Setting Up a Router:
meandmine
redhowlingwolves at nc.rr.com
Sat Oct 3 05:48:22 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
James Michael Fultz wrote:
> * Pastor JW <pastor_jw at the-inner-circle.org> [2009-10-02 20:10 -0700]:
>> Wireless should be a convenience for yourself in your home not for others.
>> Exclusion based on MAC addresses is a quick and easy way to do just that.
>> You can also add encryption but it slows your access down thereby interfering
>> with your access more than deterring others. [...]
>
> WPA/WPA2 with AES and a key of significant length (>=40 characters) is
> currently unbreakable.
>
> MAC address is filtering is useless as a security measure.
>
> <http://www.oreillynet.com/pub/a/wireless/excerpt/wirlsshacks_chap1/>
>
> "The easy way is to select the network you are interested in (hit ss to
> sort by SSID, and arrow down to it if necessary) and then view the
> associated clients (hit c). Presto, you have a list of MAC addresses for
> clients that are using the network, and presumably are on the permitted
> MAC table. Wireless clients send their MAC address in the clear,
> regardless of whether the AP requires WEP or not."
>
> <http://blogs.zdnet.com/Ou/index.php?p=43>
>
> "... Once the MAC address is seen in the clear, it takes about 10
> seconds to cut-paste a legitimate MAC address in to the wireless
> Ethernet adapter settings and the whole scheme is defeated. MAC
> filtering is absolutely worthless since it is one of the easiest schemes
> to attack. ..."
>
>> [...] Ubuntu comes with a reasonable firewall and you can harden it
>> as you see fit to suit your circumstances.
>> [...]
>
> The firewall on your desktop computer does nothing about someone
> breaching the (in)security of your wireless AP and misusing your
> Internet connection.
>
As someone who does Internet security for a living, WPA w/AES is
currently unbreakable. Not to say it can't be done with knowledge of the
person who set the password.Ever figured you could guess the questions
of someone close to you when it comes to resetting passwords on Google?
Yahoo actually took action and changed the way they set that part of it up.
Anyway, TKIP has been broken, in a way. In a way that most people at
home don't have much to worry about.Too many variables to crack the key.
Although there are a few breakthroughs lately, it involves TKIP.
So, for the answer,yes AES is fine.
Scott
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEVAwUBSsblpaSvjvL7s/z0AQKLGAgAiLWb1UFQ+Ets4pP8+LorFvX5sbO8qf/r
SlBgbIXmYnd7adRL94nUT3S+p/Yh9LHW0ZK4MBDtT+Mo17plNPP/ChsWNVIzrHQ3
/xQj/JlkUTGTfA8S1lCiSyqDOKF3fBZsO9hcWlDPNRXnWgN4vQP9Avul34q7OPgl
YQs7NgHdPVzkq2diXLedcp04ddrm106mzRt6C2yT2zI2A87hmXDHZuiieiHzcnok
ps5eL1NTh6PJKEzIAXrzeqMzFUfogq/njZwMhR1o+ZerabLN0Zu/SsMt+1QfiB9K
fWBOiyo5K/jQin5bhqEqAMEAwpdmE9Mc/Z9dHN5YEtnYw++PgSvD7w==
=BClR
-----END PGP SIGNATURE-----
More information about the ubuntu-users
mailing list