Security Basics mailing list archives

Re: Application to monitor wireless intruders activity

From: Archangel Amael <archangel.amael () gmail com>
Date: Fri, 24 Sep 2010 14:53:37 +0200

Keep in mind cracking a wep key is merely a statistical brute force on the key.
When using wpa or wpa2 a 4-way handshake is needed in order to try and
obtain the pre-shared key.
Without this key one can not normally gain access to the network. This
key is then cracked by supplying it to a dictionary or brute force
tool such as aircrack-ng. Now let's look at some other important
factors, repsonses in line

On Thu, Sep 23, 2010 at 10:38 AM, Miguel Regala <mikfisher64 () gmail com> wrote:

Hi,

i'm not talking about the router admin interface. I'm talking about
the password to the wireless network.


If someone gains access to the router's web based admin page then the
network is compromised.
It is trivial to change the needed settings in order to become (as an
intruder) a part of the network.
Many routers have the ability to disallow remote connections to the
admin page, by wireless connections.
Meaning that an attacker intruder would need a cat5 connected between
the attacking machine and the router to access the web admin page.


As you said, if an attacker managed to discover my key and if i was
unaware of his presence, things could get ugly.


Again the best way to mitigate such things from happening is to use a
WIDS system.
An open source tool is airsnare, airsnare will alert you to MAC
addresses trying to gain access to the network as well as requests for
IP's over DHCP.

About the security options : i use WPA2-TKIP-PSK myself, so i don't
have to worry about script kiddies using aircrack. However, like i
mentioned, that doesn't mean they won't try to "hack" .. and it's
always to nice to be informed about what are our surrounding
neighbours intentions :-)

Using WPA2-TKIP-PSK as above is a good way to securing a wireless
network. Having a long and complex password is also a good idea, since
it is easy to capture the 4-way handshake, having a simple or short
pass word means it takes less time to crack it.
The minimum key length is 8 characters and the max is 64. I would
personally advise using the max length. Just save the key in a .txt
file on some sort of separate medium like a usb stick etc.

A more important thing to look at in this (home scenario) is what do
you have on your network that will make it worth someones time and
energy to try and obtain your key. Script kiddies generally are going
for the low-hanging fruit. Especially if we are talking about the
stereotypical teenager with a downloaded copy of backtrack. So again
having a long and complex pass word on wpa2 is a good way to go.
If more is needed, might I also suggest looking into a RADIUS server.
There are free and open source implementations of this all over the
Internet.

Cheers

Fisher

2010/9/22 Roger <rnodal () gmail com>:

On Wed, Sep 22, 2010 at 4:29 PM, Miguel Regala <mikfisher64 () gmail com> wrote:

Well the point is having any more information on the matter.


I agree with you on having more information and you may even run into
some one that does not even change their mac address :).

e.g: An hipotetical attack is trying to manually brute-force my home router
by testing out the most common passwords.


Are you talking about the router admin page? Or the password/key to
access your wireless network?
If you are talking about the router admin page found typically under
192.168.1.1 then we are not in the same page and I did not respond
thinking on that.
If the attacker has gained access to your network I would worry about
more things that just the admin page. Man in the middle attack comes
to mind.
If you are talking about the password to access the wireless network
then it depends. For example, if the network is protected
with WEP then all the attacker has to do is to capture enough data to
decrypt the network KEY and as far as I am concerned this is done
by "sniffing" which I believe is hard to detect. If the network is
protected by WPA
(Some conditions need to be met but I don't remember from the top of
my head) then all the attacker has to do is to capture 4 or
so packets (I also do not remember the exact number) and they can do
the attack off-line.


I for once would like to be aware of this situation ; though his mac would
probably spoofed , there is other action i can take , given the intel from
the logs ( e.g turning off the router when no one is using it ).


I think that's a great idea. I actually do that myself :).

Other (and
angrier) owners could also want to elaborate active counter measures ( fake
access point, honeypot, .. ).


I guess if you have the time...or you could also use better wireless
security options from the start but that is just me.

-r


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Application to monitor wireless intruders activity mikfisher64 (Sep 21)
- Re: Application to monitor wireless intruders activity Christophe Schleypen (Sep 23)
- Re: Application to monitor wireless intruders activity Roger (Sep 23)
  - Message not available
    - Re: Application to monitor wireless intruders activity Miguel Regala (Sep 23)
  - Message not available
    - Re: Application to monitor wireless intruders activity Roger (Sep 23)
    - Re: Application to monitor wireless intruders activity Miguel Regala (Sep 23)
    - Message not available
    - Message not available
    - Re: Application to monitor wireless intruders activity Miguel Regala (Sep 24)
    - Re: Application to monitor wireless intruders activity Archangel Amael (Sep 24)
    - Re: Application to monitor wireless intruders activity Adam Mooz (Sep 24)
- <Possible follow-ups>
- Re: Application to monitor wireless intruders activity mikfisher64 (Sep 22)