Reply to thread
GBAtemp.net - The Independent Video Game Community
Search
Search titles only
By:
Search titles only
By:
Reply to thread
GBAtemp.net - The Independent Video Game Community
Home
Log in
Terms & Rules
Donate
Forums
New posts
Search forums
Groups
Public Events
New
New posts
New resources
New blog entries
New profile posts
New blog entry comments
New threadmarks
Latest activity
Cheats
Cheat Codes Add and Request group
The Legend of Zelda: Tears of the Kingdom cheat codes
Pokémon Legends: Arceus cheat codes
Xenoblade Chronicles 3 cheat codes
Fire Emblem Engage cheat codes
Request a cheat...
Tutorials
Nintendo Switch tutorials
Nintendo 3DS tutorials
Nintendo Wii U tutorials
Reviews
Overview
Official reviews
User reviews
Downloads
Latest reviews
Search resources
Blogs
New entries
New comments
Blog list
Search blogs
Chat
Top chatters
Search
Search titles only
By:
Search titles only
By:
Log in
Register
New posts
Search forums
Log in
Register
Home
Forums
PC, Console & Handheld Discussions
Nintendo DS
nds-constrain't - Taking advantage of a flaw in the Nintendo DS(i) SSL library
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Searinox" data-source="post: 8369472" data-attributes="member: 110193"><p>There are a lot of people with concerns about WEP security or inability to accomodate an extra AP on their existing router or objections to using WEP because it downgrades speed to 54Mbps. If you have any old routers lying around, you can connect them to your current router's ethernet ports or your desktop via internet connection sharing, and use them as dedicated devices solely for WFC(plug cable into WAN port and configure DHCP or Static IP). If you do so, your options for security can be improved. Here's what you can do with a WFC-only dedicated device:</p><p></p><p>-open instead of shared key</p><p>-13-character password with reasonable length and good password-choosing practices</p><p>-MAC filter to allow only DS-capable device(s) that can actually use the AP</p><p>-exclusive use of the WFC DNS without any secondaries like 8.8.8.8 and such</p><p>-if possible, setting DNS override and authoritative mode on</p><p>-allocating specific IPs to the connecting devices and disabling DHCP</p><p>-firewall or port rules that block or send traffic nowhere from any other IPs other than the allowed ones</p><p>-blocking port 53 on firewall rules from any address except the WFC DNS; this prevents an attacker from setting their own custom DNS to resolve hosts and browse the web regardless of the limitations of the WFC DNS</p><p>-firewall or port rules that block access to the router's UI <strong>together with</strong> making the interface accessible only from the WAN port via remote administration; this will protect the router from attackers sniffing the wifi to decrypt login packets; if you do not enable and verify that remote management works before you block LAN UI access, you will lock yourself out of your device!</p><p>-activate client isolation if possible</p><p>-limit max simultaneous wifi devices to the number of devices you can use on WFC</p><p>-set router to B-mode only, disable G, N, AC etc.; this will further deter attackers from using an AP that has very poor speeds and the DS only supports B speeds anyway</p><p>-possibly spoof wifi MAC with a made-up value; since MACs can give away your router model/manufacturer and attackers might know of firmware vulnerabilities for the device</p><p>-disable telnet, SSH, WPS on your device if it has these</p><p></p><p>Any attacker that gets on will find they need to do massive amounts of work just to get on, and will need to catch an actual session to figure out a MAC they can use. Then an IP which works cause they'll have to do a static config. Then - if even possible - make a third party DNS work. And the speed will be crap. They may not even be able to get proper internet going nor can they snoop the rest of your network. That said, they may still be able to knock you offline by MAC spoofing but most likely, the attacker will just get quickly bored/annoyed and give up.</p></blockquote><p></p>
