Unallowed access

Hello,

I have a Sitecom WL-114 wireless router who gives IP-addresses through DHCP to my laptop (wireless) and my Linux firewall PC (wired). Behind my firewall PC are some other computers (wired via a switch) with static IP-addresses. On my Linux machine all services are disabled from the Internet.

My wireless network is secured with WEP (128 bits) and MAC-control. The passwords are not logical and I'm using multiple meta-characters in my passwords. SSID is NOT disabled because I cannot disable it in my routerconfiguration.

Last days I'm getting this message in my routerlogs:

Unallowed access from 00-80-48-26-F6-D7

This is not the MAC-address from my router or any of my PC's. I know there's another secured wireless network in my neighbourhood. Is this just a PC from that network who's 'surfing' along my router or is there really someone on my router/network? If not, then why is my routerlog displaying the message: unallowed ACCESS...

Does anyone know what the reason for this is, 'cause Google didn't give me a satisfying answer.

Jack

You should better change that. Maybe WPA would be a good idea, maybe an encrypted VPN.

WEP is unsecure and "MAC control" does not help at all.

The important point is to have enough entropy in the password.

You don't need to disable it. It would not help at all.

Yours, VB.

They're not comparable at all. WEP and WPA are encryption standards. WPA is *currently* considered uncrackable as long as the keys are sufficiently long. That will change eventually of course.

802.1x is port control -- think of as key control, to rotate your WEP keys. Use WPA with a really long key instead and change it from time to time. I'm not an expert in this particular area though, I'll defer to greater expertise on 802.1x

Radius is for authentication. It's a good idea to add authentication; that's a whole different discussion becuase how you implement it tells the story of how good it is If it's tied to simple text user/pass combos, it's close to useless. If it's tied to good tokens, it's nearly unassailable. Radius and the server it's tied to help you know that the person connecting is who you think, within the constraints of the authentication method you choose with it. This can give you some protection if a fully configured laptop is stolen or compromised -- but this again is a separate issue aside from what encryption you use.

Ultimate security for wireless uses WPA with long keys allowing only IPSec traffic, and VPN software clients using token authentication on the tunnels.

But it's no fun to take care of such a setup.

-Russ.

Thanks guys for your help and explanation. So WPA would be better for me, but I just read about 802.1x and Radius. Is that the best there is at this moment? And how does that work? Because I read you have to enter a Radius server IP and a Radius shared key.

What's the exact difference with WEP and WPA compared to Radius?

X-No-Archive: Yes

And the one thing he should note is that if someone is using something like a Super Cantenna, or one of many atenna designs for boosting a WiFI signal, they could be hitting his WiFi from quite a ways away. I read once that a Pringles can or a Super Cantenna can, under the right conditions, hit an access point up to 10 miles away. Whoever is hitting his access point could be doing it from up to 10 miles away.

I doubt it would be that far, as signal propagation times would become an issue with a garden variety WAP, but your point is well taken. Good antennae can boost the range significantly.

I knew an ISP that synched up some $59 linksys boxes at 28km with a pair of dishes, just for kicks while he was installing a remote tower. But they woudn't transmit data.

-Russ.