Very simple request on Linksys.

Unfamiliar with that "particular" router, but use 63 character WPA (NOT WEP) encryption if it's available. If you can encrypt it with WPA, then get a sofware firewall like free zonealarm to provide outbound protection. If WPA is not available, then get one that supports it. (I use a WRT54G (linksys) router), and select WPA and AES when you configure it. It's easy. Be sure and change the router default password.

Jack

Phil wrote:

Jack,

Above my head! "63 character WPA", "WEP", "AES"...? You lost me. - Phil

I'm new also! But, WEP and WPA are encryption techniques for wireless. WEP is now easily crackable, WPA is the most used. When I installed my router, I was given the choice (1st on my wireless laptop) to CHOOSE WPA and then CHOOSE AES, which I've heard is a better choice than the other option whick was TKIP, and I was also given the choice to enter a "random" 63 character encryption "key". Then, I entered the SAME (make a hand written copy) key on my router at 192.168.0.1. The key is entered in hex, so use all the digits 0-9, and the letters A-F. Your laptop wireless configuration software, and the router software and manual, should guide you through this which took me less than one hour. I configured my laptop before my router, but I doubt that is of any concern. The laptop runs xp home SP2. I've also heard that MAC filtering can be easily defeated.

Please, someone interject if I'm misspeaking, Please? I've gotten so much help from this group, that I wanted to give back some.

Jack

Phil wrote:

Phil-

I looked up your router, and it supports 128 bit WEP, not WPA. You will not get good security with this router in my opinion. As I said earlier, I recently bought a Linksys WRT54G for about $60, and it supports WPA-AES. Remember, that your laptop must also support WPA. I just gave back a one year old IBM Thinkpad Centrino (which only supported WEP) for a new Toshiba P4, and I set it up with the above router in about an hour. I think that's why you haven't seen WPA, etc, options when you tried to configure your router.

Jack

WADR, throughout this thread, I admitted my naivete, and asked to be corrected if I was saying something stupid. Here is what the original poster said "I am trying to make as secure as possible". Are you telling me that WEP is more secure than WPA? You have no idea what my or his home environment is like, nor what is on our hard drives. Some run businesses out of their homes. I live in a high tech neighborhood, close to an Intel facility, and many of their employees are my neighbors. I usually have the option to connect to 6 wireless routers, and one has no encryption. I tried to address his question "literally". Sorry for that. Yes, it is often easier to break into a home and take the computer. If you're a target, nothing will work. If you're not, then it's easy to discourage passerbys. Why not do it with WPA? It's cheap and easy.

Jack

Woody wrote:

WADR, throughout this thread, I have admitted my naivete, and asked to be corrected if I was saying aomething stupid, and there were NO responses to his post or mine.. You have no idea re: our home environments, and the poster said "I am trying to make as secure as possible". I was trying to answer "literally". Sorry for that. Are you telling me that WEP is more secure than WPA? Of course, if you're a target, someone can break in and steal your hard drives and whatever you use for storage.

I live in a high tech. neighborhood, close to an Intel facility, and many of their employees are my neighbors. When I turn on the laptop I can usually choose from 6 wireless access points to connect, only one of which is not encrypted with WPA. I think that WEP is more discouraging than WEP for passerbys. If I'm wrong, then please correct me. We agree on everything else. I upgraded to WPA, in part, because of reading posts on this ng.

Jack (who certa> It amazes me how many people read a bunch of rumored posts and instantly

It amazes me how many people read a bunch of rumored posts and instantly become experts on the subject. In a home environment WEP is just as secure as WPA encryption. Your rf signal is good for maybe 100 feet around tour house. Do you have that sensitive of data that someone would sit outside your house with a lab environment just to break your encryption? Would your neighbors be that interested in your data to set up a lab to try and break your code? Turn off ssid broadcast (this prevents most scanning software from seeing your id), Change ssid from default, turn on WEP 128 bit encryption, change user name and password to access router and you should be fine. You could also limit the number of dhcp users to two. Your more immediate concern should be from the wan port. Use one of the sites such as www,grc.com to verify all the incoming ports are stealthed. You may have to redirect port 113 to change it from closed to stealthed. Also a software firewall, anti virus, spyware cleaners, block third party cookies, hosts file, malware scanners are required tools.

Other than that, you should call Linksys Tech Support to help you set-up your router or understand it. That's what they are there for is for you to use them.

Duane :)

most scanning software

No comment.

Jack

Turning off SSID broadcast doesn't prevent detection, and it can cause problems.

Change ssid from default, turn on WEP 128 bit

closed is fine, stealthed is a misnomer

You may have to

John

Please note the word "can", before you say this is wrong, it may differ from your experience but that is a different story. It is all about potential interference issues in crowded areas.

John

Wrong, we have the SSID broadcasting disabled on more than 250 AP and Routers and also change the default channel, change the default subnet on all wireless routers, use WEP/128bit, etc... Never had a single problem.

While it doesn't prevent detection, it does make it so that the casual person doesn't see the device. It also doesn't cause any problem for the users that know the SSID and the wep key.

PMJI,

I looked at the site and not sure how to use it to test my setup. Could you elaborate please?

TIA, Eugene

Click on Shields Up, and than scroll way down and click on Shields Up again, and continue and Proceed. and then OK and then check ALL Service Ports, and let it work. ALL green is good.

Jack

The only time you could have a problem is if the SSID was the same as another SSID and was also on the same Channel. In that case, disabling the SSID had nothing to do with the problem and didn't cause it. It was strictly a fault of the person setting up the SSID on the router/AP.

Jack,

Thank you very much for the clarification.

I had almost all "green" except for two "blue" ports: 22 and 113. Is "closed" status good enough?

TIA, Eugene

Stealth is better than closed. Maybe one of the experts on this group can show you how to close those ports.

Jack

PORT 113 To stealth your router by forwarding port 113 all you have to do (on a Linksys) is go into the port forwarding section and forward port 113 to a high IP address on your internal network that is not being assigned to anything via DHCP. On my router I issue 50 IP addresses via DHCP in the range of 192.168.1.100-50 so I forward port 113 to IP address

192.168.1.200 which should never be used. This will stealth your router.

For my router the settings looked like this:

FORWARDING Description: IDNET Ext. Port: 113 to 113 Protocol: TCP IP Address: 192.168.1.200 Enable: Yes

Be advised that some older UNIX/LINUX services may use this port but it is doubtful that you will ever encounter any problems. This is what the ShieldsUP website has to say about blocking port 113

"The good news is that since IDENT is almost never used, simple "hard stealthing" of port 113, which is available from all personal firewalls, is probably sufficient. It will allow your system to remain completely invisible on the Internet and will almost certainly never cause any connection trouble. "

Port 22 is SSH. If you only access your computer remotely from a few external IP addresses you can set up rules that drop SSH requests from any other Ips which would effectively stealth this port as well.

MAC FILTERING Regarding the original post if your router supports MAC filtering you should use it. This will only allow your computers to access the router. If you are using a Windows machine go to a command prompt on each of the computers you want to access the router and type 'ipconfig /all'. The Physical Address is the MAC address of your network card. Enter this number in your router and you should be good to go.

Incorrect.

Gibson as usual is talking pure unexpurgated ordure.

Wrong! Stealthing does *not* make your system 'completely invisible', preventing an RST being sent back for connecting ident traffic *will* cause problems.

greg