Possible to block wireless internet users?

Discussion in 'macOS' started by andyx181x, Nov 19, 2009.

  1. andyx181x macrumors regular

    andyx181x

    Joined:
    Jun 28, 2008
    #1
    Hey there guys I need some info if this is possible, is there any means software wise other then changing the WEP password on my wireless modem to block someone from using it? This person of interest is using a windows laptop with xp and has some kinda of WEP crack program that can find out the password. So hence changing the password is a lose, and I'm not to sure if there are similar programs to WAP based (if not I go and buy an apple airbase with WAP2 password). I was thinking of some means of knowing the I.P. number of the laptop and preventing the modem from having it connect to it. Any suggestions or ideas welcomed please!
     
  2. robert05au macrumors regular

    robert05au

    Joined:
    May 19, 2005
    Location:
    Dubbo, NSW
    #2
    Change from a WEP password which are weak and cracked very easy, To a
    WPA2 Password much stronger and harder to crack.

    Also when making a password try using special characters such as *^% and alike as these will slow down or stop the password finding apps from qworking to well.

    Also use if possible a hidden SSID this will also make it harder to see modem and network you have.
     
  3. topmounter macrumors 68020

    topmounter

    Joined:
    Jun 18, 2009
    Location:
    FEMA Region VIII
    #3
    WEP security is absurdly easy to crack.

    You want at least a WPA-capable device. Just make sure you use a strong passphrase and if you're really paranoid, change it every week or month.

    Go here for a strong passphrase.



    There are other ways to do the security, such as on the DHCP server (e.g. only allow specific MAC addresses to get an IP, or vice versa), but I don't think you can do that with the typical consumer wireless router, besides, it's easier to just use WPA or WPA2 encryption anyway.
     
  4. bmcgonag macrumors 65816

    bmcgonag

    Joined:
    Mar 20, 2007
    Location:
    Texas
    #4

    Actually depeding on your router, many consumer grade routers offer the ability to only allow certain Mac Addresses to connect and receive an IP.

    I use this on both of my home routers. It is a pain when you introduce a new piece of hardware, especially if you don't realize why it won't get an IP right away. You will always have to go in to allow the hardware access...but if you router can tell you the MAC address of the person cracking in, then just set it to disallow the listed MAC addresses, and put his in.

    Best,

    Brian
     
  5. andyx181x thread starter macrumors regular

    andyx181x

    Joined:
    Jun 28, 2008
    #5
    I'm using a Verizon modem and wireless router, GT704WG. I haven't tried it yet but while editing the setting threw the network panel I noticed it gave me options to change the password type. Does that mean this model can probably accept WPA/WPA2?
     
  6. Tex-Twil macrumors 68020

    Tex-Twil

    Joined:
    May 28, 2008
    Location:
    Europe
    #6
    This adds zero security. A MAC address can be changed very easily. Even worse, on a WEP network an attacker can use a MAC of a connected station.


    If the router has the setting it is capable. The question is if your wifi clients are also WPA capable but I guess this shouldn't be a problem.

    So just go for it and change the WEP to WPA !
     
  7. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #7
    Also turn off the SSID broadcast, while its not a security change per say, it will stop advertising what wireless network you have.
     
  8. daflake macrumors 6502a

    Joined:
    Apr 8, 2008
    #8
    All the above!

    First, get off of WEP, it sucks. WPA2 is much better.

    Don't broadcast the SID (not a huge security thing but every little bit helps).

    You can set only certain MACs to be allowed. Once again, this is not a big thing, but it does make the person work just a little harder at getting in. ;)

    All of this should help with your problem.
     
  9. yg17 macrumors G5

    yg17

    Joined:
    Aug 1, 2004
    Location:
    St. Louis, MO
    #9
    The only thing more useless than WEP for securing a wireless network is MAC filtering. It takes seconds to discover and spoof an allowed MAC and I guarantee you that if this guy knows how to crack a WEP password, he knows how to spoof a MAC. All MAC filtering does is create a hassle for you because you have to maintain allowed MAC lists.
     
  10. Sun Baked macrumors G5

    Sun Baked

    Joined:
    May 19, 2002
    #10
    Just use your neighbors wife's name and bra size, and toss in a symbol. ;)
     
  11. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #11
    Agreed, especially if you have family/friends coming over to visit and want to access the internet on their laptop/mobile phone with your wifi.

    I used to do do this, but it was too much of a hassle, and given the ease of spoofing the MAC address it made little sense for me.
     
  12. macrem macrumors 65816

    macrem

    Joined:
    Mar 11, 2008
    #12
    :D

    & perhaps toss in a score ;)
     
  13. Tex-Twil macrumors 68020

    Tex-Twil

    Joined:
    May 28, 2008
    Location:
    Europe
    #13
    haha :) Yes I totally agree that this kind of password is a strong password. Plus you're not likely to forget it ...
     
  14. AppleFan360 macrumors 68020

    Joined:
    Jan 26, 2008
    #14
    I agree MAC filtering isn't the best way to go but it does keep the neighbors out. My neighbors try to connect to my network and use my bandwidth. MAC filtering ended that and since they are not hackers, they don't get in any more.

    I gave up on WAP and WPA because it slows my network down.

    Basically, MAC filtering keeps the honest people out. If hackers want in, they will get in no matter what I do.
     
  15. Tex-Twil macrumors 68020

    Tex-Twil

    Joined:
    May 28, 2008
    Location:
    Europe
    #15
    It looks like in your case you have no encryption at all ??!!

    I think you people tend to forget something very important. A WEP or WPA key (please dont say WAP .. it is something totally different) doesn't only prevent other people from joining your network but it also encrypts the communication


    If there is no encryption or a weak encryption (WEP) it means that someone can listen to your internet communication even without being connected. So:
    - every time you download a picture, you are showing it to your neighbors
    - every time you visit a webpage you are showing it to your neighbors
    - every time you log in to an account, you shout your password login in the street.
    - every time you send en e-Mail you shout the content of your e-mail in the street.
    - every time you chat on msn,icq or what ever all your conversation is being shouted in the street.

    LOUD AND CLEAR

    So people saying that they don't care about pirates .. think again a bit about what you are doing.

    just use WPA ! It takes 2 mins to configure it. It is even easier to use. And it does NOT slow significantly the communication.

    No they won't if you use WPA with a good password
     
  16. Wotan31 macrumors 6502

    Joined:
    Jun 5, 2008
    #16
    Um, stop using WEP? WEP is almost like having no security at all, it's so stupidly easy to crack.

    Go buy a more modern access point that uses WPA2. Problem solved.
     
  17. Porco macrumors 68030

    Porco

    Joined:
    Mar 28, 2005
    #17
    As a latecomer to WiFi I've had to learn all this stuff over the last year when I got an iPod touch and an Airport Express for it.

    So as I understand it, WPA ( / WPA2) encryption is the big thing here. If you don't secure your network using that, you are basically asking for trouble.

    WEP encryption, MAC filtering and hiding the SSID can all be defeated relatively trivially these days - no-one should rely on those things to secure their network and internet connection.
     
  18. daflake macrumors 6502a

    Joined:
    Apr 8, 2008
    #18

    So how many people do you have going in and out of your house? :eek: :p

    I agree, it is pointless, (much like hiding the SSID) but it was mentioned. A simple sniffer can pull the MAC and then it can be pasted into the driver settings to be spoofed and SSID is never truly hidden.

    WPA2 is the way to go.
     
  19. ViViDboarder macrumors 68040

    ViViDboarder

    Joined:
    Jun 25, 2008
    Location:
    USA
    #19
    I would definitely switch to WPA2. In fact, I'm going to do so myself when I get home :D Haven't has any issues with WEP but I just like being careful.

    Also, I think that if you're having issues restricting to specific MAC addresses is probably a good idea.

    Yes, it's easy to change the mac address of your machine (or the hacker to do the same) but they have to know what to change it to. Is there an easy way for them to find the list of allowed MAC addresses without access to the allowed devices? I don't think so.

    But, in the end you're probably safe just going to WPA2.
     
  20. AppleFan360 macrumors 68020

    Joined:
    Jan 26, 2008
    #20
    Don't exaggerate. It's not doomsday if someone doesn't use encryption. First, someone has to be interested in your data in the first place. Second, it does NOT take 2 minutes to configure especially when you have 20 devices in the house. Some "legacy" devices don't even support WPA or WPA2 encryption so then what?

    Everyone should secure their networks as much as possible... no doubt about that... but each network configuration is different and must be secured to keep risk as low as possible within given parameters.
     
  21. Porco macrumors 68030

    Porco

    Joined:
    Mar 28, 2005
    #21
    Did you even read the original post though? The OP is dealing with someone he apparently knows to be cracking WEP, so bluntly the answer is fairly obviously WPA. If they can crack WEP then MAC filtering and hiding the SSID are not going to be very effective either, even accepting your somewhat more relaxed approach to security.

    Personally IMHO, if you have legacy hardware that doesn't support WPA it is time to replace it, not use it as an excuse to remain insecure.
     
  22. AppleFan360 macrumors 68020

    Joined:
    Jan 26, 2008
    #22
    Will you send me the funds to do that?
     
  23. Wotan31 macrumors 6502

    Joined:
    Jun 5, 2008
    #23
    Really? :rolleyes: You're joking, right? You're buying a top-dollar premium brand computer (Apple) and you can't afford the $60 for a modern router? Heck you can find them used, on ebay for $30. You likely spend more than that each month for high speed internet service to your home.
     
  24. AppleFan360 macrumors 68020

    Joined:
    Jan 26, 2008
    #24
    It's more than one device and I don't feel like posting my entire network configuration here.

    To the OP, sorry about getting this thread side tracked. I will stop posting.

    BTW, as others have said, WPA2 is definitely your best bet.
     
  25. Tex-Twil macrumors 68020

    Tex-Twil

    Joined:
    May 28, 2008
    Location:
    Europe
    #25
    Yes there is. If you listen to the wifi traffic without any cracking, you can see the mac addresses of all devices that are communicating with the Access Point.
     

Share This Page