some feature suggestions

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
pike2k
DD-WRT Novice


Joined: 25 Aug 2006
Posts: 4

PostPosted: Fri Aug 25, 2006 4:58    Post subject: some feature suggestions Reply with quote
Some thoughts that may or may not be a good idea ;)


* if someone enters wrong WPA* key say X times in a row, blacklist MAC adress (only liftable from settings) with option to do this even if it's in your allowed list and you have mac filtering on (in case someone spoofed your MAC)
* possibility to define a limit on number of wifi connections (limit has no practical usage, it's just an "alert threshold"), if limit is "bypassed" allow connection BUT alert admin via either email or IM (instant message)
* show more info in web interface what different Securitymodes really mean, for instance: WPA2-PSK-AES, how many bits strong encryption ?

_________________
[hr]xbmc projectmanager
Sponsor
GrumpY54gsv4
DD-WRT User


Joined: 07 Jun 2006
Posts: 286

PostPosted: Fri Aug 25, 2006 5:57    Post subject: Reply with quote
1) Why not but it means everyone can blacklist everyone else in your wifi connection.

2) "Max Associated Clients" in wireless -> advanced settings -> advanced wireless settings.

3) You can't compare 2 algorithms with their key size.

_________________
- WRT54gs v4 @ 225 Mhz - DD-WRT V24 vpn -
- SD/MMC Mod 128 MB - Serial port & JTAG -
- Diversity switch removed -


Last edited by GrumpY54gsv4 on Fri Aug 25, 2006 15:55; edited 1 time in total
pike2k
DD-WRT Novice


Joined: 25 Aug 2006
Posts: 4

PostPosted: Fri Aug 25, 2006 7:18    Post subject: Reply with quote
1. Yes, I suppose so, but atleast you would know someone was trying (and had already spoofed your MAC)
2. You misunderstand me here I think, but I don't know, because I can't find that setting (I'm using 23 SP2 2006/08/03). I can't tell for sure until I seen the setting though
3. Sorry compare what algorithms? I'm not comparing, I'm getting basic info

Let me rephrase an example:
Security Mode: WPA2-PSK (WPA2 Pre-Shared Key Only)
WPA Algorithms: AES
how strong is the encryption here ?

Or if we take another example: WPA Algorithms: TKIP+AES ?

regards

_________________
[hr]xbmc projectmanager
anectine17
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 1536
Location: Idaho

PostPosted: Fri Aug 25, 2006 8:49    Post subject: Reply with quote
1. Agree with Grumpy

2. Also agree with Grumpy....see below.

http://i68.photobucket.com/albums/i14/anectine17/untitled.jpg


3. I don't think it's my router's job to attempt to tell me objectively how good my pass keys are. That is WAY too subjective a question. Ridiculous.

_________________
Clear 4G Wimax.
Linksys WRT54G-TM w/14929 std-nokaid, fan-cooled, 2 GB SD mod, Primary Router.
Linksys WRT54G v.3 w/15230 std-nokaid, Client Bridge.
Linksys E2000 w/15200 "Big"
Linksys WRT54G v.4
La Fonera 2100, fan-cooled
Linksys WRT54G v.3.1
Linksys WRT54G v.1.1
Linksys WRT54GS v.1
2x Linksys WRT54G v.2.2

Peacock Thread - READ THOROUGHLY
rkramer
DD-WRT User


Joined: 07 Jun 2006
Posts: 71

PostPosted: Fri Aug 25, 2006 15:25    Post subject: Reply with quote
why blacklist the mac of someone who spoofed your mac? they obviously know how to change their mac, which is trivially easy, so they could easily crash your router with a couple lines of perl. (set random mac, try a couple attempts and get blacklisted, goto step 1 do this a couple thousand/million times and your router will be locked up solid)
GrumpY54gsv4
DD-WRT User


Joined: 07 Jun 2006
Posts: 286

PostPosted: Fri Aug 25, 2006 15:53    Post subject: Reply with quote
wiki, always the wiki :

http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

http://en.wikipedia.org/wiki/TKIP

_________________
- WRT54gs v4 @ 225 Mhz - DD-WRT V24 vpn -
- SD/MMC Mod 128 MB - Serial port & JTAG -
- Diversity switch removed -
fearphage
DD-WRT Novice


Joined: 27 Jul 2006
Posts: 15

PostPosted: Sat Aug 26, 2006 0:41    Post subject: Reply with quote
@grumpy: So you expect everyone to search wiki for AES and TKIP? Thats absurd.

The router is using and largely based around those technologies and it seems a very trivial task to just say a little splurge about each one in the Help section.

EDIT: What pike meant i think was to remove a mac from the whitelist (of allowed macs) once the wep/wpa/etc password was attempted a certain number of times thus requiring little to no more space than normal mac filtering

_________________
I wrote this post a long time ago... a real long time ago. It was the dopest post I ever wrote... in 94
pike2k
DD-WRT Novice


Joined: 25 Aug 2006
Posts: 4

PostPosted: Sat Aug 26, 2006 3:36    Post subject: Reply with quote
ok, take 2 on explaining this when I'm not fresh awaken, just the first idea for now:

Idea #1

Explanation: If someone enters wrong WPA/WPA2 key X times (definable), disable/remove MAC adress from WHITELIST (only liftable from settings).

