[wplug] On the subject of wardriving...
Alexandros Papadopoulos
apapadop at alumni.cmu.edu
Mon Mar 28 12:12:47 EST 2005
On Monday 28 March 2005 19:56, Michael P. O Connor wrote:
<snip>
> rely on it, I peronsonaly do 128bit encription, non-broadcasting
> ssid, and mac address filtering. Yes I know all of them easy to over
> come, but with 5 open networks in the apartment complex I live in, a
> wardriver wanting free bandwidth is going to go for the open network.
> Plus I done a bit of looking around, my signal does not make it to
> the road.
> but remember all of this is pointless, if some one wants into YOUR
> network, they will come after your network, and they will have the
> tools to do it.
I guess the validity of this statement depends on what you mean "I'm on
your network".
If you want to keep people from using your router to anonymously surf
the net, then MAC authentication and a non-broadcasting SSID seem
*very* difficult to get around, assuming you keep your wireless router
patched/flashed with the latest vendor fixes and the attacker is not an
insider (i.e. has physical access, information about your hardware,
configuration, etc etc).
Now, making your own legitimate use of your network tamper-proof (i.e.
stopping people from eavesdropping), is also quite easy to do with
strong cryptography. Since WEP doesn't seem to fit the bill, one can
choose an improved alternative (WAP?) and/or an application-layer
encryption scheme like SSL (implemented for instance with an OpenVPN
gateway on the router, should one have the luxury) , which is again
non-trivial[0] to break.
All in all I'd say the situation is not so hopeless, although I
certainly agree with you that you only have to be a tad more secure
than the next guy.
-A
[0] Was it Heisenberg who used to refer to anything even barely
theoretically doable as "trivial"?
More information about the wplug
mailing list