OK, what happened?

MtnMan

Diamond Member
Jul 27, 2004
9,306
8,628
136
Removed:

forget it trolls, you are too damn eager to criticize than help. get a damn life
 
Last edited:

Fardringle

Diamond Member
Oct 23, 2000
9,200
765
126
It's possible that something got corrupted in the MAC address filtering table in the router's memory, and disabling and re-enabling the service reset whatever was corrupted.

Having said that, MAC filtering really is pretty much useless as a security feature since it can be bypassed VERY easily. Disabling SSID broadcast is equally ineffective. There are many tools that will let intruders spoof your MAC address and view the SSID even if it is not being actively broadcast. The only real effect these "features" ever have is to make it harder for you to connect your own devices to the router. In fact, some devices won't work properly if the SSID is not being broadcast.
 

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
You should not be using mac filtering or not broadcasting SSID. These are known to cause problems for clients and are not security features. They are worthless.

But what you ran into sounds like a software bug. All software has bugs.
 

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,539
418
126
Switching Off SSID disestablishing Entry Level Wireless connection.

It Not a matter of playing with words in English (the new Reality in the USA) it it a technical fact.



 

Fardringle

Diamond Member
Oct 23, 2000
9,200
765
126
If you use nothing but MAC filtering and disabling SSID broadcast as your "security" then they may actually add a VERY tiny amount of security to your network - similar to closing the door to your house but not actually locking it, and just putting a note on the door that says "This door isn't locked, but please don't come in anyway." People who are honest will see that the door is closed and move on. Dishonest people will merely push on the door and get right in.

Changing the IP address scope is not a security measure in any way at all. It merely allows you to use a different address range if needed, which can be useful in some situations but really isn't necessary all that often.

Disabling uPNP can be a good idea to help block some malware from calling home and downloading additional components to your computer.

WPA2 with a strong password (not just long, but mixed characters and no words that can be found in a dictionary) is the best security most people can get for their wireless network. Adding MAC filtering and SSID broadcast to WPA2 is like locking every window and door to your house (WPA2) then putting a note on the door that says "Attention intruders! You should try to break in here. I don't really know what I'm doing so you just might get lucky and find that I have weak locks (weak WPA2 password)."
 

bobdole369

Diamond Member
Dec 15, 2004
4,504
2
0
If you use nothing but MAC filtering and disabling SSID broadcast as your "security" then they may actually add a VERY tiny amount of security to your network - similar to closing the door to your house but not actually locking it, and just putting a note on the door that says "This door isn't locked, but please don't come in anyway." People who are honest will see that the door is closed and move on. Dishonest people will merely push on the door and get right in.

Changing the IP address scope is not a security measure in any way at all. It merely allows you to use a different address range if needed, which can be useful in some situations but really isn't necessary all that often.

Disabling uPNP can be a good idea to help block some malware from calling home and downloading additional components to your computer.

WPA2 with a strong password (not just long, but mixed characters and no words that can be found in a dictionary) is the best security most people can get for their wireless network. Adding MAC filtering and SSID broadcast to WPA2 is like locking every window and door to your house (WPA2) then putting a note on the door that says "Attention intruders! You should try to break in here. I don't really know what I'm doing so you just might get lucky and find that I have weak locks (weak WPA2 password)."


I know when I did my neighborhood audit, the non-broadcasting SSID's were far more interesting than the ones I saw every day. And if I would see MAC filtering in use, it certainly caught my attention.

Ever have to get your mother in laws MAC address?

And as to wtf happened with the config? Mayhaps you ran out of nvram on the buffalo? Somehow (Don't know how still, but I was putzing with openVPN at the time) had something similar happen to me. Got the device stuck in a loop and only reflashing with a diff package worked. I'm aware that some version of DD-WRT was vulnerable to an attack a while back. Maybe it was a particularly harsh set of odd or malformed packets... You say 2+ years bulletproof, Maybe you got a driveby? Just throwing things out there. You'll probably never know what exactly happened, you'd need to be hooked up to a debugger.
 
Last edited:

MtnMan

Diamond Member
Jul 27, 2004
9,306
8,628
136
Surely there are better threads where trolling is a better fit than in technical forums, but lesson learned, don't ask a fucking question here for the trolls sitting under the bridge just looking for something to criticize.
 
Last edited:

Fardringle

Diamond Member
Oct 23, 2000
9,200
765
126
Absolutely no trolling here. We're trying to help you. We explained the issue that you had as best as we can since we really can't do more than guess without actual logs from a debugger as bobdole said.

We're also trying to help you improve the performance and usability of your wireless network by getting rid of completely useless (and potential problem causing) settings on your router.
 

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
Surely there are better threads where trolling is a better fit than in technical forums, but lesson learned, don't ask a fucking question here for the trolls sitting under the bridge just looking for something to criticize.

It is a known issue that not broadcasting the SSID causes problems with many/most clients. If you want to call that trolling then I don't know how else I can help you. This is not something I read on the intarweb, that's personal experience of doing wireless installations in the 100s of access points per site.

You're making this be much more difficult than it really needs to be with the application of features you perceive as a security feature when they are not and are likely running into a bug of some kind.

Keep It Simple Stupid.
 

Pulsar

Diamond Member
Mar 3, 2003
5,224
306
126
404: Trolling NOT found.

Mtnman, you've gotten suggestions from some of the most experienced and talented folks on ATOT (when it comes to networking). If you're going to be out and about on the intarwebs, I suggest growing a slightly thicker skin and increasing your reading comprehension just a smidge.
 

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
Surely there are better threads where trolling is a better fit than in technical forums, but lesson learned, don't ask a fucking question here for the trolls sitting under the bridge just looking for something to criticize.

Dude, we gave you the answer but you didn't like it. Networking forum is chock full of people that do this for a living. I am sorry that you don't like the answers but we'll give you the truth.

Networking isn't some voodoo magic, it's based on experience and knowledge and understanding of the inner workings of what is actually going on under the hood.
 

Fardringle

Diamond Member
Oct 23, 2000
9,200
765
126
I'm truly sorry that your dog/hamster/ant farm/pet rock died and put you in such a bad mood, MtnMan! I'd offer to help but you'd only call me a troll again, and I happen to be a gnome - I spend a great deal of time under ground and in dark caves surrounded by gadgets and inventions (computer systems) - so being called a troll is very offensive to me...

Honestly, if you didn't want help, (and you got help from some very knowledgeable networking people) why did you ask for it?
 

BrianTho2010

Member
Jul 27, 2011
69
0
0
He's just upset that he feels dumb for thinking that MAC filtering and disabling SSID broadcast actually improves security.
 

Mediaga

Junior Member
Jul 28, 2011
19
0
0
I guess I understand the issue of non-broadcasting SSID as per MS:

http://technet.microsoft.com/en-us/library/bb726942.aspx

and other sites, but I chose not to broadcast my SSID anyway, since I've never had an issue with it, and really, I do it because I don't want the neighbors to have my NW info. Keeps the mystery alive.

As for client issues, am I correct in assuming that the problems being referred to are that some devices (such as Kindle, printers and others) will not connect to a wireless NW without a broadcasting SSID? What other problems could arise? Security is mentioned, but my impression is that any security issues of non-broadcasting are minimal? And I've been non-broadcasting for years without incident (sans Kindle, which took about 2 mins to figure out)

Also, as far as MAC filtering, I filter simply to keep my network 'clean'. Only certain devices allowed. I know that MAC addresses are simple to obtain and spoof, but again, I dont really do this for the hackers.

Add to that that Linksys recommends using MAC filtering and disabling SSID broadcasting, and it all becomes a bit muddied.

For the hackers, I have a wireless AP that isn't plugged into my wired NW 90% of the time, uses WPA2 AES and a 63 character randomly generated passphrase with special characters (and a long admin pw to boot).

So, how does MAC filtering and a non-broadcasting SSID make my wireless less secure, given the above? Not about who is right or wrong, just informational dialog.
 
Last edited:

seepy83

Platinum Member
Nov 12, 2003
2,132
3
71
I guess I understand the issue of non-broadcasting SSID as per MS:

http://technet.microsoft.com/en-us/library/bb726942.aspx

and other sites, but I chose not to broadcast my SSID anyway, since I've never had an issue with it, and really, I do it because I don't want the neighbors to have my NW info. Keeps the mystery alive.

As for client issues, am I correct in assuming that the problems being referred to are that some devices (such as Kindle, printers and others) will not connect to a wireless NW without a broadcasting SSID? What other problems could arise? Security is mentioned, but my impression is that any security issues of non-broadcasting are minimal? And I've been non-broadcasting for years without incident (sans Kindle, which took about 2 mins to figure out)

Also, as far as MAC filtering, I filter simply to keep my network 'clean'. Only certain devices allowed. I know that MAC addresses are simple to obtain and spoof, but again, I dont really do this for the hackers.

Add to that that Linksys recommends using MAC filtering and disabling SSID broadcasting, and it all becomes a bit muddied.

For the hackers, I have a wireless AP that isn't plugged into my wired NW 90% of the time, uses WPA2 AES and a 63 character randomly generated passphrase with special characters (and a long admin pw to boot).

So, how does MAC filtering and a non-broadcasting SSID make my wireless less secure, given the above? Not about who is right or wrong, just informational dialog.

Here's a little more reading about why not broadcasting your SSID does nothing for you: http://blogs.technet.com/b/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx

The SSID and any MAC addresses connected to an AP are out there in the air to be sniffed. I can sniff your SSID, and I can sniff and then spoof a MAC address that you allow to connect to your AP.

These are not security features on a wireless network.

edit: to respond to your last question ("how does MAC filtering and a non-broadcasting SSID make my wireless less secure"), it doesn't make it less secure. But it also doesn't do anything to help secure it. And it does cause problems with some clients. So, in the end, MAC filtering adds an extra (pain in the ass and useless) step for you when you need to connect a new device, and non-broadcast SSID potentially causes problems that would never arise if the SSID was broadcast.

edit 2: It's been a while since I've read about it, but I'm pretty sure a non-broadcast SSID means that the client has to constantly send out a message saying (in plain english) "hey wireless network X, are you still there?", and then the AP has to respond "yes, you're still within range of me". That makes the client and AP work harder to maintain a connection. I believe this is one of the areas that causes problems for some clients and APs. Someone else more well-versed in the subject can confirm or deny.
 
Last edited:

drebo

Diamond Member
Feb 24, 2006
7,034
1
81
Dude's whining about a modded consumer-grade wireless router exhibiting strange behavior...

I think you guys all just got trolled.
 

Mediaga

Junior Member
Jul 28, 2011
19
0
0
Here's a little more reading about why not broadcasting your SSID does nothing for you: http://blogs.technet.com/b/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx

Thanks for the link. They're down for maintenance ATM, but I'll check it out later.

The SSID and any MAC addresses connected to an AP are out there in the air to be sniffed. I can sniff your SSID, and I can sniff and then spoof a MAC address that you allow to connect to your AP.

These are not security features on a wireless network.

I know that neither are security features, but I've never experienced any 'harm' from non-broadcasting nor MAC filtering. Of course, there are those who might connect a new device that requires a broadcasting SSID, but that's not really an issue here.

However, here is an excerpt from the earlier posted MS article on Non broadcasting SSIDs:

http://technet.microsoft.com/en-us/library/bb726942.aspx

Therefore, using non-broadcast networks compromises the privacy of the wireless network configuration of a Windows XP or Windows Server 2003-based wireless client because it is periodically disclosing its set of preferred non-broadcast wireless networks. When non-broadcast networks are used to hide a vulnerable wireless network—such as one that uses open authentication and Wired Equivalent Privacy—a Windows XP or Windows Server 2003-based wireless client can inadvertently aid malicious users, who can detect the wireless network SSID from the wireless client that is attempting to connect. Software that can be downloaded for free from the Internet leverages these information disclosures and targets non-broadcast networks.

Anyone have any thoughts on the risk factor there? Again, I understand that my security comes from WPA2/AES and a seriously strong passphrase. I like not broadcasting my SSID to those in the neighborhood. This is really a conversation about the mentions of risk.
 

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
Thanks for the link. They're down for maintenance ATM, but I'll check it out later.



I know that neither are security features, but I've never experienced any 'harm' from non-broadcasting nor MAC filtering. Of course, there are those who might connect a new device that requires a broadcasting SSID, but that's not really an issue here.

