by DAN CALLOWAY
Published 18 April 2010
WEAVERVILLE, NC – I have a wireless home Local Area Network (LAN) consisting of a ProLine 6100 DSL broadband modem/router, Cisco WRT54G 802.11B/G wired/wireless router (acting as the Broadband gateway and DHCP server) operating in the 2.4 GHz range on Channel 6, and connecting one Dell Inspiron B130 laptop wired for admin console purposes running Windows XP, one Dell Inspriron B130 laptop connected wirelessly running Ubuntu Linux 9.10, one Acer Netbook connected wirelessly running Ubuntu Linux Netbook Remix 9.10, and two MacBooks connected wirelessly running MacOS 10.6.3 (Snow Leopard).
I chose to configure my Home network LAN by bridging the ProLine 6100 Broadband modem so that I removed the router functionality of that device but retained the NAT layering of the resultant switch after bridging. The Cisco router was configured with no wireless security being applied but, instead, a MAC filter list was setup on the router with an access-list permission statement that allowed only those devices whose MAC addresses were in my MAC filter list to access the router and thus connect to my LAN. The MAC address is a layer-2 address that is hard-coded into every wired and wireless NIC (Network Interface Card) by the manufacturer and is unique. No two NICs have the same MAC address worldwide. With MAC filtering in place, if someone attempts to connect to the wireless LAN, if the MAC address of their wireless NIC is not resident in my router’s MAC filter list, they won’t be able to connect to it. This is certainly true unless someone is smart enough to spoof the MAC filter list. I always thought that it was too difficult to spoof the MAC address to access a wireless network but after yesterday, I’m convinced that someone with the right tools and skill set can do it fairly easily. So, what I thought was a secure network wasn’t really secure at all.
Yes, day-before-yesterday, an apparent attack on my home LAN resulted in our losing connectivity to our Broadband service. The network intruder was apparently able to reset my Broadband Proline modem/router (while bridged), and totally reconfigure my Cisco WRT54G router, eliminating the MAC filter list contents, which contained well over 20 entries for other devices in my home in addition to my PCs that access the network for communication purposes to other services. Fortunately, all our PCs run Linux or MacOSX 10.6.3 (Snow Leopard) and, so, the intruder was not able to breech security on those boxes.
It took me the better part of the morning yesterday to rebuild my home wireless LAN. I have bridged the ProLine 6100 once again, and rebuilt the configuration of my Cisco WRT54G router. I am back online but have learned some very important lessons as a result of the attack on my wireless LAN:
(1) Never underestimate the persistence of hackers or their abilities to breech a wireless home network. This includes your neighbors who might try to steal your wireless connection.
(2) MAC filtering on a wireless router to prevent access to the router is not as secure as WEP security for the network.
(3) Save your router’s configuration by backing up the Config.bin file and putting it in a location that you won’t forget so the router’s configuration can be easily restored from the backup in the event the configuration is destroyed. This will save tons of time in rebuilding your router’s configuration.
(4) Apply some form of network security, preferably WPA-PSK (Wireless Protected Access – Preshared Key) rather than WEP (Wired Equivalency Protocol) on your LAN to secure the network in addition to MAC filtering.
Recent Comments