1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Separate security settings for wireles B and G?

Discussion in 'Tomato Firmware' started by frifox, Aug 20, 2009.

  1. frifox

    frifox Addicted to LI Member

    currently most of the devices in my house use 802.11g with WPA2-AES security, and for those devices that can support only 802.11b with WEP i have a separate AP specifically for that purpose (old dlink wifi router).

    would it be possible to have my WRT54GL running Tomato 1.25 treat 802.11g / 802.11b securities separately? meaning, have G use WPA2+AES while have B accept clients using WEP+MacAddress based access restriction?

    Thanks for the feedback!
     
  2. premudriy

    premudriy LI Guru Member

    I don't know if it's possible with tomato 1.25, but think about it: any user of G card will be able to connect in B standard as well, thus making your WPA2+AES useless. WEP is pretty easy to crack, so even if 1.25 can do it and if you are really worrying about security, I wouldn't go with the set up that you are describing.
     
  3. frifox

    frifox Addicted to LI Member

    yeah, i'm aware of the risks... i even cracked WEP myself (took 7 hours though). i have a linksys standalone internet radio device that supports only wireless B and doesnt understand WPA/WPA2 so WEP is the only option. i was thinking of white-listing wireless B client MAC addresses so even if someone cracks WEP they still wont be able to use the network.
     
  4. humba

    humba Network Guru Member

    The current wireless drivers don't allow for multi SSID though there are drivers out there that do allow for it - it's merely a matter of somebody integrating them and writing a GUI for it (multi-SSID is what you need to have different networks with separate security settings.. )
    MAC address filtering isn't much of a security measure though.. there are plenty of tools that allow you to change a MAC address so all you need to do is snif traffic when an authorized device connects and there you have your MAC address to spoof.
     
  5. frifox

    frifox Addicted to LI Member

    yup, i'm aware of that too... the reason i'm not worrying too much about it is because my radio is on 24/7, never turned off... of course the hacker can inject deauth packets to force the radio to disassociate but i highly doubt it would come down to that since there are MUCH more unsecured or at least less secured wifi networks around my place :)

    anyways, thanks for the hint. i'll make sure to look more into multi-SSID... i just wasnt sure if i could do separate security settings with that :D
     

Share This Page