<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-15">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><font size="-1">[Inline]</font><br>
</p>
<div class="moz-cite-prefix">On 2018-09-17 4:48 p.m., D. Hugh
Redelmeier wrote:<br>
</div>
<blockquote type="cite"
cite="mid:alpine.LFD.2.21.1809171552440.15607@redeye.mimosa.com">
<pre class="moz-quote-pre" wrap="">| From: David Collier-Brown via talk <a class="moz-txt-link-rfc2396E" href="mailto:talk@gtalug.org" moz-do-not-send="true"><talk@gtalug.org></a>
| To: UU <a class="moz-txt-link-rfc2396E" href="mailto:u-u@unixunanimous.org" moz-do-not-send="true"><u-u@unixunanimous.org></a>, GTALUG Talk <a class="moz-txt-link-rfc2396E" href="mailto:talk@gtalug.org" moz-do-not-send="true"><talk@gtalug.org></a>
I don't think that it is great to post a message once to two public
mailing lists. It can lead to odd entanglements. It's fine to
separately post the same message to two lists. I'm violating this
suggestion with this message.
| I have a Rogers-supplied router and cable modem package, which twice has shown
| significant usage when I was out, once with the original unit and once with
| their replacement Cisco.� That makes me suspicious of the current state of
| authentication for wi-fi schemes (and I use the term "schemes" advisedly: they
| used to horribly leaky (;-))
Wow. Interesting.
If it were me, I'd try to figure out who was doing this. But in
reality that's probably more work than it is worth.
| What's a good approach? I have considered
|
| * MAC address lists,
MACs a so spoofable. Why bother?
If I remember correctly, OSX now has a feature that lets you use a
random MAC on your wireless just to avoid other people tracking you.</pre>
</blockquote>
<p>It's like a non-obvious lock for a glass door: for some reason
you can't open the door, and you may not wish to break it.� This
uninvited guest seems very unobtrusive. If they're not skilled,
they might need to break something (like a machine that's already
on the net) to get a MAC that will work, which would be like
breaking the glass door.<br>
</p>
<blockquote type="cite"
cite="mid:alpine.LFD.2.21.1809171552440.15607@redeye.mimosa.com">
<pre class="moz-quote-pre" wrap="">
| * no wi-fi (strictly wired doesn't work with solid concrete walls),
I don't imagine your threat models are so severe that this matters.
But for the paranoid: even traffic analysis (without decryption)
reveals a lot.
| * a second router with a more secure protocol (/is/ there such a
| protocol? And will my wife's Mac speak it?))
I think that the best compromise for most individuals who care even a
bit is:
- Turn off the modem's WiFi and put it in bridge mode. You may have
to repeat this after a power failure or a (generally unannounced)
firmware update.
Why: Rogers has 100% control of the modem (remote provisioning,
firmware updates). They have (if they choose) access to your LAN
unless you put something between the modem and the LAN.
- use your own wireless router. Choose one that has a decent radio
and is well supported by OpenWRT. Run OpenWRT on it.</pre>
</blockquote>
<p>In the bufferbloat era, I used to run a research openwrt variant
, but that was for performance, not security.� I could recreate it
at need.</p>
<p>--dave<br>
</p>
<blockquote type="cite"
cite="mid:alpine.LFD.2.21.1809171552440.15607@redeye.mimosa.com">
</blockquote>
<pre class="moz-signature" cols="72">--
David Collier-Brown, | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
<a class="moz-txt-link-abbreviated" href="mailto:davecb@spamcop.net">davecb@spamcop.net</a> | -- Mark Twain
</pre>
</body>
</html>