Jump to content


Photo
- - - - -

need help securing my home wifi


  • Please log in to reply
19 replies to this topic

#1 panjang110

panjang110

    Member

  • Members
  • PipPip
  • 275 posts
  • Gender:Male
  • Location:Malaysia

Posted 11 February 2017 - 10:35 PM

hi everyone, it been a while since i've posted anything here :happy: i'm a total noob when it comes to networking so help me please

 

a few weeks ago I noticed my internet speed is slower than normal but I didn't care much since i'm busy at work. so yesterday when I was configuring my router I noticed multiple unknown device in the ip pool.  I've tried putting those unknown device to deny association in my mac address filtering and reboot my router but they still keep showing up(with the same mac address that i put on the deny list :whoa: ). what bother me is my password is 64 hex character how the hell did they even break through that????

 

so today I've change my ssid name and password again with a new 64 hex character but after an hour or so the device is in again :wallbash: this is really frustrating.. I've disable WPS and use WPA2-psk with AES only, right now the only thing i can do is set the max ip count to 4 which is the total device i got at home so they cant get in... any advice to secure my wifi? i really don't want to set my ip count each time i add or remove a new device.


Main Rig

i5 3570K,Asrock Z77Pro4-M,2x4GB Corsair Vengeance 1600,HD7970,Kingston V300 120GB,WD black 1TB

Enermax Naxn 750 Watt, Cooler Master N200, Samsung S27A950D 120Hz, Razer Arctosa,Logitech MX518

Custom Loop

XSPC Raystorm Block, EK DCP 4.0,EK DCP 4.0 Res Combo,HwL Black Ice GT Stealth 240,2xDelta EFB1212HH

 

mts6.jpg

 


#2 Braegnok

Braegnok

    Nimrod

  • Folding Member
  • 1175 posts
  • Gender:Male
  • Location:Colorado USA

Posted 17 February 2017 - 09:30 AM

Wifi is not secure and you can not make it secure. The wireless you are using WPA2-psk is the most secure wireless type you'll get next to enterprise. 

 

My advice would be shut down your wifi, and go to wired connections,.. you can't intercept the data, you have extremely fast speeds and it's secure.


Edited by Braegnok, 20 February 2017 - 04:37 AM.

Intel Core i7-6850K

Asus X99-WS/IPMI

Nvidia GTX1080 

32GB DDR4 2400MHz

SeaSonic SSR-1000PD

EK-XLC Predator 280

 


#3 scr4wl

scr4wl

    R34CT1V4T3D

  • Members
  • PipPipPipPipPip
  • 2858 posts
  • Gender:Male
  • Location:New Mexico

Posted 17 February 2017 - 04:37 PM

Wifi is not secure and you can not make it secure. With ip cloning software and encryption software to crack 128-bit keys and dynamically changing keys


Do you have a link to said software? I was under the impression brute forcing 128bit encryption would take very long: http://www.eetimes.c...?doc_id=1279619

If you are talking about using something like aircrack and john with a password list. Success is dependent on having the password in the list.., and running through millions of passwords is pretty time consuming.., especially if you are using rules to manipulate the list. Not saying its not doable, but very time consuming.

But if you know of a more efficient way you should enlighten me. :)

Generic Most Awesome Sig


#4 Braegnok

Braegnok

    Nimrod

  • Folding Member
  • 1175 posts
  • Gender:Male
  • Location:Colorado USA

Posted 17 February 2017 - 05:49 PM

Sorry no software links. Brute forcing is a fools errand if used on AES 128-bit key,.. birthday attacks, Collision attacks are used for quickly cracking obsolete WEP 64, WEP 128, or TKIP.


Edited by Braegnok, 19 February 2017 - 12:59 PM.

Intel Core i7-6850K

Asus X99-WS/IPMI

Nvidia GTX1080 

32GB DDR4 2400MHz

SeaSonic SSR-1000PD

EK-XLC Predator 280

 


#5 Waco

Waco

    Lab Rat 2

  • Reviewer
  • PipPipPipPipPipPipPipPip
  • 16456 posts
  • Gender:Male
  • Location:Los Alamos, NM

Posted 18 February 2017 - 07:07 PM

With WPS disabled, there's very little chance they're breaking in via conventional methods.


Are you configuring via Wifi? If so, do it via wired next time (with wifi disabled entirely on your router)...they may simply be watching you enter the new password if they've broken in already.
Tolerance is a sign of weakness.

#6 scr4wl

scr4wl

    R34CT1V4T3D

  • Members
  • PipPipPipPipPip
  • 2858 posts
  • Gender:Male
  • Location:New Mexico

Posted 19 February 2017 - 09:44 AM

Sorry no software links. Brute forcing is a fools errand,.. birthday attacks, Collision attacks are used for quickly cracking obsolete WEP 64, WEP 128, or TKIP.

 

Current vulnerabilities are in Black Hat Intel Reports. http://www.blackhat.com/latestintel/

 

The link you referenced above is from 5/7/2012,.. they have since figured out the inherent flaws in AES and cracking is much, much quicker with the tools used today.   

 

I see you edited your post, right as I hit the quote button lol. Aww well,

 

Anyway, isn't a "Collision attack" essentially a brute force attack, and also kinda old right, (surely several years before 2012) seeing as you are crunching all passwords to generate the same hash? How is that not considered brute force.

 

The Birthday Attack just used the birthday paradox to make a brute force attack more efficient. It's still going to take quite a bit of time to do the number crunching. Depending on the crypto used it could take months to perform.

