Mailing List os2-wireless_users@2rosenthals.com Archived Message #400 previous message next message back to list

From: "Lewis G Rosenthal" <os2-wireless_users@2rosenthals.com> Full Headers
Undecoded message
Subject: Re: [OS2Wireless] Router security
Date: Sat, 28 Feb 2009 21:49:16 -0500
To: OS/2 Wireless Users Mailing List <os2-wireless_users@2rosenthals.com>

On 02/28/09 08:20 pm, Ray Davison thus wrote :
Lewis G Rosenthal wrote:

WEP64 (which is really 48-bit encryption) is so weak that it is not even worth using. An easier approach would be to use MAC address filtering, as this will keep innocent wanderers off of your WLAN. The RC-4 encryption is weak enough, and at 48 bits, can be picked in seconds. Don't even bother.

Will you please elaborate on the "innocent wanderers"?  I have a had
WRT54G for at least a couple years.  It has been set to WEP64 for no
good reason, might have been default.  Is it possible for someone to be
able to access the WEB thru someone else's router but not access their
computers?  That seems to be the case here.  My wife was issued an XP
pro laptop.  She claims she brought it home, opened IE, and it connected
to the WEB.  Is this reasonable?

WEP64 should have at least kept the XP box from passing traffic.

Wireless encryption or some authentication of some sort would block traffic from entering - and passing through - your router to the internet and your LAN (couldn't even send a print job to a network-attached printer). If that XP box connected to *your* network without a WEP key, then your WEP is simply not working.
I just changed the router to WPA2 TKIP+AES, and she can no longer connect.

:-)
I just got a replacement XP pro laptop.  At first it did not connect.  I
copied the WPA key from the router and it connected to the WEB.  Does
this all seem proper?

Yep. That's the way it's 'sposed to be.

We refer to the WPA "key" as a "passphrase" to differentiate it from a WEP key (which would be one of four keys). The longer the WPA passphrase, the better, and the less dictionary words you use in it, the better.

thisisalousywpapassphrase
*&%&Eufdkk4eurNKIBBD,,><<IFRYEBCjksudbv2205t     <- this is much better

In offices where there may be guests permitted to use the Wi-Fi, we copy the passphrase to a USB key, and just hand that to the visitor to open, copy, and paste. This way, there's none of the "dictation" fun.
I have only setup W2K and XP home before, and pro seems to be different
enough that I have not been able to get to see the workgroup computers.

Hmmm... This shouldn't be. Check that the dopey Windows firewall isn't turned on. (Kill it from Control Panel.) You may also need to enable NetBIOS over TCP/IP (not sure how your other workgroup computers are set up, and I don't work on too many Windows networks, anyway).
Before I commit major disruption to my new laptop by installing a couple
more OSs I would like to see what a stock Win box can do with my LAN.

A good practice! Enjoy, and good luck, Ray.

--
Lewis
-------------------------------------------------------------
Lewis G Rosenthal, CNA, CLP, CLE
Rosenthal & Rosenthal, LLC                www.2rosenthals.com
Need a managed Wi-Fi hotspot?                www.hautspot.com
Treasurer, Warpstock Corporation            www.warpstock.org
-------------------------------------------------------------
Subscribe: Feed, Digest, Index.
Unsubscribe
Mail to ListMaster