Some questions about security / Xmit power

Discussion in 'DD-WRT Firmware' started by Chyper, Jun 11, 2006.

  1. Chyper

    Chyper Network Guru Member

    Hi there,

    since i updated my WRT54GS v1.1 to DD-WRT v23SP1, i have some questions about WLAN security. Following my current settings:

    - Macfilter is enabled
    - WPA2 Pre-Shared Key mixed (AES) with a secure key (generated via )
    - "Max Associated Clients" setting was changed to 1 (I use only one wireless device)
    - Wireless GUI access / Remote access disabled
    - SSID broadcast disabled
    - UPnP disabled
    - Telnet/SSH and all other services (PPTP, Kaid, SNMP) disabled
    - DHCP Server disabled
    - IP-Subnet in which the router is, has a maximum of 16 addresses
    - HTTPS is enabled for gui access (LAN)

    Is there anything i can do to heighten up the security ?

    A little scenario:
    An attacker manages to connect to the router (got somehow the WPA key + MAC-address), but because no DHCP-Server is set up, he must manually set the address, to be able to do anything in the network.
    Can an attacker somehow find out the IP address of the wireless client / router. Because i have only a small range of ip-adresses in the same subnet, in which the router stands, it's for an attacker hard to guess the right IP address. But maybe he can sniff the address somehow from my client, when i authenticate to the router?!

    Another question i have is about the XMIT power. I got replacement antennas with 7db. I changed the xmit power to 56mW, but in some areas the reception is still bad. How bad is it for the router, if i set it to 70mW? Does this affect the lifecycle of the router? What about the exposure to the human body? Any negative effects (higher cancer rate etc)?

    Thanks for your answers!

  2. Toxic

    Toxic Administrator Staff Member

    Try changing your router IP from the default IP address.

    Change the routers Password.

    make sure WPA uses a 20+ character passkey.

    70mW is fine. I use 100mW here.
  3. vincentfox

    vincentfox Network Guru Member

    MAC filter and SSID disable are useless for security and trivial to defeat. In particular SSID disable may slow down association with XP Zero Config utility. It's easy to see the SSID using Kismet or any number of tools even with this "feature". Ditto for MAC filtering. Assuming a user gets your key, a glance at the traffic stream will show the IP and MAC addresses in use then a few minutes work to impersonate a usable address.

    WPA-PSK AES with a strong key is about as good as it gets. If I were to take additional measures it would be using directional antenna and REDUCING transmit power to just that which is needed, to cut off-property signal leakage.

    Your cellphone and many other wireless devices operate at higher power levels and much closer to your body. WiFi cancer is the very least of your worries.
  4. Chyper

    Chyper Network Guru Member

    Thanks for your answers.
    IP-Subnet / Router login is changed of course :)
    I think i will play around a bit with the VPN version of DD-WRT. For 1 wireless client, the router should be powerful enough to handle the VPN connection. Maybe thats to paranoid, but whatever... :)

  5. Toxic

    Toxic Administrator Staff Member

  6. mjpartyboy

    mjpartyboy LI Guru Member

    I'm thinking of flashing my WRT54GS v5.1 (UK) with DD-WRT v23 SP2 micro generic, but have a few of questions that suit this thread.

    1) Does DD-WRT support WEP encryption in addition to the others?

    2) The comparison article says the transmit power can be adjusted to 251mW via cli, but what is cli or can it be adjusted via the admin pages?

    3) What's the router's default transmit power with Linksys firmware?

    Thank you in advance!
  7. tekunix

    tekunix LI Guru Member

    1. Yes

    2. Try no to use more than a 100mW (more Xmit power equals more noise) I always recommend in my site a 100mW (but you can go up to 251 if needed in some extreme situation were you need conectivity)

    3. Linksys default Xmit Power is somewhere around 70-84mW not 28 like most people believe...

    Get your own brand new WRT54GL w/
    SD/MMC Mod @
  8. akcdualch

    akcdualch LI Guru Member

    cli = command line interface
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice