Yeah, most home routers only support one internal VLAN, even if they support multiple private LANs, they simply have a place to define an internal gateway to the other LANs.
You could create such a scheme with two standard home routers, of course. But I don’t know too many people with Cisco PIX in their homes.
(Now, since I have a Linux box doing my external-facing routing, I could add this scheme easily; all I need is another eth interface and another switch to connect it to.
What I have now is not a wireless router – it’s a wireless access point only only; no routing.
Unless there’s some funky chipset on the DS … yeah, it should be a software update. I admit that this question is outside the bounds of my expertise, and maybe there’s some hugely convincing reason it can’t be done… but I don’t know it.
But that’s a terrible analogy as in that case, anyone can just get in the car and drive off. A better analogy would involve locking a spare set of car keys inside the car and assuming you’re safe because what are the odds of a lockpicker coming along when there are all these other cars with their keys in the ignition and other cars that have big signs on them that say “FREE!”
In that analogy, why wouldn’t you be safe?
There is. DS hardware cannot be updated. What’s in there now is roughly the same thing that’s been in there since the system launched. And it’s not in Nintendo’s interests to change the system networking software on new DSes as this is not a dealbreaker for (nearly!) anyone considering a DS.
I am far from a security expert. That being said, why would the following not work as a reasonable safeguard against unauthorized use of the wireless network:
[ul]
[li]leave WEP on[/li][li]turn off SSID name broadcast[/li][li]filter all MACs so only the DS has wireless access[/li][li]turn off DHCP on the router and give every machine a static IP[/li][li]set the router and all static IPs to an unguessable random subnet, like 157.88.193.x[/li][/ul]
I mean, I’m sure it could theoretically be cracked, but with six other networks in range, it seems more likely a hacker would just move on, ya know?
But the implementation of WPA isn’t strictly hardware, is it? This should be a firmware revision. Corrections on this point welcome; I’m just having a hard time picturing a chipset that doesn’t permit WPA to be used.
No. Just hoping that you’re going to stay lucky. Especially if we consider that there are many car thieves who get a thrill from breaking into a locked car, just for the challenge. The “professional” car thief will sure steal the simpler targets; the amateur might well go after yours to have a challenge.
That’s my point. The DS does not do firmware revisions. The firmware on hardware already released can’t be updated and Nintendo has not updated the firmware on new DSes because it buys them nothing.
Because all of the “security” measures you just identified are defeated by the same tool in the same process. The “sniffer” tool that grabs wireless traffic out of the air can see the SSID on packets, the IP addresses in use, the MAC addresses in use, and it’s not even necessary to take an additional step to get all that info – it’s right there in front of you. The only thing that configuration does is prevent someone from using Windows to “connect to this network.” If someone is prepared to break WEP, none of those other measures are even the slightest roadbump. It’s not a “theoretical” crack – you turn on the machine and start airodump or kismet and they’re right there in front of you.
OK.
From the reactions in this thread, it sure seems like you’re right and a wide swatch of people are perfectly happy to use WEP.
I’m a little surprised.
Does anyone know if the Wii supports WPA?
It does.
Much like anyone can get on your WEP-protected network with very little effort. Regardless, you have reminded me of the folly of using analogies. Namely, that anyone who disagrees with you is prone to calling your analogy bad because it does not, in fact, match the real-world scenario in every way possible. I retract my analogy and decline the opportunity point out ways in which I think yours is terrible.
Here is my revised statement:
It’s baffling to me that someone who thinks wireless security is at all important thinks that broken wireless security is good enough because “who would bother to hack my network?” This is like saying you don’t want [something bad to happen], so instead of [keeping that bad thing from happening in an effective way], you [provide some trivally-defeated protection]. After all, who’s going to go [to the trouble to defeat your protection]?
Hooray, a completely unassailable, uninteresting, and unilluminating analogy.
I like the cut of your jib, mister.
The next revision of the DS will undoubtedly support WPA. The thing is, Bricker, when Nintendo releases hardware, they freeze it, so it’s a known standard.
Or plug the WEP WAP into Bob. This is a top end one, you can get them cheaper.