but every network passworded.

Maybe people are smartning up? but a google search in news always comes up with horror stories

Share this post


Link to post
Share on other sites
Has anyone done a survey and posted numbers ?

I would say that the variables involved make any numbers pretty useless for the most part.

For example, as I sit here .. a desktop with a corded USB wireless adaptor is seeing 7 other wireless access points (3 of them my own) .... an Acer netbook i seeing 9, whereas an HP laptop is only seeing 5. Last night there was a maximum of 16 access points showing as available. Encoding last night was shown as 3 wide open, 2 WEP, 5 WPA, the rest WPA2. Currently showing are 4 WPA2, 1 WPA, and the rest WEP.

Noting that the unsecured devices and one of the WEP units still had the factory defait SSID name showing also,

While I had the new wireless router connected only to power and a netbook to run through configuration, I counted/saw 11 other connections over the span of three or four hours. One I had to really wonder about ..... remained connected for over an hour. Linux on the netbook, only Port 80 opened up to talk to the router, no server running, router not going anywhre else .... what could that user have tryng to accomplish for so long to eventually work out that the connection wasn't worth a thing?

Share this post


Link to post
Share on other sites

WiFi security is kind of useless - I can apt-get straight out of the Debian repository a password sniffer.

I lock mine to the MAC addresses of my machines. So far the neighbours haven't Googled how to clone ;)

Cheers!

Share this post


Link to post
Share on other sites
WiFi security is kind of useless - I can apt-get straight out of the Debian repository a password sniffer.

Most targeted to WEP, perhps a couple looking at WPA. However, WPA2 with AES and a good pass-phrase is still considered pretty secure.

I lock mine to the MAC addresses of my machines. So far the neighbours haven't Googled how to clone ;)

As with any kind of security, the more layers, the better ... if one excludes the ease-of-use factor.

Share this post


Link to post
Share on other sites
Most targeted to WEP, perhps a couple looking at WPA. However, WPA2 with AES and a good pass-phrase is still considered pretty secure.

As with any kind of security, the more layers, the better ... if one excludes the ease-of-use factor.

Don't know how good they are but there are even wireless routers that autohack WiFi

Share this post


Link to post
Share on other sites

Whoo

Rob-Wifi is an easy-to-use device that features the auto-hacking function that will hack into a network without a computer. Just turn on the Rob-Wifi, select a network and the Rob-Wifi will hack it automatically. It is a standalone machine and do not required boot from disc or computer. 100% works with any Internet Service Providers.

Wifi signal are available almost everywhere but most of them are useless to us as they are Secured connection that required a password to access. And most WiFi adapters in the market and in laptops have a range of only 20 - 30 meters, limiting the number of WiFi connections available to you. But with the powerful Rob-Wifi, you can access more WiFi connections which are further away and the Rob-Wifi optimized the cracking of WEP encription that makes the hack more quickly. Best of all it can also decode, hack, crack, unlock and reveal the passwords of most of the secured connections.

The Rob-WiFi will let you use the internet almost everywhere for free thereby saving your hefty monthly subscription fees. You only need to decode the password of each connection once and use them forever as the administrator almost never change the password. And they will not know that someone else is sharing the connection! Now you can enjoy Free WiFi almost anywhere with dozens of connections to choose from and save hundreds of dollars every year!

Auto hack from China - no doubt with some interesting and unexpected firmware code as a bonus (you too can join the botnet, the fastest-growing community this side of Escherichia coli). Domain registered in HK, webhosting via theplanet.com but MX firmly placed in the Xiamen Telecom IDC network, which will be familiar to many spamsufferers.

Yet more Chinese criminality - I would like to see what would happen to anyone using these things within the PRC.

Share this post


Link to post
Share on other sites
Whoo Auto hack from China - no doubt with some interesting and unexpected firmware code as a bonus (you too can join the botnet, the fastest-growing community this side of Escherichia coli). Domain registered in HK, webhosting via theplanet.com but MX firmly placed in the Xiamen Telecom IDC network, which will be familiar to many spamsufferers.

Yet more Chinese criminality - I would like to see what would happen to anyone using these things within the PRC.

You can get the hacking software for free, no need to pay for the Router and I doubt if it will work on anything but WEP (which is not hard to get around). Newer WiFi routers use tougher security like WPA or WPA-PSK (My "doubt" in getting through this security is that many just leave the default login and password at default setting, which is often just admin password). Newer routers are not only much more secure they are significantly faster

Share this post


Link to post
Share on other sites
Don't know how good they are but there are even wireless routers that autohack WiFi

Write-up and graphics all point to WEP. I recall Steve Gibson (GRC Spinrite fame) talking about using a WEP cracker, as it was faster than tryying to re-type a long WEP key himself.

The rest of the write-up points to users that don't pay any attention to the logs and connection tables provided .. and from what I keep seeing, this does seem to be the case more often than not.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0