Networking & Wireless forum

General discussion

Mixing WPA and WPA2 security

by Bill Osler / July 3, 2010 11:40 AM PDT

I know that there have been published reports of somebody using clustered computers to hack WPA security, though that attack should fail if the password is sufficiently complex. Still, I suspect that people truly will be able to crack WPA at some point.
That raises a question. My home network is mixed WPA/WPA2 because some of the attached devices (eg: my Palm TX) won't do WPA2.
If/when people start successfully hacking WPA, what impact does that have on the network devices that use WPA2?
Personally I don't care too much if somebody listens in on my Palm updates - there is little of interest to hackers in the data, and I don't keep things like social security numbers in the Palm. That said, the rest of the network DOES sometimes have sensitive information. Will it still be protected when WPA is truly cracked?

Discussion is locked
You are posting a reply to: Mixing WPA and WPA2 security
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Mixing WPA and WPA2 security
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
So far the issue is not them collecting your SSN
by R. Proffitt Forum moderator / July 3, 2010 9:26 PM PDT

That can be found with easier or classic methods. But let me state why you don't want others to use your internet connection. This is painfully simple and for those that disagree, let's let them live with their decision. Ready?

The short reason is that if someone used your connection for downloading a movie or something that is deemed illegal in your country then the trace leads to your connection.

--- NEW SUBJECT ---

What to do with some device that doesn't do WPA2? Just one idea that works is to use what is about post 18 in this forum for a WAP that is configured for PORT 80 only use. By only allowing PORT 80 on a WAP there are no paths or ways to use file or printer shares. The devices can only find and use web servers.

Sorry if WAP, and PORTs are not in your lexicon but when you configure such things you eventually catch up.
Bob

Collapse -
That's worse than I thought ...
by Bill Osler / July 3, 2010 10:45 PM PDT

If the primary issue is liability for leaching then there are other complications. My son has been bugging me about setting up wireless access for his Nintendo DS, but it only supports WEP. From a privacy perspective I could set up Guest access using WEP on the main router (not the Access Point) but that would provide ZERO protection against leaching. I haven't seen specific information re: which ports the DS uses and I'm not even certain whether I can impose specific limits on ports for Guest access that differ from the settings for the regular access.

I don't think I can restrict the WAP to just port 80. Two of the wireless devices on the network are Windows PCs that do need to share print/file services.

The worst concerns are probably moot for now - my impression is that WPA vulnerability is fairly limited as long as the password is strong and eventually everything will support WPA2 or whatever comes next. It would be silly for somebody to work to steal my WPA access when my neighbor is using WEP. I wonder if I should tell her she needs to switch? She's not a techie and I do NOT want to put myself in the position of offering her tech support.

Collapse -
There's a doc for that.
by R. Proffitt Forum moderator / July 3, 2010 10:58 PM PDT

Port list is at http://www.nintendo.com/consumer/wfc/en_na/ds/firewall.jsp?topicId=Firewall_Help_USB&catId=USB

"Allowing TCP and UDP Traffic:
The Nintendo DS requires unrestricted access to several sites across various ports and protocols to function correctly. These addresses and ports vary according to game, and may change in the future without notice. Many software firewalls restrict outbound access. Only if your firewall blocks outbound traffic do you need to enable this traffic:

TCP:
Allow traffic to all destinations on ports: 28910, 29900, 29901, 29920, 80, and 443

UDP:
Allow all traffic to all destinations. (Necessary for peer-to-peer connections and game play). The Network Test tool can be used from a computer behind your firewall to test if outbound UDP is allowed."

While I would not be thrilled to allow all that, it would be possible with setup a router as a WAP (see post 18 in this forum's sticky) and WEP it along with allowing ONLY those ports.

I might think about putting it on a timer so it has hours of operation so that torrent users will find it unstable and look elsewhere.

Again, it's not so much the liability angle but who wants to be on the receiving end of some overzealous district attorney witch hunt?
Bob

Collapse -
About Post 18 on the Sticky ...
by Bill Osler / July 4, 2010 12:04 AM PDT

I have seen more-or-less the same instructions elsewhere, and they have always worked for me with other brand routers until now. I recently bought a Belkin Wireless N router, and I wired it just like the Netgear router instructions show. It sortof worked. It turns out that for the Belkin router the best results come by wiring the WAN port of the Belkin to one of the LAN ports of the router providing NAT/DHCP services, not from connecting a LAN port of each router as I have done in the past. If you ever update the post you might emphasize the point I initially ignored: RTFM. In this case:
1. Enable the AP mode my selecting ?Enable? in the ?Use as Access Point only? page. When you select this option, you will be able to change the IP settings.
2. Set your IP settings to match your network. Click ?Apply Changes?.
3. Connect a cable from the WAN port on the Router to your existing network.

Collapse -
There are variations on the use the router as a WAP.
by R. Proffitt Forum moderator / July 4, 2010 12:23 AM PDT

Newer models have the Use as an Access Point feature and the article/post 18 is no substitute for a product's manual.

Sadly many folk flame the moderators when we ask them to Read The Fine Manual.
Bob

Collapse -
Simpler solutions ...
by Bill Osler / July 4, 2010 12:33 AM PDT

I have an extra wireless router laying around that I could set up specifically for him to use without compromising anything on the home LAN. I would just have to give up channel bonding on the new router to clear a frequency he could use(I don't have any 802.11n dual channel devices so I have just a few frequencies to choose from). He could unplug the router when he stopped using WiFi. That way I would not have to deal with all the configuration hassles. Of course it would only be secure if he remembered to unplug the router every time.

OR - the simplest solution of all - I may just tell him that if he lived without online play on the DS thus far he can continue to do so. He could always upgrade to DSi or whatever comes next if he wishes, but judging from what I've read, Nintendo implemented the game/WiFi interface in a fashion that precludes use of WPA with the old DS games even on the newer hardware that supports WPA. It's not a perfect world.

The Wii offers wired connections via a USB adapter but I don't think the DS allows that. Too bad.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.