Ok, I own a wrt54g v 6.0 router with windows xp pro. What security mode should I be using?

I only have one other computer in the household I want to share the internet with.

It offers wpa, wpa2, wep, radius.

I've enabled dmz because I already have a firewall, but don't want anyone else borrowing my internet.

And, I've allowed anonymous requests because I use some torrent programs which need that feature or state they do.

I've set the wireless network mode to be mixed between B & G (if that matters)

Here's my advanced settings

[i]

Also, as a subquestion, if I wanted to freely transfer files between this computer and that one how would I do that, and could I do that if the other computer is windows 2000 based op.

10/6/2006 10:06:50 PM

Why do you have a DMZ in this scenario? What are you running that requires one? http://en.wikipedia.org/wiki/Demilitarized_zone_%28computing%29

Depending on what wireless card you have will determine the level of wireless security you can implment. I've got three different wireless cards, one supports WEP, another WPA, another WPA2. I only have two computers actively in use, so I use WPA by default.

Quote :

"Also, as a subquestion, if I wanted to freely transfer files between this computer and that one how would I do that, and could I do that if the other computer is windows 2000 based op"

The easiest way would be to setup File and Print sharing, using the Windows XP computer as the host/server, and setting up the firewall to only allow to the other computer's static IP over the FPS ports. Otherwise, setup a secure FTP server on a non-standard port. Couple different ways to do this ... OpenSSH is free, but not intuitive/friendly. VShell is easy but commercial/expensive.

If you are truly concerned about security, you should lock down your operating systems. Google up "CIS NG" and run the scoring tool. Any settings that need to be adjusted can be found via Google. It takes about 10-20 hours to tweak everything ... fair warning, it will break a couple things along the way. And finally, never run your main account as an administrator all the time ... this will improve your security by a million times. Good luck.

10/7/2006 8:45:09 AM

Don't use DMZ unless you absoluetly have to....

I dont understand why you think enabling it will keep people from using your internet...

If you dont want people using it just encrypt it or use the mac address filter to keep out everyone but your clients....

I personally use wep 128 bit... Wired Equivilency........

10/7/2006 5:12:38 PM

I never said it would stop people from using my internet, I just use it because the linksys router does not offer a firewall off option, and I cannot get thibor or rice on wrt54g.

10/7/2006 9:52:20 PM

see this thread: http://www.thewolfweb.com/message_topic.aspx?topic=435392

you know that you can forward ports right??

10/7/2006 10:16:02 PM

I updated my router's firmware to dd-wrt's so I cant double check, but I thought that there was an option to cut off the firewall.. and yeah, port forwarding would be better than just turning it off...

WEP seems to be the preferred for most people, its fairly simple. if you're parinoid use WEP + a mac filter and you'll keep most people away...

http://www.linksysinfo.org/portal/forums/showthread.php?t=47282 (link from the other thread) says you can use DD-WRT micro on a wrt54g v6

10/7/2006 10:40:49 PM

anyone savvy enough to break WEP is savvy enough to change their mac address to a non blocked one

10/7/2006 11:55:26 PM

I would think that the mac filter would usually be used to allow only those mac addresses that you want accessing the network instead of blocking mac addresses

10/12/2006 11:01:58 AM

If you can break WEP, you can sniff out source mac addresses and spoof allowed addresses trivially.



I leave my shit wide open and rely on upper layer security (IPSec, SSL) to protect me when needed.

10/12/2006 11:16:28 AM

i agree with bdigital - although i run the lowest wep just to keep out 99% of the people

10/12/2006 11:23:20 AM

I'll probably do something like that if i ever have a PC that's always up. Right now, the only computers that are on my home network are my work laptop, and my wife's school one.

but i need to to have a dedicated porn machine. keeping it all on a USB hdd is getting old.

10/12/2006 11:27:11 AM

newegg has cheap 320gig perpendicular sata drives. Time to make a porn drive array.

10/12/2006 11:53:54 AM

enable mac filtering

dont broadcast ssid

enable the highest encryption your adapter supports... try for wpa2

10/12/2006 12:03:35 PM

it's always a good idea to spoof your MAC address when cracking WEP, even if you aren't trying to evade MAC filtering ;-p

oh, and there isn't much point in using a dictionary word for your wireless password, or as the plaintext for key generation

[Edited on October 12, 2006 at 12:57 PM. Reason : *]

10/12/2006 12:54:31 PM

Quote :

"enable the highest encryption your adapter supports... try for wpa2"

Good advice.

This thread isn't what I thought it would be. Tech talk needs more good threads

10/12/2006 1:09:23 PM

^^^ oh and i would change the gateway ip address from the default 192.168.x.x to something different like 12.55.1.10 or something

also ensure you use a good password on the router, change it from the default admin,password or whatever your router uses to something strong.

10/12/2006 1:22:00 PM

or just disable remote management.

10/12/2006 1:25:07 PM

^^^

why don't you make some, biatch?

10/12/2006 1:47:52 PM

Quote :

"you know that you can forward ports right??"

I posted in that thread a while ago, you jackass.

I think wep is fine for now, it's the only option the adapter offers. I've started to get a shitload of popups from zonealarm from when I shut down dmz, like from random addresses always trying to access different udp ports.

10/12/2006 3:50:27 PM

Quote :

"If you can break WEP, you can sniff out source mac addresses and spoof allowed addresses trivially."

