Volkswagen Mark IV Forum banner
1 - 20 of 22 Posts

·
Registered
Joined
·
495 Posts
Discussion Starter · #1 ·
First things first. I've set up a wireless network at home (Netgear DG834G) and everything seems to be OK. Actually I've just set one up in the office too and after 3 days on to Tech Support I'm not suprised the one at home went smoothly. Learn from your mistakes and all that...

Anyway. A couple of questions.

1) Is the WEP encription thing enough security? Should I do more? My laptop picks up the network as a 'Security-enabled wireless network' and I have to enter the key to gain access. My laptop also picks up a couple of local Wanadoo networks and they say 'Security-enabled wireless network (WPA)' Your thoughts?

2) Can anyone point me in the direction of an easy 'how to...?' or tell me how to send documents from the wireless laptop to the wired PCs printer? I've tried some sort of wizard on the PC but it makes my head spin and so far no joy.

Your help as always would be appreciated.

BTW Both are running XP Home.
 

·
Registered
Joined
·
1,120 Posts
1) OK for casual use, but if you can use WPA, do. It's far superior. (Also, hide your SSID. That's teh bit that lets PCs "auto-detect" your network is there.)

2) Main things you need to do.

a) At the wired PC, share the printer. Allow everyone full control.

b) At the other PC, browse the network for the machine, then connect to the share you set up.

It's not that hard, really. Have a google.

Oh, and you may need to fiddle with any software firewall you have running, to allow the PCs to see each other, and to allow the printer sharing traffic through.
 

·
Registered
Joined
·
654 Posts
1) Is the WEP encription thing enough security? Should I do more? My laptop picks up the network as a 'Security-enabled wireless network' and I have to enter the key to gain access. My laptop also picks up a couple of local Wanadoo networks and they say 'Security-enabled wireless network (WPA)' Your thoughts?
A good little broadband router you got there. Make sure you have installed the latest patch for it.

  • Disable your wireless network broadcast. If you don't anyone within range will see that it exisits, there is a setting on the Netgear that does this. The other Wanadoo networks are wireless networks that are broadcasting their existance. Of course, using excryption, anyone without the key cannot get access, so your network using WEP 128 bit encryption is quite secure but you should be able to use WPA with the Netgear which is 256 bit encryption (much much better). I wonder if you can access these Wanado networks (for a laugh!... Is this legal?!? [:$])
  • Assign DHCP leases to the MAC addresses of your wireless computers/laptops that will use your wireless network and only allow these assigned address access. Again there is a setting in the Netgear router to do this. (I normally set DHCP address Never to Expire.) This way, your network security will be as tight as a greased monkey!
 

·
Registered
Joined
·
495 Posts
Discussion Starter · #4 ·
Cheers guys. I've turned off the SSID broadcast and when I feel brave enough to delve into the settings again I'll up the security.
 

·
Registered
Joined
·
1,964 Posts
I usually also restrict the MAC or station addresses that can connect to the wirless network and limit to my wireless clients. Don't forget to change your router password too, we have a wireless network in range of our workshop, that is not only not secure, but the SSID and the setup password are still the makers defaults.

It is so tempting to teach the owner a leason in network security [6]
 

·
Registered
Joined
·
1,120 Posts
Got to admit I always recommend NOT using the mac address list.

Reason is, it's such a PITA to,

Find out the MAC address of a new machine (esp if it's a casual user)
Hop onto another machine and get to the router
Fiddle about in the router to add the settings

I much prefer the combo of WPA and hide SSID. That way, all you need to do is,

On the new PC, feed in the SSID, and teh password when asked.

Bingo.

Mind you, I happened across a WLAN near me, and my nosiness got the better of me, so hopped onto the router. I noticed that they weren't bothering to use the firewall. So I turned it on for them. Good deed for the day!
 

·
Registered
Joined
·
495 Posts
Discussion Starter · #7 ·
More router woes [:(]

Firstly, the one at work (another Netgear DG834G v2).

I can only get a stable wireless connection on the laptop if I disable IEEE 802.1x authentication in the Wireless Network Connection and Local Area Connection in 'My Network Places'. I have to disable it on the wired PC too. Why am I having to do this when I believe the default setting is for it to be on? Also, what exactly is IEEE 802.1x authentication and do I need it? Via Google I have found that this problem is fairly common and the recommended fix is to turn it off but all refer to it as an XP SP1 glitch. All the PCs I have access to are running up to date versions of SP2. Router is running the 'box' firmware, WEP and SSID is hidden.

Secondly, the one at home.

My gloating about a hassle free set up has come back to haunt me. The connection seemed to get a little flakey so in an idle moment I downloaded the latest firmware and turned off the IEEE thing mentioned above but to no avail. I think it could be a reception problem as I found out last night that if I hold the laptop about 6 inches away from the router then reception is good. Any more than a few feet and its lost. I've also tried switching the channel from 11 to 6 but this didn't make any difference either. I can't think that there is any interference from anything in the room or the house but I have wondered about the two Wannadoo signals that I still have no problem picking up even though my router is in line of sight. Apart from the new firmware, router is WEP enabled and SSID is hidden. Turning those off doesn't make any difference though.

