wireless router security question
This is a discussion on wireless router security question within the Linux Security forums, part of the System Security and Security Related category; I have a Netgear MR 314 wireless router, but for various reasons we are not at the moment using the ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-16-2004
|
|||
|
|||
wireless router security question
I have a Netgear MR 314 wireless router, but for various reasons we are
not at the moment using the wireless facility, but are using it as a hard-wired router. About every two minutes the wireless activity light is illuminated. Is this just the router checking whether there are any nearby wireless stations, or could it be someone trying to access the system? I can't see any info on this in the manual, other than a statement that implies that when the light goes on a connection is made. - Richard. -- Richard Kimber http://www.psr.keele.ac.uk/ 
|
|
07-16-2004
|
|||
|
|||
|
Re: wireless router security question
Richard Kimber wrote:
> I have a Netgear MR 314 wireless router, but for various reasons we are > not at the moment using the wireless facility, but are using it as a > hard-wired router. > > About every two minutes the wireless activity light is illuminated. Is > this just the router checking whether there are any nearby wireless > stations, or could it be someone trying to access the system? I can't see > any info on this in the manual, other than a statement that implies that > when the light goes on a connection is made. > > - Richard. > Hi, is this a linux router? If so, use tcpdump. Besides, if you haven't shut the interface down explicitly, AFAIK it sends discovery packets from time to time. You can usually configure the intervall length of these discovery packets. Alex
|
|
07-17-2004
|
|||
|
|||
|
Re: wireless router security question
On Fri, 16 Jul 2004 17:37:40 +0200, Alexander Harsch wrote:
> Richard Kimber wrote: > >> I have a Netgear MR 314 wireless router, but for various reasons we are >> not at the moment using the wireless facility, but are using it as a >> hard-wired router. >> >> About every two minutes the wireless activity light is illuminated. Is >> this just the router checking whether there are any nearby wireless >> stations, or could it be someone trying to access the system? I can't >> see any info on this in the manual, other than a statement that implies >> that when the light goes on a connection is made. >> >> - Richard. >> > Hi, > > is this a linux router? If so, use tcpdump. Besides, if you haven't shut > the interface down explicitly, AFAIK it sends discovery packets from > time to time. You can usually configure the intervall length of these > discovery packets. Thanks. tcpdump seems to point to it being the router if I interpret this correctly.:- 12:19:37.521345 IP 192.168.0.1 > ALL-SYSTEMS.MCAST.NET: igmp query v2 12:19:37.522467 IP 192.168.0.1 > DHCP-AGENTS.MCAST.NET: igmp v2 report DHCP-AGENTS.MCAST.NET I don't think there's a way of switching off the wireless function. -- Richard Kimber http://www.psr.keele.ac.uk/
|
|
07-17-2004
|
|||
|
|||
|
Re: wireless router security question
Richard Kimber wrote:
> On Fri, 16 Jul 2004 17:37:40 +0200, Alexander Harsch wrote: > >> Richard Kimber wrote: >> >>> I have a Netgear MR 314 wireless router, but for various reasons we are >>> not at the moment using the wireless facility, but are using it as a >>> hard-wired router. >>> >>> About every two minutes the wireless activity light is illuminated. Is >>> this just the router checking whether there are any nearby wireless >>> stations, or could it be someone trying to access the system? I can't >>> see any info on this in the manual, other than a statement that implies >>> that when the light goes on a connection is made. >>> >>> - Richard. >>> >> Hi, >> >> is this a linux router? If so, use tcpdump. Besides, if you haven't shut >> the interface down explicitly, AFAIK it sends discovery packets from >> time to time. You can usually configure the intervall length of these >> discovery packets. > > Thanks. tcpdump seems to point to it being the router if I interpret this > correctly.:- > > 12:19:37.521345 IP 192.168.0.1 > ALL-SYSTEMS.MCAST.NET: igmp query v2 > 12:19:37.522467 IP 192.168.0.1 > DHCP-AGENTS.MCAST.NET: igmp v2 report > DHCP-AGENTS.MCAST.NET > > I don't think there's a way of switching off the wireless function. > So, what does ifdown ethx do? Just to make sure, you can use iptables to block everything incoming and everything outgoing. Regards, Alex
|
|
07-18-2004
|
|||
|
|||
|
Re: wireless router security question
On Sat, 17 Jul 2004 17:08:09 +0200, Alexander Harsch wrote:
>>>> About every two minutes the wireless activity light is illuminated. Is >>>> this just the router checking whether there are any nearby wireless >>>> stations, or could it be someone trying to access the system? I can't >>>> see any info on this in the manual, other than a statement that implies >>>> that when the light goes on a connection is made. >> Thanks. tcpdump seems to point to it being the router if I interpret this >> correctly.:- >> >> 12:19:37.521345 IP 192.168.0.1 > ALL-SYSTEMS.MCAST.NET: igmp query v2 >> 12:19:37.522467 IP 192.168.0.1 > DHCP-AGENTS.MCAST.NET: igmp v2 report >> DHCP-AGENTS.MCAST.NET >> >> I don't think there's a way of switching off the wireless function. >> > So, what does ifdown ethx do? Just to make sure, you can use iptables to > block everything incoming and everything outgoing. Regards, Alex It closes my internet connection. As I understand it, the router blocks all attempts to connect from the outside (I haven't opened any ports) and the Suse iptables firewall on my machine only allows pop3 connection from a second (Windows) machine on the internal side of the router's firewall. -- Richard Kimber http://www.psr.keele.ac.uk/
|
Linear Mode
