Advice wanted regarding setting up WiFi - fun

Roy S. Rapoport rsr at inorganic.org
Thu Apr 1 18:23:14 PST 2004


Two men are walking in the woods.  In the distance, they hear a bear.  One
of the men puts on running shoes, so the other asks him why.  He says "So I
can escape the bear."  "Dude, you can't outrun a bear in those shoes!"

"That's OK, I don't need to outrun the bear, I just need to outrun you."

$DAYJOB is a financial services company.  We.  Don't.  Do.  Wifi.  

That's because if we did run Wifi, and you cracked it, and you cracked all
the other security mechanisms, you could walk away with $18,000,000,000 or
thereabouts.  And we're small.

At home, I have wifi.  If someone was to crack that, and crack the trivial
password on my PC server, they could <gasp> get access to my DVD images!
And my pr0n! Maybe even delete it!

Whatever.  I'm just not likely to be subject to an attack, so my goal is
not to outrun the bear, but to be somewhat less attractive than the house
next to me.

We can talk all day about how not perfectly secure a protocol is.  The art
of IT is in figuring out what the acceptable compromises are.

-roy

On Thu, Apr 01, 2004 at 06:59:27PM -0500, Chuck Yerkes wrote:
> Sometimes I'm amazed the messages make it through my Baysian filters...
> 
> Quoting Alvin Oga (alvin at Mail.Linux-Consulting.com):
> ...
> > and i'm not in favor of sending "everybody" a webpage and asking
> > them to login before they get authenticated for wireless connection
> > 	- they are already connected to get the webpage
> But perhaps not allowed access to the rest of the net.
> > 	- httpd, ssl, ssh has exploitable holes if its not patched
> and your point? 
> 
> > - secure wireless logins doesn't seem to be too trivial .. always got
> >   some form of gotchas
> low SO acceptance factor to demand that s/he ssh to a machine to enable
> authpf (obsd) to open access.  web page is easier and an 11 year old
> can figure it out (I tested)
> 
> > > As I said earlier, my existing firewall is a little box from Linksys.
> > those linksys puppies supposedly runs linux ...
> > 	- we should be able to replace it's wep app with a new one
> ah, that land of should.  I looked at a house there once.
> Let us know when you have PROM images.
> 
> > - using wep or not does not make much difference..
> > 	- "most" people's passwd is what??
> > 	( 50% uses password or some variation of it
> > 	( 25% uses their spouses names
> > 	( 10% uses their atm pin#
> Really.  You have some reference for this info?  Something you can cite?
> I think you're making it up.
> 
> Anyhow, personal passwords are not the same as a shared WEP key, so
> you fail to make a coherent point.
> 
> In our den is this month's wep key.  It's public for visitors.  If you can
> get to where you can see it, you can just plug into the LAN.  OTOH, if
> you plug into the LAN, you're still not trusted...
> And you still can't spam.
> 
> > 	- guess how long it takes for a pc to brute force it all
> About 100k packets and a few hours.  For a determined user.
> Guess how long it takes me to get into a slamlocked door?
> Guess how fast someone will come when the alarm goes off?
> 
> What is your point?  (use complete sentences)
> 
> > (one of the) ipsec howto
> > 	http://jcs.org/ipsec_wep/
> > 
> > rest of the nite-nite readingz...
> > 	http://www.Linux-Sec.net/Wireless
> 
> eliza dumps core trying to parse this.

-- 
"Don't be an asshole -- vote Democratic in 2004."



More information about the Baylisa mailing list