I’ve got a very similar setup, also using a WPA key. Two other (small) items to add — when choosing an SSID, don’t use something obvious (like “Rich’s House”) or your street address. It never hurts to keep that SSID a little bit more vague even after you turn off the broadcast of the name. Second, I like to use MAC address filtering, since I just have one laptop so it’s not a problem to keep that single MAC address in the configuration.

Now of course determined crackers can get past the hidden SSID, and they can spoof MAC addresses — but anything to make their job harder will help to deflect them to someone else’s router!

Glad to hear that you listen to Steve Gibson and Leo Laporte – that’s one netcast that I never miss. Steve’s “Shields Up” free port scan is one tool that I really like to use for my own home network, as well as my school’s network (I’m the technology coordinator).

Rich

Hey Wes,

If you are interested in testing the 2 minute theory (I’ve never heard that stat), find (you’ll have to look hard) a copy of HoneyD or LaBrea tarpits, and throw the meat out on a DMZ. I had a friend do it and he said it took about a day before it was pulverized.

The easiest way (for me) to get around the port 25/110 blocked by Cox Cable is to reconfigure my internet email server (and my Outlook client) to use ports other than 25 & 110. You’d be surprised how many ports are still left open by Cox cable here in Lubbock. If you really are working with a very narrow range of open ports, or if you are really concerned about getting footprinted/fingerprinted by scanners and you have FTP or SMTP servers at home, you can get a Linksys (looks like you have a WRT54G?) to do cool things like NAT-ing an incoming outgoing port to a redirected internal port at an IP of your choosing. Here’s how:

First flash your WRT54G (like I did, remember the one I showed you?) with a Linux based ROM which will give you finer granular control over NAT (and other) settings, such as RADIUS, inetd, syslog, etc. Read this for an overview: http://www.wi-fiplanet.com/tutorials/article.php/3562391 Bottom line, there are lots of different ROMs (little Linux OS’s, custom made for the hardware on the WRT54G, and free) out there, so just pick one. Here’s one I just found, which purports to have SNORT http://linux.softpedia.com/get/System/Operating-Systems/Other/Linux-on-the-Linksys-wrt54g-16921.shtml

By the way, SNORT is a very cool IDS (http://www.snort.org/), a cool alternative to a tarpit if you want to stay far clear of behavior some people might question.