Security Basics mailing list archives
Re: Application to monitor wireless intruders activity
From: Archangel Amael <archangel.amael () gmail com>
Date: Fri, 24 Sep 2010 14:53:37 +0200
Keep in mind cracking a wep key is merely a statistical brute force on the key. When using wpa or wpa2 a 4-way handshake is needed in order to try and obtain the pre-shared key. Without this key one can not normally gain access to the network. This key is then cracked by supplying it to a dictionary or brute force tool such as aircrack-ng. Now let's look at some other important factors, repsonses in line On Thu, Sep 23, 2010 at 10:38 AM, Miguel Regala <mikfisher64 () gmail com> wrote:
Hi,
i'm not talking about the router admin interface. I'm talking about the password to the wireless network.
If someone gains access to the router's web based admin page then the network is compromised. It is trivial to change the needed settings in order to become (as an intruder) a part of the network. Many routers have the ability to disallow remote connections to the admin page, by wireless connections. Meaning that an attacker intruder would need a cat5 connected between the attacking machine and the router to access the web admin page.
As you said, if an attacker managed to discover my key and if i was unaware of his presence, things could get ugly.
Again the best way to mitigate such things from happening is to use a WIDS system. An open source tool is airsnare, airsnare will alert you to MAC addresses trying to gain access to the network as well as requests for IP's over DHCP.
About the security options : i use WPA2-TKIP-PSK myself, so i don't have to worry about script kiddies using aircrack. However, like i mentioned, that doesn't mean they won't try to "hack" .. and it's always to nice to be informed about what are our surrounding neighbours intentions :-)
Using WPA2-TKIP-PSK as above is a good way to securing a wireless network. Having a long and complex password is also a good idea, since it is easy to capture the 4-way handshake, having a simple or short pass word means it takes less time to crack it. The minimum key length is 8 characters and the max is 64. I would personally advise using the max length. Just save the key in a .txt file on some sort of separate medium like a usb stick etc. A more important thing to look at in this (home scenario) is what do you have on your network that will make it worth someones time and energy to try and obtain your key. Script kiddies generally are going for the low-hanging fruit. Especially if we are talking about the stereotypical teenager with a downloaded copy of backtrack. So again having a long and complex pass word on wpa2 is a good way to go. If more is needed, might I also suggest looking into a RADIUS server. There are free and open source implementations of this all over the Internet. Cheers
Fisher 2010/9/22 Roger <rnodal () gmail com>:On Wed, Sep 22, 2010 at 4:29 PM, Miguel Regala <mikfisher64 () gmail com> wrote:Well the point is having any more information on the matter.I agree with you on having more information and you may even run into some one that does not even change their mac address :).e.g: An hipotetical attack is trying to manually brute-force my home router by testing out the most common passwords.Are you talking about the router admin page? Or the password/key to access your wireless network? If you are talking about the router admin page found typically under 192.168.1.1 then we are not in the same page and I did not respond thinking on that. If the attacker has gained access to your network I would worry about more things that just the admin page. Man in the middle attack comes to mind. If you are talking about the password to access the wireless network then it depends. For example, if the network is protected with WEP then all the attacker has to do is to capture enough data to decrypt the network KEY and as far as I am concerned this is done by "sniffing" which I believe is hard to detect. If the network is protected by WPA (Some conditions need to be met but I don't remember from the top of my head) then all the attacker has to do is to capture 4 or so packets (I also do not remember the exact number) and they can do the attack off-line.I for once would like to be aware of this situation ; though his mac would probably spoofed , there is other action i can take , given the intel from the logs ( e.g turning off the router when no one is using it ).I think that's a great idea. I actually do that myself :).Other (and angrier) owners could also want to elaborate active counter measures ( fake access point, honeypot, .. ).I guess if you have the time...or you could also use better wireless security options from the start but that is just me. -r------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Application to monitor wireless intruders activity mikfisher64 (Sep 21)
- Re: Application to monitor wireless intruders activity Christophe Schleypen (Sep 23)
- Re: Application to monitor wireless intruders activity Roger (Sep 23)
- Message not available
- Re: Application to monitor wireless intruders activity Miguel Regala (Sep 23)
- Message not available
- Message not available
- Re: Application to monitor wireless intruders activity Roger (Sep 23)
- Re: Application to monitor wireless intruders activity Miguel Regala (Sep 23)
- Message not available
- Message not available
- Re: Application to monitor wireless intruders activity Miguel Regala (Sep 24)
- Re: Application to monitor wireless intruders activity Archangel Amael (Sep 24)
- Re: Application to monitor wireless intruders activity Adam Mooz (Sep 24)
- <Possible follow-ups>
- Re: Application to monitor wireless intruders activity mikfisher64 (Sep 22)