I could go on and on but I'm hoping someone can help before I throw the router out of the window!!!
 

·
Registered
Joined
·
377 Posts
Dump WEP, it can be cracked in about 25 minutes with the right Linux based tools, I wont name the software but you can download a cd image of the internet now with all the tools you need for cracking wep encryption.

WPA is much better, but it is vunerable to directory attacks as most people use English words for the passwords, so with enough time even WPA?s key can be Guessed.

What you need to do is use a good long hard password, something like the GRC one is a good start go to https://www.grc.com/pass and use the 63 random printable ASCII characters one as this will give you the best security.

WPA2 is a better option if you can, as it uses a none RCA encryption algorithm for generating the WPA2 key?s, RCA is secure as long as you use a good password so it?s just as easy to use WPA with a secure password like the one on the GRC page.

Hiding the SSID broadcast tbh is a complete waste of time, it is nothing more than an annoyance, if you hide your SSID you will still be able to scan for it with something like netstumbler and the Linux toolkit I mentioned earlier.

MAC address filtering don?t even bother, it offers no extra security for someone who really wants to get into your network, it is nothing more than an annoyance. How do you think your router knows that your pc has the right MAC address? Well your pc sends it?s MAC address out before any request packets over the wireless network, you can scan this with a packet capture software and find your MAC address in about 20/30 seconds, then just clone the MAC address and you are on the network, then someone could setup an arp poising attack on your network but that is a whole other kettle of fish.

So to summarise, don?t bother with SSID hiding, or MAC filtering, just use a good long WPA/WPA2 password and you will more secure than 90% of the other people in your street, then Mr war driver will move on and play with there wireless network.

If you want to take the time to hide your SSID and MAC filtering then by all means do it, but the amount of time and effort it takes it?s not worth it.
 

·
Registered
Joined
·
4,528 Posts
Dump WEP, it can be cracked in about 25 minutes
with the right Linux based tools, I wont name the software but you can
download a cd image of the internet now with all the tools you need for
cracking wep encryption.
Cods wallop, you will only crack the wep key if there are big data
transfers going on, yep in a lab you may do it so long as the wiireless
clients are setup doing a 100gb of data transfer, and the cracking pc
is a high end pentium4.

The fact is most if not all war drivers and bandwidth thieves are just
script kiddies, and will be using netstumler/aeropeek so hiding your
SSID already rules 90% of muppets out, they will also be using laptops
which run considerably slower than a desktop pentium4.... and how often
are you transfering 100 gB plus of data.

In the real world it has been found to take upto a week to crack a wep
key due to the minimum amounts of data most people transfer.

If it was me I would approach it in a different way, I would put the
wireless router on the outside of the network and only allow port 1723
through and set up a pptp virtual network to the windows box on the
wired side....., then if you double this with Wep or wpa it is
virtually uncrackable in the real world (obviously anything can be
cracked in a lab)
 

·
Registered
Joined
·
377 Posts
Dump WEP, it can be cracked in about 25 minutes
with the right Linux based tools, I wont name the software but you can
download a cd image of the internet now with all the tools you need for
cracking wep encryption.
Cods wallop, you will only crack the wep key if there are big data
transfers going on, yep in a lab you may do it so long as the wiireless
clients are setup doing a 100gb of data transfer, and the cracking pc
is a high end pentium4.

The fact is most if not all war drivers and bandwidth thieves are just
script kiddies, and will be using netstumler/aeropeek so hiding your
SSID already rules 90% of muppets out, they will also be using laptops
which run considerably slower than a desktop pentium4.... and how often
are you transfering 100 gB plus of data.

In the real world it has been found to take upto a week to crack a wep
key due to the minimum amounts of data most people transfer.

If it was me I would approach it in a different way, I would put the
wireless router on the outside of the network and only allow port 1723
through and set up a pptp virtual network to the windows box on the
wired side....., then if you double this with Wep or wpa it is
virtually uncrackable in the real world (obviously anything can be
cracked in a lab)
Yes you do need a fair bit of data to crack the wep key, but there are ways of making the AP generating data even if the user is not on the network, this makes it much easier to get enough data to crack, and remember you don?t need to crack the data on the laptop, you can take it back to a desktop system and chew on it later, but remember something like a Core Duo has a much processing power as an AXP or P4D so laptop processing power is now as high as desktops.

If the people next-door wanted to borrow your broadband connection they would have as long as they need to capture enough data, or if they knew what they where doing they could just use something like void11 to generate there own data then use a replay attack to generate the rest.

The chances of this happening are low, as someone would have to know a fair bit, but there is no point in beating around the bush, WEP has been cracked in the most worst ways possible.

