Is the CTR350 secure?

Rottweiler · Posted: Sat Apr 19, 2008 1:52 pm Post subject: Is the CTR350 secure?

I'm going to be taking my CTR350/UM150 on vacation. I'll be staying a condo for a week and don't want to pay the resort's confiscatory rates for wifi access so I'm bringing my own "free" access.

I was thinking about leaving the wireless with no security and allow any of the other guests to use it if they wish. (I won't be using it that much; no skin off my back if they glom a bit of free surfing.)

But I don't want anyone to crack into the CTR web interface or otherwise muck with it. Can I allow open access and not worry?

If I decide to log into the CTR350 could they potentially read my password as I log in to the admin interface wirelessly?

manganos · Posted: Sun Apr 20, 2008 5:46 pm Post subject:

If someone can find out the mac address of your router you are SOL. They can really mess ya up Smile

Run the basic setup and you will be good to go. Smile

Rottweiler · Posted: Sun Apr 20, 2008 6:32 pm Post subject:

andy6432668 · EVDO User Joined: 02 Jun 2005 Posts: 50

They can turn that router into a paper weight !

tz1 · Posted: Mon Apr 21, 2008 7:06 am Post subject:

Change the administration password to something reasonably strong (that doesn't include the digits of the MAC address like the default password).

That should make it sufficiently secure. (And if it is open, few would bother trying to get into the admin interface).

rally1 · EVDO Newbie Joined: 27 Sep 2005 Posts: 10

Yes they can read you password very easily with a free program such as airsnort or similar new ones. Just like when you are sitting in the airport or hotel and using unencrypted wifi.

Will they, probably not.

dario · EVDO Fledgling Joined: 03 Jan 2008 Posts: 12

Rottweiler · Posted: Mon Apr 21, 2008 2:39 pm Post subject:

rickey318 · Posted: Mon Apr 21, 2008 3:42 pm Post subject:

manganos · Posted: Mon Apr 21, 2008 7:13 pm Post subject:

Point is that you don't want anyone you don't know (even some you do know) using your internet connection to get on the net. Someone at my work just got charged with 30 counts of child porn. Maybe he is guilty or maybe someone sat outside of his home with a laptop and used his connection b/c it was not secure. I don't want to take that chance. Password it and secure it the best you can.

tz1 · Posted: Tue Apr 22, 2008 9:47 am Post subject:

The "password" system CradlePoint implemented uses an encrypted MD5 with salt challenge scheme. It is NOT out in the open so airsnort won't by itself help, but I don't know how strong the mechanism is (and have doubts).

rally1 · EVDO Newbie Joined: 27 Sep 2005 Posts: 10

Except that the default password is the easily viewable MAC address.

tz1 · Posted: Wed Apr 23, 2008 8:16 am Post subject: