[Leaplist] an ipcop question

Wed Dec 17 19:34:54 EST 2008

Hank Lambert wrote:
>
> Oh I know it's easy to get; Kismet or Net Stumbler on the windows side
> will display it. Like I said, it's just 1 of many things I do to try
> an ward off the drive bys. I turn SSID on when adding a new device and
> then turn it back off after the connection is established.
>
> Same with mac address filtering. It's super easy to get the mac
> address of wireless devices, and then spoof those addresses to get
> past the filtering. But I figure that if I add more layers, then the
> casual drive-by looking for free Internet access will keep going. But
> even with WPA, if the right person wants in bad enough, they will get in.
>
> --Hank
>
>
> tony_l_turner at yahoo.com wrote:
> > Kismet can still find it even if you turn off SSID. If you are having
> issues with devices that can't connect with it off you can turn it on,
> initiate the connection and then once your adapter has "learned" the
> connection you can often turn it back off and they will work after that
> using those saved parameters.
> > Sent from my Verizon Wireless BlackBerry
>
> > -----Original Message-----
> > From: William Warren <hescominsoon at emmanuelcomputerconsulting.com>
>
> > Date: Wed, 17 Dec 2008 08:48:38
> > To: This is the Leap Main List<leaplist at leap-cf.org>
> > Subject: Re: [Leaplist] an ipcop question
>
>
> > Hank Lambert wrote:
>
>
> > Aaron Morrison wrote:
>
> >>>> WPA with RC4 (the default) is generally good enough given a good
> >>>> pass phrase (pre-shared key).  As a side note, AES takes more
> >>>> computational power to generate the keys, so not all devices can
> >>>> keep up.
> >>>>    
> > I use WPA with AES, TKIP is too insecure. The only device I have that
> > has problems with AES is my Mac G4, so I stuck a WAP on it's Ethernet
> > port and it connects to the ritter in bridge mode.
>
>
> >>>> MAC filtering and SSID hiding is not security.  At best it's a form
> >>>> of authentication which is not the same thing.  Any sniffer will
> >>>> reveal that information (instantly).
> >>>>
> >>>> And as you have experienced Bryan, hiding SSID can cause
> >>>> compatibility issues with some devices.  I do use MAC filtering
> >>>> mainly to prevent the drive-by associations, however.
> >>>>
> >>>> --am
> >>>>
> >>>>    
> > I seem to do OK with the SSID off. Again, the Mac refused to play
> > friendly, but it is the only one. I know that disabling the SSID and
> > mac filtering isn't security, it's just another road block. If someone
> > stumbles across my network, I hope to have enough things in play to
> > make them want to move on to the next. My best guess is that if
> > someone really wants into my network, the SSID and mac filtering can
> > be overcome in minutes. And WPA has recently been cracked as well.
> > That is the reason I have been planning on moving my ritter to the
> > blue interface of the IPCop machine. I was thinking that if they got
> > onto my wireless network and it is on the blue, they would still have
> > the IPCop box to deal with. Is my thinking correct? I don't know
> > enough about the blue interface to know, but if all it does is provide
> > mac filtering for the machines, then that doesn't provide any further
> > security.
>
> > --Hank
>
> >>
>
> > ssid hiding is a false sense of security as the ssid has to be
> > transmitted in the clear as part of the initial connection handshake.
> > There's no way around it so you never tru7ly do hide it.
>
>
> > -------------------------
>
> > _______________________________________________
> > Leaplist mailing list
> > Leaplist at leap-cf.org
> > http://lists.leap-cf.org/mailman/listinfo/leaplist

using a mac list is 100% effective when no one is using the AP.  The
only time they can get the Mac Address is when something is associated
with the AP.  95% of the time no one is associated.   I have never been
able to see AP which don't broadcast an SSID with netstumbler.  Kismet
is something else entirely..  Frankly I don't worry about much about the
type of people who use Kismet.    I have also never had a problem
connecting with any device with the SSID off.. I simply typed in the
correct name and away it went..   I'm sure Aaron will have more to say
during his presentation tomorrow night..  I will look up the software
link which hides your SSID, it transmits thousands of randomly generated
false SSID's per second I played around with it one time.  Can you say
find the leaf in the Forrest.. Fred

-- 
Lots of soaring generalities, without a single hard fact in sight. Saves
the trouble of having to do research.
Fred/WD8KNI