However, here is an excerpt from the earlier posted MS article on Non broadcasting SSIDs:

http://technet.microsoft.com/en-us/library/bb726942.aspx

Therefore, using non-broadcast networks compromises the privacy of the wireless network configuration of a Windows XP or Windows Server 2003-based wireless client because it is periodically disclosing its set of preferred non-broadcast wireless networks. When non-broadcast networks are used to hide a vulnerable wireless network—such as one that uses open authentication and Wired Equivalent Privacy—a Windows XP or Windows Server 2003-based wireless client can inadvertently aid malicious users, who can detect the wireless network SSID from the wireless client that is attempting to connect. Software that can be downloaded for free from the Internet leverages these information disclosures and targets non-broadcast networks.

Anyone have any thoughts on the risk factor there? Again, I understand that my security comes from WPA2/AES and a seriously strong passphrase. I like not broadcasting my SSID to those in the neighborhood. This is really a conversation about the mentions of risk.

The client will send the SSID and WEP encrypted data in it's management probes, this will aid an attacker in gathering traffic. This could also open you up to a "rogue AP" that runs the same BSSID and is trying to get the OS/client to join it so you don't realize you're on a network you don't own/operate. There year is also 2011, if you're using WEP you deserve what you get.

Point is, you can get the SSID of an AP with a single management frame or watching traffic, it offers zero security, none. Same with MAC filtering. All they are is administrative difficulties. These "features" are left over from the days when WEP was all we had, they have since been rendered useless, absolutely useless and obsolete.

WPA2/AES, very strong key and your network and your clients are perfectly fine. If you need more than that then there are other "enterprise" options available, but that's another thread.
 

MtnMan

Diamond Member
Jul 27, 2004
9,306
8,628
136
I'm truly sorry that your dog/hamster/ant farm/pet rock died and put you in such a bad mood

He's just upset that he feels dumb for thinking that MAC filtering and disabling SSID broadcast actually improves security.

Dude's whining about a modded consumer-grade wireless router exhibiting strange behavior...
Naw there ain't no trolls here, just a bunch of jerks who chose to ignore that I specified I was running WPA2/AES with a strong passphrase, cause no one is allow to post a damn thing without a flock of jerk offs picking apart.

My SSID is still not broadcasting, uPNP is still disabled, and MAC filtering is still enabled, in addition to WPA2 encryption so bite me............

OMG he's not broadcasting his SSID, lets make a big fucking deal about it..................... loons and loosers mating call?
 

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
Naw there ain't no trolls here, just a bunch of jerks who chose to ignore that I specified I was running WPA2/AES with a strong passphrase, cause no one is allow to post a damn thing without a flock of jerk offs picking apart.

My SSID is still not broadcasting, uPNP is still disabled, and MAC filtering is still enabled, in addition to WPA2 encryption so bite me............

OMG he's not broadcasting his SSID, lets make a big fucking deal about it..................... loons and loosers mating call?

And that's why your were having trouble. Good luck. Make it supremely more difficult than it needs to be and don't be surprised at the headaches it brings.

this shit really isn't that complicated unless one chooses to make it so
 

Fardringle

Diamond Member
Oct 23, 2000
9,200
765
126
Naw there ain't no trolls here, just a bunch of jerks who chose to ignore that I specified I was running WPA2/AES with a strong passphrase, cause no one is allow to post a damn thing without a flock of jerk offs picking apart.

My SSID is still not broadcasting, uPNP is still disabled, and MAC filtering is still enabled, in addition to WPA2 encryption so bite me............

OMG he's not broadcasting his SSID, lets make a big fucking deal about it..................... loons and loosers mating call?

Nobody ignored that you are running WPA2. In fact, if you actually READ what we posted, we very specifically said that since you are using WPA2 you should not run the other things (except disabling uPNP, which is a good idea if you don't need to have it on) since they add absolutely no security to the system and do add the potential for problems with some wireless devices.

Nobody but you made a big deal about anything. We simply tried to help and you decided to get your panties in a bunch because we happen to know what we are talking about and want to help you so that you can avoid problems in the future.
 
sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |