wifi jacking

csmager · 9 Jan 2007 at 20:50

Chaos said:
Good security practice would be to use wpa2 with aes, disable ssid broadcasting, and use mac filtering.

Sound advice, but as has been pointed out SSID cloacking and Mac filtering are rather trivial to bypass, so WPA/WPA2 with a strong password are all that's really necessary.

Bash · 9 Jan 2007 at 20:59

csmager said:
But using something like Kismet, you'd find the network and its SSID in a matter of seconds... so its fairly useless.

I was under the impression WPA could only be hacked with a bruteforce attack on the PSK - so choosing a long complex password would make it completely pointless to attempt.

WEP, on the other hand: 64-bit - minutes, 128-bit - not much longer.

csmager is correct. WPA can be theoretically hacked if the key is less than 11 characters long by brute force. Anything over 11 and it gets into the region of being impossible.

The only security your wireless network has against someone who knows what they are doing is a good strong WPA key. MAC filtering, hiding SSID etc etc can all be overcome reasonably easily.

bledd · 9 Jan 2007 at 21:04

christ, never realised they were that insecure..

//taps gigabit wired network

Bash · 9 Jan 2007 at 21:07

bledd. said:
christ, never realised they were that insecure..

//taps gigabit wired network

There not if you use a good key.

Tute · 9 Jan 2007 at 21:17

csmager said:
It still broadcasts 'beacons' at a rate of around 10 per second. Just because it's not advertising it in a traditional sense, it's still very much saying it was there. Otherwise how would your PC know what to connect to? If the AP wasn't advertising it was 'abcd' in some way, then it would never find which BSSID (MAC Address) to connect to and on which channel.

Well this is what I thought happens.

The router sits there, listening. It doesn't transmit, just listens.

I sit at the computer and tell it to look for a wireless router called "abcd". The computer broadcasts a request for the router "abcd".

The router, listening, see that someone is looking for a router called "abcd", responds to this request and this request only.

It's like me going into an empty room with an invisible person in it, a person who will only talk if I know his name to begin with, otherwise he remains totally silent.

Surely that would be a better way of doing it?

csmager · 9 Jan 2007 at 21:19

Tute said:
Well this is what I thought happens.

Well it doesn't, and there's nothing anyone can do about it.

yak.h'cir · 9 Jan 2007 at 21:19

But if there is another computer already on the network the router will be transmitting to that one, so any other computer will also be able to detect those signals.

Tute · 9 Jan 2007 at 21:22

csmager said:
Well it doesn't, and there's nothing anyone can do about it.

Bit blunt? :confused:

csmager · 9 Jan 2007 at 21:24

Tute said:
Bit blunt?

Wasn't meant to be!

Tute · 9 Jan 2007 at 21:26

csmager said:
Wasn't meant to be!

Ignore me, i'm just naffed off because I have one of these stupid BT HomeHub things where most of the encryption methods don't work!

Oh and guess what? There's no MAC address filtering option either. Fantastic. :rolleyes:

Energize · 9 Jan 2007 at 23:10

Seriously you need to ditch the homehub, they are one of the worst things ever created.

Fr0dders · 9 Jan 2007 at 23:15

yak.h'cir said:
So you can just type the SSID into the network settings box and then it'll let you connect? Sounds good if thats the case!

yes

you only disable the broadcast of the SSID publicly

its a bit like adding a $ to a windows share. its still there, but wont show up when browsing for it

only way to connect to it is to manually type it in. (the more obscure the name, the less chance there is of somebody stumbling on it - eg dont hide your SSID but then make it "my internet connection" etc..

Clarkey · 9 Jan 2007 at 23:27

to those saying your SSID broadcast disabled network wont show up. Maybe it wont under WZC on windows XP, but most 3rd party software will show up networks with no name, as will WZC in windows vista.

Fr0dders · 9 Jan 2007 at 23:35

Clarkey said:
to those saying your SSID broadcast disabled network wont show up. Maybe it wont under WZC on windows XP, but most 3rd party software will show up networks with no name, as will WZC in windows vista.

but will it show up networks with an SSID that is not broadcast, my understanding is that it wont, as ive never yet managed to "search" for my network with SSID broadcast disabled, i've had to type it

im sure that there's some tool on the net that could find it with scanning, but every layer of defence helps

Clarkey · 9 Jan 2007 at 23:45

of course, thats exactly what i just said :confused:

SuperBeast · 9 Jan 2007 at 23:51

Energize said:
Seriously you need to ditch the homehub, they are one of the worst things ever created.

Personally i think the HomeHub is the best thing ever... for the owners neighbours

Uhtred · 9 Jan 2007 at 23:55

I have very little technical knowledge but i was able to hack a WEP wireless network with mac filtering and ssid turned off in a test environment using my laptop in about 30 minutes. Didn't even have to use linux to do it.

hiding ssid and mac filters are pointless. WPA with a strong key (a brute force dictionary attack is its only weakness) is the best and only defence needed.

Tute · 9 Jan 2007 at 23:58

Energize said:
Seriously you need to ditch the homehub, they are one of the worst things ever created.

Superbeast said:
Personally i think the HomeHub is the best thing ever... for the owners neighbours

Finally lost all patience with the sodding thing.

crashuk · 10 Jan 2007 at 00:53

airodump, omipeek and kisben i think its call and your away, mind you you need to put your card on monitor mode using cracked drivers.

crashuk · 10 Jan 2007 at 00:56

wpa+wpa2 with mac lockdown hidden ssid