Number of wireless clients per WRT54GL?

Kurt Granroth kurt+plug-discuss at granroth.com
Sat Sep 8 12:43:07 MST 2007


Bill Lindley wrote:
> Alan Dayley wrote:
>>  The clients would be doing "office" stuff like file sharing,
> 
> I'd be concerned about file sharing over a wireless network, because of 
> the potential of corruption when airplanes fly overhead, and because 
> anyone within a few hundred feet will be able to penetrate wireless 
> networks even when allegedly 'secured.'  At the least, do you want some 
> kid in the parking lot using the office SMTP server to send spam, 
> leading to the ISP shutting down the connection?

I can't say I've ever heard of airplanes flying overhead causing
problems.  Can you explain what's going on there?  Corruption shouldn't
be an issue either since TCP/IP is pretty good about dealing with
dropped and/or corrupted packets.

Wireless security isn't quite as bad as it used to be.  Some are
actually quite secure.  Here's a quick run-down:

WEP - Completely broken.  It's worth using only to keep out the
ultra-casual sniffers or browsers.

WPA-PSK (Pre shared key) - Good!  It's secure enough that the only real
way to crack in is a brute dictionary approach on the shared password.
It's probably easier to do social engineering to get the password.

WPA2-PSK (with AES) - Even better.  Still can be beat by having easy to
guess passwords, though.

WPA2-RADIUS - Great!  Needs a central Radius server (can be done via
FreeRADIUS).  This is strong enough that the computation to crack it is
completely unfeasible.  The only real way to crack it is via a rubber
hose attack (i.e., "give me the cert or I'll beat you over the head with
this rubber hose).

If you are ultra paranoid, then you can go a step farther and use a VPN
method.  This way, you'd leave the access point wide open (no
encryption) but the only host (may be the access point itself) that can
be accessed is a VPN gateway.  Any computer could get on the wireless
network, but they couldn't actually *do* anything unless they
authenticate with the VPN.  Routers like the Linksys WRT54G can be setup
to have OpenVPN running directly on the router itself.

> Physical connections will always offer higher speeds and better security.

True!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20070908/d06834f1/attachment.pgp 


More information about the PLUG-discuss mailing list