Security related configuration for 2Wire 2701hg-b wireless routerwith builtin modem

This wireless router and modem works good for me.
However, there are two security related issues which I would like to
solve:

Router administration console
======================
When viewing the router's administration console, it already shows you
what router it is, speed settings, connected computers, and other
settings. While it does prompt you to enter a password before making
changes, I don't want the entire world to know about this. Even though
the wireless connection is currently encrypted, I believe this is a
security issue, especially when the router first comes with no
encryption enabled.

I had at one point a D-Link router and a Linksys router, both of which
prompted the user to enter a password before displaying any
information. Can this router be configured to behave in a similar
manner?

MAC address filtering
================
I already see my computer on the allowed list or I can enter my MAC
address manually.
However, the moment I enable MAC address filtering, I can no longer
access the router wirelessly, both the internet and the router itself.
It seems to me that there could be two problems:
* Something I've done in the router's MAC address filtering
configuration is wrong.
* My computer is not transmitting the MAC address (how do I find out
if it does or doesn't).
However, I believe this is not the case since when I add the MAC
address manually, the router displays my computer's name - it seems to
already know about the MAC address.

"(E-Mail Removed)" <(E-Mail Removed)> hath wroth:

>This wireless router and modem works good for me.
>However, there are two security related issues which I would like to
>solve:
>
>Router administration console
>======================
>When viewing the router's administration console, it already shows you
>what router it is, speed settings, connected computers, and other
>settings. While it does prompt you to enter a password before making
>changes, I don't want the entire world to know about this. Even though
>the wireless connection is currently encrypted, I believe this is a
>security issue, especially when the router first comes with no
>encryption enabled.
>
>I had at one point a D-Link router and a Linksys router, both of which
>prompted the user to enter a password before displaying any
>information. Can this router be configured to behave in a similar
>manner?

You really should be reading the 2Wire FAQ or asking 2Wire Support the
same questions. Support pages:
<http://www.2wire.com/index.php?p=72>
Emulator:
<http://www.supportshots.com/two_wire/index.html>
Management and Diagnostics Console:
<http://www.supportshots.com/two_wire/mdc/mdc.html>

Apparently you can't do that. The settings can be viewed without a
password. However, editing those settings requires a password:
<http://support.2wire.com/cgi-bin/twowire.cfg/php/enduser/std_adp.php?p_faqid=224>
Note that you MUST set a password in order to edit the internet
settings.

>MAC address filtering
>================
>I already see my computer on the allowed list or I can enter my MAC
>address manually.
>However, the moment I enable MAC address filtering, I can no longer
>access the router wirelessly, both the internet and the router itself.
>It seems to me that there could be two problems:
>* Something I've done in the router's MAC address filtering
>configuration is wrong.

Apparently, you're trying to use MAC address filtering to filter an
ethernet connected device. It's not made to do that. It only works
for *WIRELESS* security.

>* My computer is not transmitting the MAC address (how do I find out
>if it does or doesn't).

It's also possible that you accidentally entered the wrong MAC address
for your wireless adapter. Depending on your operating system, your
wireless adapters MAC address is usually displayed somewhere in the
configuration settings.

For example, if you have an XP box, try:
Start -> run -> cmd <enter>
getmac
It should belch something like:

| Physical Address Transport Name
| =================== ==============================
| 00-D0-B7-B1-A7-14 \Device\Tcpip_{474E507B-4FCD-428C-A553-304B997C4D96}

You can also run:
IPCONFIG /ALL
to find the MAC address of your wireless device. Of course, you can
always look on the box or stick on label on the card which always
includes the MAC address. Some manufacturers (i.e. Dell) add a
sticker on the bottom of the laptop with the wireless MAC address.

If all else fails, there's even an FAQ for finding the MAC address:
<http://www.cs.ualberta.ca/doc/FAQ/macaddress.php>

>However, I believe this is not the case since when I add the MAC
>address manually, the router displays my computer's name - it seems to
>already know about the MAC address.

That probably came from a name cache somewhere from before you enabled
MAC filtering.

Thanks for not mentioning any manufacturers, model numbers, versions,
or operating systems. General answers like this require less effort
to research.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

On Wed, 13 Feb 2008 00:00:07 -0800, Jeff Liebermann <(E-Mail Removed)>
wrote:

Note that the MAC address printed on the serial number tag is *NOT*
the MAC address of the wireless device. It's close, but it's the
exact same number.

