Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Mitigate the risk of using a WEP only router?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Budoka
l33t
l33t


Joined: 03 Jun 2012
Posts: 777
Location: Tokyo, Japan

PostPosted: Wed May 03, 2017 6:47 pm    Post subject: Mitigate the risk of using a WEP only router? Reply with quote

If I put a travel router with WPA2 capability between my box and a public wifi router that only has WEP capability (Yeah I know but out of my control) am I now better protected?

I am using a travel router to connect to a public wifi that only has WEP. The travel router then broadcasts the signal under a new AP name and uses WPA2. But I am confused.

So in this scenario, I know that the traffic between my Gentoo box and the travel router is encrypted with WPA2 but is the traffic between the travel router and the wifi router also WPA2? Or does it revert to WEP because that is what the wifi router uses? Or is it now WPA2 encrypted traffic over WEP? Also, what does it look like when I am sending data outside of the network ie Internet banking etc. ?

Hopefully, my question isn't too confusing.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9655
Location: almost Mile High in the USA

PostPosted: Wed May 03, 2017 7:29 pm    Post subject: Reply with quote

Reverts to WEP.

I would hope most internet banking is done with SSL anyway so it (mostly) doesn't matter that it's WEP.
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
Budoka
l33t
l33t


Joined: 03 Jun 2012
Posts: 777
Location: Tokyo, Japan

PostPosted: Wed May 03, 2017 7:47 pm    Post subject: Reply with quote

eccerr0r wrote:
Reverts to WEP.

I would hope most internet banking is done with SSL anyway so it (mostly) doesn't matter that it's WEP.


Thanks. So basically the travel router even though WPA2 does little to add security because the WIFI router is WEP. Correct?

Whenever I do anything banking related etc I go through a VPN. Rather err on the side of caution.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54121
Location: 56N 3W

PostPosted: Wed May 03, 2017 7:48 pm    Post subject: Reply with quote

Budoka,

Look into using a VPN.

Public wifi suffers from everyone on the same network using the same key, so everyone can see each others data if they want to.
Some applications will use ssl some won't.

The only fix is to run your own encryption over the public wifi.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Budoka
l33t
l33t


Joined: 03 Jun 2012
Posts: 777
Location: Tokyo, Japan

PostPosted: Wed May 03, 2017 7:57 pm    Post subject: Reply with quote

NeddySeagoon wrote:
Budoka,

Look into using a VPN.

Public wifi suffers from everyone on the same network using the same key, so everyone can see each others data if they want to.
Some applications will use ssl some won't.

The only fix is to run your own encryption over the public wifi.


Thanks, Neddy. I generally, as a rule, use a VPN. Which actually just reminded me of something...

I noticed that when I use just the travel router without VPN all of my ports are Stealthed but my box apparently responds to ping. When I turn my VPN on SSH, HTTP, and HTTPS are opened and everything else is still stealthed. Is one preferable over the other? I generally check any new network I jump on with Shields Up before sending traffic over it. But am not great at interpreting the results. LOL
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54121
Location: 56N 3W

PostPosted: Wed May 03, 2017 8:36 pm    Post subject: Reply with quote

Budoka,

When you use a VPN your host should show a few open ports over the carrier IP address and everything else over the VPN tunnel.
The open ports on carrier IP address are just to allow your carrier dhcp lease to be renewed.
Everything else should go over the VPN.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3112

PostPosted: Wed May 03, 2017 8:40 pm    Post subject: Reply with quote

Quote:
VPN (...) The only fix is to run your own encryption over the public wifi.
You make it sound like if retail connection was more secure.
The difference isn't all that significant. Your neighbour's kid may find it harder that way, but even things like accidentally hijacking the internet with misconfigured BGP have been reported...
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54121
Location: 56N 3W

PostPosted: Wed May 03, 2017 8:46 pm    Post subject: Reply with quote

szatox,

Is that with cable (TV) internet?
I've heard a few horror stories but I live in a wee village. Cable is not an option.

Wifi is insecure everywhere. I wouldn't do banking or shopping over my own wifi, never mind wifi that I knew was shared.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3112

PostPosted: Wed May 03, 2017 9:35 pm    Post subject: Reply with quote

Doesn't matter. People are more or less the same everywhere.
Wiifi or no wifi, if you wanna do something that needs security, make sure you use SSL and the certificate presented by server is valid. If you do, open wifi doesn't matter.
If you don't, well, the wires are long. Everything depends on how bold the eavesdropper is. Bonus point if he is a malicious employee on ISP's staff. Who knows what you would discover if you actually put some effort into diagnosing that flapping connection to another segment...

BTW, a short article on security of BGP: https://www.bishopfox.com/blog/2015/08/an-overview-of-bgp-hijacking/
First, you need at least /24 IPv4 pool, and preferably /22... Then you can route all the internet through YOUR wires ;)
Back to top
View user's profile Send private message
NTU
Apprentice
Apprentice


Joined: 17 Jul 2015
Posts: 187

PostPosted: Wed May 03, 2017 9:51 pm    Post subject: Reply with quote

If you're concerned about wireless security, use OpenWRT and operate on frequencies that are not supported by common devices and also violate FCC regulations way beyond spec to the point of rendering the modem incompatible with common laptops and wifi dongles. Then you won't even need WEP/WPA!
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9655
Location: almost Mile High in the USA

PostPosted: Wed May 03, 2017 10:45 pm    Post subject: Reply with quote

NTU wrote:
If you're concerned about wireless security, use OpenWRT and operate on frequencies that are not supported by common devices and also violate FCC regulations way beyond spec to the point of rendering the modem incompatible with common laptops and wifi dongles. Then you won't even need WEP/WPA!

Yay security by obscurity.
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54121
Location: 56N 3W

PostPosted: Thu May 04, 2017 9:50 am    Post subject: Reply with quote

NTU,

That will attract the attention of all sorts of people for all the wrong reasons.
None of them will be interested in your data either.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Budoka
l33t
l33t


Joined: 03 Jun 2012
Posts: 777
Location: Tokyo, Japan

PostPosted: Thu May 04, 2017 11:49 am    Post subject: Reply with quote

NeddySeagoon wrote:


The only fix is to run your own encryption over the public wifi.


That is what I was hoping to accomplish putting the WPA2 travel router between me and the Public Wifi. But seems that doesn't get the job done. Anyway thanks as always.
Back to top
View user's profile Send private message
NTU
Apprentice
Apprentice


Joined: 17 Jul 2015
Posts: 187

PostPosted: Thu May 04, 2017 11:56 am    Post subject: Reply with quote

eccerr0r wrote:
NTU wrote:
If you're concerned about wireless security, use OpenWRT and operate on frequencies that are not supported by common devices and also violate FCC regulations way beyond spec to the point of rendering the modem incompatible with common laptops and wifi dongles. Then you won't even need WEP/WPA!

Yay security by obscurity.


You mean invisibility, but yes, very much so. Do people roll around in vans scanning for secret radio waves? Must have missed that memo.

By the way, t'was a joke.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54121
Location: 56N 3W

PostPosted: Thu May 04, 2017 12:03 pm    Post subject: Reply with quote

NTU,

There aren't any empty spaces in the radio spectrum.
By moving out of one of the very small unlicensed bands, you move into someone elses space.
They will notice and call out the vans you mention.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum