09-14-2004, 04:54 AM
|
|
Editor Emeritus
Join Date: Aug 2006
Posts: 15,171
|
|
Quote:
|
Originally Posted by Talon
Quote:
|
Originally Posted by SiliconAddict
When you change the default IP address to something different hackers cannot as easily access your network because they will first have to find out what your IP address scope is.
|
Picking a random IP address is a bad idea, if you try accessing a web site that happens to be on an IP address that is within the netmask that you have set your router to then things are going to go wrong. |
Well, two points:
1. If you have DHCP turned on, it doesn't matter what IP range you pick, as the router is going to tell the computer what it is.
2. If a hacker is truly determined, they can trivially sniff IP traffic to see what IP addresses there are on the network, even without an IP address. A tool like tcpdump (or the Windows equivalent thereof) can be employed.
The key is keeping them off the network. Masking the IP is only minimally useful.
Quote:
|
Yes as soon as they get past your WEP/MAC filter and use DHCP any changes to IP adresses will be obvious but why make life easy for them.
|
If you're proposing to keep DHCP on, don't bother with the IP change. Trust me. It poses zero usefulness. The main reason to change one's IP is to allow VPNs to work for corporate addresses where private address ranges will overlap. If you really want to go ahead with your masking plan, you should at least turn off DHCP.
(Incidentally, there are three private ranges: 192.168.*, 172.16.*, and 10.* {approximately speaking}).
--janak
|
| |
|
|
|
09-14-2004, 06:25 AM
|
|
Pupil
Join Date: Jun 2002
Posts: 48
|
|
Quote:
|
Originally Posted by Janak Parekh
1. If you have DHCP turned on, it doesn't matter what IP range you pick, as the router is going to tell the computer what it is.
|
Thank you for emphasizing this.
For the sake of completeness here's the summary once again:
A few steps to secure your wireless router:
1. Change the default password of the router's administrator account to a 'strong' password.
2. Change the name of the router from the default 'linksys' etc. to something meaningless.
3. Turn off SSID broadcasting.
4. Turn off the router's DHCP server.
5. Change the router's default LAN IP address and of the clients to one of the private non-routable ranges (RFC 1918):
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
6. Use MAC address filtering.
7. Use WPA-PSK (Pre Shared Key) encryption if your router and your clients support this or else use WEP, use 'strong' keys and change keys regularly. A handy tool for this is WKG - Wireless Key Generator http://www.majorgeeks.com/download4167.html .
8. WPA-PSK; see if there is a user configurable Rekey Interval (Group Key Rekeying) and set it. I have been using 100 (seconds). Note that some home WPA-PSK only routers or access points may not offer this and use a hard-coded Rekey Interval.
9. Place the access point or router in the center of your home and not near a window. This will maximize the broadcast quality inside, but has the added security benefit of minimizing it outside.
There, 9 things you can do to secure your wireless home network. I think this will keep the majority of the villains out.
|
| |
|
|
|
09-14-2004, 03:38 PM
|
|
Editor Emeritus
Join Date: Aug 2006
Posts: 15,171
|
|
Quote:
|
Originally Posted by SiliconAddict
For the sake of completeness here's the summary once again:
|
Right. For me, though, DHCP is critical. I have a laptop that I bring between work and home, and it would be a huge hassle to change the IPs back and forth.
I have done everything else, though. 
--janak
|
| |
|
|
|
09-14-2004, 03:53 PM
|
|
Pupil
Join Date: Jun 2002
Posts: 48
|
|
Quote:
|
Originally Posted by Janak Parekh
Right. For me, though, DHCP is critical. I have a laptop that I bring between work and home, and it would be a huge hassle to change the IPs back and forth.
|
This is one of the utils, I know that there are more (that do the same which is easily switch between network settings).
|
| |
|
|
|
09-14-2004, 04:16 PM
|
|
Magi
Join Date: Dec 2007
Posts: 2,124
|
|
Re: Open Wi-Fi Networks Being Used For Spammers?
Quote:
|
Originally Posted by imperium999
As far as I know, they don't have a limit at all as to how many computers I link to my broadband. This includes my next-door neighbors (who I give access to). I could set up an internet cafe with my current connection, and they wouldn't care.
|
I think they would beg to differ! You don't have a limit as to how many computers IN YOUR HOUSEHOLD you can link to the broadband, but I am sure that they would not be too happy to find out that 2 households are getting internet for one fee. Now with only one extra family using your connection it's unlikely you'll get caught, but that doesn't mean it's allowed. On the other hand, if you started hosting an internet cafe, I am SURE they would notice the increased traffic and be all over you before you could blink. ESPECIALLY if you were charging for it! But even if you were not charging for the connection itself I'm sure you need a special commercial license agreement to host something like that and you'd have to pay more. Otherwise you'd be using more then your share of network resources and causing a decline in other customers' performance.
|
| |
|
|
|
09-18-2004, 08:58 PM
|
|
Editor Emeritus
Join Date: Aug 2006
Posts: 15,171
|
|
Re: Open Wi-Fi Networks Being Used For Spammers?
Quote:
|
Originally Posted by PetiteFlower
I think they would beg to differ! You don't have a limit as to how many computers IN YOUR HOUSEHOLD you can link to the broadband, but I am sure that they would not be too happy to find out that 2 households are getting internet for one fee.
|
Actually, some broadband providers don't want more than one machine per household on a single broadband connection. :? Most do allow the "household" policy, though.
--janak
|
| |
|
|
|
|
|
|
Linear Mode
