wireless network at home

If it doesn't relate to Debian, but you still want to share it, please do it here

wireless network at home

Postby nopposan » 2007-05-29 00:37

I've learned that wifi encryption basically stinks. Is this generally true?

If so, then how difficult would it be to set up my own network using radio communication and my own choice of better encryption?

Anyone who has some nice websites, tutorials or manuals to point out, please feel free.

Cheers.
Don't Panic!
User avatar
nopposan
 
Posts: 351
Joined: 2007-01-14 22:48

Postby sinical » 2007-05-29 00:53

WPA-PSK2 is pretty safe so long as you choose a nice long key.

This site and many other have generators that willl give you a key something like s?[89${MC8'ZYy{l\9<:>Al<3!F97sjSz$OeN1Uy?BRVnS\lsg+yI]~~]pWX=#w which is pretty hard to bruteforce
Every cloud has a silver lining, except for the mushroom shaped ones, which have a lining of Strontium 90.
---------------------------------------------
umop apisdn
User avatar
sinical
 
Posts: 1022
Joined: 2007-03-25 11:52

wireless encryption

Postby nopposan » 2007-05-29 02:36

Your goal, then, is to use a sufficiently strong password that would require an intruder to spend years (given today's computing power) to brute-force your passphrase.


Some snoops don't use today's computing power. However, this may be my best option. Still, what about a private system of encryption that isn't based on the commercial WEP, WPA, etc. ? If I had say a couple of ham radios hooked up to each box, couldn't I just use whatever encryption I choose to transmit the data? Why do wireless cards lock me in to a specific set of encryption choices? Or do they?
Don't Panic!
User avatar
nopposan
 
Posts: 351
Joined: 2007-01-14 22:48

have you considered

Postby rfmonk » 2007-05-29 04:29

using ssh to a shell acount?
man ssh
ssh -D (port#) -l (username) your.shell.account

firefox/preferences/internet connections/ settings / manual connection to internet/ localhost + port /select socks proxy 5

now you have bound your browser session to an encrypted pipe right out of the local network.
so if someone is using kismet or whatever, iftop, etc. they will only see your connection but i dont think its feasible to brute force that!

this is what i do when at the coffee shop. of coarse encryption slows your connection down even more.

you should also always use the strongest encryption available, don't broadcast your ssid and use mac filtering to help security. wpa supplicant has gotten better with Linux

your always welcome to ask me further details on my blog or here. Im not anywhere near an expert however. Just your average geek.
User avatar
rfmonk
 
Posts: 4
Joined: 2007-05-29 00:02
Location: Everett WA

Postby GMouse » 2007-05-29 16:15

WEP is worthless. It can be cracked in half-hour or less, depending on the network, using a statistical attack. That is to say, it doesn't matter what the key is. A random key will be discovered just as quickly as a key of 12345.

WPA-PSK is much better. The only way that it can be cracked is by way of capturing a client authentication then trying out a password list on it until a match is found. If nothing in the wordlist matches, then a bruteforce can be attempted, starting with passwords of only one character all the way up through 63 (or whatever the max) characters. This is not feasible on today's hardware, unless somebody with a lot of resources thought it worthwhile to put a distributed network to cracking just that one key.

If you can use it, wired is much more secure, though it suffers some flaws itself. The attacker can use something called ARP-cache poisoning to redirect your traffic through their own system. This requires a computer local to your own as an attack vector, of course, but it becomes feasible in a network of any size.

Your best bet, and only actually safe one, is to treat your connection as hostile and encrypt everything. Ssh tunnels are great for this.
For the sake of proper attribution, my avatar: http://www.deviantart.com/deviation/40999320/
User avatar
GMouse
 
Posts: 280
Joined: 2007-03-02 22:28
Location: Ohio, USA

stealing sessions

Postby rfmonk » 2007-05-29 22:52

a little off topic.

keep in mind also that in practice, a person would probably not even bother to attempt bruteforcing when he could easily grab " certain" packets that have your mac address and then just

ifconfig hw ether yo:ur:ma:ch:er:e. and then pretend he is you.

Im not sure though if at that point he/she has any way of also highjacking anything else, Ive only done this in a campus setting to get online without any malicous entent, however, you can see how something can be easily circumvented.
User avatar
rfmonk
 
Posts: 4
Joined: 2007-05-29 00:02
Location: Everett WA

Postby chrismortimore » 2007-05-30 08:16

One of my flatmates wireless cards doesn't work with WPA (for whatever reason), so I'm forced to use WEP, boo! Thats why I still lock down my computers really tightly, even though the router gives us plenty of protection from outsiders. As far as everyone else on the network is concerned, my desktop and laptop don't even exist, and the only bit they can access is a vserver with absolutely nothing on it (except a webserver and some binding mounts to things I want to share). Of course, the whole lot is read only, and all log in accounts are disabled, so the only way in is from the desktop. Which is incredibly hard...

I love security, it's fun :D
Desktop: AMD Athlon64 3800+ Venice Core, 2GB PC3200, 5x320GB WD 7200rpm Caviar RE2 (RAID5), Nvidia 6600GT 256MB
Laptop: Intel Pentium M 1.5GHz, 512MB PC2700, 60GB 5400rpm IBM TravelStar, Nvidia 5200Go 64MB
User avatar
chrismortimore
 
Posts: 862
Joined: 2007-04-24 06:34
Location: Edinburgh, UK

Postby coxy » 2007-05-30 10:59

Another good key generator is https://www.grc.com/passwords.htm

This also allows alpha numeric strings to be generated as some routers do not support ASCI characters in their keys.
User avatar
coxy
 
Posts: 140
Joined: 2007-03-29 10:50

Postby sinical » 2007-05-30 11:08

Stay away from that grc site. He is basically a fraud

Proof is at http://grcsucks.com/ (dodgy name i know but the content is real)
Every cloud has a silver lining, except for the mushroom shaped ones, which have a lining of Strontium 90.
---------------------------------------------
umop apisdn
User avatar
sinical
 
Posts: 1022
Joined: 2007-03-25 11:52

a few helpful links to extend your knowledge

Postby rfmonk » 2007-05-30 11:43

http://www.drizzle.com/~aboba/IEEE/rc4_ksaproc.pdf first paper about WEP vulnerability

http://seattlewireless.net/ my local resource

the book WarDriving and Wireless Penetration Testing (oreilly)
the book Wi-Foo secrets of wireless hacking (addison wesley)

theres much more, i think pen testing your own AP is the only way to really know for sure, it will take you on a road to understsnding what is practical.

Im always open to new resources, as I am a mere traveler on the same road.
User avatar
rfmonk
 
Posts: 4
Joined: 2007-05-29 00:02
Location: Everett WA

thanks for links

Postby nopposan » 2007-05-30 19:48

Thanks for the interesting links rfmonk. I've been interested in community wireless since I saw a cool idea playing out in Ohio. Then a regional commercial IP sued them. The story aired on NOW, I think when Bill Moyers was still hosting. Anyway, it's an exciting idea for helping to close the technology gap, in my opinion.

Thanks to Wikipedia I learned some of the terms you used:
AP = Access Point
pen-test = penetration test

Cheers.
Don't Panic!
User avatar
nopposan
 
Posts: 351
Joined: 2007-01-14 22:48

Re: stealing sessions

Postby GMouse » 2007-05-30 20:45

rfmonk wrote:a little off topic.

keep in mind also that in practice, a person would probably not even bother to attempt bruteforcing when he could easily grab " certain" packets that have your mac address and then just

ifconfig hw ether yo:ur:ma:ch:er:e. and then pretend he is you.

Im not sure though if at that point he/she has any way of also highjacking anything else, Ive only done this in a campus setting to get online without any malicous entent, however, you can see how something can be easily circumvented.


MAC spoofing is only really useful for APs that control access by way of a white-list of MAC addresses and don't really relate to the encryption method at all. So, an attacker could spoof your MAC, but will still be locked out if WEP or WPA are in use.

Again, cracking WEP is trivial.
For the sake of proper attribution, my avatar: http://www.deviantart.com/deviation/40999320/
User avatar
GMouse
 
Posts: 280
Joined: 2007-03-02 22:28
Location: Ohio, USA

cracking WEP

Postby nopposan » 2007-05-31 02:10

Thanks for the clarification GMouse. That's what I've heard before.
Don't Panic!
User avatar
nopposan
 
Posts: 351
Joined: 2007-01-14 22:48

Postby e1even1 » 2007-05-31 23:41

i don't even bother with encryption. but i do use MAC address filtering even though somone could spoof it.

the way i look at it is that anyone who can crack WEP or spoof my MAC has more important things to do than to hack my linux network. i use an original (simple) method of steganography to hide critical private data and you couldn't find it even with the latest forensic tools. and for critical online passwords, i use ssl or ssh.

i don't recommend this for commercial networks, but most of us home users dont have hackers parked outside so MAC filtering will do just fine.

imho it's alright, i guess, to be paranoid, but i try not to be.
User avatar
e1even1
 
Posts: 272
Joined: 2007-03-09 19:18

Postby Optional » 2007-06-01 00:03

Half hour? Maybe 5 years ago... you can crack WEP in under a minute now :lol:

I'm actually writing a Perl + ncurses interface for automating just that 8)

WEP is worthless. MAC filtering is even more worthless. Don't use anything less than WPA2 if you care about security nowadays.

(and yes, Steve Gibson is a moron)
Have a question? for f in $(ls /usr/bin/); do man $f; done :lol:
----
Love Freedom? Love Liberty? Hate Bush? Vote Ron Paul in 2008!
User avatar
Optional
 
Posts: 349
Joined: 2007-02-05 05:02

Next

Return to Offtopic

Who is online

Users browsing this forum: No registered users and 16 guests

fashionable