 

You are definitely right about the older forms of wifi encryption being very weak, hopefully OP is using wpa2-aes though, which I believe is one of the strongest forms of encryption used on the average personal computer, right? Or is there really software that can just automatically crack it in a few hours, I just find that hard to to believe?

 

I'm not saying that these attacks are impossible, just pointing out that I don't think they are as "easy", provided target keeps up to date, as you make them appear to be. Many exploits can take quite a bit of time, and sometimes some social engineering right. Just getting that first handshake could take days ;)

 

Edit:

 

Also, I'm not trying to be derogatory or anything, I'm just genuinely curious about the subject. And from everything I've ever read (Strictly speaking about cracking wifi, there are of course other exploits out there) it takes some form of brute force method that, given a strong password and wpa2 with aes, takes some, seemingly fairly long, length of time (varying on luck) to run. is this just not true?


Edited by tacohunter52, 19 February 2017 - 10:20 AM.

Generic Most Awesome Sig


#7 Braegnok

Braegnok

    Nimrod

  • Folding Member
  • 1175 posts
  • Gender:Male
  • Location:Colorado USA

Posted 19 February 2017 - 10:54 AM

OP is using 64 hex character key,.. for WEP 128-bit key it takes 7.9 minutes to crack using collision attack.

 

For AES 128-bit key you need to use R-H cryptanalysis https://en.wikipedia...e_cryptanalysis any other attempt to break AES will most certainly be futile.


Intel Core i7-6850K

Asus X99-WS/IPMI

Nvidia GTX1080 

32GB DDR4 2400MHz

SeaSonic SSR-1000PD

EK-XLC Predator 280

 


#8 scr4wl

scr4wl

    R34CT1V4T3D

  • Members
  • PipPipPipPipPip
  • 2858 posts
  • Gender:Male
  • Location:New Mexico

Posted 19 February 2017 - 11:43 AM

OP is using 64 hex character key,.. for WEP 128-bit key it takes 7.9 minutes to crack using collision attack.

For AES 128-bit key you need to use R-H cryptanalysis https://en.wikipedia...e_cryptanalysis any other attempt to break AES will most certainly be futile.


op isnt using wep though. His post says wpa2. I think he means his password is 64 characters long

Generic Most Awesome Sig


#9 Waco

Waco

    Lab Rat 2

  • Reviewer
  • PipPipPipPipPipPipPipPip
  • 16456 posts
  • Gender:Male
  • Location:Los Alamos, NM

Posted 19 February 2017 - 12:32 PM

OP is using 64 hex character key,.. for WEP 128-bit key it takes 7.9 minutes to crack using collision attack.

For AES 128-bit key you need to use R-H cryptanalysis https://en.wikipedia...e_cryptanalysis any other attempt to break AES will most certainly be futile.


op isnt using wep though. His post says wpa2. I think he means his password is 64 characters long

Right, which makes it the strongest possible key at 256 bit (64 hex characters at 4 bytes each). I never bother doing the hex keys, I just use a longer SSID and passphrase (since they get converted to the same length anyway).
Tolerance is a sign of weakness.

#10 ir_cow

ir_cow

    I Am A Cow...

  • Reviewer
  • PipPipPipPipPipPip
  • 6020 posts
  • Gender:Male
  • Location:MT

Posted 19 February 2017 - 01:04 PM

If you switched to WPA2 without WPS, there very little chance of anyone getting in. It takes less than 2 minutes to crack it with WPS enabled.

 

The other option is not to broadcast your SSID so people can't sniff it and try to crack it.


Filckr Photostream / Intel Pentium G3258 OC Guide / NVIDIA GTX 1070 OC Guide

Main Rig: i7 3960X @ 4.3Ghz, ASUS X79 R4BE, Geforce GTX 1070, Intel 730(s) 480GB, 64GB DDR3 1600, Seasonic 1000w Plat.

Review Test Rig: : i7-4770k @ 4.2ghz, MSI-GD65 Gaming, Geforce GTX 770 , Corsair Force GT 240 GB, Patriot 16 GB 2400 (2x8gb), Thermaltake 750w.


#11 Waco

Waco

    Lab Rat 2

  • Reviewer
  • PipPipPipPipPipPipPipPip
  • 16456 posts
  • Gender:Male
  • Location:Los Alamos, NM

Posted 19 February 2017 - 01:35 PM

The other option is not to broadcast your SSID so people can't sniff it and try to crack it.

This isn't really any added security unless something has changed in the past few years.
Tolerance is a sign of weakness.

#12 ir_cow

ir_cow

    I Am A Cow...

  • Reviewer
  • PipPipPipPipPipPip
  • 6020 posts
  • Gender:Male
  • Location:MT

Posted 19 February 2017 - 10:13 PM

hmm I thought without broadcasting your SSID they would need to know it, otherwise they couldn't scan it. Of course you have those sniffing programs, but this will stop the script-kiddies from cracking it since they only know how to push a button.


Filckr Photostream / Intel Pentium G3258 OC Guide / NVIDIA GTX 1070 OC Guide

Main Rig: i7 3960X @ 4.3Ghz, ASUS X79 R4BE, Geforce GTX 1070, Intel 730(s) 480GB, 64GB DDR3 1600, Seasonic 1000w Plat.

Review Test Rig: : i7-4770k @ 4.2ghz, MSI-GD65 Gaming, Geforce GTX 770 , Corsair Force GT 240 GB, Patriot 16 GB 2400 (2x8gb), Thermaltake 750w.