>For example, if you have an XP box, try:
> Start -> run -> cmd <enter>
> getmac
>It should belch something like:
>
>| Physical Address Transport Name
>| =================== ==============================
>| 00-D0-B7-B1-A7-14 \Device\Tcpip_{474E507B-4FCD-428C-A553-304B997C4D96}

Ooops. I forgot that getmac only comes with the various Windoze
Resource Kits.

Download and install:
<http://download.microsoft.com/download/win2000platform/getmac/1.00.0.1/nt5/en-us/getmac_setup.exe>
or:
<http://www.microsoft.com/downloads/details.aspx?FamilyID=00735a58-e6a8-4a8a-a23e-85b2ba7ccbf5&displaylang=en>
Docs and details:
<http://technet2.microsoft.com/windowsserver/en/library/2e2d5f30-4a11-469c-87c2-20e103fe7c1a1033.mspx?mfr=true>
The install dumps the executeable into:
C:\Program Files\Resource Kit\
which means you have to either type the entire path to get it to run,
or change directories, as in:
Start -> run -> cmd <enter>
cd \Program Files\Resource Kit\
getmac
--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 (E-Mail Removed)
# http://802.11junk.com (E-Mail Removed)
# http://www.LearnByDestroying.com AE6KS

On Thu, 14 Feb 2008 00:54:00 GMT, Jeff Liebermann
<(E-Mail Removed)> wrote in
<(E-Mail Removed)>:

>On Wed, 13 Feb 2008 00:00:07 -0800, Jeff Liebermann <(E-Mail Removed)>
>wrote:
>
>Note that the MAC address printed on the serial number tag is *NOT*
>the MAC address of the wireless device. It's close, but it's the
>exact same number.
>
>>For example, if you have an XP box, try:
>> Start -> run -> cmd <enter>
>> getmac
>>It should belch something like:
>>
>>| Physical Address Transport Name
>>| =================== ==============================
>>| 00-D0-B7-B1-A7-14 \Device\Tcpip_{474E507B-4FCD-428C-A553-304B997C4D96}
>
>Ooops. I forgot that getmac only comes with the various Windoze
>Resource Kits.

Another approach that doesn't require a Resource Kit:

net config workstation

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>

On Thu, 14 Feb 2008 01:09:30 GMT, John Navas
>Another approach that doesn't require a Resource Kit:
> net config workstation

Nope. No MAC address found.
This is from my XP SP2 palatial office desktop:

C:\rubbish> net config workstation

Computer name \\DELLBERT2
Full Computer name dellbert2
User name Jeff Liebermann

Workstation active on
NetbiosSmb (000000000000)
NetBT_Tcpip_{3A80DB2B-ADC3-4194-8AA4-72CBEDB11B2C}
(00B0D0190C99)

Software version Windows 2002

Workstation domain WORKGROUP
Workstation Domain DNS Name (null)
Logon domain DELLBERT2

COM Open Timeout (sec) 0
COM Send Count (byte) 16
COM Send Timeout (msec) 250
The command completed successfully.


Windoze 2002? Huh?




Wireless challenge of the day:
A customer calls announcing that his new wi-fi equiped laptop no
longer connects. I had set it up this weekend at his house and made
sure that everything was working. That was followed by about 30
minutes of lecture, drill, and showing him how to use the wireless
client manager. I was fairly sure he undestood how it worked.

After about 10 minutes of fruitless scanning, driver repair, and head
scratching, I realize that he's at work, not at home, and was
seriously expecting to make the wireless connection from about 10
miles away.

Sigh...

--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 (E-Mail Removed)
# http://802.11junk.com (E-Mail Removed)
# http://www.LearnByDestroying.com AE6KS

On Wed, 13 Feb 2008 17:50:02 -0800, Jeff Liebermann
<(E-Mail Removed)> wrote:

> Workstation active on
> NetbiosSmb (000000000000)
> NetBT_Tcpip_{3A80DB2B-ADC3-4194-8AA4-72CBEDB11B2C}
> (00B0D0190C99)
^^^^^^^^^^^^_______ mac address

Argh. I missed the MAC address. I was looking for the usual
seperating ":" or dashes. Sorry(tm).

