Text 12729, 74 rader
Skriven 2005-11-20 16:48:00 av ROBERT FOWLER (1:123/140)
     Kommentar till en text av JEAN PARROT
Ärende: Re: WiFi visible.
=========================
-=> JEAN PARROT wrote to ROBERT FOWLER <=-

 RF> We'll, changing the channel doesn't make either of you invisible to
 RF> the other.  You'll both still show up on each other's scans, and if he
 RF> wants to try to connect to you, he needs only to change his channel to
 RF> yours.

 JP>         You are right, but if I set the allowed IPs in the router, he
 JP>         can not connect. At least, it is my understanding.

 The problem with this reasoning is that he can assign an IP to his
 machine the same way that you assign one to yours.  What if he has
 the correct IP?  How would your router know that it's him and not you?

 IPs are very easy to spoof.  That's why MAC addresses are typically used
 for this purpose.  They are unique (bound) to the hardware and much more
 difficult to spoof.
                       
 RF> I'm not sure what you mean by "keeping an eye" on the router.

 JP>         I can see if I am RX/TX, looking at the LEDs. The better
 JP>   indication is the 5 green bars on the ZA taskbar icon. They show RX
 JP>   activity, if I do not do anything myself, they ought to be dead.

 The router's LEDs do reflect activity, but remember that there is
 always "housekeeping" activity going on when at least one other NIC,
 AP, etc. is up.  I have a router, a wireless AP, and a print server.
 The LEDs are always flashing, even when all of the computers are off.

 As for ZA, that's another matter.  I would think that it would react
 only to activity that is within its specific loop in the network, even
 when it's on a wireless connection.  Unless your intruder is trying
 to connect to the system with ZA on it, ZA shouldn't see the intruder
 at all.

 JP>         I still have alot to learn here, Robert. I am under the
 JP>   impression that "allowing" some IPs will prevent others to log-on.
 JP>   The IP allowances are done in the router, not the firewall, for the
 JP>   WL access. I also have these IPs "permitted" in ZA otherwise they
 JP>   can not connect. I only have on WL IP at home, the upstairs
 JP>   Thinkpad, the other three systems are on RJ-45 so the router only
 JP>   has the one 192.168.0.xxx permission. In ZA, all other three are
 JP>   allowed, depending on what system is on.

 JP>         Encryption would only protect my packets, the router would
 JP>   still be open to all if not for the IP restrictions. Methinks.

 That's also incorrect.  While encryption does protect your packets,
 if the encryption *keys* don't match, the two wireless devices won't
 communicate at all.  Why should they bother?  If you have encryption
 enabled, your router will connect only to wireless devices that
 have the same encryption enabled and can supply the correct key.

 You can try this easily enough by enabling encryption on your router
 and then trying to connect to it with your wireless node on you LAN
 without enabling encryption on it. ;-)

 Regards,

 Robert Fowler











... MultiMail, the new multi-platform, multi-format offline reader!
--- MultiMail/Win32 v0.43
 * Origin: Try Our Web Based QWK: DOCSPLACE.ORG (1:123/140)