Jump to content

Setting up a AP express for college-stealth


patg
 Share

5 posts in this topic

Recommended Posts

First post here so I just wanna say hi to everyone

 

I'm planning on setting up my Airport Express in my dorm when I get to college in a few days and the official campus policy regarding wireless routers is:

 

"most people dont know how to secure them and they end up taking down the network, so we ask you just bring a long ethernet cord"

 

and we all know how convenient THAT would be.

 

So i'm wondering

besides using 128 bit WPA2 hex (whatever the most secure encryption APE supports is)

and "hiding" the broadcast SSID ( i think APE does this?)

 

 

what other things can I do to make it work better and/or stealthier?

 

I know theres something about pairing it only with certain MAC addresses? but would that even be helpful or would I need access to the modem for that?

 

Also is there a way for admins to know if the user is plugged in or on wireless and/or a way to fool them?

 

Finally, what settings should be used-will DHCP interfere with the setup? what about NAT settings or anything

 

I have a basic understanding of the wireless network world but not so much the specifics or logistics-mostly just a "mysterious black box" understanding and am familiar with most of the terms and can usually get things working, I just dont want to get my router taken away or anything while I'm figuring it out.

 

Thank you all in advance for all your input,

Pat

Link to comment
Share on other sites

You have mentioned some good things for restricting access. (hiding SSID, MAC limiting, encryption etc.)

But depending how rigorous they check, you can't completely hide your network.

 

 

DHCP, NAT, etc on the AE won't change or matter.

 

How strict is the policy and is there a warning first? Maybe you can prove you're secure IF they find out and say anything.

Link to comment
Share on other sites

They say not to bring them but with the explanation that too many people join it and crash the network because the owners of the devices don't know how to secure them. Even if the network is completely visible if its not messing with their network they probably wont even care. I'd just rather have a secure, invisible network that they dont know about, so I don't have to deal with anyone, because its one of those lax rules that instead of saying" hey look its secured it wont be a problem" it would just be easier for whoever in charge to just say "take it away i dont want to deal with it"

 

So probably not very strict

 

Others (on the interwebs about similar but different situations) have mentioned something about having to register as an access point to get a DHCP so I don't know how I should set it up without drawing attention to myself

Link to comment
Share on other sites

  • 2 weeks later...
Others (on the interwebs about similar but different situations) have mentioned something about having to register as an access point to get a DHCP so I don't know how I should set it up without drawing attention to myself

Not sure what that is all about.

Services you offer like DHCP aren't what will "draw attention". DHCP requests/acknowledges etc are only used once a wireless connection has been established.

 

So you make sure you create a closed network using WPA2 and enable things like access only to specific MAC addresses and you should be fairly invisible to most users.

Link to comment
Share on other sites

Depending on whether or not you have a roommate, you could get a second ethernet card for your desktop system and connect the desktop to both the dorm's wired network and to your wireless router. Then, set up an SSH server on the desktop and set up a tunnel for all Internet through the traffic. This way, you can connect to the wireless network and log into the SSH server from your laptop, and tunnel all your encrypted traffic securely though the desktop. Anybody who would want to connect to the internet through that wireless router would need login information for the tunnel. Even if people manage to connect to the wireless router, they won't have an easy connection to the school's network. You can even set up a secure passwordless login for your SSH client on the laptop using public/private keys.

 

Edit: If you DO have a roommate, I'm sure you could talk them into doing this. I'm sure they would appreciate being able to use a secure wireless connection.

Link to comment
Share on other sites

 Share

×
×
  • Create New...