On Sun, 2007-02-04 at 08:28 -0700, David G. Miller wrote: > I run WEP (will probably go to WPA when I find time to diddle with > setting it up), filter MACs and don't broadcast ESSID. I know that > theoretically this set up isn't absolutely secure but I'm guessing > I've raised the bar high enough that I'll keep the script kiddies, > access scofflaws and all but the really serious crackers out. Also, a > quick scan of the APs in the neighborhood indicates there are several > that are much easier to crack (or just use). Script kiddies will attempt something just because they can, there doesn't have to be some dying need to abuse someone's network. So I wouldn't rely on that. MAC filtering is utterly useless as a security measure. Anybody can change their MAC on just about all hardware. It's only of use to make accidental connections less likely (i.e. by those not trying to break into your network, but accidentally connecting to the wrong one). Not broadcasting an ESSID is going to cause more problems than it allegedly helps with. Each ESSID should be unique, and all the clients should only try to use the ones they're deliberately configured for. If it's a common factory default, all and sundry may try to use it. If you don't deliberately broadcast it, you're not putting off accidental connections. Script kiddies can use your network even if you don't broadcast it. If you do broadcast it, then those properly configured clients will be able to avoid it. Consensus is that WEP is a complete waste of time, now. --
