Re: Drive-by spam hits wireless LANs

[Iljitsch van Beijnum <iljitsch () muada com>]

On Wed, 11 Sep 2002, Jared Mauch wrote:

>       There are a lot of things one can do:

>       1) enable wep
>       2) rotate wep keys
>       3) authenticate by mac-address
>       4) restrict dhcp to known mac-addresses
>       5) force utilization of vpn/ipsec client

Suddenly laying down UTP doesn't seem so bad anymore...

>       Obviously not all of these solutions are available
> in all cases, but in a home or small lan-environment a subset of
> these will increase security (even if it's reinforcing the screen door
> with 1/16" of balsa wood)

You can forget rotating WEP keys on anything that isn't four times as
expensive as what most people have at home. Authentication by MAC address
doesn't buy you anything since someone else can "borrow" the MAC address.

Does anyone have experience with using asymmetric WEP keys? (= key 1 for
AP -> client and key 2 for client -> AP.) I'm thinking about doing this so
I can at least obscure my upstream traffic even if the downstream WEP key
is public knowledge. Obviously this isn't anything near safe, but this way
I'd risk the inconvenience of someone stealing my HTTP cookies or
passwords and messing up my settings for some non-essential web services.
(Anything even remotely sensitive will run over SSH or SSL of course.)