--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 (E-Mail Removed)
# http://802.11junk.com (E-Mail Removed)
# http://www.LearnByDestroying.com AE6KS

On Wed, 13 Feb 2008 17:50:02 -0800, Jeff Liebermann
<(E-Mail Removed)> wrote in
<(E-Mail Removed)>:

>On Thu, 14 Feb 2008 01:09:30 GMT, John Navas
>>Another approach that doesn't require a Resource Kit:
>> net config workstation
>
>Nope. No MAC address found.

Yep. See below.

>This is from my XP SP2 palatial office desktop:
>
>C:\rubbish> net config workstation
>
> Computer name \\DELLBERT2
> Full Computer name dellbert2
> User name Jeff Liebermann
>
> Workstation active on
> NetbiosSmb (000000000000)
> NetBT_Tcpip_{3A80DB2B-ADC3-4194-8AA4-72CBEDB11B2C}
> (00B0D0190C99)
^^^^^^^^^^^^
That last is your MAC address. 00-B0-D0 = Dell Computer

Here's mine:

C:\>net config workstation
Computer name \\JOHNT41
Full Computer name JohnT41.navasgroup.com
User name John Navas

Workstation active on
NetbiosSmb (000000000000)
NetBT_Tcpip_{93A67BDA-AE30-43EC-86B6-DEA1420F1638}
(000E9BA37B51)
^^^^^^^^^^^^
Again, that last is the MAC address. 00-0E-9B = Ambit Microsystems

This is an official Microsoft method for getting the MAC address.

>After about 10 minutes of fruitless scanning, driver repair, and head
>scratching, I realize that he's at work, not at home, and was
>seriously expecting to make the wireless connection from about 10
>miles away.

Not to the work wireless?

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>

On Feb 13, 12:00*am, Jeff Liebermann <je...@cruzio.com> wrote:
> "jonathanzt...@yahoo.com" <jonathanzt...@yahoo.com> hath wroth:
>
>
>
>
>
> >This wireless router and modem works good for me.
> >However, there are two security related issues which I would like to
> >solve:
>
> >Router administration console
> >======================
> >When viewing the router's administration console, it already shows you
> >what router it is, speed settings, connected computers, and other
> >settings. While it does prompt you to enter a password before making
> >changes, I don't want the entire world to know about this. Even though
> >the wireless connection is currently encrypted, I believe this is a
> >security issue, especially when the router first comes with no
> >encryption enabled.
>
> >I had at one point a D-Link router and a Linksys router, both of which
> >prompted the user to enter a password before displaying any
> >information. Can this router be configured to behave in a similar
> >manner?
>
> You really should be reading the 2Wire FAQ or asking 2Wire Support the
> same questions. *Support pages:
> <http://www.2wire.com/index.php?p=72>
> Emulator:
> <http://www.supportshots.com/two_wire/index.html>
> Management and Diagnostics Console:
> <http://www.supportshots.com/two_wire/mdc/mdc.html>
>
> Apparently you can't do that. *The settings can be viewed without a
> password. *However, editing those settings requires a password:
> <http://support.2wire.com/cgi-bin/twowire.cfg/php/enduser/std_adp.php?...>
> Note that you MUST set a password in order to edit the internet
> settings.
>
> >MAC address filtering
> >================
> >I already see my computer on the allowed list or I can enter my MAC
> >address manually.
> >However, the moment I enable MAC address filtering, I can no longer
> >access the router wirelessly, both the internet and the router itself.
> >It seems to me that there could be two problems:
> >* Something I've done in the router's MAC address filtering
> >configuration is wrong.
>
> Apparently, you're trying to use MAC address filtering to filter an
> ethernet connected device. *It's not made to do that. *It only works
> for *WIRELESS* security. *
>
> >* My computer is not transmitting the MAC address (how do I find out
> >if it does or doesn't).
>
> It's also possible that you accidentally entered the wrong MAC address
> for your wireless adapter. *Depending on your operating system, your
> wireless adapters MAC address is usually displayed somewhere in the
> configuration settings. *
>
> For example, if you have an XP box, try:
> * Start -> run -> cmd <enter>
> * getmac
> It should belch something like:
>
> | *Physical Address * *Transport Name
> | *=================== ==============================
> | *00-D0-B7-B1-A7-14 * \Device\Tcpip_{474E507B-4FCD-428C-A553-304B997C4D96}
>
> You can also run:
> * IPCONFIG /ALL
> to find the MAC address of your wireless device. *Of course, you can
> always look on the box or stick on label on the card which always
> includes the MAC address. *Some manufacturers (i.e. Dell) add a
> sticker on the bottom of the laptop with the wireless MAC address.
>
> If all else fails, there's even an FAQ for finding the MAC address:
> <http://www.cs.ualberta.ca/doc/FAQ/macaddress.php>
>
> >However, I believe this is not the case since when I add the MAC
> >address manually, the router displays my computer's name - it seems to
> >already know about the MAC address.
>
> That probably came from a name cache somewhere from before you enabled
> MAC filtering.
>
> Thanks for not mentioning any manufacturers, model numbers, versions,
> or operating systems. *General answers like this require less effort
> to research.
>
> --
> Jeff Liebermann * * je...@cruzio.com
> 150 Felker St #D * *http://www.LearnByDestroying.com
> Santa Cruz CA 95060http://802.11junk.com
> Skype: JeffLiebermann * * AE6KS * *831-336-2558- Hide quoted text -
>
> - Show quoted text -

I have already done that and verified in multiple ways my MAC address.
It does not help. I will eventually call 2Wire, though from
experience, generally speaking,
customer support sucks. When calling to AT&T who also support this
product (they distribute it), I had to explain to the guy on the phone
that MAC address has nothing to do with Macintosh and that I don't
have to contact Apple and ask them about Airport eXtreme.
lol

On Thu, 14 Feb 2008 02:24:35 GMT, John Navas
<(E-Mail Removed)> wrote:

>That last is your MAC address. 00-B0-D0 = Dell Computer

Yep. Dell Dimentia 8100. All my Dell computer names start with
"Dellbert".

>This is an official Microsoft method for getting the MAC address.

Well, more than one method is useful in case there's some disagreement
with the results. As I vaguely recall (and don't wanna research),
some Windoze utilities read the hardware MAC address, while others
read it from the registry. If the user has done some hacking to
change their cards MAC address, the results of these utilities may
disagree.

>>After about 10 minutes of fruitless scanning, driver repair, and head
>>scratching, I realize that he's at work, not at home, and was
>>seriously expecting to make the wireless connection from about 10
>>miles away.

>Not to the work wireless?

The office doesn't have wireless. I had him dig into his laptop bag
for the CAT5 cable I gave him, and had him plug into the nearest
ethernet wall jack. Unfortunately, that was across the room, so I
dropped off a longer cable last night. He'll get wireless in the
office as soon as someone trips over the cable. (Marketing is the art
of setting up a disaster. Salemanship is being on the scene to sell
the solution).

--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 (E-Mail Removed)
# http://802.11junk.com (E-Mail Removed)
# http://www.LearnByDestroying.com AE6KS

On Wed, 13 Feb 2008 21:05:23 -0800 (PST), "(E-Mail Removed)"
<(E-Mail Removed)> wrote:

>I have already done that and verified in multiple ways my MAC address.

It's not *YOUR* MAC address that the router wants. It's the MAC
address of the wireless card interface that it wants. This is a
problem with much of the older Microsoft documentation, where they
declared that a *COMPUTER* has a MAC address and IP address, when it
should be the network interface devices (ethernet or wireless) that
have MAC addresses and IP addresses.

>It does not help. I will eventually call 2Wire, though from
>experience, generally speaking,
>customer support sucks.

That hasn't been my experience with 2wire for basic problems. However,
for feature requests (changes in how the password operates) and
configuration beyond the initial connection (MAC filtering), most
support organizations lack the experience and training. If you really
want knowledgeable support, be prepared to pay for it. (I just paid
$65/3yr per machine for Dell's domenstic support).

You will probably get better help from a user supported forum:
<http://www.dslreports.com/forum/2wire>

>When calling to AT&T who also support this
>product (they distribute it), I had to explain to the guy on the phone
>that MAC address has nothing to do with Macintosh and that I don't
>have to contact Apple and ask them about Airport eXtreme.
>lol

Yeah, that's pretty bad. He probably just typed in "MAC" and got
MacIntosh instead. If you called Applecare and asked about an
Airport, you might get flight and booking instructions. It takes a
bit of skill to use a search engine or knowledge base.



--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 (E-Mail Removed)
# http://802.11junk.com (E-Mail Removed)
# http://www.LearnByDestroying.com AE6KS