Possible to block wireless internet users?

andyx181x

macrumors regular
Original poster
Jun 28, 2008
103
0
Hey there guys I need some info if this is possible, is there any means software wise other then changing the WEP password on my wireless modem to block someone from using it? This person of interest is using a windows laptop with xp and has some kinda of WEP crack program that can find out the password. So hence changing the password is a lose, and I'm not to sure if there are similar programs to WAP based (if not I go and buy an apple airbase with WAP2 password). I was thinking of some means of knowing the I.P. number of the laptop and preventing the modem from having it connect to it. Any suggestions or ideas welcomed please!
 

robert05au

macrumors regular
May 19, 2005
246
7
Dubbo, NSW
Change from a WEP password which are weak and cracked very easy, To a
WPA2 Password much stronger and harder to crack.

Also when making a password try using special characters such as *^% and alike as these will slow down or stop the password finding apps from qworking to well.

Also use if possible a hidden SSID this will also make it harder to see modem and network you have.
 

topmounter

macrumors 68020
Jun 18, 2009
2,261
430
FEMA Region VIII
WEP security is absurdly easy to crack.

You want at least a WPA-capable device. Just make sure you use a strong passphrase and if you're really paranoid, change it every week or month.

Go here for a strong passphrase.



There are other ways to do the security, such as on the DHCP server (e.g. only allow specific MAC addresses to get an IP, or vice versa), but I don't think you can do that with the typical consumer wireless router, besides, it's easier to just use WPA or WPA2 encryption anyway.
 

bmcgonag

macrumors 65816
Mar 20, 2007
1,077
0
Texas
WEP security is absurdly easy to crack.

You want at least a WPA-capable device. Just make sure you use a strong passphrase and if you're really paranoid, change it every week or month.

Go here for a strong passphrase.



There are other ways to do the security, such as on the DHCP server (e.g. only allow specific MAC addresses to get an IP, or vice versa), but I don't think you can do that with the typical consumer wireless router, besides, it's easier to just use WPA or WPA2 encryption anyway.

Actually depeding on your router, many consumer grade routers offer the ability to only allow certain Mac Addresses to connect and receive an IP.

I use this on both of my home routers. It is a pain when you introduce a new piece of hardware, especially if you don't realize why it won't get an IP right away. You will always have to go in to allow the hardware access...but if you router can tell you the MAC address of the person cracking in, then just set it to disallow the listed MAC addresses, and put his in.

Best,

Brian
 

andyx181x

macrumors regular
Original poster
Jun 28, 2008
103
0
I'm using a Verizon modem and wireless router, GT704WG. I haven't tried it yet but while editing the setting threw the network panel I noticed it gave me options to change the password type. Does that mean this model can probably accept WPA/WPA2?
 

Tex-Twil

macrumors 68020
May 28, 2008
2,478
10
Berlin
Actually depeding on your router, many consumer grade routers offer the ability to only allow certain Mac Addresses to connect and receive an IP.

I use this on both of my home routers. It is a pain when you introduce a new piece of hardware, especially if you don't realize why it won't get an IP right away. You will always have to go in to allow the hardware access...but if you router can tell you the MAC address of the person cracking in, then just set it to disallow the listed MAC addresses, and put his in.

Best,

Brian
This adds zero security. A MAC address can be changed very easily. Even worse, on a WEP network an attacker can use a MAC of a connected station.


I'm using a Verizon modem and wireless router, GT704WG. I haven't tried it yet but while editing the setting threw the network panel I noticed it gave me options to change the password type. Does that mean this model can probably accept WPA/WPA2?
If the router has the setting it is capable. The question is if your wifi clients are also WPA capable but I guess this shouldn't be a problem.

So just go for it and change the WEP to WPA !
 

maflynn

Moderator
Staff member
May 3, 2009
66,379
32,982
Boston
Also turn off the SSID broadcast, while its not a security change per say, it will stop advertising what wireless network you have.
 

daflake

macrumors 6502a
Apr 8, 2008
919
4,323
All the above!

First, get off of WEP, it sucks. WPA2 is much better.

Don't broadcast the SID (not a huge security thing but every little bit helps).

