You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, download files, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!
If you have any problems with the registration process or your account login, please contact contact us.
Lately we've been hearing horror stories about the number of "wide open" Wi-Fi routers that can be found and exploited just by a hacker driving around town with a Pocket PC, Laptop or WiFi finder. This weekend was my first try at wardriving, and the number of open routers I found just between my house and the local grocery store was astounding . This alerted me that an APB needed to be put out to all my Addict friends and family that you really need to lock down that home router!
Some folks have reported that they aren't encrypting their connections because it's "too hard" or it "takes too much time". Well, sit back and relax. Take a deep breath, we'll have you surfing over an encrypted connection in less than 10 minutes! 8-) Step 1: Open your Wi-Fi router configuration control panel. This is usually accessed via a web interface. Mine is a Belkin router which takes hold of http://192.168.2.1 <-- go ahead and click that link...it just might take you to your router Step 2: Choose your Security Mode. Here you will want to choose 128 Bit WEP. Step 3: On this screen you can see under Security Mode, that you have 128 Bit WEP selected. Now it's time for the part that confuses most people -- the "hard part" You'll see it's not hard at all - but I promise, you can brag to your friends about how hard it is to do and I won't say anything . You need to enter digits and letters into those 13 boxes and hit apply. You can enter them randomly or use the generate function to create one based on a passphrase. I used the generate function and ended up with what you see in the screen below... Step 4: Hit Apply. Step 5: Now is the time to connect your Pocket PC to the newly encrypted connection. Insert your WiFi card, or turn it on if it's an internal card. When the PPC detects the connection it will ask if it should connect to The Internet or to Work. Choose work if you intend to Activesync over WiFi.
Then you will see a "Network Key" request. Step 6: Enter the same key you set on the router and hit "Connect".
Now that you see how easy it is to encrypt your own home Wi-Fi router, is there any excuse not to follow through and do it? Take the 10 minutes and encrypt your connection -- you'll be glad you did.
Any comments?
I've worked with a number of these smaller routers and all of them have similar screens and set up methods, which is why I felt ok about posting the Belkin screens. If anyone is lost, be sure and let us know, hopefully we can help each other.
Wow! Thanks B! I have been needing to do this for a while, but I just saw a nightmare ahead. Your post makes it seem very simple.
BTW, what are you using to wardrive? NetStumbler Lite doesn't work for me.
Wow! Thanks B! I have been needing to do this for a while, but I just saw a nightmare ahead. Your post makes it seem very simple.
BTW, what are you using to wardrive? NetStumbler Lite doesn't work for me.
After some configuration Friday, I got Pocket Warrior up and running like a champ. However, as a dell user, you may want to try Circond's PocketWiNc it seems to have compatibility with most devices.
BK Thanks for posting this. This has to be one of the best tips ever . I finally have my wireless router working the way that I thought it should thanks to this tip. I can't wait to get my e800 and set it up on this 8-) .
Thanks for the walk through. I guess I was just missing a step! Now I can feel secure with my new Axim X3i!
New to PocketPC Addict, new to PocketPC new to wireless networking!
I've been using MAC filtering on my DLink router, mostly becasue I didn't understand how to do WEP. THanks for this tip!
How much difference in security is there between the two? I have been able to tell my router to ignore all computers apart from ones presenting MAC addresses x,y and z. Am I still at risk?
I had been a Palm user up to last week when I decided to switch to PocketPC, as that is the platform that will be suported at work. I chose the Dell 3Xi based on price and features. It was a refurb unit, for $263... hard to beat.
The device is small and light, smaller than I envisoned, once I got my hands on it. The screen is crisp and clear under any lighting conditions. The integrated wireless was a cinch to set up once I got my wireless router and followed your steps. Thanks again.
I am a Mac user at home and use W2K at work. Using PocketMac Pro (pocketmac.net), I am able to sync my device both at home and at work. The PocketMac software is easy to set up and use and except for a few minor glitches, is a great product.
How much difference in security is there between the two? I have been able to tell my router to ignore all computers apart from ones presenting MAC addresses x,y and z. Am I still at risk?
I'd say you are pretty well locked down I'll be posting part two of this Tip of the Week tomorrow -- however it's Mother's day and I have two Mothers to visi so it may be delayed -- but in a nutshell, I think it's going to be difficult to break in.
You may want to not broadcast your SSID. It will make your router invisible.
