Jump to content
Sign in to follow this  
panjang110

need help securing my home wifi

Recommended Posts

hi everyone, it been a while since i've posted anything here :happy: i'm a total noob when it comes to networking so help me please

 

a few weeks ago I noticed my internet speed is slower than normal but I didn't care much since i'm busy at work. so yesterday when I was configuring my router I noticed multiple unknown device in the ip pool.  I've tried putting those unknown device to deny association in my mac address filtering and reboot my router but they still keep showing up(with the same mac address that i put on the deny list :whoa: ). what bother me is my password is 64 hex character how the hell did they even break through that????

 

so today I've change my ssid name and password again with a new 64 hex character but after an hour or so the device is in again :wallbash: this is really frustrating.. I've disable WPS and use WPA2-psk with AES only, right now the only thing i can do is set the max ip count to 4 which is the total device i got at home so they cant get in... any advice to secure my wifi? i really don't want to set my ip count each time i add or remove a new device.

Share this post


Link to post
Share on other sites

Wifi is not secure and you can not make it secure. The wireless you are using WPA2-psk is the most secure wireless type you'll get next to enterprise. 

 

My advice would be shut down your wifi, and go to wired connections,.. you can't intercept the data, you have extremely fast speeds and it's secure.

Edited by Braegnok

Share this post


Link to post
Share on other sites

Wifi is not secure and you can not make it secure. With ip cloning software and encryption software to crack 128-bit keys and dynamically changing keys

Do you have a link to said software? I was under the impression brute forcing 128bit encryption would take very long: http://www.eetimes.com/document.asp?doc_id=1279619

 

If you are talking about using something like aircrack and john with a password list. Success is dependent on having the password in the list.., and running through millions of passwords is pretty time consuming.., especially if you are using rules to manipulate the list. Not saying its not doable, but very time consuming.

 

But if you know of a more efficient way you should enlighten me. :)

Share this post


Link to post
Share on other sites

Sorry no software links. Brute forcing is a fools errand if used on AES 128-bit key,.. birthday attacks, Collision attacks are used for quickly cracking obsolete WEP 64, WEP 128, or TKIP.

Edited by Braegnok

Share this post


Link to post
Share on other sites

With WPS disabled, there's very little chance they're breaking in via conventional methods.

 

 

Are you configuring via Wifi? If so, do it via wired next time (with wifi disabled entirely on your router)...they may simply be watching you enter the new password if they've broken in already.

Share this post


Link to post
Share on other sites

Sorry no software links. Brute forcing is a fools errand,.. birthday attacks, Collision attacks are used for quickly cracking obsolete WEP 64, WEP 128, or TKIP.

 

Current vulnerabilities are in Black Hat Intel Reports. http://www.blackhat.com/latestintel/

 

The link you referenced above is from 5/7/2012,.. they have since figured out the inherent flaws in AES and cracking is much, much quicker with the tools used today.   

 

I see you edited your post, right as I hit the quote button lol. Aww well,

 

Anyway, isn't a "Collision attack" essentially a brute force attack, and also kinda old right, (surely several years before 2012) seeing as you are crunching all passwords to generate the same hash? How is that not considered brute force.

 

The Birthday Attack just used the birthday paradox to make a brute force attack more efficient. It's still going to take quite a bit of time to do the number crunching. Depending on the crypto used it could take months to perform.

 

You are definitely right about the older forms of wifi encryption being very weak, hopefully OP is using wpa2-aes though, which I believe is one of the strongest forms of encryption used on the average personal computer, right? Or is there really software that can just automatically crack it in a few hours, I just find that hard to to believe?

 

I'm not saying that these attacks are impossible, just pointing out that I don't think they are as "easy", provided target keeps up to date, as you make them appear to be. Many exploits can take quite a bit of time, and sometimes some social engineering right. Just getting that first handshake could take days ;)

 

Edit:

 

Also, I'm not trying to be derogatory or anything, I'm just genuinely curious about the subject. And from everything I've ever read (Strictly speaking about cracking wifi, there are of course other exploits out there) it takes some form of brute force method that, given a strong password and wpa2 with aes, takes some, seemingly fairly long, length of time (varying on luck) to run. is this just not true?

Edited by tacohunter52

Share this post


Link to post
Share on other sites

OP is using 64 hex character key,.. for WEP 128-bit key it takes 7.9 minutes to crack using collision attack.

 

For AES 128-bit key you need to use R-H cryptanalysis https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis any other attempt to break AES will most certainly be futile.

op isnt using wep though. His post says wpa2. I think he means his password is 64 characters long

Share this post


Link to post
Share on other sites

 

OP is using 64 hex character key,.. for WEP 128-bit key it takes 7.9 minutes to crack using collision attack.

 

For AES 128-bit key you need to use R-H cryptanalysis https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis any other attempt to break AES will most certainly be futile.

op isnt using wep though. His post says wpa2. I think he means his password is 64 characters long

 

Right, which makes it the strongest possible key at 256 bit (64 hex characters at 4 bytes each). I never bother doing the hex keys, I just use a longer SSID and passphrase (since they get converted to the same length anyway).

Share this post


Link to post
Share on other sites

If you switched to WPA2 without WPS, there very little chance of anyone getting in. It takes less than 2 minutes to crack it with WPS enabled.

 

The other option is not to broadcast your SSID so people can't sniff it and try to crack it.

Share this post


Link to post
Share on other sites

The other option is not to broadcast your SSID so people can't sniff it and try to crack it.

This isn't really any added security unless something has changed in the past few years.

Share this post


Link to post
Share on other sites

hmm I thought without broadcasting your SSID they would need to know it, otherwise they couldn't scan it. Of course you have those sniffing programs, but this will stop the script-kiddies from cracking it since they only know how to push a button.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...