You can set only certain MACs to be allowed. Once again, this is not a big thing, but it does make the person work just a little harder at getting in. ;)

All of this should help with your problem.
 

yg17

macrumors G5
Aug 1, 2004
14,932
2,532
St. Louis, MO
The only thing more useless than WEP for securing a wireless network is MAC filtering. It takes seconds to discover and spoof an allowed MAC and I guarantee you that if this guy knows how to crack a WEP password, he knows how to spoof a MAC. All MAC filtering does is create a hassle for you because you have to maintain allowed MAC lists.
 

maflynn

Moderator
Staff member
May 3, 2009
66,379
32,982
Boston
All MAC filtering does is create a hassle for you because you have to maintain allowed MAC lists.
Agreed, especially if you have family/friends coming over to visit and want to access the internet on their laptop/mobile phone with your wifi.

I used to do do this, but it was too much of a hassle, and given the ease of spoofing the MAC address it made little sense for me.
 

AppleFan360

macrumors 68020
Jan 26, 2008
2,197
689
The only thing more useless than WEP for securing a wireless network is MAC filtering. It takes seconds to discover and spoof an allowed MAC and I guarantee you that if this guy knows how to crack a WEP password, he knows how to spoof a MAC. All MAC filtering does is create a hassle for you because you have to maintain allowed MAC lists.
I agree MAC filtering isn't the best way to go but it does keep the neighbors out. My neighbors try to connect to my network and use my bandwidth. MAC filtering ended that and since they are not hackers, they don't get in any more.

I gave up on WAP and WPA because it slows my network down.

Basically, MAC filtering keeps the honest people out. If hackers want in, they will get in no matter what I do.
 

Tex-Twil

macrumors 68020
May 28, 2008
2,478
10
Berlin
I agree MAC filtering isn't the best way to go but it does keep the neighbors out. My neighbors try to connect to my network and use my bandwidth. MAC filtering ended that and since they are not hackers, they don't get in any more.

I gave up on WAP and WPA because it slows my network down.

Basically, MAC filtering keeps the honest people out. If hackers want in, they will get in no matter what I do.
It looks like in your case you have no encryption at all ??!!

I think you people tend to forget something very important. A WEP or WPA key (please dont say WAP .. it is something totally different) doesn't only prevent other people from joining your network but it also encrypts the communication


If there is no encryption or a weak encryption (WEP) it means that someone can listen to your internet communication even without being connected. So:
- every time you download a picture, you are showing it to your neighbors
- every time you visit a webpage you are showing it to your neighbors
- every time you log in to an account, you shout your password login in the street.
- every time you send en e-Mail you shout the content of your e-mail in the street.
- every time you chat on msn,icq or what ever all your conversation is being shouted in the street.

LOUD AND CLEAR

So people saying that they don't care about pirates .. think again a bit about what you are doing.

just use WPA ! It takes 2 mins to configure it. It is even easier to use. And it does NOT slow significantly the communication.

Basically, MAC filtering keeps the honest people out. If hackers want in, they will get in no matter what I do.
No they won't if you use WPA with a good password
 

Wotan31

macrumors 6502
Jun 5, 2008
491
0
Hey there guys I need some info if this is possible, is there any means software wise other then changing the WEP password on my wireless modem to block someone from using it? This person of interest is using a windows laptop with xp and has some kinda of WEP crack program that can find out the password. So hence changing the password is a lose, and I'm not to sure if there are similar programs to WAP based (if not I go and buy an apple airbase with WAP2 password). I was thinking of some means of knowing the I.P. number of the laptop and preventing the modem from having it connect to it. Any suggestions or ideas welcomed please!
Um, stop using WEP? WEP is almost like having no security at all, it's so stupidly easy to crack.

Go buy a more modern access point that uses WPA2. Problem solved.
 

Porco

macrumors 68040
Mar 28, 2005
3,095
5,863
As a latecomer to WiFi I've had to learn all this stuff over the last year when I got an iPod touch and an Airport Express for it.

So as I understand it, WPA ( / WPA2) encryption is the big thing here. If you don't secure your network using that, you are basically asking for trouble.

WEP encryption, MAC filtering and hiding the SSID can all be defeated relatively trivially these days - no-one should rely on those things to secure their network and internet connection.
 

daflake

macrumors 6502a
Apr 8, 2008
919
4,323
The only thing more useless than WEP for securing a wireless network is MAC filtering. It takes seconds to discover and spoof an allowed MAC and I guarantee you that if this guy knows how to crack a WEP password, he knows how to spoof a MAC. All MAC filtering does is create a hassle for you because you have to maintain allowed MAC lists.