Avoid any chances and use WPA/WPA2 with a good long password and you will become a very unsavoury target.
 

·
Registered
Joined
·
377 Posts
Some more info

http://www.securityfocus.com/infocus/1814

The part

"Looking at the outstanding success rate of aircrack and WepLab in the 500,000
to 1,000,000 packet range, it is clear that a new era is upon us. Vendors'
efforts to limit the transmission of weak IVs have been blown away, and the
time required to collect packets for a successful statistical attack has been
reduced twentyfold. If you thought WEP was okay, think again."
 

·
Registered
Joined
·
654 Posts
I think disclosing info on ways to overcome WEP on a public forum is a little dumb. Nobody on UKMKIVs has disclosed info on bypassing the Golf's locking system (some having admitted knowing how to.)

For general Joe public a good WPA encryption is enough, but WEP is better than nothing - as is having a lock on your front door better than nothing. The chances of your neighbours having skills to break the encryption are thin so the less pepople knowing about it the better!
 

·
Registered
Joined
·
377 Posts
<o:p></o:p>

Have I started something? [:$]<o:p></o:p>

lol<o:p></o:p>
Not at all m8 people just need to be informed that WEP is
useless, if you go for WPA you will be fine.

<o:p></o:p>
<o:p></o:p>

I think disclosing info on ways to overcome WEP on a public forum is a
little dumb. Nobody on UKMKIVs has disclosed info on bypassing the Golf's
locking system (some having admitted knowing how to.)<o:p></o:p>

For general Joe public a good WPA encryption is enough, but WEP is better
than nothing - as is having a lock on your front door better than
nothing. The chances of your neighbours having skills to break the
encryption are thin so the less pepople knowing about it the better!<o:p></o:p>
<o:p></o:p>I agree in part, but until Joe public start to realise how easy
WEP is to break then people wont change.

<o:p></o:p>We all realise that de locking the Golf/Bora stops a well
know security flaw, it is only from people telling other people that it can be
done and how easy it is to be done that people have changed and moved onto a
better solution such as de locking the car.

<o:p></o:p>I think we are getting slightly off topic now form rich?s original
post.

<o:p></o:p>If you need any help / advice m8 do not hesitate to send me
a PM and I will give you as much advice as you need.

EDIT:

http://gadgetshow.five.tv/jsp/5gsmain.jsp?lnk=401&featureid=96&show=s4e7&section=How%20To...

The above link has a good guide to setting up the basics,
but it does not cover security for WPA, I will try and find another guide for
you with WPA.
 

·
Registered
Joined
·
7,208 Posts
Spud, my Netgear wireless modem router DG834GT is capable of WPA. Do all accociated wireless cards also have to be capable of WPA or is it just the wireless part of the router that needs it?

I have an inbuilt wireless connection in my laptop of which I have no problem using WEP security with but always struggled getting WPA to work.
Is it possible that this is WEP only?
 

·
Registered
Joined
·
377 Posts
Spud, my Netgear wireless modem router DG834GT is capable of WPA. Do all accociated wireless cards also have to be capable of WPA or is it just the wireless part of the router that needs it?

I have an inbuilt wireless connection in my laptop of which I have no problem using WEP security with but always struggled getting WPA to work.
Is it possible that this is WEP only?
Yes m8, most wireless chips in laptops or pc?s can support
WPA, they may need the latest drivers installing if they don?t but most
suppliers are now making wpa compliant drivers.

<o:p></o:p>Your entire network will need to support wpa, ap and
clients, most pda?s support wpa now as well so that?s not a problem.

<o:p></o:p>To test your laptop, use WPA with a TKIP password, then make
the password something like 123 just to test if the laptop will connect, if not
you may need new drivers.<o:p>
</o:p>

If you want to pm the make of your laptop m8 I will look
into it for you.

Mcafee now also do a free WPA client for laptops that don?t natively
support WPA.

<o:p></o:p>http://www.wirelesssecuritycorp.com/wsc/public/WPAAssistant.do

<o:p></o:p>It?s free and will allow any none WPA compliant card /
laptop to access a WPA secured network.
 

·
Registered
Joined
·
377 Posts
Many thanks, some great information there.

My laptop is a Compaq Presario 2100
By the looks of it your laptop uses the Broadcom BCM4306 chip.

According to Broadcom.

?The BCM4306 and the BCM4309 incorporate hardware support for WEP and AES and system support for the leading security protocols, WPA, TKIP and 802.1x, and software can be upgraded to the forthcoming 802.11i security standard.?

So your laptop should be ok for accepting WPA.
 

·
Registered
Joined
·
148 Posts
I wonder if you can access these Wanado networks (for a laugh!... Is this legal?!? [:$])
There are so many people doing this already just going around with a laptop using peoples wireless to access the net, you will be amazed at how many do not even have sercurity set up, which means you can just jump on.
 
1 - 20 of 22 Posts
Top