How secure is this wireless connection?

armatage · 8 Apr 2007 at 15:43

I used to have WPA encryption setup on my wireless but as I'm running my server upstairs linking to the wireless router downstairs and communication between my games pc and server had to go over 2 wireless connections to get there it was problematic at best.
So I made the wireless connection via a wireless bridge using 2 Buffalo Airstations 54G but in bridging mode they only support 128 bit WEP encryption but there is a setting that stops clients logging on wirelessly to the AP's and I'm not broadcasting the SSID. This means that my games pc and the server share the same switch so can communicate faster.
My server has DHCP setup so that only network cards with MAC addresses in the reservation section are given an IP address.
The internal subnet address is 10.100.100.x / 255.255.255.240 so only allows 14 hosts and the IP is very hard to guess because it's not a well used subnet mask.

Can someone still hack the wireless connection and change the settings on the AP's to enable wireless clients logging on?

How secure would you say this is?

DeeJay-Mo · 8 Apr 2007 at 16:18

Someone could quite easily crack the WEP key. Whether they'd be able to do anything after that is less clear. If some determined leet hacker was to have a bash they'd probably get somehwere, but in my experience most of them tend to go for easy targets and if you take some steps to protect yourself, your less likely to become a victim.

Massive Attack · 8 Apr 2007 at 21:33

do the buffalo airsations have access control? i.e only allowing IP/MAC address u choose, as said above WEPs can be broken easily, might be worth thinking about upgrading them to ones which support WPA-PSK/access control.

tolien · 8 Apr 2007 at 21:36

Once the encryption is gone, MAC address filtering is a waste of time, and anything that's transmitted over the connection can be read.

teulk · 8 Apr 2007 at 23:01

I always wondered about this hacking wireless connections thing, then i thought...........given the distance that it will broadcast over i decided not to worry that much. Lets face it if someone was to hack and use my wireless connection 1. they would only be able to use it when im using my internet. 2 they would have to be sitting outside my house or in a house next door.......I dont worry anymore

armatage · 9 Apr 2007 at 09:46

My problem with someone hacking my wireless is that they could use my IP to release virus’s onto the net and there’s a good chance that it could be traced back and also that person could: -

a) use my connection to download child pornography
b) save this type of images onto my machine and call the cops

even though the chance of this is very low but I hate people that look at/harm children with a passion so want to minimize the risk.

teulk · 9 Apr 2007 at 14:03

armatage said:
My problem with someone hacking my wireless is that they could use my IP to release virus’s onto the net and there’s a good chance that it could be traced back and also that person could: -

a) use my connection to download child pornography
b) save this type of images onto my machine and call the cops

even though the chance of this is very low but I hate people that look at/harm children with a passion so want to minimize the risk.

Well i can understand your reasons for having a secure network but given the effective range of a wireless network in reallity it would have to be a neighbour who would be hacking your network if anyone at all..............i guess you dont trust your neighbours then

armatage · 9 Apr 2007 at 15:01

teulk said:
Well i can understand your reasons for having a secure network but given the effective range of a wireless network in reallity it would have to be a neighbour who would be hacking your network if anyone at all..............i guess you dont trust your neighbours then

I'd happly shoot them

But you could get someone roaming around in a car

chimaera · 10 Apr 2007 at 16:00

Could give powerline a go, personally i'd say if the distance between your devices is so large that you need to bridge a number of routers together then you might find the powerline approach would save you a lot of hassle.

Caged · 10 Apr 2007 at 17:53

teulk said:
Well i can understand your reasons for having a secure network but given the effective range of a wireless network in reallity it would have to be a neighbour who would be hacking your network if anyone at all..............i guess you dont trust your neighbours then

Depends what AP you're using. I have a Netgear WG102 in my loft and that will give a nice 4-5 bar signal down the end of the road. Because of this it means I run WPA2 to keep people out of it.

PhillyDee · 10 Apr 2007 at 18:04

Powerline could be read down the street with the correct adaptor just the same as wireless as they are all on the same 'connection.' Read that somewhere. At the end of the day, if you want maximum security, just drill through the walls and run cat5 round the house.

matja · 10 Apr 2007 at 18:30

As stated previously, MAC filtering is a waste of time. In fact, I'm having to spoof the MAC address of my other machine to access the internet right now because my housemate isn't back from work yet to add this machine to the router...

Una · 10 Apr 2007 at 19:54

I have a Helix Antenna here I can use for wireless and you can get some quite big distances out of it. What most people think is just because their network can't be seen with normal equipment that range will secure it. That is not the case if you got specialist gear.

As mentioned above MAC address's are simple to spoof and WEP is pretty trivial to crack (especially 128bit)...

On linux its just a case of 1 command, ifconfig [interface name] hw ether [new MAC address]

chimaera · 11 Apr 2007 at 09:04

PhillyDee said:
Powerline could be read down the street with the correct adaptor just the same as wireless as they are all on the same 'connection.' Read that somewhere. At the end of the day, if you want maximum security, just drill through the walls and run cat5 round the house.

I read an article that tested this once, and although the signal could be detected up to 2 houses away from the source, it was unable to connect to any pages or actually do anything due to the high degree of packet loss.

Plus each plug comes with an encryption ID, you can force the master plug at the router to only accept connections from ID's that have been manually input.

Its more secure than wireless, but as you say, less so than cat5.