F-13 new wireless routers -

JD jd1008 at gmail.com
Sun Aug 15 02:55:18 UTC 2010


  On 08/14/2010 07:43 PM, James McKenzie wrote:
> Wolfgang S. Rupprecht wrote:
>> Bill Davidsen<davidsen at tmr.com>  writes:
>>
>>> Wolfgang S. Rupprecht wrote:
>>>
>>>> Bob Goodwin<bobgoodwin at wildblue.net>  writes:
>>>>
>>>>>      Yes  I have been running WEP 'cause I have one old device that can
>>>>>      do no more than that, and I usually admit only certain [18 or 19]
>>>>>      MAC addresses that I have listed. Add to that the fact that I am in
>>>>>      a rural area surrounded by cotton and soy beans, the distance to the
>>>>>      road is about 200 meters, I don't think LAN security is a major
>>>>>      worry. I can't detect any other systems when I scan.
>>>>>
>>>> Well, WEP will keep out the casual person looking for an open wifi.  To
>>>> be honest, I think that is good enough unless you have a bored and
>>>> highly talented kid living next door.
>>>>
>>> I live across the street from a college. My security is better than theirs,
>>> thankfully.
>>>
>> Reminds me of the joke about the two hikers preparing for a bear
>> encounter.  One hiker is removing his hiking boots and putting on
>> sneakers.  The other points out how useless this is because you can't
>> outrun a bear.  The first retorts, "I don't have to outrun the bear I
>> only have to outrun you."  In the same vein, you don't need great
>> security, you just need something better than the school next door. ;-)
>>
>> Personally, I still believe in WPA2-only with CCMP-only and hex
>> passwords pulled from /dev/random.  It's not that much more work to set
>> up that way and give the attackers something very substantial to chew
>> on.
>>
>>
> Sort of like why there are locks on wooden doors.  Keeps the honest ones
> out.  The shotgun deals with the rest (and 10 gauges are really LOUD and
> do a good job of blowing a 200 lb person out into the street.)  That is
> what happens when some folks hit a few of the systems that I worked on.
> One of the 'Honey Pots' had a time bomb download.  If you were running
> WinBlows you got a shock about 14 days later.....(and a completely dead
> system to boot if you had flash eeproms in your hard
> drives/motherboard.)  After that, the number of attacks dropped
> greatly.  BTW, the file had nothing in it to point back to where it came
> from :)
>
> Of course, after legal advice, the file was pulled and replaced with a
> nicer file.
>
> Securing Wireless is like damming a river.  Works well until you get a
> flood, then all bets are off.
>
> James McKenzie
>
Actually, it is impossible to secure wireless. That's because the
publicly available crypto systems being used were deliberately
designed to be broken in real time by parties with very keen
interest in such ability. The how of such methods of course remain
in the sole domain of the keenly interested parties :)


More information about the users mailing list