Home
Saturday, May 27, 2017
2:24:33 PM
Users online: 0   You are here >> Home > Networking

Forums | Networking Forums search
Forum FAQ
   
 Previous Page 1 | 2  
wirelsss with no encryption: safe?
TheSecret 
23/8/08 9:41:33 PM
Overlord
What kind of pretty wacky and far out internet based stuff do you do?

-----
Part of the inhumanity of the computer is that, once it is competently programmed and working smoothly, it is completely honest.

Master_Scythe 
23/8/08 10:21:30 PM
Titan

just stuff most people dont do on a day to day basis.

Shit like telnet, SSH, tunneling, MMS protocol, you name it really.

I wasnt implying i do something awesome, just that my 'day to day' habits are probably broader than most in terms of what I use my network for.

-----
4200+X2 939, ASUS A8N-SLI-D, Ati HD3850, 1gb,1tb total HDD, 109 DVD, LG DVD-rom.
Quote by Girvo
I've got a wicked tiny one that is ridiculously sensitive.



SquallStrife 
25/8/08 12:04:20 AM
Titan

Quote by Master_Scythe
I must disagree there. Not with the details, you're correct, but with it causing possible problems

By default, the Motorolla Surfboard optus Cable Modem has its DHCP enabled with a subnet mask of 255.255.240.0

which is out of the 'lan ip specs' you mention.



Just for those reading, the reason this is valid, is that even though 255.255.240.0 is classless, it would still be handing out addresses within one of the ranges I mentioned.

10.10.10.10/20 is still between 10.0.0.0 and 10.255.255.255. You're free to sub-subnet these ranges as you see fit.

Quote by Master_Scythe
Also, ive worked on uncommon subnets for a long time with no issues.

If there is a risk, I do some pretty wacky and far out internet based stuff. using multiple protocols others usually wont etc. and ive never hit an issue.



EDIT: I re read your post, and sorry, you're right. However I do work outside the predefined ip ranges, and i havent had issues. lucky maybe?



Yeah, lucky I'd say. If you try to hit a website or something that just happens to have an IP address that falls within your subnet, your router (or NAT box) won't try to route the packet, because it doesn't think it needs to.

It's pretty unlikely though.

A good example is Storck. http://www.storck.com/de/

They do something with food.

They also happen to be the proud owners of 193.168.0.0/24. ( http://www.db.ripe.net/whois?form_type=simple&full_query_string=&searchtext=193.168.0.0&a )

Looks like their website is hosted elsewhere but their mail server smtp2.de.storck.com is at 193.168.0.138.

You can see what would happen here, yeah?

It's a pretty obscure example, but it illustrates why you should use the predefined LAN ranges.

-----
Q6600 @ 3.6GHz | 8800GTS | XP x64 | Vista HP x64 | OSX 10.5.4

Quote by TinBane
The ONLY fuel saving benefit of this product, is that the car expends less energy to accelerate, because your wallet is lighter.

luser 
25/8/08 11:44:06 AM
Overlord

Using non-RFC1918 addresses on an internal LAN is

a) retarded, and
b) not a security improvement at all

Please stop dishing out ridiculous 'advice'.

-----
It's gonna be a glorious day!
I feel my luck could change.

SquallStrife 
25/8/08 12:03:02 PM
Titan

Quote by luser
Using non-RFC1918 addresses on an internal LAN is

a) retarded, and
b) not a security improvement at all

Please stop dishing out ridiculous 'advice'.



Mind mentioning who your wisdom is aimed at?

-----
Q6600 @ 3.6GHz | 8800GTS | XP x64 | Vista HP x64 | OSX 10.5.4

Quote by TinBane
The ONLY fuel saving benefit of this product, is that the car expends less energy to accelerate, because your wallet is lighter.

luser 
25/8/08 12:18:17 PM
Overlord

Uh, the person recommending using 'non-standard' LAN IP ranges - Master Scythe.

I'm agreeing with you ;)

-----
It's gonna be a glorious day!
I feel my luck could change.

kikz 
27/8/08 9:52:07 AM
Immortal

Wireless security. Turn it all off. No Security.

http://www.schneier.com/blog/archives/2008/01/my_open_wireles.html

-----
Q6600 | 4Gb PC6400 | 2 x 500Gb RAID 0 + 2 x 320 Gb RAID 0 | 19" Benq FP591 + 24" Samsung 245B + 19" Dell | 8800GTS 640 Mb + 8400GS 256 Mb | Gigabyte GA-P35-DS3P | Antec P182 | Corsair HX-620 | Thermalright 120 Extreme | Vista x64

segger 
27/8/08 6:30:42 PM
Guru

Well that's just stupid. Unless you don't care about your quota consumption, capacity utilisation and potential infection of hosts on your network with god knows what crap any 'visitors' carry with them (intentionally or otherwise).

-----
Random spam line #7:
Give her womb a good massage with your newly augmented pole

kikz 
27/8/08 7:49:32 PM
Immortal

Quote by segger
Well that's just stupid. Unless you don't care about your quota consumption, capacity utilisation and potential infection of hosts on your network with god knows what crap any 'visitors' carry with them (intentionally or otherwise).


That's the point. As Schneier has preached for years, security is only as tight as the weakest point. People should be running firewalls, virus scanners, using file access security (accounts), disabling guest etc., and tightening the security as best they can under the assumption that there is no wireless security. And then turning on WPA, disabling SSID etc. Most people assume their network is safe because they have a WPA/PSK on.

Obviously running an open network when you have limited quota is a bad idea.

-----
Q6600@3.2Ghz | 8Gb PC6400 | 2 x 500Gb RAID 0 + 2 x 320 Gb RAID 0 | 19" Benq FP591 + 24" Samsung 245B + 19" Dell | 8800GTS 640 Mb + 8400GS 256 Mb | Gigabyte GA-P35-DS3P | Antec P182 | Corsair HX-620 | Thermalright 120 Extreme | Vista x64

luser 
28/8/08 8:20:34 AM
Overlord

Quote by kikz
That's the point. As Schneier has preached for years, security is only as tight as the weakest point. People should be running firewalls, virus scanners, using file access security (accounts), disabling guest etc., and tightening the security as best they can under the assumption that there is no wireless security. And then turning on WPA, disabling SSID etc. Most people assume their network is safe because they have a WPA/PSK on.

Obviously running an open network when you have limited quota is a bad idea.



I think you've contradicted yourself. If security's only as tight as the weakest link, then by intentionally weakening your wireless network you're reducing the security of your entire system!

I'm still coming to terms with Schneier writing an article like that...

-----
It's gonna be a glorious day!
I feel my luck could change.

kikz 
28/8/08 10:16:25 AM
Immortal

Quote by luser
Quote by kikz
That's the point. As Schneier has preached for years, security is only as tight as the weakest point. People should be running firewalls, virus scanners, using file access security (accounts), disabling guest etc., and tightening the security as best they can under the assumption that there is no wireless security. And then turning on WPA, disabling SSID etc. Most people assume their network is safe because they have a WPA/PSK on.

Obviously running an open network when you have limited quota is a bad idea.



I think you've contradicted yourself. If security's only as tight as the weakest link, then by intentionally weakening your wireless network you're reducing the security of your entire system!

I'm still coming to terms with Schneier writing an article like that...


Clearly. What I didn't explicitly say was that by removing the huge fence at the front, the tiny little fence out the back becomes obvious. Fix that then put then restore big fence up the front. Security improved.

Or at least, that's how I'm going to interpret what Schenier is doing. It seems what he's implying then, is that securing your access point is less secure than the sum of all your other security.

-----
Q6600@3.2Ghz | 8Gb PC6400 | 2 x 500Gb RAID 0 + 2 x 320 Gb RAID 0 | 19" Benq FP591 + 24" Samsung 245B + 19" Dell | 8800GTS 640 Mb + 8400GS 256 Mb | Gigabyte GA-P35-DS3P | Antec P182 | Corsair HX-620 | Thermalright 120 Extreme | Vista x64

TheSecret 
28/8/08 9:02:56 PM
Overlord
He also writes all his passwords down and keeps them in his wallet, since if his wallet gets stolen he's screwed anyway. He is just taking a more life based approach to security, which while interesting, is not necessarily right. I guess it depends which is a bigger issue, people stealing bandwith or securing your data.

-----
Part of the inhumanity of the computer is that, once it is competently programmed and working smoothly, it is completely honest.

segger 
28/8/08 9:15:52 PM
Guru

Quote by kikz
It seems what he's implying then, is that securing your access point is less secure than the sum of all your other security.



Well duh. I didn't need him to tell me to open up my internets to the world to prove that point.

-----
Random spam line #7:
Give her womb a good massage with your newly augmented pole

SquallStrife 
29/8/08 12:01:13 PM
Titan

Quote by TheSecret
He also writes all his passwords down and keeps them in his wallet, since if his wallet gets stolen he's screwed anyway. He is just taking a more life based approach to security, which while interesting, is not necessarily right. I guess it depends which is a bigger issue, people stealing bandwith or securing your data.



I'd say its more the latter in the USA, the land of no quota 'Net plans.

-----
Q6600 @ 3.6GHz | 8800GTS | XP x64 | Vista HP x64 | OSX 10.5.4

Quote by TinBane
The ONLY fuel saving benefit of this product, is that the car expends less energy to accelerate, because your wallet is lighter.

Linux_Inside V2 
29/8/08 12:16:27 PM
Immortal

Not running firewalls doesn't affect people's ability to connect via WIFI

WPA2-PSK is secure as long as the password isn't a dictionary guessable one, if you're super paranoid you can change it every month or so to thwarte brute-forcers.

-----

kikz 
29/8/08 12:42:01 PM
Immortal

Quote by segger
Quote by kikz
It seems what he's implying then, is that securing your access point is less secure than the sum of all your other security.



Well duh. I didn't need him to tell me to open up my internets to the world to prove that point.


We're not all as smart as you.

-----
Q6600@3.2Ghz | 8Gb PC6400 | 2 x 500Gb RAID 0 + 2 x 320 Gb RAID 0 | 19" Benq FP591 + 24" Samsung 245B + 19" Dell | 8800GTS 640 Mb + 8400GS 256 Mb | Gigabyte GA-P35-DS3P | Antec P182 | Corsair HX-620 | Thermalright 120 Extreme | Vista x64

 Previous Page 1 | 2  
Forums | Networking