Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

wireless network at home

Off-Topic discussions about science, technology, and non Debian specific topics.
Message
Author
User avatar
nopposan
Posts: 347
Joined: 2007-01-14 22:48

wireless network at home

#1 Post by nopposan »

I've learned that wifi encryption basically stinks. Is this generally true?

If so, then how difficult would it be to set up my own network using radio communication and my own choice of better encryption?

Anyone who has some nice websites, tutorials or manuals to point out, please feel free.

Cheers.
Don't Panic!

User avatar
sinical
Posts: 1012
Joined: 2007-03-25 11:52

#2 Post by sinical »

WPA-PSK2 is pretty safe so long as you choose a nice long key.

This site and many other have generators that willl give you a key something like s?[89${MC8'ZYy{l\9<:>Al<3!F97sjSz$OeN1Uy?BRVnS\lsg+yI]~~]pWX=#w which is pretty hard to bruteforce
Every cloud has a silver lining, except for the mushroom shaped ones, which have a lining of Strontium 90.
---------------------------------------------
umop apisdn

User avatar
nopposan
Posts: 347
Joined: 2007-01-14 22:48

wireless encryption

#3 Post by nopposan »

Your goal, then, is to use a sufficiently strong password that would require an intruder to spend years (given today's computing power) to brute-force your passphrase.
Some snoops don't use today's computing power. However, this may be my best option. Still, what about a private system of encryption that isn't based on the commercial WEP, WPA, etc. ? If I had say a couple of ham radios hooked up to each box, couldn't I just use whatever encryption I choose to transmit the data? Why do wireless cards lock me in to a specific set of encryption choices? Or do they?
Don't Panic!

User avatar
rfmonk
Posts: 4
Joined: 2007-05-29 00:02
Location: Everett WA

have you considered

#4 Post by rfmonk »

using ssh to a shell acount?
man ssh
ssh -D (port#) -l (username) your.shell.account

firefox/preferences/internet connections/ settings / manual connection to internet/ localhost + port /select socks proxy 5

now you have bound your browser session to an encrypted pipe right out of the local network.
so if someone is using kismet or whatever, iftop, etc. they will only see your connection but i dont think its feasible to brute force that!

this is what i do when at the coffee shop. of coarse encryption slows your connection down even more.

you should also always use the strongest encryption available, don't broadcast your ssid and use mac filtering to help security. wpa supplicant has gotten better with Linux

your always welcome to ask me further details on my blog or here. Im not anywhere near an expert however. Just your average geek.

User avatar
GMouse
Posts: 280
Joined: 2007-03-02 22:28
Location: Ohio, USA

#5 Post by GMouse »

WEP is worthless. It can be cracked in half-hour or less, depending on the network, using a statistical attack. That is to say, it doesn't matter what the key is. A random key will be discovered just as quickly as a key of 12345.

WPA-PSK is much better. The only way that it can be cracked is by way of capturing a client authentication then trying out a password list on it until a match is found. If nothing in the wordlist matches, then a bruteforce can be attempted, starting with passwords of only one character all the way up through 63 (or whatever the max) characters. This is not feasible on today's hardware, unless somebody with a lot of resources thought it worthwhile to put a distributed network to cracking just that one key.

If you can use it, wired is much more secure, though it suffers some flaws itself. The attacker can use something called ARP-cache poisoning to redirect your traffic through their own system. This requires a computer local to your own as an attack vector, of course, but it becomes feasible in a network of any size.

Your best bet, and only actually safe one, is to treat your connection as hostile and encrypt everything. Ssh tunnels are great for this.
For the sake of proper attribution, my avatar: http://www.deviantart.com/deviation/40999320/

User avatar
rfmonk
Posts: 4
Joined: 2007-05-29 00:02
Location: Everett WA

stealing sessions

#6 Post by rfmonk »

a little off topic.

keep in mind also that in practice, a person would probably not even bother to attempt bruteforcing when he could easily grab " certain" packets that have your mac address and then just

ifconfig hw ether yo:ur:ma:ch:er:e. and then pretend he is you.

