Author Topic: Epic Router Manuver  (Read 2214 times)

Offline Atariangamer

  • Dormant User
  • Snot Lord
  • *****
  • Thank You
  • -Given: 31
  • -Receive: 55
  • Posts: 11809
  • Keelah se'lai
Epic Router Manuver
« on: June 13, 2011, 12:02:25 AM »
Probably not possible.

I got a D-Link router, model available on request, but I've got a major question that could probably be knocked out immediately instead of based on hardware.

I've come across some older laptops with older wireless, mostly ones that can just handle G, but not necessarily WPA. More recently, I've acquired an older PowerBook with the original Airport in it. It can support G networks and the original WPA format, but AFAIK it can't handle WPA2, like my router currently is.

I don't want to drop the security level, but I was wondering if there was an ability to somehow provide an non-broadcast backdoor entrance that would require exact information to join, along side the public network. And not use WPA or anything. I don't want to drop the public network to WPA or WEP, but I can't raise the laptops to WPA or anything, so a hidden, WEP wireless in G mode, somehow...on the same router and stuff.

Any takers?  XD
Don't remember me as I was...I was an idiot.

Offline brain candy

  • Blue Blaze Irregular
  • Chex Master
  • ****
  • Thank You
  • -Given: 0
  • -Receive: 8
  • Posts: 3384
    • same old innocence
Re: Epic Router Manuver
« Reply #1 on: June 13, 2011, 10:19:06 AM »
You can chose not to broadcast your SSID (router name). You would just have to manually configure the clients with the right SSID. This isn't 100% effective though because one could still detect the SSID by sniffing different messages in the Wi-Fi protocol. Your wireless network is still there to be found, it's just harder and less obvious to someone trying to break in. You can run a DMZ in addition to this setup so that you'd have basically what you're asking for. You have your non-broadcast backdoor that requires exact info (they need to know the SSID and everything) and a DMZ public zone that anyone in range can access. You could also use VLAN to further isolate things and you can set rules limiting the access from one subnet to the other.

Another thing you can do with your D-Link is have it only assign IP addresses from a pre-approved pool of MAC addresses. Basically, you enter the MAC addresses for the wifi adapters on your devices that you want on the network and the D-Link will only give those devices an IP. This can easily be bypassed with MAC spoofing, but most people aren't running around with that kind of software on their PC.

Or you could turn off DHCP on the router, set a fixed IP address range, then configure each connected device to match. That way your router isn't handing out IP addresses to anyone who asks. Use a private IP address range (like 10.0.0.x) to prevent computers from being directly reached from the Internet.

Oh, and for broadcasting in B/G/N and whatnot, just broadcast in mixed mode. You can't pick and chose what broadcasts on what network unfortunately.

Offline Atariangamer

  • Dormant User
  • Snot Lord
  • *****
  • Thank You
  • -Given: 31
  • -Receive: 55
  • Posts: 11809
  • Keelah se'lai
Re: Epic Router Manuver
« Reply #2 on: June 13, 2011, 11:06:35 AM »
Darn...that's a bit more than I was thinking...

not to mention Its not exactly what I was thinking, either.

Interesting to note, though. I'll keep it in mind. Its just that I've got the house filled with computer illiterate people, and switching it up too much might cause problems XD
Don't remember me as I was...I was an idiot.

Offline brain candy

  • Blue Blaze Irregular
  • Chex Master
  • ****
  • Thank You
  • -Given: 0
  • -Receive: 8
  • Posts: 3384
    • same old innocence
Re: Epic Router Manuver
« Reply #3 on: June 13, 2011, 11:15:53 AM »
Oh yeah, the DMZ part. I read drop WPA and WEP + public network and thought DMZ style. My bad. :facepalm

You could setup your main SSID with your desired security settings (or keep the current ones as not to throw off your family) and create a virtual SSID (on the same VLAN as your main network) with the lower security requirements. Hopefully, in addition you can configure the new SSID to not broadcast itself, granting you that backdoor business. FYI, by itself multiple SSIDs offer no isolation, but I don't think that was your concern.

This is all very router dependent though.
« Last Edit: June 13, 2011, 11:19:26 AM by brain candy »

Offline Atariangamer

  • Dormant User
  • Snot Lord
  • *****
  • Thank You
  • -Given: 31
  • -Receive: 55
  • Posts: 11809
  • Keelah se'lai
Re: Epic Router Manuver
« Reply #4 on: June 15, 2011, 02:33:02 AM »
Well, you've emulated the router before. Maybe if you have some free time you could look into a DLink DIR-655 B1? else just a generic description of what I'm supposed to be doing would help XD


And I noticed something: The router has a selection of whether to use WEP, WPA Personal, or WPA Enterprise. Then below that, WPA or WPA2, and below that, AES or TKIP. There's also some descriptions, and it says that you can have the router accept both WPA or WPA2, and either cypher. but I've tried, and the Mac keeps kicking it off saying its the wrong Airport password. hrm...


Trying something now, saw a 'guest zone' feature where I can make a wireless network that only has internet access, but has full wireless protection. Gonna set it all to legacy WPA and see if it likes that better. EDIT: it doesn't. It connects to WEP fine, but I'd rather have WPA or no encryption (and there is no "don't broadcast SSID" option for the guest).

Is the fact the router is broadcasting in all 3 (B/G/N)? or that my password has numbers, caps and lowercase? or could it be that the Airport's supposed WPA ability is falsified.

EDIT: its the WPA. Original Airport cards and Basestations are wifi B only, and WEP only.

Yeah, so somehow to broadcast a hidden signal of just a simple WEP code I can use for older wireless cards would be nice.


UPDATE: DANG IT. So it appears that the original cards CAN handle WPA via software, but only the last and latest: 4.2. Guess what I have installed? 4.1

GUESS WHAT I CAN"T FIND?!?!?

4.2 for Tiger (as the other and more well known one doesn't work)
« Last Edit: June 15, 2011, 03:21:51 PM by Atariangamer »
Don't remember me as I was...I was an idiot.

Offline maryland1571

  • Bipedicus
  • **
  • Thank You
  • -Given: 0
  • -Receive: 0
  • Posts: 95
    • Maryland157
Re: Epic Router Manuver
« Reply #5 on: June 25, 2011, 08:56:08 AM »
Brain Candy was spot on with the suggestions.  But what I would do is check to see if there are any updates for the wireless cards in your laptops that might add WPA support.  Then you could use WPA with MAC address filtering/SSID broadcasting turned off.  If not you could use WEP with MAC address filtering/SSD broadcasting turned off.

The netcast Security Now! has covered WIFI quite a few times, you might want to check out the following episodes:
http://www.twit.tv/sn89
http://www.twit.tv/sn13
http://www.grc.com/sn/SN-011.htm

 


Web Hosting by InMotion Hosting