bikerdude on 14/4/2010 at 02:10

---

I assumed the router was for home use... also I have a non-std fixed IPs, so assuming said hackers, breaks the wifi, and byp[asses the address filtering, they have then gotta figure out what range Im using. And yes a proper FW would be the best route, but for the average tech savvie home use this should be sufficient.

bikerdude on 14/4/2010 at 10:53

---

You just reminded me, hiding the SSID is also a good idea.

dur4nd4l on 14/4/2010 at 17:20

---

No, it's not. Anyone with any know how can force your router to broadcast its SSID anyway. There are also tools out there for the script kiddies that will do this, so turning off SSID broadcasting is not security. Use a strong passphrase consisting of letters, numbers, special characters, and not consisting of any dictionary words. Change the router admin name and password immediately, and preferably just shut off wireless administration completely.

IP ranges are fairly limited, and honestly, have absolutely nothing to do with security, unless you were to use an extremely small subnet with very few wasted addresses. However, were you to do this with DHCP, it would be very easy for an attacker to simply cause a DOS by exhausting your DHCP pool. Using a "non-standard" range makes no sense at all: if I'm able to get through your encryption (WPA2, I would hope), then I can easily find out what IP address range you're using. All I have to do is RARP scan your network, and your router will tell me exactly which addresses are being used. The way IP addressing works, it's impossible to hide yourself with a "non-standard" range.

MAC address filtering really doesn't work that well, but the best way to implement it would be an EXCLUSIVE setting. Make sure that it's set to block ALL MAC addresses that AREN'T on the list, and just add the addresses of the devices you want. That way it's much harder to guess the MAC address of an allowed machine, especially since you pretty much need to be in the network to sniff the unencrypted addresses.

dur4nd4l on 14/4/2010 at 18:30

---

You make a good point, however, when you're talking about network penetration, you're more likely to have your neighbors do it than a wardriver. While opportunists look for the most easily accessible WLAN, a neighbor will look for the best possible connection. If that happens to be you, then obscurity doesn't help.

MAC address filtering, like an ACL, functions either exclusively or inclusively. Inclusive is a list that allows everyone to communicate except those on the list. Exclusive lists function the other way around: only addresses on the list are permitted to communicate/connect; all other addresses are blocked. If your MAC address filter can't do both, get a new router.

Al_B on 14/4/2010 at 22:03

---

Old news, I'm sure - but given the discussion I decided to do some experiments. With one of my laptops with Linux on it I installed kismet and the aircrack suite and took a scan of my own router. Router configuration: non-broadcast SSID, MAC filter exclusive and on (not including my Linux laptop) and WPA2 encryption. I had another laptop connected to the router which although not actively in use - has the typical background processes that like to communicate with the internet periodically. As my Linux laptop had previously used the router I changed both the SSID and password to make sure I had no cached information.

I expected to have to spoof de-authenticate my connected laptop - but it leaked the new SSID within a few seconds anyway. The laptop probing the network seemed to be the cause so if you have devices active then hiding the SSID wouldn't appear to be too effective.

To be fair - this wasn't revealed by my protected network. However, I agree that if the wireless security is breached then it would be fairly easy to find the addresses in use. The reason I suggested changing this to a non-default subnet is to try to avoid possible routing clashes with a VPN.

I had no problem picking up unencrypted MAC addresses so perhaps I've misunderstood what you mean.

In any case, my conclusion is pretty much unchanged. Hiding your SSID or adding a MAC filter makes your life harder - not any attackers. If you've got a decent password on the network and you're using strong encryption then that's sufficient for all reasonable purposes.