[geeks] home wap paranoia
Thomas Gallaway
rescue at port11.net
Wed Mar 17 12:24:11 CST 2004
Kurt Huhn wrote:
>On Wed, 17 Mar 2004 11:00:57 -0600 (CST)
>Daniel Johannsson wrote:
>
>
>
>>Are people in general just trusting 128bit wep and using non broadcast
>>ssids, or also doing things like putting the wap on a private network,
>>and then forcing ipsec tunnels from the laptops to a machine with a
>>nic on both the private and the external facing network?
>>
>>
>>
>
>I use 128b WEP, non-broadcast ssid, and I limit connections based on
>MAC address. Now, obviously, this isn't going to prevent someone from
>going promiscuous, snarfing packets, and saving them for later
>decryption - but I think that 128b WEP would pretty much make that an
>exercise in futility.
>
>
Not broadcasting SSID's is pretty much useless. As soon as a data packet
get's transmitted the
SSID will be broadcasted anyways. If you turn off SSID broadcasting you
still are able to know
that there is an access point arround but wont see the ssid until again
a data packet gets trans-
mitted and the SSID is known again.
Also if you are super paranoid you can run MRTG and poll connected
clients all the time to your
AP or run Fake-AP to create thousands of SSID's as a decoy to the real one.
http://www.blackalchemy.to/project/fakeap/
More information about the geeks
mailing list