Motivation: If you use WPA2-PSK and someone managed to spoof your MAC, they are halfway done in getting access. If you only have 1 allowed MAC, this would essentially disable WiFi for the person trying to gain access. This improves security I think.

_________________
[hr]xbmc projectmanager
Matthiaz
DD-WRT Guru


Joined: 12 Jun 2006
Posts: 635

PostPosted: Sat Aug 26, 2006 15:04    Post subject: Reply with quote
pike2k wrote:
Motivation: If you use WPA2-PSK and someone managed to spoof your MAC, they are halfway done in getting access. If you only have 1 allowed MAC, this would essentially disable WiFi for the person trying to gain access. This improves security I think.

Eh, spoofing a single MAC doesnt mean you are halfway into breaking a WPA2 secured network, my friend... It's not even the beginning, just spoofing. A decent password does provide enough security!
And if you're worried about people breaking in: disable WLAN and use cabled LAN <- that's most secure.
mjr
DD-WRT Novice


Joined: 02 Aug 2006
Posts: 26

PostPosted: Sat Aug 26, 2006 20:11    Post subject: How about a real key... Reply with quote
Just go here, get a REAL strong key, use it, don't tell anyone what it is, and don't worry about it...

http://www.grc.com/passwords.htm
pike2k
DD-WRT Novice


Joined: 25 Aug 2006
Posts: 4

PostPosted: Sat Aug 26, 2006 20:35    Post subject: Reply with quote
these must be the most RETARDED forums I've visited in a long while! (and for the special people, retard means slow)

Ok, so maybe it's not 50% (when I have mac whitelist enabled), but come on, is it really such a bad idea to have one more option that will IMPROVE security ?

If you think it doesn't IMPROVE, sure let me know, but don't shoot it down just because "a strong password is secure enough". EVERYTHING GET HACKED sooner or later, and why not have a method in place when it does get hacked? I'm not saying an option like this should be default enabled for everyone...

_________________
[hr]xbmc projectmanager
anectine17
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 1536
Location: Idaho

PostPosted: Sat Aug 26, 2006 22:01    Post subject: Reply with quote
pike2k wrote:
these must be the most RETARDED forums I've visited in a long while! (and for the special people, retard means slow)

Ok, so maybe it's not 50% (when I have mac whitelist enabled), but come on, is it really such a bad idea to have one more option that will IMPROVE security ?

If you think it doesn't IMPROVE, sure let me know, but don't shoot it down just because "a strong password is secure enough". EVERYTHING GET HACKED sooner or later, and why not have a method in place when it does get hacked? I'm not saying an option like this should be default enabled for everyone...


You know, Pike....I don't like the term "retarded" because it's derogatory to mentally challenged people...particularly children. But since you have chosen to use the term here, then I suggest you read over your intial post that started this thread, and consider that it is more than likely YOU that is retarded. Your whole concept blows goats!! Now go to your super secret hacker sites and be a good little boy/girl/other, OK?? Have a nice day...somewhere else.

_________________
Clear 4G Wimax.
Linksys WRT54G-TM w/14929 std-nokaid, fan-cooled, 2 GB SD mod, Primary Router.
Linksys WRT54G v.3 w/15230 std-nokaid, Client Bridge.
Linksys E2000 w/15200 "Big"
Linksys WRT54G v.4
La Fonera 2100, fan-cooled
Linksys WRT54G v.3.1
Linksys WRT54G v.1.1
Linksys WRT54GS v.1
2x Linksys WRT54G v.2.2

Peacock Thread - READ THOROUGHLY
fearphage
DD-WRT Novice


Joined: 27 Jul 2006
Posts: 15

PostPosted: Sat Aug 26, 2006 23:46    Post subject: Reply with quote
What's up with all the ass-hattery and douchebagged-ness?

The concept is unique. I like it. I probably wouldn't use it but I like it. The strength of the key is not the issue here. Neither is finding a good password. The issue is just that there would be some sign that hackers are active. There is currently no way to determine if someone is trying to compromise your network. On a linux box you will have logs of nefarious user attivities via syslog. This just seems like a way to make known that something is afoot. Why is that such a horrid idea? From the attackers point of view, it is a boon that most routers keep no track of failed wep attempts. So they can try a dictionary attack on your router (guessing millions of common passwords) and you will never know this. I wouldn't mind knowing when I'm being attacked. Call me crazy I guess.

_________________
I wrote this post a long time ago... a real long time ago. It was the dopest post I ever wrote... in 94
scott
DD-WRT Novice


Joined: 11 Jun 2006
Posts: 7

PostPosted: Sun Aug 27, 2006 0:07    Post subject: Re: How about a real key... Reply with quote
mjr wrote:
Just go here, get a REAL strong key, use it, don't tell anyone what it is, and don't worry about it...

http://www.grc.com/passwords.htm


I like this one better: http://www.kurtm.net/wpa-pskgen/


For wep: http://www.warewolflabs.com/portfolio/programming/wlanskg/wlanskg.html
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum