WiFi Networking And Static IP addresses

When your computer connects to a WiFi access point, one of the first things that it normally does is to request an IP address, so it can connect to the router and / or to the other computers in the LAN. One of the earliest ways to stop intruders from connecting to your LAN, through your WiFi access point, was to restrict access by MAC address. A second way was to disable DHCP, and stop issuing IP addresses automatically.

Such a simple procedure - and so useful (or so thought those who tried it). Not so useful, thought the hackers when they would encounter a WiFi LAN, without DHCP to issue IP addressing. Part of hacking a WiFi LAN involves monitoring the packets for useful MAC addresses, and a small additional effort is then expended in extracting IP addresses. It's just radio.

If your neighbour, who just bought his first wireless computer, can't get an IP address when he connects to your otherwise open LAN, he can't access the Internet through your service. You're safe from him leeching your Internet service.

But what of his son, who hacks as a hobby? Once he gets past your MAC address filter, finding out what IP addresses are being used is trivial. He probably won't even notice that you disabled DHCP. And since he hacks, he's probably got nefarious intent, maybe leeching WiFi so he can hack a distant Internet server, using your service of course.

Maybe the FBI is targeting his activities, so he's borrowing your service. When they see his new IP address (your service), who gets blamed? Probably you.

Oh yeah - if you have DHCP disabled on your LAN, and you carry your laptop to your friends house, how are you going to get an IP address? Are you going to manually setup an address there? Then change it back when you come home again? Have fun. What about to your local hotspot, where DHCP is the only way that you can get an address?

I know who I would worry about, when I assess the dangers associated with Internet connectivity, and with WiFi networking. Static IP Addresses, when used as a security device on a WiFi LAN, are just another form of security by obscurity, plus inconvenience to you. Use WPA / WPA2, not WEP, and properly layered security, and forget about other WiFi security devices. Any hacker who can get through WPA (and that will happen one day) won't be fazed in the slightest by fixed IP addressing.

>> Top

Topics: , ,

Share This Post! Del.icio.us Del.icio.us Digg Digg Facebook Facebook StumbleUpon StumbleUpon Technorati Technorati Twitter Twitter

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)