Menu
What's new
By:
Filters Better Search

WEP and (Lack of) Security

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

B

Bulldog

Regular Contributor
My network is protected by WPA2/AES. My son wants to go online with his Nintendo DS Lite. As you may know, the DS Lite uses WEP only. (It's also 802.11b.)

I have an old router that I converted to being an access point. It's configured with WEP and 802.11b. I connect the access point to my router with Ethernet cable. When my son wants to go online with his DS Lite, he connects to this access point.

If I understand correctly, the access point compromises the security of my network, at least in theory, because anyone who wants to crack WEP can join my network while the access point is powered on. For this reason, when the access point is powered on, I shut down the computers on my network.

Is there a better way for me to protect my network when the WEP access point is powered on? My router doesn't support guest SSIDs.
 
Opinion: WEP128 is sufficiently secure unless you live in a college dorm.
A bad guy would need motive and reward and proximity.
 
Bulldog said:
My network is protected by WPA2/AES. My son wants to go online with his Nintendo DS Lite. As you may know, the DS Lite uses WEP only. (It's also 802.11b.)

I have an old router that I converted to being an access point. It's configured with WEP and 802.11b. I connect the access point to my router with Ethernet cable. When my son wants to go online with his DS Lite, he connects to this access point.

If I understand correctly, the access point compromises the security of my network, at least in theory, because anyone who wants to crack WEP can join my network while the access point is powered on. For this reason, when the access point is powered on, I shut down the computers on my network.

Is there a better way for me to protect my network when the WEP access point is powered on? My router doesn't support guest SSIDs.
Click to expand...

That sucks. If you're using third party firmware like ddwrt on your old router you could setup a virtual lan using firewall rules that keeps anyone connected to the WEP secured AP from accessing computers/clients on your real lan. You could also filter by mac address (although this is easy to get around) but worth it any way since you're only doing this for one device.

At any rate, even if they do get access to your WEP router, the firewall rules would keep them isolated from the rest of your network. The only thing they could do at that point is use your bandwidth. Which is why it would also be a good idea to implement some type of QoS.
 
Thanks to you both.

I do actually use a 128-bit WEP key (26 hexadecimal characters), and I could probably get away with that given that my son doesn't stay online for all that long and we live in the suburbs. But stuff happens.

No chance for third-party firmware (my Asus RT-N56U uses a Ralink chip), however it didn't occur to me that I could use firewall rules to isolate the access point from the rest of my network. Like a guest SSID only the hard way. This is something I will definitely look into.
 
Solution...Not So Good

I have a solution. It's not a good solution, but it works.

When you attach a wireless access point protected by WEP to a WLAN otherwise protected by WPA2, the security of the whole network is compromised. It's like installing an alarm system in your home and leaving the back door open.

When my son wants to go online with his Nintendo DS Lite - which only supports WEP - he connects to a wireless access point that connects directly to our cable modem with an Ethernet cable. That means I have to disconnect the RT-N56U from the modem. We still have a network, we just can't access the internet.

It's not convenient, but he's 10-years old and we love him.
 
Have you considered running a guest network with the AP? Set up a separate IP range that gateways through your router to the internet, that way if someone compromises you WEP protection, all they can get is the internet, nothing on you home network would be visible.

If your router doesn't support a guest network, or the nintendo needs DHCP, you can cascade your old router (as a router) off of your current router, just with a different IP range, say 192.168 & 10.6.

If your B-router supports fettering of DHCP, you could limit it to the DS MAC addr, or provide only one IP.

Hope that helps
 
Last edited:
Bulldog said:
My network is protected by WPA2/AES. My son wants to go online with his Nintendo DS Lite. As you may know, the DS Lite uses WEP only. (It's also 802.11b.)

I have an old router that I converted to being an access point. It's configured with WEP and 802.11b. I connect the access point to my router with Ethernet cable. When my son wants to go online with his DS Lite, he connects to this access point.
Click to expand...

Hmmm... been down that path with my son's DS stuff...

Maybe time to upgrade him to a DSi or 3DS - both support WPA2 - and he'll be happier for it ;)
 
You must log in or register to reply here.

Similar threads

TheLostSwede
News Zyxel Networks launches all-in-one router with comprehensive cybersecurity to support smaller businesses and teleworkers
Replies
1
Views
510
Justinh
J
P
AP remote access
Replies
0
Views
156
paque1960
P
I
General question re. wifi devices disconnecting and reconnecting
Replies
13
Views
1K
degrub
D
M
Blocking some devices to connect to the network or accessing the internet
Replies
1
Views
286
Justinh
J
TheLyppardMan
IoT Device (Dyson Air Purifier) - Urgent advice needed on security
2
Replies
21
Views
2K
L&LD
L&LD
Similar threads
Thread starter Title Forum Replies Date
S WiFi Access Points & Security Cams General Wi-Fi Discussion 2
C Security wifi print question-Really trying to up my safety General Wi-Fi Discussion 2
S Question about security protocol used by RT-ACU86U General Wi-Fi Discussion 1

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 745 (members: 29, guests: 716)
Top