1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Encryption Exception

Discussion in 'Tomato Firmware' started by tx33, Jul 1, 2008.

  1. tx33

    tx33 Addicted to LI Member

    I am running a WPA network. How would I go about allowing a single MAC address to connect without encryption?
     
  2. LLigetfa

    LLigetfa LI Guru Member

    Run a wire to it. AFAIK Tomato doesn't support multiple SSIDs.
     
  3. nvtweak

    nvtweak LI Guru Member

    MAC filtering does not really protect your network from intrusion anyways. In all actuality, if you had a secure WPA network but allowed one unencrypted client, you effectively broke all of the security. Just about any knowledgeable computer user could get right onto your unencrypted network. All it takes is a simple MAC spoof (or changing of one's MAC address to that of the trusted one).
     
  4. mstombs

    mstombs Network Guru Member

    Pick up a little fonera and connect it to a LAN port and apply extra restrictions on just that IP address?
     
  5. HennieM

    HennieM Network Guru Member

    If you REALLY want to do that, you could try dd-wrt firmware, which lets you run multiple SSIDs. If it would allow an unencrypted one I don't know.

    Heed the warnings above however!! Such an arrangement would make your whole network unencrypted and free 4 all for all practical purposes. You might as well then have everything unencrypted, and, in order to maintain the fuzzy feeling (as it's just a feeling - maybe 0.1% protection) that your net is protected, set up your MAC filter to allow only certain stations. Your speeds will be slightly better..... ;)
     
  6. TexasFlood

    TexasFlood Network Guru Member

    With DD-WRT v24 you can add an unencypted virtual wireless interface in addition to a primary WPA interface. I've done this in tests although too paranoid to run with a back door like this normally.

    Depending on your hardware, the SSID might come across with the same MAC and not show up on most wireless clients even if set to broadcast, but you can still connect to it either way. This might actually be somewhat of a security measure for you, ;-)

    If you set it up as not bridged (might also have to add some firewall rules) you should be able to segregate it from your network if that doesn't break what you want to do. If you do bridge it into your primary network then you have a big potential back door.

    You can use MAC filtering but I think you might need to list all of your wireless MACs if you enable it, not just the one accessing the open back door.

    Probably want to go check out the dd-wrt wiki and forums a bit to see if you're comfortable with the setup before trying it. It's not rocket science but not stone simple either. I made a cheat sheet on how to set up a dd-wrt wireless bridge and had to use it when I was on the road recently with my WTR54GS - I couldn't get it working without following my cheat notes to the letter.

    I can't load Tomato on this router and only recently was able to load DD-WRT on it. The bridging capability came in handy. I ended up in a house with no wired network access and no usable wireless open APs. Before I tried a long distance modem connection, I experimented and was able to pick up a weak open wireless signal and repeat it so I could get on briefly for some light email replication - worked like a charm.
     

Share This Page