Posted: Fri Aug 25, 2006 4:58 Post subject: some feature suggestions
Some thoughts that may or may not be a good idea ;)
* if someone enters wrong WPA* key say X times in a row, blacklist MAC adress (only liftable from settings) with option to do this even if it's in your allowed list and you have mac filtering on (in case someone spoofed your MAC)
* possibility to define a limit on number of wifi connections (limit has no practical usage, it's just an "alert threshold"), if limit is "bypassed" allow connection BUT alert admin via either email or IM (instant message)
* show more info in web interface what different Securitymodes really mean, for instance: WPA2-PSK-AES, how many bits strong encryption ? _________________ [hr]xbmc projectmanager
1. Yes, I suppose so, but atleast you would know someone was trying (and had already spoofed your MAC)
2. You misunderstand me here I think, but I don't know, because I can't find that setting (I'm using 23 SP2 2006/08/03). I can't tell for sure until I seen the setting though
3. Sorry compare what algorithms? I'm not comparing, I'm getting basic info
Let me rephrase an example:
Security Mode: WPA2-PSK (WPA2 Pre-Shared Key Only)
WPA Algorithms: AES
how strong is the encryption here ?
Or if we take another example: WPA Algorithms: TKIP+AES ?
why blacklist the mac of someone who spoofed your mac? they obviously know how to change their mac, which is trivially easy, so they could easily crash your router with a couple lines of perl. (set random mac, try a couple attempts and get blacklisted, goto step 1 do this a couple thousand/million times and your router will be locked up solid)
@grumpy: So you expect everyone to search wiki for AES and TKIP? Thats absurd.
The router is using and largely based around those technologies and it seems a very trivial task to just say a little splurge about each one in the Help section.
EDIT: What pike meant i think was to remove a mac from the whitelist (of allowed macs) once the wep/wpa/etc password was attempted a certain number of times thus requiring little to no more space than normal mac filtering _________________ I wrote this post a long time ago... a real long time ago. It was the dopest post I ever wrote... in 94
ok, take 2 on explaining this when I'm not fresh awaken, just the first idea for now:
Idea #1
Explanation: If someone enters wrong WPA/WPA2 key X times (definable), disable/remove MAC adress from WHITELIST (only liftable from settings).
Motivation: If you use WPA2-PSK and someone managed to spoof your MAC, they are halfway done in getting access. If you only have 1 allowed MAC, this would essentially disable WiFi for the person trying to gain access. This improves security I think. _________________ [hr]xbmc projectmanager
Motivation: If you use WPA2-PSK and someone managed to spoof your MAC, they are halfway done in getting access. If you only have 1 allowed MAC, this would essentially disable WiFi for the person trying to gain access. This improves security I think.
Eh, spoofing a single MAC doesnt mean you are halfway into breaking a WPA2 secured network, my friend... It's not even the beginning, just spoofing. A decent password does provide enough security!
And if you're worried about people breaking in: disable WLAN and use cabled LAN <- that's most secure.
these must be the most RETARDED forums I've visited in a long while! (and for the special people, retard means slow)
Ok, so maybe it's not 50% (when I have mac whitelist enabled), but come on, is it really such a bad idea to have one more option that will IMPROVE security ?
If you think it doesn't IMPROVE, sure let me know, but don't shoot it down just because "a strong password is secure enough". EVERYTHING GET HACKED sooner or later, and why not have a method in place when it does get hacked? I'm not saying an option like this should be default enabled for everyone... _________________ [hr]xbmc projectmanager
these must be the most RETARDED forums I've visited in a long while! (and for the special people, retard means slow)
Ok, so maybe it's not 50% (when I have mac whitelist enabled), but come on, is it really such a bad idea to have one more option that will IMPROVE security ?
If you think it doesn't IMPROVE, sure let me know, but don't shoot it down just because "a strong password is secure enough". EVERYTHING GET HACKED sooner or later, and why not have a method in place when it does get hacked? I'm not saying an option like this should be default enabled for everyone...
You know, Pike....I don't like the term "retarded" because it's derogatory to mentally challenged people...particularly children. But since you have chosen to use the term here, then I suggest you read over your intial post that started this thread, and consider that it is more than likely YOU that is retarded. Your whole concept blows goats!! Now go to your super secret hacker sites and be a good little boy/girl/other, OK?? Have a nice day...somewhere else. _________________ Clear 4G Wimax.
Linksys WRT54G-TM w/14929 std-nokaid, fan-cooled, 2 GB SD mod, Primary Router.
Linksys WRT54G v.3 w/15230 std-nokaid, Client Bridge.
Linksys E2000 w/15200 "Big"
Linksys WRT54G v.4
La Fonera 2100, fan-cooled
Linksys WRT54G v.3.1
Linksys WRT54G v.1.1
Linksys WRT54GS v.1
2x Linksys WRT54G v.2.2
What's up with all the ass-hattery and douchebagged-ness?
The concept is unique. I like it. I probably wouldn't use it but I like it. The strength of the key is not the issue here. Neither is finding a good password. The issue is just that there would be some sign that hackers are active. There is currently no way to determine if someone is trying to compromise your network. On a linux box you will have logs of nefarious user attivities via syslog. This just seems like a way to make known that something is afoot. Why is that such a horrid idea? From the attackers point of view, it is a boon that most routers keep no track of failed wep attempts. So they can try a dictionary attack on your router (guessing millions of common passwords) and you will never know this. I wouldn't mind knowing when I'm being attacked. Call me crazy I guess. _________________ I wrote this post a long time ago... a real long time ago. It was the dopest post I ever wrote... in 94
