Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How is the signal from laptop to router secure?

Wie Gehts said:
If I may break in here.... ;)

I spent the past 8 hours trying to figure out how to get this linksys router to work.
Click to expand...


I just responded to your other thread a few minutes ago. Glad to hear you got it up and running.

Now perhaps you can answer a question for me since I've never upgraded the firmware. What do you do with the .bin file you download?

Chuck Gardner
 
WEP: Useless. Can be cracked very quickly and easily as stated before

MAC Filtering: Useless. Contrary to what someone said, you don't need to be on the same subnet or even on the wireless network at all. All you need is the right software to sniff out the packets. They're in the air for anything to grab, whether or not you're on the network is irrelevant. So you just sniff out the packets, decrypt if necessary (if it's WEP), and then you have the MAC address right there in the ethernet header in plaintext, for anyone to spoof. And in OSX, IIRC, spoofing a MAC address requires one single command in Terminal. That's how easy it is.

SSID Hiding: Useless. There are a million programs out there, KisMac being the first that comes to mind, that will sniff out all wireless networks and give you a list of them, hidden or not.

WEP + MAC Filtering + SSID Hiding = Still useless. Someone who's determined and knows what they're doing can still easily get their way in, all the 3 of those might do is slow them down by a couple minutes.


WPA, or better yet, WPA2, is all you need. MAC filtering is a pain in the arse to maintain, and SSID hiding is just an inconvenience. For the 2 small wireless networks I maintain, I'm using WPA (would use WPA2, not everything supports it though), and don't have any sort of MAC filtering and the SSID is broadcast and it's secure.

Oh, and WPA + Really bad password = Useless. So make sure you choose a good password too with WPA
 
MacUserSince87 said:
I just responded to your other thread a few minutes ago. Glad to hear you got it up and running.

Now perhaps you can answer a question for me since I've never upgraded the firmware. What do you do with the .bin file you download?

Chuck Gardner
Click to expand...

I was about ask you about this:
>>One thing you may or may not be aware of is the fact you may need to also reconfigure your cable / dsl box as a bridge. I have Verizon DSL and they provided a Westell 6100 which functions as both DSL modem and router. It was necessary to reconfigure it as a bridge so the LinkSys would handle the DHCP. It was also necessary to clone the MAC address of the Westell on LinkSys so Verizon would recognize it.<<

I have verizon and westell modem too, but I know nothing about this 'reconfigure it as bridge thing'...all I know is that I'm connecting to the internet wirelessly :confused: Clone Mac address???!! :confused:
Now my heads gonna explode all over again.....:( ;)

Just tried to access the administration page but now the pass that worked the first doesn't...grrrrr.

Ok..for the firmware. The 'bin' apparently won't unstuff as its the full file.
I then went onto the web page and under 'administartion' theres a sub tab that says 'firmware'. When you click on it, it'll take you to a page with a 'browse' button. Use that to find the 'Bin' file and it should start updating.

I need to ask you.....

The password I used after tech support straightened me out was the key I used to set my firewall (but now isn't working apparently)
Are ther any other places that I need to change the password?

Tanks! :)
 
Wie Gehts said:
I was about ask you about this:
>>One thing you may or may not be aware of is the fact you may need to also reconfigure your cable / dsl box as a bridge. I have Verizon DSL and they provided a Westell 6100 which functions as both DSL modem and router. It was necessary to reconfigure it as a bridge so the LinkSys would handle the DHCP. It was also necessary to clone the MAC address of the Westell on LinkSys so Verizon would recognize it.<<

I have verizon and westell modem too, but I know nothing about this 'reconfigure it as bridge thing'...all I know is that I'm connecting to the internet wirelessly :confused: Clone Mac address???!! :confused:
Now my heads gonna explode all over again.....:( ;)
Click to expand...

I've configured a few routers but and far from an expert in such matters, but my understanding is that if you don't bridge the DSL modem router you wind up with the Westell dynamically assigning an address to the LinkSys -- double routing.

When you bridge the Westell the modem simply sends the IP packets to the LinkSys to route. The router part of the device is by-passed. The Verizon system uses the MAC address of Westell as a registration ID of some sort. Cloning it in the LinkSys is necessary if the Westell is bridged so the Verizon system will recognize the LinkSys as the registered Westell router.

Bridging the Westell pretty much like configuring the the LinkSys. You must plug your mac directly into the Westell and use the same IP to access the control screens. This was my source for sorting all that part out: http://members.verizon.net/~res08lyg/6100.htm

FWIW - When installing my DSL I also installed a whole house DSL filter. No need to hang filters at each phone that way. I found the necessary parts at Home Depot: A Levitron DSL filter board and a small punch down block which I mounted on a small board:

DSL.jpg



The incoming telco line goes into the DSL board and the unfiltered signal is patched over to the Westell (black box on right) and the filtered signal goes up to the patch board. On the patch board the filtered signal first goes to the alarm system - so it can capture the voice side - then back from the alarm to another row on the patch board for distribution to the phones in the house. There's a CAT 6 cable run from the Westell to the Linksys which in my home office about 30' away. The house was a former model home with several different lines and before I did the DSL the phone wiring was a real rats nest.

BTW - I got my firmware upgraded. Thanks for the clue about the .bin file. Like you I was trying to unstuff it.

Chuck Gardner
 
Thanks Chuck....

Well, I've had it with this thing. That one woman had me hooked up but when I couldn't access that web page I called up, got the same guy who told me to use a pc.
So I followed the whole procedure again and did a reset, did the same settings as what that woman told me and I can't get it to work...I'm fried and totally pissed at dicking with this damn thing all day.

Its going back. I can just about chew nails right now.

On top of that, now all of a sudden my acrobat reader is beach balling me everytime I want to read the routers pdf.



AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRRRRRRRRRRRRR
RRRRRRRRRRRRRRRRRRGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG!!!!!
 
DoFoT9 said:
2. if there is no MAC filtering, then obviously one would skip it. im just saying that identifying that information is not all that difficult.
Click to expand...

argh.

No, sniffing MAC addresses is VERY easy, IF one is able to get on the subnet. But you cannot make the point that it's easy to sniff MAC addresses and then spoof them to break into a MAC address filtered subnet if you can't get on that subnet in the first place! Please don't try and combine 2 totally different scenarios into 1 generalized (and incorrect) statement.
 
yg17 said:
MAC Filtering: Useless. Contrary to what someone said, you don't need to be on the same subnet or even on the wireless network at all. All you need is the right software to sniff out the packets.
Click to expand...

Please explain how. Probably the most common sniffer is ethereal.
 
yellow said:
argh.

No, sniffing MAC addresses is VERY easy, IF one is able to get on the subnet. But you cannot make the point that it's easy to sniff MAC addresses and then spoof them to break into a MAC address filtered subnet if you can't get on that subnet in the first place! Please don't try and combine 2 totally different scenarios into 1 generalized (and incorrect) statement.
Click to expand...

me, combine scenarios?? never ;)
you donot have to be on the subnet to be able to ping them, therefor eyou can find out their MAC address. there are many programs that will even identify:
1. the IP address
2. MAC address
3. open ports
i didnt mention actually spoofing, just sniffing. i dont understand how i was combining 2 scenarios, i was simple saying that IF there is no MAC address filtering one would not have to worry about that issue.
 
DoFoT9 said:
me, combine scenarios?? never ;)
you donot have to be on the subnet to be able to ping them,
Click to expand...

MAC addresses typically aren't routed. So any MAC address you gather from a ping is more likely to be that of one of the routers between you and your target.

DoFoT9 said:
i didnt mention actually spoofing, just sniffing. i dont understand how i was combining 2 scenarios, i was simple saying that IF there is no MAC address filtering one would not have to worry about that issue.
Click to expand...

Actually, it seems to me that you did.

DoFoT9 said:
lol im gonna wreck your peice of mind and say that mac addresses are easily tricked. its so incredibly easy. (just to break your bubble )
not alot of people would kno about that tho i spose
Click to expand...
 
yellow said:
1.MAC addresses typically aren't routed. So any MAC address you gather from a ping is more likely to be that of one of the routers between you and your target.

2.Actually, it seems to me that you did.
Click to expand...

1. then explain why i get different mac addresses when i view them?? because if i was getting them from the same router they should all return the same identifier address shouldnt they?

2. i didnt specifically address that too you :p that was a general statement
 
yellow said:
Please explain how. Probably the most common sniffer is ethereal.
Click to expand...


I dunno how, I've never done it. But the packets are out there in the air for anyone to sniff out and see, it can be done with the right hardware and software


Its like how people can use the hacked DirecTV cards to get TV without paying for it. The signal is out there for anyone to receive, you just need the right equipment so you can do something with it
 
DoFoT9 said:
1. then explain why i get different mac addresses when i view them?? because if i was getting them from the same router they should all return the same identifier address shouldnt they?
Click to expand...

Are you on the same subnet? I suspect you are. Same subnet, same router. Same domain might even have routable MAC addresses.

yg17 said:
Its like how people can use the hacked DirecTV cards to get TV without paying for it. The signal is out there for anyone to receive, you just need the right equipment so you can do something with it
Click to expand...

I'm not sure you can make that argument. At least only peripherally. One cannot break into a bank without the proper equipment, but it's not a useful parallel. I find your earlier statement about MAC sniffing to be a bit disingenuous if you admittedly don't know how to do it.

Ultimately, I find it odd that so many enterprises rely heavily upon a combination of MAC address filtering, unbroadcasted SSIDs, and WPA* if it's so insecure and easy to break. Yes, I agree that it's certainly not the most secure set up in the world (you gotta use what you have), but as stated earlier, convenience often wins out over security.

I just don't want future people that read this thread to figure that they might as well use nothing at all since it's all so easy to defeat. That is not true at all. Yes, the truely motivated and talented can probably defeat everything that you throw at them. But.. why would they when they can drive 50 yards and jump on your neighbor's unprotected wireless network? I simply don't want to put out such an alarmist stance.

Summary: If you have a wireless network, try and keep it protected. Combonations of WPA, non-broadcast SSIDs, and MAC filtering is an excellent way to keep 95% of people away from your wireless network.
 
yellow said:
Are you on the same subnet? I suspect you are. Same subnet, same router. Same domain might even have routable MAC addresses.

Summary: If you have a wireless network, try and keep it protected. Combonations of WPA, non-broadcast SSIDs, and MAC filtering is an excellent way to keep 95% of people away from your wireless network.
Click to expand...

yup same subnet. same everything!!

amen to that.
 
yellow said:
I'm not sure you can make that argument. At least only peripherally. One cannot break into a bank without the proper equipment, but it's not a useful parallel. I find your earlier statement about MAC sniffing to be a bit disingenuous if you admittedly don't know how to do it.
Click to expand...


http://www.oreillynet.com/pub/a/wireless/excerpt/wirlsshacks_chap1/

Step 2, basically tells you how to get the MAC. Again, it goes back to it being a wireless signal and why they can be so much less secure than a wired connection. The signals in the air, anyone can view the packets and get the info they need.

Ultimately, I find it odd that so many enterprises rely heavily upon a combination of MAC address filtering, unbroadcasted SSIDs, and WPA* if it's so insecure and easy to break. Yes, I agree that it's certainly not the most secure set up in the world (you gotta use what you have), but as stated earlier, convenience often wins out over security.
Click to expand...
Well, WPA is enough to secure a network. MAC filtering and unbroadcasted SSIDs just add a false sense of security. But if they're using WPA then they're fine
 
yg17 said:
Step 2, basically tells you how to get the MAC. Again, it goes back to it being a wireless signal and why they can be so much less secure than a wired connection. The signals in the air, anyone can view the packets and get the info they need.
Click to expand...

Alrighty, I'm going to look into recreating this. Thanks for the link.
 
is someone going to answer this guys question... he is going to give up because of the lack of substantial help he is receiving...
 
Corrosive vinyl said:
is someone going to answer this guys question... he is going to give up because of the lack of substantial help he is receiving...
Click to expand...

Technically he didn't ask a question.