[QUOTE="Searinox, post: 8369472, member: 110193"] There are a lot of people with concerns about WEP security or inability to accomodate an extra AP on their existing router or objections to using WEP because it downgrades speed to 54Mbps. If you have any old routers lying around, you can connect them to your current router's ethernet ports or your desktop via internet connection sharing, and use them as dedicated devices solely for WFC(plug cable into WAN port and configure DHCP or Static IP). If you do so, your options for security can be improved. Here's what you can do with a WFC-only dedicated device: -open instead of shared key -13-character password with reasonable length and good password-choosing practices -MAC filter to allow only DS-capable device(s) that can actually use the AP -exclusive use of the WFC DNS without any secondaries like 8.8.8.8 and such -if possible, setting DNS override and authoritative mode on -allocating specific IPs to the connecting devices and disabling DHCP -firewall or port rules that block or send traffic nowhere from any other IPs other than the allowed ones -blocking port 53 on firewall rules from any address except the WFC DNS; this prevents an attacker from setting their own custom DNS to resolve hosts and browse the web regardless of the limitations of the WFC DNS -firewall or port rules that block access to the router's UI [B]together with[/B] making the interface accessible only from the WAN port via remote administration; this will protect the router from attackers sniffing the wifi to decrypt login packets; if you do not enable and verify that remote management works before you block LAN UI access, you will lock yourself out of your device! -activate client isolation if possible -limit max simultaneous wifi devices to the number of devices you can use on WFC -set router to B-mode only, disable G, N, AC etc.; this will further deter attackers from using an AP that has very poor speeds and the DS only supports B speeds anyway -possibly spoof wifi MAC with a made-up value; since MACs can give away your router model/manufacturer and attackers might know of firmware vulnerabilities for the device -disable telnet, SSH, WPS on your device if it has these Any attacker that gets on will find they need to do massive amounts of work just to get on, and will need to catch an actual session to figure out a MAC they can use. Then an IP which works cause they'll have to do a static config. Then - if even possible - make a third party DNS work. And the speed will be crap. They may not even be able to get proper internet going nor can they snoop the rest of your network. That said, they may still be able to knock you offline by MAC spoofing but most likely, the attacker will just get quickly bored/annoyed and give up. [/QUOTE]
Insert quotes…
Verification
Post reply
Home
Forums
PC, Console & Handheld Discussions
Nintendo DS
nds-constrain't - Taking advantage of a flaw in the Nintendo DS(i) SSL library
General chit-chat
Help
Users
Settings
Notifications
Miscellaneous
Inverse message direction
Display editor on top
Enable maximized mode
Display images as links
Hide bot messages
Hide statuses
Hide chatter list
Show messages from ignored users
Temporarily disable chat
Receive mention alerts
Sound notifications
Normal messages
Private messages
Whisper messages
Mention messages
Bot messages
Desktop notifications
Normal messages
Private messages
Whisper messages
Mention messages
Bot messages
Options
Options
View top chatters
Xdqwerty
Loading…
what are you looking at?
AncientBoi
Loading…
Psionic Roshambo
Loading…
@
AncientBoi
:
nah. Naturalist time !
+1
49 minutes ago
@
Psionic Roshambo
:
Lol
+2
49 minutes ago
@
Psionic Roshambo
:
Miso horny me love you thong time
+2
45 minutes ago
@
AncientBoi
:
Which reminds me. I haven't had a Miso soup inna long long time
+1
38 minutes ago
@
Xdqwerty
:
@AncientBoi
, whats a miso soup?
+1
38 minutes ago
@
AncientBoi
:
Miso Soup - a popular Japanese soup made with miso paste, dashi stock, and various ingredients such as tofu, seaweed, and green onions.
+2
36 minutes ago
@
Psionic Roshambo
:
Delicious!
+2
36 minutes ago
@
Psionic Roshambo
:
https://m.youtube.com/watch?v=NYfwRtS9Rmc&pp=ygUaSXQncyBjYWxsZWQgYSBzb3VwIGtpdGNoZW4=
+2
33 minutes ago
@
Xdqwerty
:
I can't stop procrastinating
20 minutes ago
@
AncientBoi
:
https://www.youtube.com/watch?v=8DyziWtkfBw
16 minutes ago
@
Xdqwerty
:
@AncientBoi
, can I make that awkward question i mentioned a bit ago?
15 minutes ago
@
AncientBoi
:
[your famous word]
14 minutes ago
@
Xdqwerty
:
@AncientBoi
, scroll up
13 minutes ago
@
Psionic Roshambo
:
Make your questions
+1
13 minutes ago
@
Xdqwerty
:
Gonna say it in hex code
10 minutes ago
@
Xdqwerty
:
-snip-
10 minutes ago
@
AncientBoi
:
8 minutes ago
@
Xdqwerty
:
@AncientBoi
, sorry sorry
8 minutes ago
@
AncientBoi
:
STOP IT, STOP IT, STOP IT
8 minutes ago
@
Xdqwerty
:
Okokokok i'm gonna do it
@AncientBoi
7 minutes ago
@
AncientBoi
:
EXACTLY WHY I'M ON ZOLOFT FOR !
7 minutes ago
@
Xdqwerty
:
@AncientBoi
, i was in Zoloft too and i didnt work
6 minutes ago
@
Xdqwerty
:
I regret saying it
5 minutes ago
@
AncientBoi
:
l8er guys .....................
4 minutes ago
@
Xdqwerty
:
Later too...
3 minutes ago
Submit
@
Xdqwerty
:
Later too...
3 minutes ago
Chat
3