I got an Airport for Christmas and preparing to install broadband service in my apartment this week. I'm not very familiar with the technical aspects of how this all works but I'm concerned with neighbors above or below me feeding off my connection with their wireless computers. Is that possible? If so, how would I go about blocking access to them?

Not unless they're clever hackers, as long as you use the WEP (encryption) settings that come with it.

I also think that with Airport you can make the network visible or not. That would make the network invisble except to those who know the name of the network (which is generally broadcast). If Airport has MAC address filtering and WEP, those help too.

Good luck...

cpjakes

Enable WEP, use a password, and make it a closed network.

Originally posted by cpjakes
I also think that with Airport you can make the network visible or not. That would make the network invisble except to those who know the name of the network (which is generally broadcast). If Airport has MAC address filtering and WEP, those help too.

Good luck...

cpjakes

The only problem I've encountered with making the network invisible (i.e. making it a closed network) is that Windows computers on my network often have trouble finding it even when I type in the name, or if they do make a connection, have trouble staying connected.

And Airport does have MAC address filtering.

Originally posted by Horrortaxi
Enable WEP, use a password, and make it a closed network.

Your neighbors would have to be pretty clever, but tools like Kismac can see closed networks and crack the WEP key.

Originally posted by ibookin'
Your neighbors would have to be pretty clever, but tools like Kismac can see closed networks and crack the WEP key.

No, they can't.

Originally posted by Error Type -43
I got an Airport for Christmas and preparing to install broadband service in my apartment this week. I'm not very familiar with the technical aspects of how this all works but I'm concerned with neighbors above or below me feeding off my connection with their wireless computers. Is that possible? If so, how would I go about blocking access to them?

You are to paroniod, he's an idea.
give eash neighbour a flyer or better yet talk to them and say this.
I am getting a high speed internet connection, and have set up a wireless network, I am prepaid to let you use my internet connection for a small monthly fee.

This is good if: the net connection is unlimited
you can profit, or at least pay nothing for the net
you can afford a better connection, hence charge more, and hence everybody benifits:D :D :D :D

Originally posted by pianojoe
No, they can't.

Yes, they can. WiFi Protected Access (WPA) hasn't been cracked yet, but the lower-level WEP (including 128-bit,) has been cracked. There are UNIX-based (and, I assume, although I haven't played with them, OS-X-based,) programs that can 'listen' to a WiFi session for less than 5 minutes (even if it's closed, WEP-protected, password protected, and not broadcasting its SSID,) and find out all they need to know to allow you to connect.

I know, because someone did this to my own network. My next door neighbor cracked my 802.11b network (running on a Linksys router; I have since upgraded to an AirPort Extreme base station,) and printed to my shared printer "GOTCHA!"

We have since decided to open up both of our networks to each other (two other neighbors within a block have joined us,) so we can all access the internet from anywhere on our end of the block (we even have WiFi going a little ways into a nearby park.) Our individual computers are protected, but for at least two of us, you could just drive by and start printing pr0n on our printers if you felt like it. (No, I'm not going to tell you where I live.)

Hopefully within a year we'll have a 5-block-radius area with continuous free WiFi coverage. Our cable and DSL providers will dislike us, but oh well. Our long-term plan is to get a T-1 or better coming into a 'neutral' area (like the non-denominational church in the middle of our neighborhood,) and use Wireless repeaters (like APEx has built-in) to give the whole neighborhood high-speed internet wirelessly.

Originally posted by ehurtley
Hopefully within a year we'll have a 5-block-radius area with continuous free WiFi coverage. Our cable and DSL providers will dislike us, but oh well. Our long-term plan is to get a T-1 or better coming into a 'neutral' area (like the non-denominational church in the middle of our neighborhood,) and use Wireless repeaters (like APEx has built-in) to give the whole neighborhood high-speed internet wirelessly.

Now that's a cool idea.

WEP sucks. whats cool about slowing your conenction down about 25% and still not be sure if 64bit encryption is enough.
Just use MAC filtering and depending on router ( i use dlink) you can play around with privacy settings as well. That will do the trick.

Originally posted by ehurtley
Yes, they can. WiFi Protected Access (WPA) hasn't been cracked yet, but the lower-level WEP (including 128-bit,) has been cracked.

But WPA has the same fundamental flaws that made WEP easy to crack. It's just a matter of time.

Originally posted by Nermal
But WPA has the same fundamental flaws that made WEP easy to crack. It's just a matter of time.


I agree. But do you think his neighbors are hardcore hackers??? :)

WEP is crackable and MAC addresses can be spoofed so a wireless connection can be hijacked if someone really wants to. It depends on if they can be bothered.

I did a test once on the train home from work. The train goes at 60mph and the journey is 30 minutes long. Under those conditions any networks picked up by macstumbler must be pretty strong and near the railway tracks. I found about a dozen networks. About 75% had WEP turned off and 20% were still broadcasting with their default SSID suggesting that they'd taken the basestation out of the box, turned it on and left it at that.

Obviously I didn't see those networks that weren't broadcasting their SSIDs but my point is that there are plenty of easier networks to freeload on and mostly I'd guess that unless someone really wants to break into YOUR network there are much easier ways of getting free internet...

FWIW I have WEP, and MAC address filtering turned on on my wireless basestation.

I dont quite understand wireless security and I guess I should probably take it more seriously. I thought wep just stopped people intercepting the information you sent as it was encoded? Does it infact stop people from joining your network? If not how do you stop people from joining the network?


(I dont have mac address filtering functionality on my router)

Baseball bat to neighbours head should you notice your bandwidth being eaten up :D

In the AirPort Admin Utility you can;

- Enable encryption + passwords. Passwords can cause problems on mixed PC/Mac networks...see below.
- Password the base-station itself.
- Create a closed network (disable SSID broadcasting).
- Change the transmitter power down (all the way to 10%, if you wish)
- Create a 802.11g only network (less people have g cards).
- Add specific machines to a "safe" list.

Good luck, this is something that affects me too (someone has been stealing mine for a while, so I downloaded KisMet, played around and worked on it).
If anyone knows how to enable passwords on a mixed PC/Mac network with 128bit encryption in 802.11b/g mode, please tell me :)
(Linksys cards in the PC laptops)

AppleMatt

How many people are going to go to the trouble of hacking his network? Sure all the security measures out there can be cracked but does that mean not to use them? They will make his network a less attractive target and somebody looking to gain free access will move on to an easier target--and there are enough Linksys routers running on defaults out there that it won't take long to find one.

Originally posted by Sabbath
I dont quite understand wireless security and I guess I should probably take it more seriously. I thought wep just stopped people intercepting the information you sent as it was encoded? Does it infact stop people from joining your network? If not how do you stop people from joining the network?


(I dont have mac address filtering functionality on my router)
WEP just encrypts (rather weakly as it happens) information travelling across a network. A hacker has to have the passphrase/key to join the network. There are tools to crack WEP keys and it doesn't take long at all.

MAC address filtering only allows machines with wireless cards with certain MAC address to join the network. Every network adapter has a unique MAC address so every airport (or whatever) card is uniquely identifiable. In theory. You can however also get software that tells a wireless card to say it's MAC is something else. So it's not invulnerable either

It's all about layers of security and making your network stronger than most others in your area;)

Originally posted by manitoubalck
You are to paroniod, he's an idea.
give eash neighbour a flyer or better yet talk to them and say this.
I am getting a high speed internet connection, and have set up a wireless network, I am prepaid to let you use my internet connection for a small monthly fee.

This is good if: the net connection is unlimited
you can profit, or at least pay nothing for the net
you can afford a better connection, hence charge more, and hence everybody benifits:D :D :D :D

Being paranoid? I think not.
In my apartment complex I have seen two other wireless networks. In one case my laptop even hopped onto one of the other networks when it could not find my private one. I did not tell my laptop to do so, it just jumped onto the one that was available because it could not see mine at the time. Since my network is private I had to tell it to go back to my network.

For the original poster I think turning on WEP and making your network private should be sufficient.

Originally posted by Rezet
WEP sucks. whats cool about slowing your conenction down about 25% and still not be sure if 64bit encryption is enough.
Just use MAC filtering and depending on router ( i use dlink) you can play around with privacy settings as well. That will do the trick.

Slowing my connection down about 25%?
Well from 11Mbps (I've got the original airport) wireless reduced by 25% gives me 8.25Mbps.

Considering my DSL at most maxes out at 1.5Mbps if that, I'd say there is not much loss to be worried about by using WEP.

And if I need to do big file transfers I will do a hard wire network via ethernet and get 100Mbps between my machines.

I'm currently using my neighbour's wireless connection without them knowing. Why? My mother's too cheap.

