Warning!!! Airport Base Stations

[robotrenegade]

I my network was just hacked today. They really didn't do anything other then change my basestation password and log me out. It could of been a lot worse. So I hard restarted it and made a new network, but this time I made it a close network. My password was 128 too!!!

 

[SilentPanda]

How do you know it was the direct fault of the basestation? Couldn't something have been set up incorrectly?

 

[robotrenegade]

I been using it for the pass 2 years. I can see about 6 other nextwork in my apt building.

 

[SilentPanda]

So how do you know it was hacked? I'm not calling you a liar or anything... I'm just curious... I'm theoretically getting wireless here next week and I don't know squat about it...

 

[robotrenegade]

Well, my internet just stopped. Then I picked my network and it said something like "Your bocked from this nextwork" and that also what the apple people said. I had no way of getting into unless I resetted it.

 

[mkaake]

well with a password like 128, what did you expect?



just kidding, for those of you with no sense of humor...

anyhew, sometimes password encryption isn't enough to protect a network, which is why they include other handy tools, like mac address filtering...

anyhew, i wouldn't put the fault on your base station... the tools are there to make it more secure...

matt

 

[hulugu]

WEP isn't perfect

Sounds like someone didn't just war-drive you (drove or walked by) but actually sat down and worked on your network. You must have WEP and you might want to consider enabling RADIUS which effectively hides you network so unless they know its there by knowing its name and the password they can't access it.
Futhermore, make sure your password is not a dictionary word or something easily found using a brute-force attack. Try a phrase or a password that has numbers, characters, and words.

Also, your admin password should follow these standards, but be more easily remembered.

 

[robotrenegade]

Originally posted by mkaake
well with a password like 128, what did you expect?



just kidding, for those of you with no sense of humor...

anyhew, sometimes password encryption isn't enough to protect a network, which is why they include other handy tools, like mac address filtering...

anyhew, i wouldn't put the fault on your base station... the tools are there to make it more secure...

matt

How do you mac address filtering?

 

[iJon]

you didnt get hacked. the ae basestations have some problems. mine did that all the time but firmware has fixed it over time.

iJon

 

[mkaake]

Originally posted by robotrenegade
How do you mac address filtering?

http://docs.info.apple.com/article.html?artnum=58571

matt

 

[Versello]

Re: WEP isn't perfect

Originally posted by hulugu
Sounds like someone didn't just war-drive you (drove or walked by) but actually sat down and worked on your network. You must have WEP and you might want to consider enabling RADIUS which effectively hides you network so unless they know its there by knowing its name and the password they can't access it.
Futhermore, make sure your password is not a dictionary word or something easily found using a brute-force attack. Try a phrase or a password that has numbers, characters, and words.

Also, your admin password should follow these standards, but be more easily remembered.

He could just disable SSID broadcast. RADIUS is for corporate wireless networks that have a need for centralized authentication.

The best thing to do would be to use WPA encryption instead of WEP. It's been said 128-bit WEP can be broken in like, 15 minutes if I'm not mistaken... but certainly in under a day. WPA is much more secure in that keys are renewed after X amount of time, thus always changing.

I use WPA on both my powerbook and Dell notebook with a Linksys 802.11g router.

edit: MAC filtering also isn't a 100% fullproof solution. Sure it'll stem the 'casual' war-driver, but if they're really determined they can spoof your MAC...

 

[mj_1903]

As well all know, the best protection is to not allow physical access to the network, so, why not turn down the transmitting power of the basestation?

Also, do as the above posted said. Move to WPA and apply a very difficult password. Letters, numbers and random characters do help a lot. Dictionary attacks, which are the most common type of script kiddy attack, are quickly neutralized then.

Of course, it could be the firmware going ape, so maybe you should make sure your firmware is up to date.

Mat

 

[hulugu]

Re: Re: WEP isn't perfect

Originally posted by Versello
He could just disable SSID broadcast. RADIUS is for corporate wireless networks that have a need for centralized authentication.

The best thing to do would be to use WPA encryption instead of WEP. It's been said 128-bit WEP can be broken in like, 15 minutes if I'm not mistaken... but certainly in under a day. WPA is much more secure in that keys are renewed after X amount of time, thus always changing.

I use WPA on both my powerbook and Dell notebook with a Linksys 802.11g router.

edit: MAC filtering also isn't a 100% fullproof solution. Sure it'll stem the 'casual' war-driver, but if they're really determined they can spoof your MAC...

I guess it like cars, you can do everything to secure it: alarm, club, keys, ignition lock, and yet cars still get stolen.
You can do everything you can, WEP, WPA, MAC filtering, etc. and someone can still hack your network. You're right, WPA is much more secure, and futhermore you are also right about RADIUS.

 

[pimentoLoaf]

Those wanting/needing to have a wireless Mac network should read this book before trying anything.

 

[Macette]

Originally posted by iJon
you didnt get hacked. the ae basestations have some problems. mine did that all the time but firmware has fixed it over time.

iJon

yep, me too. gave me a scare the first time.

 

[e-coli]

Originally posted by iJon
you didnt get hacked. the ae basestations have some problems. mine did that all the time but firmware has fixed it over time.

iJon

Happened to me as well. No worries.