So how many people do you have going in and out of your house? :eek: :p

I agree, it is pointless, (much like hiding the SSID) but it was mentioned. A simple sniffer can pull the MAC and then it can be pasted into the driver settings to be spoofed and SSID is never truly hidden.

WPA2 is the way to go.
 

ViViDboarder

macrumors 68040
Jun 25, 2008
3,446
0
USA
I would definitely switch to WPA2. In fact, I'm going to do so myself when I get home :D Haven't has any issues with WEP but I just like being careful.

Also, I think that if you're having issues restricting to specific MAC addresses is probably a good idea.

Yes, it's easy to change the mac address of your machine (or the hacker to do the same) but they have to know what to change it to. Is there an easy way for them to find the list of allowed MAC addresses without access to the allowed devices? I don't think so.

But, in the end you're probably safe just going to WPA2.
 

AppleFan360

macrumors 68020
Jan 26, 2008
2,197
689
It looks like in your case you have no encryption at all ??!!

I think you people tend to forget something very important. A WEP or WPA key (please dont say WAP .. it is something totally different) doesn't only prevent other people from joining your network but it also encrypts the communication


If there is no encryption or a weak encryption (WEP) it means that someone can listen to your internet communication even without being connected. So:
- every time you download a picture, you are showing it to your neighbors
- every time you visit a webpage you are showing it to your neighbors
- every time you log in to an account, you shout your password login in the street.
- every time you send en e-Mail you shout the content of your e-mail in the street.
- every time you chat on msn,icq or what ever all your conversation is being shouted in the street.

LOUD AND CLEAR

So people saying that they don't care about pirates .. think again a bit about what you are doing.

just use WPA ! It takes 2 mins to configure it. It is even easier to use. And it does NOT slow significantly the communication.


No they won't if you use WPA with a good password
Don't exaggerate. It's not doomsday if someone doesn't use encryption. First, someone has to be interested in your data in the first place. Second, it does NOT take 2 minutes to configure especially when you have 20 devices in the house. Some "legacy" devices don't even support WPA or WPA2 encryption so then what?

Everyone should secure their networks as much as possible... no doubt about that... but each network configuration is different and must be secured to keep risk as low as possible within given parameters.
 

Porco

macrumors 68040
Mar 28, 2005
3,095
5,863
Don't exaggerate. It's not doomsday if someone doesn't use encryption. First, someone has to be interested in your data in the first place. Second, it does NOT take 2 minutes to configure especially when you have 20 devices in the house. Some "legacy" devices don't even support WPA or WPA2 encryption so then what?

Everyone should secure their networks as much as possible... no doubt about that... but each network configuration is different and must be secured to keep risk as low as possible within given parameters.
Did you even read the original post though? The OP is dealing with someone he apparently knows to be cracking WEP, so bluntly the answer is fairly obviously WPA. If they can crack WEP then MAC filtering and hiding the SSID are not going to be very effective either, even accepting your somewhat more relaxed approach to security.

Personally IMHO, if you have legacy hardware that doesn't support WPA it is time to replace it, not use it as an excuse to remain insecure.
 

Wotan31

macrumors 6502
Jun 5, 2008
491
0
Will you send me the funds to do that?
Really? :rolleyes: You're joking, right? You're buying a top-dollar premium brand computer (Apple) and you can't afford the $60 for a modern router? Heck you can find them used, on ebay for $30. You likely spend more than that each month for high speed internet service to your home.
 

AppleFan360

macrumors 68020
Jan 26, 2008
2,197
689
Really? :rolleyes: You're joking, right? You're buying a top-dollar premium brand computer (Apple) and you can't afford the $60 for a modern router? Heck you can find them used, on ebay for $30. You likely spend more than that each month for high speed internet service to your home.
It's more than one device and I don't feel like posting my entire network configuration here.

To the OP, sorry about getting this thread side tracked. I will stop posting.

BTW, as others have said, WPA2 is definitely your best bet.
 

Tex-Twil

macrumors 68020
May 28, 2008
2,478
10
Berlin
Is there an easy way for them to find the list of allowed MAC addresses without access to the allowed devices? I don't think so.
Yes there is. If you listen to the wifi traffic without any cracking, you can see the mac addresses of all devices that are communicating with the Access Point.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.