But they're old people with a DSL and are asleep almost all the time. They don't care.

Originally posted by unfaded
I'm currently using my neighbour's wireless connection without them knowing. Why? My mother's too cheap.

But they're old people with a DSL and are asleep almost all the time. They don't care.

when i moved into my new apartemnt, i had no calb emodem connection. i was forced to dialup at 9.6k via my cellphone and bluetooth for a few weeks. once i had my cable modem installed, i turned on my airport (off to save battery since it was not in use). i discovered a neighbor had a wireless access point named "Default" which happily let me join in. Kicked myself for not doing a quick seach when I moved in... Since then Default dissapeared, and a new one appeared, password secured. I was about to cancel my cable modem before I was locked out. Oh well.

Originally posted by Nermal
But WPA has the same fundamental flaws that made WEP easy to crack. It's just a matter of time.

Care to back that up with specifics? The flaw in WEP is very specific to the way WEP is designed.

I have seen nothing about WPA being insecure. The only insecurity in WPA is that, like with any encryption algorithm, a weak password can make it easier to brute force. This is a fundamentally different issue than the problem with WEP, where the weakness is inherent to the protocol itself.

Originally posted by AppleMatt
Good luck, this is something that affects me too (someone has been stealing mine for a while, so I downloaded KisMet, played around and worked on it).


Maybe this is a stupid question, but how do you know someone is stealing your connection? I don't know how to check for this.

Originally posted by Awimoway
Maybe this is a stupid question, but how do you know someone is stealing your connection? I don't know how to check for this.

In my case I have my airport running through a firewall/router which logs every machine that runs through it. I periodically review the machine logs to see what machines have been on my network.

Originally posted by synergy
In my case I have my airport running through a firewall/router which logs every machine that runs through it. I periodically review the machine logs to see what machines have been on my network.

Hm. I wonder if there's a solution for those who just use an ABS.

why would you not want to share your connection?

Because some people have a limit on their downloads/file transfers.

If you're scared of someone using your internet connection, disable your airport's wireless, buy a hub or switch and uplink it to the ethernet jack on the back of the airport, then plug your computers in to that. WEP's encryption is laughable, MAC address lists are pointless, and it's only a matter of time before WPA is cracked.

Originally posted by cpjakes
I also think that with Airport you can make the network visible or not. That would make the network invisble except to those who know the name of the network (which is generally broadcast). If Airport has MAC address filtering and WEP, those help too.

Good luck...

cpjakes

-Error Type -43

You can pretty much be assured that if you do those three things:

128-bit WEP
Access Control (MAC addy filtering)
Closed Network

Despite io_burn's comments, you're not going to get hacked. Yes, one can 'sniff' the connection, get the WEP key, then spoof the MAC address, etc. And you'll have to be in your home - actively using your wireless - for him to sniff you out. That, and you can likely see his car parked out front.

Too much or a PITA.

If the wardriver can find your network (big if), he'll see you've locked the crap out of it, and it's just not worth his time. He'll move on.

if a guy has all that time to break into your connection

you must be some important mofo with some serious stuff to be protecting

a little preventive measures scare most ppl away, who just looking for free access.

Originally posted by patrick0brien
Despite io_burn's comments, you're not going to get hacked. Yes, one can 'sniff' the connection, get the WEP key, then spoof the MAC address, etc. And you'll have to be in your home - actively using your wireless - for him to sniff you out. That, and you can likely see his car parked out front.

Whole different world in a college dorm or apartment type atmosphere where cracking your neighbors' wireless is just another thing to do when you're bored :)

Originally posted by io_burn
Whole different world in a college dorm or apartment type atmosphere where cracking your neighbors' wireless is just another thing to do when you're bored :)

-io_burn

Oh! Well, yeah, quite different. But then my out-of-college worry with wireless security is wardrivers who like to spam or send virii from borrowing a hotspot.

Not really worried about them hacking my machines themselves.

Originally posted by synergy
Slowing my connection down about 25%?
Well from 11Mbps (I've got the original airport) wireless reduced by 25% gives me 8.25Mbps.

Considering my DSL at most maxes out at 1.5Mbps if that, I'd say there is not much loss to be worried about by using WEP.

And if I need to do big file transfers I will do a hard wire network via ethernet and get 100Mbps between my machines.

you're not getting the point. the encryption isnt some network overhead, its actually sent with the info being transmitted.