Open WiFi hot spot by plugging old Wifi router into new secure WiFi router? [Archive] - Glock Talk

PDA

View Full Version : Open WiFi hot spot by plugging old Wifi router into new secure WiFi router?


F14Scott
03-30-2010, 19:42
I've got a WEP-password-secured, WiFi router plugged into my home DSL connection. About a dozen things in my house are connected to my WiFi network, including laptops, video games, iPod Touches, Netflix boxes, etc. All of them must use a password to connect to my network.

If I were to take an old WiFi router and, via Ethernet cable, connect it to my current router, could that old router now be used as an "open" WiFi hot spot, one that could provide Internet access to guests without a password? If so, would my system be as safe from hacker attack as I am now with my WEP, or would I be opening up the front door?

The reason I ask is that I use an iPod Touch, and find myself wondering why there are a zillion WiFi networks everywhere, but most of them are secure networks. It would seem, if there were an easy, secure way to provide open WiFi, it would be an attractive thing for a business to provide.

IndyGunFreak
03-30-2010, 19:49
I've got a WEP-password-secured, WiFi router plugged into my home DSL connection. About a dozen things in my house are connected to my WiFi network, including laptops, video games, iPod Touches, Netflix boxes, etc. All of them must use a password to connect to my network.

If I were to take an old WiFi router and, via Ethernet cable, connect it to my current router, could that old router now be used as an "open" WiFi hot spot, one that could provide Internet access to guests without a password? If so, would my system be as safe from hacker attack as I am now with my WEP, or would I be opening up the front door?

The reason I ask is that I use an iPod Touch, and find myself wondering why there are a zillion WiFi networks everywhere, but most of them are secure networks. It would seem, if there were an easy, secure way to provide open WiFi, it would be an attractive thing for a business to provide.

Really, it doesn't matter. WEP is about as secure as an unlocked car w/ the keys in the ignition and a big sign on it saying "STEAL ME"... If you live in a neighborhood type setting, where there's possibly kids around. Newsflash, they've probably already cracked your network.

If you don't believe me, google "5min WEP crack"

Some businesses, do provide open networks.

StuntPilot
03-30-2010, 19:55
Yes, you could plug another wireless router into the switchport on an existing router. However, any open wireless access point could allow hackers onto your network. Your WEP router is better than nothing, but the WEP keys are easily cracked. Save up and get a router with WPA/WPA2.

To provide 'free' wifi to guests, you could setup a captive portal. This allows a web-based authentication similar to Starbucks. You need a router that supports the firmware upgrade, but the software is open source, and free.

http://coova.org/Overview

http://coova.org/Download

seanmac45
03-30-2010, 20:08
Tag for later reference

Ljunatic
03-30-2010, 20:08
My Netgear N router has an option for a separate "guest" wireless network with its own security settings and SSID. You can choose to turn it on and off as needed. It has no access to your local network (unless you want it).

I use mine for the grandkids to connect their ipods .

wct097
03-31-2010, 04:50
Your best bet would be to use the 'open' access point as the AP that connects to your DSL, then plug the 'WAN' port on your secure AP to one of the network ports on the open AP. In theory, anyone on your open AP would have the same trouble hacking through your secure AP's firewall as someone on the internet. If you plug your open AP into your secured AP, anyone that authenticates to your network can likely see anything connected to your secure AP.

That said, an open AP allows anyone to access the internet through your connection. This can slow down your access, at best, or get you in legal trouble at worst. Another thing to note, as others have said, WEP isn't secure from anyone wanting to 'hack' your network. Use WPA with a long key.

MavsX
03-31-2010, 05:29
I've got a WEP-password-secured, WiFi router plugged into my home DSL connection. About a dozen things in my house are connected to my WiFi network, including laptops, video games, iPod Touches, Netflix boxes, etc. All of them must use a password to connect to my network.

If I were to take an old WiFi router and, via Ethernet cable, connect it to my current router, could that old router now be used as an "open" WiFi hot spot, one that could provide Internet access to guests without a password? If so, would my system be as safe from hacker attack as I am now with my WEP, or would I be opening up the front door?

The reason I ask is that I use an iPod Touch, and find myself wondering why there are a zillion WiFi networks everywhere, but most of them are secure networks. It would seem, if there were an easy, secure way to provide open WiFi, it would be an attractive thing for a business to provide.

step 1, get rid of wep, use wpa2. Step 2, give your guests the password for your network. Or if you want, change your password, then when the guests arrive, give them the password. When they leave change the password back or to something else

prism
03-31-2010, 18:57
get a network cable and let them plug in the wired-way

F14Scott
03-31-2010, 20:22
I'll do the WEP -> WPA thing; didn't know WEP was so bad.

I can't always allow wired connections, as iPods don't have that capability.

As far as giving out and/or changing passwords, that is the kind of thing I was hoping to avoid. Ideally, as a guy who doesn't want to put a lot of time or effort into a system, I was hoping I could have my secure WiFi router doing its thing for myself and my family, and plugging in an unsecure WiFi router to allow for a free little hotspot for anyone else, no muss, no fuss.

However, I don't want to compromise my (evidently already weak) security, or go through a lot of trouble setting up a system that will be used only rarely. Since I had the old router on hand, I had hoped it would be as simple as plug and play.

Sounds like what I'm suggesting won't work out.

MavsX
04-01-2010, 08:04
I'll do the WEP -> WPA thing; didn't know WEP was so bad.

I can't always allow wired connections, as iPods don't have that capability.

As far as giving out and/or changing passwords, that is the kind of thing I was hoping to avoid. Ideally, as a guy who doesn't want to put a lot of time or effort into a system, I was hoping I could have my secure WiFi router doing its thing for myself and my family, and plugging in an unsecure WiFi router to allow for a free little hotspot for anyone else, no muss, no fuss.

However, I don't want to compromise my (evidently already weak) security, or go through a lot of trouble setting up a system that will be used only rarely. Since I had the old router on hand, I had hoped it would be as simple as plug and play.

Sounds like what I'm suggesting won't work out.

if you change the password on the access point. All the other machines will prompt for the new password. That's not going to take too long to type in a few passwords. I remember you said 12 devices..still..thats like 15 minutes!

dont worry about not knowing about the wep insecurity. Not everyone is a bunch of nerds like us! Take it easy and good luck

dotsun
04-01-2010, 08:09
Just remember that you are responsible for what information crosses your network.

ChristopherBurg
04-01-2010, 11:17
As far as giving out and/or changing passwords, that is the kind of thing I was hoping to avoid. Ideally, as a guy who doesn't want to put a lot of time or effort into a system, I was hoping I could have my secure WiFi router doing its thing for myself and my family, and plugging in an unsecure WiFi router to allow for a free little hotspot for anyone else, no muss, no fuss.

First you're going to have to change all your device's wireless security settings and password when (certainly not if) you move over to WPA. The devices will have to know they are now using security (because WEP isn't security, it's literally as good as nothing these days) and will need to know why type (WPA), what encryption method (you'll have an option of TKIP or AES, use AES as TKIP is broken), and the new pre-shared key (password).

Also as stated plugging in an open access point to your network will eliminate all of your security as that open access point will become the weak link.

Pierre!
04-01-2010, 12:45
Might as well make sure that you understand that WPA is also VERY crackable/hackable today.

You DO need WPA2... not just WPA.

HTH

ChristopherBurg
04-01-2010, 14:05
Might as well make sure that you understand that WPA is also VERY crackable/hackable today.

You DO need WPA2... not just WPA.

HTH

That's actually a misconception. WPA2 is nothing more than the mandatory implementation of optional components of WPA. The main difference is the use of AES encryption is now mandatory whereas WPA it was optional (with the options being either TKIP or AES).

The optional clauses were there to preserve backwards comparability (many older devices were unable to support AES with a simple firmware update whereas TKIP used rotating WEP keys so most devices could be upgraded to work with it). The encryption method TKIP itself is broken not any particular part of WPA's authentication mechanism.

If you use WPA with AES you are in essence using WPA2.

Pierre!
04-01-2010, 14:42
That's actually a misconception. WPA2 is nothing more than the mandatory implementation of optional components of WPA. The main difference is the use of AES encryption is now mandatory whereas WPA it was optional (with the options being either TKIP or AES).

The optional clauses were there to preserve backwards comparability (many older devices were unable to support AES with a simple firmware update whereas TKIP used rotating WEP keys so most devices could be upgraded to work with it). The encryption method TKIP itself is broken not any particular part of WPA's authentication mechanism.

If you use WPA with AES you are in essence using WPA2.

Interesting - So you are saying that the TKIP offered with WPA2 is implemented with AES? Or that the TKIP offered on WPA2 is also broken, and that only the AES method is solid... And that this was all a ploy to get me to Draft N 300 "Turbo" MBPS... Right?

ChristopherBurg
04-01-2010, 14:50
Interesting - So you are saying that the TKIP offered with WPA2 is implemented with AES? Or that the TKIP offered on WPA2 is also broken, and that only the AES method is solid... And that this was all a ploy to get me to Draft N 300 "Turbo" MBPS... Right?

WPA2 can not be used with TKIP by definition. The mandatory use of AES in place of TKIP is the only real difference between WPA and WPA2. If an access point is offering the ability to use WPA2 with TKIP it is not actually WPA2.

TKIP uses a series of rotating WEP keys and can not be implemented with AES.

AES is the only secure encryption method currently available to 802.11 access points. All other encryption methods should be avoided.

Pierre!
04-01-2010, 14:56
WPA2 can not be used with TKIP by definition. The mandatory use of AES in place of TKIP is the only real difference between WPA and WPA2. If an access point is offering the ability to use WPA2 with TKIP it is not actually WPA2.

TKIP uses a series of rotating WEP keys and can not be implemented with AES.

AES is the only secure encryption method currently available to 802.11 access points. All other encryption methods should be avoided.

HA HA... I was just coming back to post that I got this exact info after you shared the diff between the WPA & WPA2...

So it WAS a plot to get me to move to Draft N ... :rofl:

I will be changing my WiFi setup before too long!

Thanks for the heads up on this ChristopherBurg.

ChristopherBurg
04-01-2010, 17:16
No problem. I had to study various wireless security suites for a job once so I gained quite a bit of knowledge in the process.

That does bring me to another option. Depending on the devices that need to be setup you can look into Wi-Fi Protected Setup. It makes setting up devices with WPA using AES much easier.

Access points that are equipped with it will have a button on them. You press the button on the access point and then there will be a mechanism to activating the setup on the other device (usually a software button). Activate that button and they will automatically sync up and you'll have a secure connection. Here is a better explanation:

http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup

The only downside is not many devices support it at this point.