[clue-tech] Re: Wireless security again

Michael Robbert mrobbert at Mines.EDU
Wed May 18 09:38:12 MDT 2005 

On Tue, 2005-05-17 at 20:49 -0600, Collins Richey wrote:
> On 5/16/05, Collins Richey <crichey at gmail.com> wrote:
> > A friend just gave me a WRT54G unit which is working ok for the two
> > windows laptops in the household - both have builtin .G functionality.
> > I haven't completed the setup to use Linux (one of the laptops is dual
> > boot).
> > 
> > I've setup the unit and the laptops for WEP 120bit security, but I'm
> > not really interested in leaving one these beasts connected 24x7. My
> > planned use of the unit is as follows
> > 
> 
> [ layout snipped - see previous ]
> 
> > I'm just wondering what the real exposure is, since neither of my
> > regular PCs will ever be on the wireless connection. 
> 
> Thanks for the replies thus far. It's not practical to put the WRT54G
> in the basement - no hard wiring there. Also, the WRT54G is near a
> wall/window, so it's range would be pretty good on that side of the
> neighborhood.
> 
> To follow up on my earlier question, is there a likely (or even
> difficult) path through the wireless connection to get to my desktop
> PCs? Give the diagram, lets say the wired router hands out addresses
> like 192.168.4.nnn. The WRTG gets one of these addresses on its
> inbound side and hands out addresses like 192.168.5.nnn where
> 192.168.5.1 is reserved for the WRT45G itself. All of these addresses
> are private, non-legit for the public.
> 
> Can a sniffer break into one of my wireless laptops and tunnel into
> the 192.168.4.nnn range?
> 
> To be a little more specific about usage, neither of the laptops are
> intended for any kind of financial transactions, but the Windows
> desktop PC does a few Ebay and Paypal transactions per week.
> Supposedly, these are well encrypted. Can a sniffer be looking at
> those transactions given the description above?
> 
> Before anyone suggests it, I'm NOT into putting up a permanent 24x7
> firewall machine. That's an obvious solution, but I don't want
> anything running 24x7 except the cable modem and hardwired router.

I would say that you're fairly safe against the casual passer by. Is the
WRT45G going to be doing NAT between the .4 and .5 networks? That would
add a level of security over having the two subnets routed or even being
on the same subnet. I know that it was mentioned before, but if the
traffic you are trying to protect is SSL encrypted and the WRT45G isn't
shooting it out over the air (which it shouldn't unless their is a bug
or misconfiguration) then you have as much to worry about the internet
at large as you do somebody sniffing your wireless.

Mike Robbert

More information about the clue-tech mailing list