I put in a linksys wireless/router 11.g and noticed compared to a older linksys 11.b I have up, it contains a setting that seems to possibly put a decent bandaid on 11.b/g if your machines are on most or all of the time.

The setting I'm refering to is the max number of dhcp clients. i.e I have one PC on most of the time or 24/7 and limit my dhcp to 1 client max, no one else can get in ? Or am I missing something?

I do understand that anytime the existing machine is off the dhcp slot is open and also assumes wep of 128 bit is used with mac filtering and defualts turned off or altered.

This would seem to be pretty tough egg to crack or am I missing something? Except for a "man in the middle" attack which is easier said than done, it's as tight as your going to get short of a wireless vpn with some misc add on's.

Thoughts?

Yeah the 128 wep is the hardest thing to get around. When SWIM(the hive) is war driving and sees a wep he doesn't even slow down. That doesn't mean that they are perfect, ooah by no means so. SWIM has a few such computers, 500mhz small laptops with no displays that SWIM can hide and collect interesting packets. However you have an 128 bit encryption and only one computer, that would take years. There is talk of a rotating wep that encrypts the new key with the old key. So that is well, pretty imposable to crack.

The DHCP setting you can get around, in the unix world it is really easy to spoof your mac address, as the attacker uses different ports to communicate on there shouldn't be a conflict. Yes there are MITM attacks, which one could accomplish by doing some ARP poisoning. Also since you are on a broadcast network one in theory could create interference when you try and send a packet and then the attacker could send packets spoofing as you.

Routers are nice because they have NAT's and that protects you from many exploits. NAT's to make it difficult to report hackers, but the common Joe doesn't know how to do that anyway. An amazing security system would have a Tar-Pit set as DMZ host.

There are still Active-x and java based attacks, as well as social engineering and general stupidity that you have to worry about. I would keep your system updated , preferably use a Unix variant, I suggest FreeBSD 5.1.


peace

But you can use a ip already in use? so if the dhcp is 2 max users and PC on most or all of the time is two they have first dibbs on the two avaiable ip's. First to grab the ip gets it along with the mac filter and 128 cypto.

A man in the middle on a active wireless connection above is like tyring to break into a vpn tunnel thats up. Possible but very unlikely.

You would need to:

1. take the other device at the end of the tunnel or in this case wireless session off line and keep it there. Hoping no one notices or knows what to do.

2. Step in fast enought that a initial key string is not requested to initiate a new sesson or be prepared to give the sesson key. All this while matching the ip and mac address.

3. Then face any authentication facing your after you get by the AP. i.e. like a radius server etc...