Linksys router users?

[BlackDemon87GN]

Using a linksys for my wired and wireless devices. Internet provider is comcast, cable goes to modem, modem to linksys router. Main computer hard wired to router. Xbox360 and PS3 hardwired to router. Three laptops wireless to router. Nintendo wii and probably some other stuff I can't think of at the moment wireless. I'm always looking for any advice when it comes to internet security. I do have the wireless security of the linksys setup using wpa shared key, I assigned the router a password and changed the IP address drastically.

Anything that can or should be done or changed to tighten wireless security?

How about the wired devices, the 360, PS3?

Some suggestions I did read but not quite sure how to do: Mac addresses? Disable DNS? Whats MTU? Obtain IP automatically or static IP? Currently it is set to obtain IP automatically but I narrowed the search of IP's from 50 to 15.

 

[klrv6]

Just a few more things....

There isn't much more you can do with wired connections using the Linksys firmware. On the wireless side, I would run the highest encryption that you can. Nothing less than WPA should be used any more, I can crack WEP systems in under a minute. WPA2 so far has not been broken but that too isn't far from being cracked. You will also want to do MAC filtering on wireless, that will help reduce the connections the router allows from unknown clients. You can see the MACS by looking in your DHCP table of addresses that have been handed out. Make sure they are only for devices you own.

The idea is to make your wireless network untouchable when kids run through your area with sniffers. They won't waste too much time when everyone around you is wide open and not running good encryption.

DHCP on both sides (yours and your ISP) is OK, so long as you do the MAC filtering on the wireless part. If you have to forward game ports, those devices should have static addresses so an address change doesn't point to a computer instead of your game console, not that the computer would have that port open.

I don't touch the MTU anymore because it works pretty good out of the box.
Maximum transmission unit - Wikipedia, the free encyclopedia

 

[Turbo T-type]

wireless

It wouldn't hurt to Disable the SSID broadcast either.

 

[klrv6]

I used to do that....

But some devices we a pain to configure without it and things like netstumbler and vista can see a hidden SSID anyways. You could screw with people that have wireless around you and give it the same name as their AP but add like a single letter in the ID.

 

[Turbo T-type]

But some devices we a pain to configure without it and things like netstumbler and vista can see a hidden SSID anyways.

This is true but if he already has his wireless clients configured it shouldn't be a problem. And you're right it wouldn't really make a difference for vista users or anyone with a really good wireless sniffer. Just figured i'd mention it as it is an extra step that can be taken. With only 1 simple change to the router.

 

[Junior Samples]

https://www.grc.com/x/ne.dll?bh0bkyd2

Good site to test your ports,
Also always good to do a rootkit scan..just google rootkit

 

[BlackDemon87GN]

Mac filtering is all setup and ready to go. Thank You, I'll be back if I don't get the port forwarding figured out.

 

[BlackDemon87GN]

Is it ok to drastically change your routers ip? Default router ip was 192.xxxxx, I changed it to 218.xxxxx

Trying to understand port forwarding. My Xbox360 and PS3 are hardwired to my router and both run just fine. However if port forwarding is another step in security I would like to try it. The last digit in my drastically changed router ip address is 1. I set my routers ip range to 15, so sometimes I'm 101, sometimes 102 on my laptop. So I want to assign each console a static ip in the 100-114 range and allow portforwarding, correct? Through my reading about this, a site suggested ports 88, 2074 and 3074 for the xbox, are these the same ports for all consoles? Or am I way off on all of this? I did disable SSID Broadcast after I did Mac filtering, however one device couldn't find the wireless network even though it's mac address was allowed on the router, so I enabled SSID Broadcast and everything was fine again.

 

[Terry_H]

Generally speaking there is too much paranoia about being hacked. Unless we have specific enemies, most of us are fine behind a router and associated firewall.

 

[BlackDemon87GN]

I think I'm gonna forget about port forwarding, seems people are using it only if they are encountering problems. I checked my xbox network settings and it's already using the 100-114 ip range I set the router to, and everything is working just fine.

Never enough security for me my man. I have Mac's filevault on, Mac's firewall on only thing allowed to share is a printer, Onyx for cleaning and maintenance, ClamXav for virus scan, ClamXav Sentry running in the background, Netbarrier for anti-virus, privacy, firewall, and network monitoring.

 

[klrv6]

You may want to stick with 192.*.*.*

Your router/computer would never be able to find a web site that resides on the 218.*.*.* network.

Private network - Wikipedia, the free encyclopedia