There are so many fallacies in this statement, I don't know where to begin. This is not always true in most cases.

Quote :

"or just disable remote management."

Another dad-gom false statement. Or least not the "best" advice. But hey.

[Edited on October 14, 2006 at 11:15 PM. Reason : .]

10/14/2006 11:05:12 PM

Quote :

"There are so many fallacies in this statement, I don't know where to begin."

is this your answer for everything? you said the same EXACT thing in the cisco thread but like always you neglect to expand... it's just such a lame response only enforcing the perception that your a n00b not knowing what the hell your talking about.

if you read his post it's easily explained as
"if 'someone' knows how to crack WEP, there's a good chance they know how to spoof MAC addresses as well", just READ it for crying out loud.

the last time you responded like this it was to a sentence 8-9 words long, i can't imagine how you "couldn't know where to begin"

Quote :

"This is not always true in most cases."

wtf, talk about being vague...

Earl, your posts lack content, please if you have nothing to contribute, don't post. kkthx.


Here's the basic breakdown IMHO:

If you have your computer locked down w/ a decent firewall and have file/print sharing disabled and want to run your wireless router wide-open, do it.

If you don't want to share your wireless network with everyone but aren't concerned about hardcore hackers, just enable ANY of the basic encryption methods and you'll be fine.

If you have highly sensitive data you'll basically want to incorporate all of the aforementioned methods... disable SSID broadcast, enable MAC-filtering, use the highest level of encryption you can depending on what type of NIC's you have (wep<wpa<wpa-radius<wpa2), use a complex admin password, disable web management for your router, etc.. etc..

[Edited on October 15, 2006 at 12:11 AM. Reason : .]

10/15/2006 12:06:54 AM

PM from earl

Quote :

"Okay, I know you don't know much about football. But I atleast thought that you'd have an iota of intelligence about technology (see tech talk thread about router sec). You just made yourself look silly back there, my man. Earl "

OH NOES NERD FIGHT.
Earl, there's a fantastic chance that half of this thread knows more about network security than you do. The difference is, we get paid to apply our knowledge in this area, and aren't going to waste time arguing with your contrarian bullshit.

10/15/2006 12:26:48 PM

Quote :

"There are so many fallacies in this statement, I don't know where to begin."

I think you don't know where to begin because you have no idea what you're talking about. I went back and looked at your posts in tech talk. Almost all of them are ridiculous claims of technical prowess without a single post actually displaying any understanding, comprehension, or insight into any of the topics at hand.

If you do indeed actually have any semblance of a technical skill set, I'd suggest you start showing it, or I'm going to just assume that you're trolling. You've already caused multiple threads to degenerate into mindless bickering and I'll either start deleting your posts or suspend your account.

10/15/2006 1:10:05 PM

Why would you suspend me? Where did I err? Im not allowed to disagree with you? The last time I tried to say or explain myself, you edited my post and made it say "I am a homosexual". I think im just going to refrain from communicating with you. Because its evident now that you have something against me, and I have no clue what it is.

Quote :

"You've already caused multiple threads to degenerate into mindless bickering"

I don't know what you're talking about here. I don't communicate in many threads, and the ones that I have contain full of sound claims supported by evidence/backing.

Quote :

"If you do indeed actually have any semblance of a technical skill set, I'd suggest you start showing it,"

I have no problem with that, its a very simple thing for me to execute. Im very effecient in the field of tech, but I just sometimes struggle with some of the posts here b/c they lack skill or knowledge. Thats just the problem "I" have. But you're right, I do fail to explain myself.


[Edited on October 15, 2006 at 1:50 PM. Reason : .]

10/15/2006 1:31:09 PM

Wow, I'm not going to step between this catfight, but does anyone know what would cause zonealarm to have constant popups?

Like every .5 seconds some udp port is trying to be accessed from a random i.p

10/15/2006 2:24:17 PM

Quote :

"There are so many fallacies in this statement, I don't know where to begin. This is not always true in most cases."

waiting for an explanation...

10/15/2006 9:27:59 PM

You won't get one. He'll flood this thread with allusion to previously stated 'fact', while adding nothing credible or worthwhile to the topic at hand.

10/15/2006 9:38:19 PM

Quote :

"I don't communicate in many threads, and the ones that I have contain full of sound claims supported by evidence/backing."

Heh, I'm still waiting on you to post some links so we can continue our intellectual discussion:
http://www.thewolfweb.com/message_topic.aspx?topic=431309&page=2#9270134

To those in Tech Talk who don't frequent The Loungue or Sports Talk much, these are classic Earl-type posts which can ruin a thread. Please disregard posts which may otherwise bring a thread off topic.

firm, you may want to look more for a ZoneAlarm firewall analysis tool to help you figure out what's going with your ports. Random traffic should be expected ... it's the frequency in what ports get hit and by which ips (or ranges of ips) you might want to use as a start. I personally don't know of such a tool, but might want to Google something up.

[Edited on October 15, 2006 at 11:00 PM. Reason : .]

10/15/2006 10:57:18 PM

sent a PM, since this thread seems to kinda be off topic at this point

10/15/2006 10:58:45 PM

^ right you are.

Firmbutt, if you still have questions, go ahead and start another thread.

10/16/2006 8:07:25 AM