• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Understanding wireless security and wired traffic

C

Claudius-07

Member
Good day. I am hoping this does not sound too stupid. I have my house prewired. All my computers and server and media players are physically wired and connected to the main router. However my wife uses her ipad. Just for that I have had to enable wireless on my router. I am currently only using mac address filtering and obviously allow her ipad to connect. My big question: In theory the only thing that is communicating wirelessly is the ipad and thus even though I have not enabled encryption, it's just her crap that she does on her ipad that is not encrypted right. My router is not sending out anything that has to do it with its wired connections, which is the rest of my network?

I am sorry if this sounds stupid. Reason I ask is that when I tried to enable the bloody encryption WKA or whatever the recommended one is, the wireless connection slows down.... the range is less. It's a pain. Just having mac address filtering for that ipad, and no encryption and everything is sweet.
 
If your setup is typical your wireless is on the same network as your wired. The only thing standing between a stranger and your entire network is MAC filtering. Anybody will tell you that hackers can get around MAC filtering. In reality there probably isn't going to be anybody that cares enough to get in your network. There will be broadcast traffic (and probably a few other things) that will go out of the wireless connection. It's up to you but I would encrypt the wireless traffic.
 
Once someone is on your Network it does not matter wire or Wireless all is one network and shares can be accessed.

MAC number is easy to spoof, thus any nearby neighbor who knows a little about Wireless computers can try and succeed to connect to your Router and be on the Network that is part of it.

Today Routers are Not suppose to slow down when using WPA security.

I.e., either it is very old Router or a "Bad" one.



😎
 
JackMDS said:
Once someone is on your Network it does not matter wire or Wireless all is one network and shares can be accessed.
Click to expand...

Uhhhh passwords 😱, but yea best to keep them out in the first place.

JackMDS said:
Today Routers are Not suppose to slow down when using WPA security.

I.e., either it is very old Router or a "Bad" one.
😎
Click to expand...
Given slow down vs. no security, I could deal with a slow down.
Newer routers (faster CPU's) it's not an issue.
Encrypted wireless will almost certainly be faster than connection speed to the ISP.
No effect on wired speeds.

Now if someone leaches off of someone's connection because they failed to secure it, and downloads some kiddy porn, it comes back the subscriber to prove they didn't do it when they get arrested and all the computers taken as evidence.
 
An open AP (at the home level at least) = 100% full access to your network. MAC address filtering is so easy to get around I am not sure why they bother coding it in anymore. You need to encrypt using WPA or better or you may as well turn off everything and make it a free for all with full access to all your wired devices and internet connection.
 
To answer the OP's original query - Yes, it is basically just her crap on the wifi.

In a switched network - which yours most certainly is, the only traffic on the ports, are that traffic addressed to an address known to be ON that port, OR broadcast traffic.

So the porn traffic from your wired fap machine in the basement to either the internet or to your servers are not broadcast in the clear.

What is in the clear? Most attempts to discover addresses (DHCP traffic), Windows name resolution done via broadcast, certain multicast requests, and any traffic specifically broadcast.

That being said - everything folks have said above is basically true. There IS a measurable slowdown with WPA vs in-the-clear, but it ain't like WEP in the bad old days. Shouldn't cause any issues.

Operating in-the-clear with MAC filtering is worse than operating in-the-clear without. Essentially any malicious person or kiddy is going to see that and with tools ready to go with push buttons will clone your MAC and spoof you immediately. It is not any security at all and is bypassed every day within seconds. Once they have a MAC - they are on the network and see everything. It's like only answering your door if someone does the "shave and a haircut - two bits" knock.

You should enable at minimum WPA with a long complex password. WPA can be bruted by just logging the initial 4-way handshake from a listening radio. They don't need to be associated and they don't even need the MAC, though it is simple to get. WPA clients are susceptible to packet insertion, which makes them re-authenticate, giving the attacker the 4-way handshake they need. They take that 4-way handshake along with your SSID and can compute the password by brute-force. For an 8 character only lowercase password it'll take about a day to get the key, less if they pay for some cloud time. Add numbers, capitals and special characters and it gets exponentially longer. Your minimum should be 12 characters based not on a dictionary word with numbers, and special characters.

T4$_CLa/41!1 is a good password.
 
WPA can be brute forced, but as I recall you actually need to capture a LARGE amount of data. Like several hundred megs+. Not sure if this has changed recently. One of the benefits of just using an iPad is that there often isnt huge amounts of Wifi traffic in on sitting. On the other hand, there is the ability to tickle some routers to barf up a bunch of traffic randomly.

An even better password would be something like MyWifi123&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
Longer is better, entropy doesn't add much benefit providing you use a big enough character selection (upper and lower case, numbers & symbols).

And yes, I'll concur with the last poster, your network isnt broadcasting all your wired traffic over the wireless. However, someone could figure out your iPads MAC address, spoof it, connect to your network, and then potentially listen in on your wired traffic.

Also as stated, your router shouldn't be slowing down with WPA2 enabled. I'd recommend getting a new router.
 
Not sure if this has changed recently.
Click to expand...

Original WEP128 vulnerability required tons of data - both WPA and WPA2 only need the authentication "4-way handshake" (which you can force with a spoofed deauth packet), carry it off and brute it somewhere else. Using GPU's and even cloud services.
 
Thanks folks, been reading this back and forth. I got a new router, stopped messing around with the wireless settings and just put them on auto, like channel, speed, etc. Set the encryption and now I don't even notice it. Must have been either the old router or my bloody stupid attempt at trying to get stronger coverage or faster wifi, which honestly on her ipad, served little purpose.

Thank you again for all the explanations, I feel I have certainly learned a lot from this thread alone. PS also changed the key/phrase for the encryption. God I had to write it down, will never in a million years remember that, it's such a mess of characters, symbols and numbers.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top