Home wireless router security by limiting the number of available IP addresses

On Sat, 16 Jun 2007 15:29:20 GMT, John Navas wrote:
>>>> That is, if I have three computers and I set the DHCP range from
>>>> 192.168.1.1 to 192.168.1.3 - doesn't that protect me from intrustion by
>>>> a fourth computer?
>>How can someone set an IP address manually?
> Properties for the network connection.

Hmmm... I've never heard of "security" by limiting the available IP
addresses on the wireless router ... so there MUST be a fatal flaw in my
argument below ... but here it is ... for an expert to find the flaw (I
can't find it) ...

a. Assume the "bad guy" wardrivers CAN change their IP address (a la John
Navas' suggestion) ... but also assume the following two conditions ...

b. The Wireless router is assigned to an "arbitrary" range, say the 3 IP
addresses can be assigned to a limited contiguopus range that the "bad
guys" don't (yet) know (e.g., 192.168.145.128 to 192.168.145.130).

c. Assume that all three PCs are on the home network so there are now zero
available IP addresses to be handed out by the router ...

My security question:
How can the bad guy wardrivers get in given those three assumptions above?

If we can't figure out how (and of course, if we can't do it ourselves),
then we've just uncovered an heretofore unknown wireless security method
that has never before been seen in print!

On Sat, 16 Jun 2007 21:16:21 -0700, Jeff Liebermann wrote:
> You left out far too many conditions and considerations:
Thank you for asking. I will try to faithfully answer the questions.

> 1. Is the link encrypted?
I'm not sure what that means. I'm not using VPN if that's what you're
asking, but I am using standard WPA2-PSK authentication & AES data
encyption as set up on the router and windows xp machine.

> 2. What's the LAN netmask?
On the router, it is 255.255.255.0 and the router IP address is set to
192.168.100.100 and changed weekly.

> 3. Where's the DHCP address pool?
I'm not sure what this means. On my Linksys router, there is a setting for
"Maximum Number of DHCP Users" which I've set to "3". Is that the DHCP
pool?

> 4. Is there a MAC address filter?
Yes. I currently have DEADBEEFCAFE, 0BADFEEDBEEF, & 00BADCODEFAD as my
three MAC addresses on my windows computers and the MAC address filter in
the router is set to only accept those three MAC addresses and they are
changed weekly.

> 5. Any 802.1x authentication? RADIUS authorization/authentication?
I do not have the "Enable IEEE 801.1x authentication for this network" set
in the Windows network application for the wireless network. Neither do I
have Radius for my home network. I just use WPA2-PSK.

> 6. Any secure tunnels (VPN)?
No, I am not using VPN.

> In my never humble opinion, the only real security available is WPA or
> WPA2 encryption. Even that has a problem in that shared keys can be
> extracted from the client machines.
I am using WPA2-PSK so shared keys can be extracted, I guess.

Given this information, how can anyone connect to my network when the only
three available DHCP addresses are in use by my three PCs?

On Sun, 17 Jun 2007 06:30:25 GMT, Roger Harrison wrote:
> Given this information, how can anyone connect to my network when the only
> three available DHCP addresses are in use by my three PCs?

My SWAG, one cracked, box, emails/p2p's black hat the keys/mac addy/whatnot
first thing during shutdown. Now cracker knows todays mac/key values
and that there is a free lease slot open.

You are getting the WAN security tighten down, but crackers are going
after apps on the pc because WAN side is getting harder to bypass.
So you have possible problems on both sides of the connection.

Last stats I saw indicated for first quarter of 2007, daily average 222 new
malware and cracked 5,0000 web pages handing out malware. It is
getting ugly for the Micro$oft users.

http://news.bbc.co.uk/go/pr/fr/-/2/h...gy/6591183.stm

I can just see bot hearders renting out open connection to local crackers. :(

Roger Harrison wrote:

>My security question:
> How can the bad guy wardrivers get in given those three assumptions above?

Masquerade as your WAP and send an 802.11 control frame telling your
computers to get off, then masquerade as one of your computers. It's
done all the time.