This isn't strictly true. Not broadcasting the SSID will prevent the router from showing up in lists for auto-connect purposes, but the SSID is still available to any device that "asks" for it using a tool like MiniStumbler or PocketWarrior, and is included in all traffic so it can't be hidden from packet sniffing apps either.
Also, some PPC devices will have trouble connecting if the SSID isn't being broadcast. Turning off SSID broadcast will only stop casual "hackers". Anybody who wants to get in won't be slowed down by doing turning it off.
I've been using MAC filtering on my DLink router, mostly becasue I didn't understand how to do WEP. THanks for this tip!
How much difference in security is there between the two? I have been able to tell my router to ignore all computers apart from ones presenting MAC addresses x,y and z. Am I still at risk?
WEP is encrypting the traffic so people can't see things like passwords unless they crack the WEP key. MAC filtering prevents anybody with an unknown MAC address from associating (connecting) to your router. Using both is a good idea, and will definitely stop casual hackers and wardrivers, but neither is fullproof:
1. Cracking the WEP key is trivial once you've gathered enough packets. This can take from hours to weeks depending on how much traffic is on the wireless network, but it is possible. If you see somebody parked outside your house for a long time, be worried.
2. It's also trivial to "spoof" (fake) the MAC address in several popular wireless cards used in laptops, so MAC filtering isn't totally secure either.
That being said, most people don't have to worry about real hackers - they just need to stop wardrivers and such, and doing what you are doing is all you need to prevent that. I use a D-Link with WEP and MAC filtering as well.
Hey got my Axim X3I for $166 plus sales tax and shipping, it was like $180 total, $50 off instant this week and techbargains.com had a $50 coupon and it was a refurb unit. Can't beat that, now I just need to learn to use one of these.
I've been using MAC filtering on my DLink router, mostly becasue I didn't understand how to do WEP. THanks for this tip!
How much difference in security is there between the two? I have been able to tell my router to ignore all computers apart from ones presenting MAC addresses x,y and z. Am I still at risk?
Do both; you can't be "too secure", and neither is hard or a big performance hit. In theory, someone COULD duplicate your MAC address.
The best advice is to narrow the entry gate as much as possible: don't broadcast your SSID unless you have to, use WEP or even better WPA, restrict access to specific MAC addresses, use the firewall, etc.
Doug
You may want to not broadcast your SSID. It will make your router invisible.
Whether or not you broadcast your SSID, change it! I have a neighbor who has apparently never done anything but power on his/her box. Sometimes I can see "default" and use it without any malicious intent. In fact, when I first got my AirPort cards for my iMac and my iBook, I was using my iMac in "Internet sharing" mode. Funny thing was, if my iBook was right next to the iMac -- inches away -- I had a lousy signal. To make a long story short, it turned out that my iMac wasn't sharing at all, and the weak signal I WAS getting was my neighbor's! After I got the iMac set up properly, I got max signal anywhere I went inside my house. I just upgraded to the AirPort Express, and now have it set as described in another post - SSID not broadcast, modified SSID string, MAC restricted, WEP 128 (because my PPC doesn't yet do WPA), etc.
Doug
My Linksys AP/Router has a MAC Address function as well for security.
WEP is still pretty easy to crack...MAC Address spoofing, however...is a little tougher.
Inside my router, under wireless, is the option to ONLY allow certain MAC addresses to conntect via WiFi, and...it goes the other way, too.
You can deny certain MACs, too.
It's under MAC addressing or something like that...
If you go into your Mobile PC, Settings, System Tab, Asset Viewer, you can get the MAC for your individual unit there....
You may want to not broadcast your SSID. It will make your router invisible.
?? I'm not following. Could you explain your statement a little further?
One of the options on all wireless routers is whether to broadcast your SSID or not. That is basically the "name" of your wireless network. In the example above the SSID is "broadcom". If you don't broadcast it, you will have to know that information before you can configure your connection because it won't be provided for you. Therefore, your network is "invisible" to war drivers. The down side is that, at least for my iPAQ 4155, it makes it "invisible" to my PPC and I can't connect any longer.
This was indeed a great tip, even a year or so later. I've also toured my neighborhood and been amused/alarmed by how many open wireless networks there are. (I'm going to warn my friends whose names are on their networks... that's kind of like signing your name to an open invitation.)
