Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: Will WPA/WPA 2 be the best security option for my network?

  1. #11
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Eatme View Post
    This way if the attacker still knows ur key, he wont be able to access the network or send any data packets cuz his mac address will be blocked/un-authorized to communicate with the network. And if the attacker trys to dump the air way to see what ur mac is and try to spoof it, it wont show up cuz the broadcasting is turned off. (i think)
    You're wrong.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  2. #12
    Senior Member secure_it's Avatar
    Join Date
    Feb 2010
    Location
    在這兩者之間 BackTrack是4 FwdTrack4
    Posts
    854

    Post

    Quote Originally Posted by Eatme View Post
    if you want good securtiy, add WPA2 AES+TKP

    Also, if you only want 2 or X amount of computers accessing the network make 2 or X amount of static ips..And set the maximum number of users to: 1

    Then add 2 or the X amount of computer mac address to only access the network.

    Last but not least, turn off your broadcasting..

    This way if the attacker still knows ur key, he wont be able to access the network or send any data packets cuz his mac address will be blocked/un-authorized to communicate with the network. And if the attacker trys to dump the air way to see what ur mac is and try to spoof it, it wont show up cuz the broadcasting is turned off. (i think)

    Hope this helps.
    lol very funny concepts,never heard such before.by turning off the SSID broadcast,does not means turning off beacon frames.disabling the SSID broadcast won't show the AP ESSID while sniffing traffic instead an attacker can see undetermined length of AP essid like length :4 etc which can be decloacked too.this is all the game of passphrase.once you got passphrase than bypassing mac-filtering is piece of cake.one more thing if QoS(WMM)is enabled in WLAN and client activity is good enough,TKIP can be cracked.best is to use CCMP instead of TKIP.dude carefully study before putting any comments here.things does not work according to our asssumptions.you may direct many people in wrong way.

  3. #13
    Good friend of the forums Eatme's Avatar
    Join Date
    Aug 2009
    Location
    Socks5
    Posts
    308

    Default

    i see that the both of you missed where i typed (i think) at the end which would make people not go with that im saying 100% i said i think, i never said i was even 50% sure this will work.

    Wiffy-Auto-Cracker - was the best thing that ever happen to me. :) Wo0oT :)
    AWUSO36H_500mW_5dBi Antenna

  4. #14
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Eatme View Post
    i see that the both of you missed where i typed (i think) at the end which would make people not go with that im saying 100% i said i think, i never said i was even 50% sure this will work.

    No, I saw it, even highlighted it.

    Problem is, if you're not sure about it, you shouldn't be suggesting it.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  5. #15
    Senior Member secure_it's Avatar
    Join Date
    Feb 2010
    Location
    在這兩者之間 BackTrack是4 FwdTrack4
    Posts
    854

    Default

    Agree what streaker told.that also pointed by me.enhance your knowledge little bit more than it will be very good for the community.

  6. #16
    Good friend of the forums Eatme's Avatar
    Join Date
    Aug 2009
    Location
    Socks5
    Posts
    308

    Default

    alright...

    well what about the other things i pointed out. except turning of the broadcasting..
    Wiffy-Auto-Cracker - was the best thing that ever happen to me. :) Wo0oT :)
    AWUSO36H_500mW_5dBi Antenna

  7. #17
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Eatme View Post
    alright...

    well what about the other things i pointed out. except turning of the broadcasting..
    If what you were talking about is turning on MAC filtering then that advice is bad as well. MAC filtering is easily bypassed.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  8. #18
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by Eatme View Post
    alright...

    well what about the other things i pointed out. except turning of the broadcasting..
    Quote Originally Posted by Eatme View Post
    Also, if you only want 2 or X amount of computers accessing the network make 2 or X amount of static ips..
    That advice is OK, but it doesn't buy too much security. Putting a limit on the number of DHCP clients will certainly ensure that no more than that number gets handed a lease, but it won't stop someone from manually entering an IP address within the appropriate subnet.
    Quote Originally Posted by Eatme View Post
    And set the maximum number of users to: 1
    Most SOHO routers won't limit the number of users, and most SOHO users don't use any kind of authentication system. This can be done in SMB and enterprise systems of course, but most home or small businesses use lower cost equipment.

    Quote Originally Posted by Eatme View Post
    Then add 2 or the X amount of computer mac address to only access the network.
    MAC filtering doesn't give you any real security, either. MAC addresses can be cloned, and it's relatively quick.
    Thorn
    Stop the TSA now! Boycott the airlines.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •