Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Possible to block wireless internet users?

andyx181x

andyx181x

macrumors regular
Original poster
Jun 28, 2008
132
5
Hey there guys I need some info if this is possible, is there any means software wise other then changing the WEP password on my wireless modem to block someone from using it? This person of interest is using a windows laptop with xp and has some kinda of WEP crack program that can find out the password. So hence changing the password is a lose, and I'm not to sure if there are similar programs to WAP based (if not I go and buy an apple airbase with WAP2 password). I was thinking of some means of knowing the I.P. number of the laptop and preventing the modem from having it connect to it. Any suggestions or ideas welcomed please!
 
Change from a WEP password which are weak and cracked very easy, To a
WPA2 Password much stronger and harder to crack.

Also when making a password try using special characters such as *^% and alike as these will slow down or stop the password finding apps from qworking to well.

Also use if possible a hidden SSID this will also make it harder to see modem and network you have.
 
WEP security is absurdly easy to crack.

You want at least a WPA-capable device. Just make sure you use a strong passphrase and if you're really paranoid, change it every week or month.

Go here for a strong passphrase.



There are other ways to do the security, such as on the DHCP server (e.g. only allow specific MAC addresses to get an IP, or vice versa), but I don't think you can do that with the typical consumer wireless router, besides, it's easier to just use WPA or WPA2 encryption anyway.
 
topmounter said:
WEP security is absurdly easy to crack.

You want at least a WPA-capable device. Just make sure you use a strong passphrase and if you're really paranoid, change it every week or month.

Go here for a strong passphrase.



There are other ways to do the security, such as on the DHCP server (e.g. only allow specific MAC addresses to get an IP, or vice versa), but I don't think you can do that with the typical consumer wireless router, besides, it's easier to just use WPA or WPA2 encryption anyway.
Click to expand...


Actually depeding on your router, many consumer grade routers offer the ability to only allow certain Mac Addresses to connect and receive an IP.

I use this on both of my home routers. It is a pain when you introduce a new piece of hardware, especially if you don't realize why it won't get an IP right away. You will always have to go in to allow the hardware access...but if you router can tell you the MAC address of the person cracking in, then just set it to disallow the listed MAC addresses, and put his in.

Best,

Brian
 
I'm using a Verizon modem and wireless router, GT704WG. I haven't tried it yet but while editing the setting threw the network panel I noticed it gave me options to change the password type. Does that mean this model can probably accept WPA/WPA2?
 
bmcgonag said:
Actually depeding on your router, many consumer grade routers offer the ability to only allow certain Mac Addresses to connect and receive an IP.

I use this on both of my home routers. It is a pain when you introduce a new piece of hardware, especially if you don't realize why it won't get an IP right away. You will always have to go in to allow the hardware access...but if you router can tell you the MAC address of the person cracking in, then just set it to disallow the listed MAC addresses, and put his in.

Best,

Brian
Click to expand...
This adds zero security. A MAC address can be changed very easily. Even worse, on a WEP network an attacker can use a MAC of a connected station.


andyx181x said:
I'm using a Verizon modem and wireless router, GT704WG. I haven't tried it yet but while editing the setting threw the network panel I noticed it gave me options to change the password type. Does that mean this model can probably accept WPA/WPA2?
Click to expand...
If the router has the setting it is capable. The question is if your wifi clients are also WPA capable but I guess this shouldn't be a problem.

So just go for it and change the WEP to WPA !
 
Also turn off the SSID broadcast, while its not a security change per say, it will stop advertising what wireless network you have.
 
All the above!

First, get off of WEP, it sucks. WPA2 is much better.

Don't broadcast the SID (not a huge security thing but every little bit helps).

You can set only certain MACs to be allowed. Once again, this is not a big thing, but it does make the person work just a little harder at getting in. ;)

All of this should help with your problem.
 
The only thing more useless than WEP for securing a wireless network is MAC filtering. It takes seconds to discover and spoof an allowed MAC and I guarantee you that if this guy knows how to crack a WEP password, he knows how to spoof a MAC. All MAC filtering does is create a hassle for you because you have to maintain allowed MAC lists.
 
yg17 said:
All MAC filtering does is create a hassle for you because you have to maintain allowed MAC lists.
Click to expand...

Agreed, especially if you have family/friends coming over to visit and want to access the internet on their laptop/mobile phone with your wifi.

I used to do do this, but it was too much of a hassle, and given the ease of spoofing the MAC address it made little sense for me.
 
yg17 said:
The only thing more useless than WEP for securing a wireless network is MAC filtering. It takes seconds to discover and spoof an allowed MAC and I guarantee you that if this guy knows how to crack a WEP password, he knows how to spoof a MAC. All MAC filtering does is create a hassle for you because you have to maintain allowed MAC lists.
Click to expand...
I agree MAC filtering isn't the best way to go but it does keep the neighbors out. My neighbors try to connect to my network and use my bandwidth. MAC filtering ended that and since they are not hackers, they don't get in any more.

I gave up on WAP and WPA because it slows my network down.

Basically, MAC filtering keeps the honest people out. If hackers want in, they will get in no matter what I do.
 
Chris Blount said:
I agree MAC filtering isn't the best way to go but it does keep the neighbors out. My neighbors try to connect to my network and use my bandwidth. MAC filtering ended that and since they are not hackers, they don't get in any more.

I gave up on WAP and WPA because it slows my network down.

Basically, MAC filtering keeps the honest people out. If hackers want in, they will get in no matter what I do.
Click to expand...
It looks like in your case you have no encryption at all ??!!

I think you people tend to forget something very important. A WEP or WPA key (please dont say WAP .. it is something totally different) doesn't only prevent other people from joining your network but it also encrypts the communication


If there is no encryption or a weak encryption (WEP) it means that someone can listen to your internet communication even without being connected. So:
- every time you download a picture, you are showing it to your neighbors
- every time you visit a webpage you are showing it to your neighbors
- every time you log in to an account, you shout your password login in the street.
- every time you send en e-Mail you shout the content of your e-mail in the street.
- every time you chat on msn,icq or what ever all your conversation is being shouted in the street.

LOUD AND CLEAR

So people saying that they don't care about pirates .. think again a bit about what you are doing.

just use WPA ! It takes 2 mins to configure it. It is even easier to use. And it does NOT slow significantly the communication.

Chris Blount said:
Basically, MAC filtering keeps the honest people out. If hackers want in, they will get in no matter what I do.
Click to expand...
No they won't if you use WPA with a good password
 
andyx181x said:
Hey there guys I need some info if this is possible, is there any means software wise other then changing the WEP password on my wireless modem to block someone from using it? This person of interest is using a windows laptop with xp and has some kinda of WEP crack program that can find out the password. So hence changing the password is a lose, and I'm not to sure if there are similar programs to WAP based (if not I go and buy an apple airbase with WAP2 password). I was thinking of some means of knowing the I.P. number of the laptop and preventing the modem from having it connect to it. Any suggestions or ideas welcomed please!
Click to expand...

Um, stop using WEP? WEP is almost like having no security at all, it's so stupidly easy to crack.

Go buy a more modern access point that uses WPA2. Problem solved.
 
As a latecomer to WiFi I've had to learn all this stuff over the last year when I got an iPod touch and an Airport Express for it.

So as I understand it, WPA ( / WPA2) encryption is the big thing here. If you don't secure your network using that, you are basically asking for trouble.

WEP encryption, MAC filtering and hiding the SSID can all be defeated relatively trivially these days - no-one should rely on those things to secure their network and internet connection.
 
yg17 said:
The only thing more useless than WEP for securing a wireless network is MAC filtering. It takes seconds to discover and spoof an allowed MAC and I guarantee you that if this guy knows how to crack a WEP password, he knows how to spoof a MAC. All MAC filtering does is create a hassle for you because you have to maintain allowed MAC lists.
Click to expand...


So how many people do you have going in and out of your house? :eek: :p

I agree, it is pointless, (much like hiding the SSID) but it was mentioned. A simple sniffer can pull the MAC and then it can be pasted into the driver settings to be spoofed and SSID is never truly hidden.

WPA2 is the way to go.
 
I would definitely switch to WPA2. In fact, I'm going to do so myself when I get home :D Haven't has any issues with WEP but I just like being careful.

Also, I think that if you're having issues restricting to specific MAC addresses is probably a good idea.

Yes, it's easy to change the mac address of your machine (or the hacker to do the same) but they have to know what to change it to. Is there an easy way for them to find the list of allowed MAC addresses without access to the allowed devices? I don't think so.

But, in the end you're probably safe just going to WPA2.
 
Tex-Twil said:
It looks like in your case you have no encryption at all ??!!

I think you people tend to forget something very important. A WEP or WPA key (please dont say WAP .. it is something totally different) doesn't only prevent other people from joining your network but it also encrypts the communication


If there is no encryption or a weak encryption (WEP) it means that someone can listen to your internet communication even without being connected. So:
- every time you download a picture, you are showing it to your neighbors
- every time you visit a webpage you are showing it to your neighbors
- every time you log in to an account, you shout your password login in the street.
- every time you send en e-Mail you shout the content of your e-mail in the street.
- every time you chat on msn,icq or what ever all your conversation is being shouted in the street.

LOUD AND CLEAR

So people saying that they don't care about pirates .. think again a bit about what you are doing.

just use WPA ! It takes 2 mins to configure it. It is even easier to use. And it does NOT slow significantly the communication.


No they won't if you use WPA with a good password
Click to expand...
Don't exaggerate. It's not doomsday if someone doesn't use encryption. First, someone has to be interested in your data in the first place. Second, it does NOT take 2 minutes to configure especially when you have 20 devices in the house. Some "legacy" devices don't even support WPA or WPA2 encryption so then what?

Everyone should secure their networks as much as possible... no doubt about that... but each network configuration is different and must be secured to keep risk as low as possible within given parameters.
 
Chris Blount said:
Don't exaggerate. It's not doomsday if someone doesn't use encryption. First, someone has to be interested in your data in the first place. Second, it does NOT take 2 minutes to configure especially when you have 20 devices in the house. Some "legacy" devices don't even support WPA or WPA2 encryption so then what?

Everyone should secure their networks as much as possible... no doubt about that... but each network configuration is different and must be secured to keep risk as low as possible within given parameters.
Click to expand...

Did you even read the original post though? The OP is dealing with someone he apparently knows to be cracking WEP, so bluntly the answer is fairly obviously WPA. If they can crack WEP then MAC filtering and hiding the SSID are not going to be very effective either, even accepting your somewhat more relaxed approach to security.

Personally IMHO, if you have legacy hardware that doesn't support WPA it is time to replace it, not use it as an excuse to remain insecure.
 
Chris Blount said:
Will you send me the funds to do that?
Click to expand...
Really? :rolleyes: You're joking, right? You're buying a top-dollar premium brand computer (Apple) and you can't afford the $60 for a modern router? Heck you can find them used, on ebay for $30. You likely spend more than that each month for high speed internet service to your home.
 
Wotan31 said:
Really? :rolleyes: You're joking, right? You're buying a top-dollar premium brand computer (Apple) and you can't afford the $60 for a modern router? Heck you can find them used, on ebay for $30. You likely spend more than that each month for high speed internet service to your home.
Click to expand...
It's more than one device and I don't feel like posting my entire network configuration here.

To the OP, sorry about getting this thread side tracked. I will stop posting.

BTW, as others have said, WPA2 is definitely your best bet.
 
ViViDboarder said:
Is there an easy way for them to find the list of allowed MAC addresses without access to the allowed devices? I don't think so.
Click to expand...
Yes there is. If you listen to the wifi traffic without any cracking, you can see the mac addresses of all devices that are communicating with the Access Point.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back