However, I'm wrestling with getting my Dell Axim X3i to connect to my new Airport Express network, which I set up at home last night. I set up 128-bit WEP encruption as described above, and my G4 iMac has no trouble connecting. The Axim detects my wireless network with no trouble, but when I try to connect it says "Connecting" and then goes back to "Available" without prompting me or giving any other messages.
Here's a recap of the settings:
* On the "Configuring Wireless Network - General" page, I set "Connects To" to "The Internet".
On the "Configure Network Authentication" page:
* I've tried setting Authentication to both Open and Shared. Think this should be "Shared" - or should it? Either way, no luck.
* Data Encryption is set to WEP.
* The "Key provided automatically" box is unchecked. The Apple Airport Utility can show you the hex password that results from the passphrase you enter for WEP, so I entereed 13 characters as the WEP password in the Airport Express Utility and then typed the resulting hex string password into the space provided for the Network Key. Think this is similar to what was illustrated with the Belkin router.
* The "Key Index" is set to 1 (not sure what this is, but I've also tried 2, 3 and 4).
* I've not set anything in the "802.1x" screen, but I don't think I should - should I?
Any ideas? I do know that my device can connect wirelessly - right now I have it turned on and it automatically connected to the network of a firm across the street from my office!
------------
Added 25 Feb 2005:
Well, don't know the "why" of it, but I think I've solved my problem by going into the Airport Admin Utility and changing the Channel setting from "Automatic" to a specific channel (8, in my case). Boom! Axim connected like a champ... and now I'm a happy camper.
Just thought I'd put in my two cents here, as a "casual" hacker. I'm new at it, just got all the tools, and I'm only working on my own network. So far, I've been able to crack 64-bit WEP encryption on my own router on...get this... 6 minutes! WEP is NOT a very good security device. I've only been studying this for about a day, but I can already defeat 64-bit and 128-bit WEP, MAC filtering, non-broadcasting SSIDs, and more.
When using Kismet in Linux, if the network does not broadcast an ssid, it will show up as (no ssid). Then, all I have to do is either (1) wait for someone to log on the network, or (2) forcibly disconnect someone from the network and have them automatically reconnect. Then I have the SSID. I need 250,000 packets to realiably crack WEP64, and just over 600,000 to reliably crack WEP128. Now, I said reliably. For reason I've not been able to figure out yet, some passwords are easier than others. I set up my router for WEP64, and used the key "MOUSE", and I was able to crack it from 1,400 packets, and it only took 2 minutes of crack time to bruteforce.
I'm reading the current best encryption is WPA-PSK, though I know nothing about it. Remember, ALL passwords are subject to a dictionary attack and to bruteforcing. You can NEVER make a password unbreakable, but you can reduce the chance of a casual hacker getting in on their first try.
Brad: a wonderful, simple and necessary posting, but where am I going to get free Internet for my laptop now???? :-/
Lucky for me, my T-Mobile MDA has GPRS and I also put the passkey in my WiFi settings so I can access my home network, which is secure since I installed it.
As for the suggestion about not broadcasting the SSID, this can make it impossible for older Win98 computers to connect to your router... at least this was my experience with my 6 computer home LAN, 2 of which are clunky Win98, and one is an old iMac...
But if all you have is WinXP and Windows Mobile 5, well, by all means keep yourself invisible!!
I'm new to the site and thought I'd check out a couple of the old threads (that's why they keep 'em posted).
I have a couple of thoughts to freshen up this thread:
1) Force Field Wireless sells a paint called DefendAir which contains copper and alum fibers. The paint limits the range of wireless transmissions from 100MHz to 2.4GHz. But apply carefully as it will also reduce quality of incoming signals to radios, TV's and cell phones.
2) I use MAC and realize the susceptability to sniffers so I place the router at the back of the house furthest from the street. As for neighbors using a sniffer, you can run an audit via the router log periodically to check for unauthorized access.
3) Otherwise, what's wrong with open access? Just leave your computer in hibernate mode or turned off.
. This alerted me that an APB needed to be put out to all my Addict friends and family that you really need to lock down that home router!
You'll see it's not hard at all - but I promise, you can brag to your friends about how hard it is to do and I won't say anything 
. You need to enter digits and letters into those 13 boxes and hit apply. You can enter them randomly or use the generate function to create one based on a passphrase. I used the generate function and ended up with what you see in the screen below...
Linear Mode