Im not sure though if at that point he/she has any way of also highjacking anything else, Ive only done this in a campus setting to get online without any malicous entent, however, you can see how something can be easily circumvented.

User avatar
chrismortimore
Posts: 849
Joined: 2007-04-24 06:34
Location: Edinburgh, UK

#7 Post by chrismortimore »

One of my flatmates wireless cards doesn't work with WPA (for whatever reason), so I'm forced to use WEP, boo! Thats why I still lock down my computers really tightly, even though the router gives us plenty of protection from outsiders. As far as everyone else on the network is concerned, my desktop and laptop don't even exist, and the only bit they can access is a vserver with absolutely nothing on it (except a webserver and some binding mounts to things I want to share). Of course, the whole lot is read only, and all log in accounts are disabled, so the only way in is from the desktop. Which is incredibly hard...

I love security, it's fun :D
Desktop: AMD Athlon64 3800+ Venice Core, 2GB PC3200, 5x320GB WD 7200rpm Caviar RE2 (RAID5), Nvidia 6600GT 256MB
Laptop: Intel Pentium M 1.5GHz, 512MB PC2700, 60GB 5400rpm IBM TravelStar, Nvidia 5200Go 64MB

User avatar
coxy
Posts: 140
Joined: 2007-03-29 10:50

#8 Post by coxy »

Another good key generator is https://www.grc.com/passwords.htm

This also allows alpha numeric strings to be generated as some routers do not support ASCI characters in their keys.

User avatar
sinical
Posts: 1012
Joined: 2007-03-25 11:52

#9 Post by sinical »

Stay away from that grc site. He is basically a fraud

Proof is at http://grcsucks.com/ (dodgy name i know but the content is real)
Every cloud has a silver lining, except for the mushroom shaped ones, which have a lining of Strontium 90.
---------------------------------------------
umop apisdn

User avatar
rfmonk
Posts: 4
Joined: 2007-05-29 00:02
Location: Everett WA

a few helpful links to extend your knowledge

#10 Post by rfmonk »

http://www.drizzle.com/~aboba/IEEE/rc4_ksaproc.pdf first paper about WEP vulnerability

http://seattlewireless.net/ my local resource

the book WarDriving and Wireless Penetration Testing (oreilly)
the book Wi-Foo secrets of wireless hacking (addison wesley)

theres much more, i think pen testing your own AP is the only way to really know for sure, it will take you on a road to understsnding what is practical.

Im always open to new resources, as I am a mere traveler on the same road.

User avatar
nopposan
Posts: 347
Joined: 2007-01-14 22:48

thanks for links

#11 Post by nopposan »

Thanks for the interesting links rfmonk. I've been interested in community wireless since I saw a cool idea playing out in Ohio. Then a regional commercial IP sued them. The story aired on NOW, I think when Bill Moyers was still hosting. Anyway, it's an exciting idea for helping to close the technology gap, in my opinion.

Thanks to Wikipedia I learned some of the terms you used:
AP = Access Point
pen-test = penetration test

Cheers.
Don't Panic!

User avatar
GMouse
Posts: 280
Joined: 2007-03-02 22:28
Location: Ohio, USA

Re: stealing sessions

#12 Post by GMouse »

rfmonk wrote:a little off topic.

keep in mind also that in practice, a person would probably not even bother to attempt bruteforcing when he could easily grab " certain" packets that have your mac address and then just

ifconfig hw ether yo:ur:ma:ch:er:e. and then pretend he is you.

Im not sure though if at that point he/she has any way of also highjacking anything else, Ive only done this in a campus setting to get online without any malicous entent, however, you can see how something can be easily circumvented.
MAC spoofing is only really useful for APs that control access by way of a white-list of MAC addresses and don't really relate to the encryption method at all. So, an attacker could spoof your MAC, but will still be locked out if WEP or WPA are in use.

Again, cracking WEP is trivial.
For the sake of proper attribution, my avatar: http://www.deviantart.com/deviation/40999320/

User avatar
nopposan
Posts: 347
Joined: 2007-01-14 22:48

cracking WEP

#13 Post by nopposan »

Thanks for the clarification GMouse. That's what I've heard before.
Don't Panic!

User avatar
e1even1
Posts: 267
Joined: 2007-03-09 19:18

#14 Post by e1even1 »

i don't even bother with encryption. but i do use MAC address filtering even though somone could spoof it.

the way i look at it is that anyone who can crack WEP or spoof my MAC has more important things to do than to hack my linux network. i use an original (simple) method of steganography to hide critical private data and you couldn't find it even with the latest forensic tools. and for critical online passwords, i use ssl or ssh.

i don't recommend this for commercial networks, but most of us home users dont have hackers parked outside so MAC filtering will do just fine.

imho it's alright, i guess, to be paranoid, but i try not to be.

User avatar
Optional
Posts: 326
Joined: 2007-02-05 05:02

#15 Post by Optional »

Half hour? Maybe 5 years ago... you can crack WEP in under a minute now :lol:

I'm actually writing a Perl + ncurses interface for automating just that 8)

WEP is worthless. MAC filtering is even more worthless. Don't use anything less than WPA2 if you care about security nowadays.

(and yes, Steve Gibson is a moron)
Have a question? for f in $(ls /usr/bin/); do man $f; done :lol:
----
Love Freedom? Love Liberty? Hate Bush? Vote Ron Paul in 2008!

User avatar
coxy
Posts: 140
Joined: 2007-03-29 10:50

#16 Post by coxy »

rfmonk, you mentioned about using socks 5 in Firefox. Do I just open up my connection settings and select 'Manual proxy configuration' then add localhost to the proxy? And that is it? When I added a port number (a random one) it blocked my connection :( When the port is left as 0 it connects but I don't know if it is encrypted or not :roll:

I didn't realise that Steve Gibson was a fraud, thanks for the info! His key gen was a useful tool but I will find anotherl.

Thanks again.

sonic6k
Posts: 208
Joined: 2007-05-31 15:46

#17 Post by sonic6k »

4430 is the standard port number for Secure HTTP.

jml
Posts: 216
Joined: 2006-10-26 19:51
Location: Albert Lea, Minnesota

#18 Post by jml »

Computer security is a relative thing. The only way to get complete security is to unplug your computer, lock it in a safe and never use it. Unfortunately, we are constantly balancing computer usability versus computer security. I use and recommend the use of a router, or combined router and wireless access point even if you only have one computer connected to the internet. It functions as a reasonably effective hardware firewall if correctly configured. Wireless, if needed will always be less secure than a wired connection, but use of either WPA or WPA2 is reasonable security. The likihood of someone sitting outside your home for the time needed to crack your network is rather unlikely. The same can be said for the use of locking a system down to the MAC adress. While MAC spoofing is possible, its my opinion that its unlikely that a "cracker" will spend the time sitting outside of your house hoping to get into your network. Any way, if you are concerned about your neighbor's ability to crack your network, then stick to a hard-wired network. You will sleep better.

I worry more about the vunerability of the "big fish" I do business with. Its more likely for a criminal to break into Amazon's, a bank's or a government's network than my personal computer. Heck, I've lost count of the number of government laptops that have been lost. I tend to spend more time worrying about the vendors I do business with and take measures to limit, but not eliminate my risks.

Joe
Never meddle in the affairs of dragons, for you are crunchy and good with catsup.

User avatar
nopposan
Posts: 347
Joined: 2007-01-14 22:48

academic? peace of mind?

#19 Post by nopposan »

Well, it's not only the greedy criminal that weighs on my mind, jml. It's the "dragons" too. I don't mean to meddle in their affairs, but I'd like to give my computer setup maximum protection against them. I hear they don't like garlic, and yet they often eat at fancy Italian restaurants in Washington D.C., so I doubt that's true.

Cheers.
Don't Panic!

User avatar
Optional
Posts: 326
Joined: 2007-02-05 05:02

#20 Post by Optional »

sonic6k wrote:4430 is the standard port number for Secure HTTP.
443* ;)
Have a question? for f in $(ls /usr/bin/); do man $f; done :lol:
----
Love Freedom? Love Liberty? Hate Bush? Vote Ron Paul in 2008!

Post Reply