Wie Gehts said:
Well, I've had it with this thing. That one woman had me hooked up but when I couldn't access that web page I called up, got the same guy who told me to use a pc.
So I followed the whole procedure again and did a reset, did the same settings as what that woman told me and I can't get it to work...I'm fried and totally pissed at dicking with this damn thing all day.

Its going back. I can just about chew nails right now.

On top of that, now all of a sudden my acrobat reader is beach balling me everytime I want to read the routers pdf.
Click to expand...

Frankly, I don't care for Linksys products. This seems to be (to me) an all too often occurance, particularly when coupled with a Mac.

My own personal choice is to use a NetGear product. Easy to use, easy to navigate, and easy to config.
 
Naw, I had another thread about this and the two became intertwined...

That one good woman at linksys got me hooked up and I had wireless but something wasn't complete because when I went to go into the webpage later my pass wouldn't work. So I took the chance and reset it hoping to redo what she did but no good. I couldn't get the connection up again. I also tried walkthroughs that guys have posted by they don't work either..probably because they always leave out specifics.

No matter whose directions I followed...linksys or whatever...could not do it.

Screw it....I just ordered an express.. :apple:

plug and play...I hope
 
Eraserhead said:
To be honest I've had no problems with Netgear routers, they have a good auto-setup system.

I also think a Wireless Security Mac Guide could be worth creating.
Click to expand...

I'll check them out.

Right now, between all the researching the products and what to do's and fighting this device for the past day and a half....I'm fried. :eek:
 
I have a Linksys WRT54G and didn't have any problems setting it up. I did have problems with my DSL (Yahoo) modem being set up. When I got it, I didn't have a Mac, and did that part on the PC. Basically, I had to set up a username and password, and this is what it uses to connect to the internet. I'm not sure how to do this on a Mac though.

When I bought the wireless router, I think I had to hard wire it to my MacBook (I bought them at the same time) and save the username and password. After that, it worked without a problem. It took me a while to figure out the security stuff, but it's been working since then, almost a year.

I know you have a different ISP and router, but maybe that's the problem? You might have needed a PC to set up your password/account, but once it's set up, you should be fine.
 
davidg4781 said:
I have a Linksys WRT54G and didn't have any problems setting it up. I did have problems with my DSL (Yahoo) modem being set up. When I got it, I didn't have a Mac, and did that part on the PC. Basically, I had to set up a username and password, and this is what it uses to connect to the internet. I'm not sure how to do this on a Mac though.

When I bought the wireless router, I think I had to hard wire it to my MacBook (I bought them at the same time) and save the username and password. After that, it worked without a problem. It took me a while to figure out the security stuff, but it's been working since then, almost a year.

I know you have a different ISP and router, but maybe that's the problem? You might have needed a PC to set up your password/account, but once it's set up, you should be fine.
Click to expand...

When I first called tech support thats what the guy told me..I needed to borrow a pc to configure.....great, more hoops to jump through.

The next time I called, this woman walked me though and it worked...no clone mac address, no switching my westell dsl modem to bridge (whatever that is) , no PPoe or anything beyond setting up the security and changing the IP address in the setup page to 10.10.10.1.

She told me that I didn't have to change the admin>manager password.
Actually, the string of characters for the key I used for the WPA2 she had me use for the authentication window that comes up when you further want to access the wireless web page. AND THUS, I HAD MY WIRELESS CONNECTION.

I thanked her profusely but later when I tried to access the page the password didn't work. I called again and got the same guy who told me to get the pc...I hung up.
I then reset and did the same settings as she did but no good. I think she hooked me up from her end. I tried a bunch of walkthroughs that I found on the web for hooking the linksys to the mac......all useless.

I'm not an idiot by a long shot (so says I..hehehe) but unless this crap is plug in and go, my eyes just glaze over at all this pppoe, tcp/ip, dhcp, ip protocols, dns, wpa, bridge, routers,etc etc ad nauseum.

I just want to plug the bloody thing in and be done with it. I have things I am talented at to be spending my time doing than to be dicking around for 2 days just to get a stinking router to work. If one understands all this internet stuff, God bless ya'. I appreciate everyones help here. I just can't get into it myself. ;)
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back