: Router config ?s


RunTheWorldOnMac
Feb 7th, 2007, 10:04 PM
I took the advice of many from ehMac and just bought a Linksys WRT54G v6.

I have an eMac hard-wired and tomorrow when my MacBook gets delivered it will run wireless.

I have done MAC filtering allowing the eMac and will allow the MacBook. If I am MAC filtering do I need to enable WPA2, etc. security mode? What is best to use? What is a suitable rate for Group Key renewel? Is the security mode dependant on what the Bluetooth Wireless supports?

Encryption is that handled based upon the security setting chosen; WPA, WPA2, etc.?

I know thee were some issues with the firmware upgrades; what should I be using?

I am running 10.4.8.

Cheers,

Scott

jdurston
Feb 8th, 2007, 01:02 AM
In my opinion WPA is more important than MAC filtering. MAC addresses can be spoofed, while both WPA and WPA2 are much more secure than WEP encryption.

As far as 3rd party firmware:
http://www.bitsum.com/openwiking/owbase/ow.asp?WRT54G5%5FCFE

I'm using DD-WRT on my WRT54GL. It works quite well.

Because you have a Version 6 router the process is more involved and perhaps risky.

Vexel
Feb 8th, 2007, 05:57 AM
I use WPA2 Personal with my Airport Express. That's the only thing I have turned on. All other forms of security are a wash as far as I'm concerned. If a hacker wants in.. they're getting in. But, WPA2 is a different story.

RunTheWorldOnMac
Feb 8th, 2007, 08:07 AM
Thanks! Curious though how they get spoofing to work; I know what spoofing does but how exactly would they do it? In my security settings I have created a list of 2 Macs that are allowed onto my network; for spoofing to work someone else have to use a tool to spoof my MAC adress. How would they even get it? Do the tools loop through MAC address until they hit the matching address for my Macs? (This could take some time to say the least).

I see there are many tools to actually spoof but I don't understand how they get my MAC adress. I was going to lock everything down to the list od addresses I specify.

Cheers,

Scott

rgray
Feb 8th, 2007, 08:53 AM
Yes, spoofing a MAC address does take finite time. But the security you need depends to some degree on your location. In my case for example, I can see everywhere in range from my rural house, and I am located on a curve on the main highway. Any wardrive stopping in front would be in danger of being runover by one of the (way too) many trucks. So MAC filtering is fine here.

In a denser neighbourhood where the pirate could be sitting unseen in the next apartment, time is on his/her side...

Vexel
Feb 8th, 2007, 09:02 AM
Basically, they sniff packets from your router for the MAC addresses that are authorized. This is easily done with any packet sniffer on the market and most of them are free. You can check out KisMac for information about a sniffer for OS X.

I look at it this way. If they're going to bother to try to crack your WPA protection, the MAC address filtering is going to be cake for them.

RunTheWorldOnMac
Feb 8th, 2007, 09:27 AM
Thanks! I live in Kanata so there is time to sit outside; looks like WPA or WPA2 is the way to go. Should I use MAC filtering in addition to WPA / WPA2 or is that enough.

Cheers,

Scott

rgray
Feb 8th, 2007, 09:29 AM
Depends on your personal paranoia quotient...:D

For some, there is no such thing as too much security.

RunTheWorldOnMac
Feb 8th, 2007, 10:47 AM
what do you mean by that? Are you up to something? I'll be calling the cops on any vehicle that is parked near my house more than 2 minutes... :D

I guess I am semi-paranoid 'bout some sick-o using my account for illegal activity and tracing it back to me... plus I'm paying for the internet for myself not others I don't allow... I don't take to people stealing from me...

Cheers,

Scott

harzack86
Feb 8th, 2007, 11:35 AM
I also made the upgrade to DD-WRT on a WRT54G v5 using the instructions there:
http://www.wrtrouters.com/guides/upgradetolinux/

It worked seamlessly for me, and I can now enjoy more advanced features such as QoS for Skype.

As for my settings, I have:
- WEP (I know, not so secure, but I need to get a wifi card for my G4 to change my Airport Express settings as I got rid of my iBook, so I can't access airport settings anymore...)
- MAC filtering for wifi connections
- SSID not broadcasted, changed from the default name and channel.

I'm not parano´d enough to do more than that, but once I get a PCI wifi card for the G4, I may change WEP to WAP.

That's all.

Vexel
Feb 8th, 2007, 01:39 PM
I also made the upgrade to DD-WRT on a WRT54G v5 using the instructions there:
http://www.wrtrouters.com/guides/upgradetolinux/

It worked seamlessly for me, and I can now enjoy more advanced features such as QoS for Skype.

As for my settings, I have:
- WEP (I know, not so secure, but I need to get a wifi card for my G4 to change my Airport Express settings as I got rid of my iBook, so I can't access airport settings anymore...)
- MAC filtering for wifi connections
- SSID not broadcasted, changed from the default name and channel.

I'm not paranoïd enough to do more than that, but once I get a PCI wifi card for the G4, I may change WEP to WAP.

That's all.

There's an Airport Express Admin Utility for Windows. And, You can get to the settings on the Airport Express with an ethernet cable. :) I'm assuming there's something on your network for you to have it running.

harzack86
Feb 8th, 2007, 01:54 PM
Thanks for the advice, Vexel. I'll check it again tonight and see if I can see the AE from my wired G4 with the Airport Utility. I obviously was under the wrong assumption that as the G4 doesn't have wireless I couldn't use the airport utility to manage the AE... Another evidence of the benefit of reading ehMac :D

harzack86
Feb 9th, 2007, 12:36 AM
I went ahead tonight, and changed my wireless network security from WEP to WPA2. It works seamlessly :)

RunTheWorldOnMac
Feb 9th, 2007, 12:41 AM
After much trouble; a thought dead router a couple thoughts are going old-school; hard wire. It is now working fine with WPA2. When I did MAC filtering on the Wireless it crapped out so I said forget it for now.

Cheers,

Scott