PDA

View Full Version : Should I be concerned with my wireless network?


NeoWeird
09-19-2010, 5:22 PM
I like to do stuff on my own, but this has got me stumped and my googlefu only returns the cliche "zomg ur stealingz my internets!!1!", basic network setups and rhetorical questions about making networks larger and stronger.

So here's the story. The area around me is sparsely populated. It used to be on my old G network that on good days I could get faint signals from my nearest neighbor only. Well late last year I upgraded to an N network and now I can easily hit 2-4 neighbors constantly, and even up to 6 on good days. My setup is the standard DSL modem/router from Verizon with it's entire wireless function disabled, feeding straight into my Netgear router via cable and running a WEP key encryption.

I originally setup my network and there was one other network in range running on channel 9 bleeding across channels 7 through 11. So I left my network on it's default of channel 3 bleeding across 1 through 5 to avoid interference. Well the other day I had friends over and we got to talking and eventually it got me wanting to check my setup again. I don't know if it was coincidence or just that I was paying attention now but there was a faint signal running on the same channel I was on. I didn't think much of it and switched channels to get the largest range of uninteruppted frequency. Little less than an hour later this 'new' network signal was on the same channel as me once again. I switch back and they follow. At this point I get their MAC address and deny it through my Netgear router and confirm that my moden/router is not sending out any signal. At this point I reboot my router and modem and go about my business. Several hours later the piggyback network is still off my channel.

Until this afternoon. They are back on my channel after roughly 5 channel hops across 3 different channels. Their MAC address is blocked and there is nothing in my logs or through my admin utilities to show any unauthorized use as far as I can see. I'd hate to move over to allowing only MAC address' for devices I know because I have people come over with laptops all the time (last night was a small family from my church that had four devices alone that they were using and several others they weren't). So I like the WEP key and giving it only to those people that I know but I can't for the life of me figure out what this neighbor's network is doing following me.

I'm using Inssider to scan the frequencies and it's giving me a distinct MAC, name, router manufacturer (different from my modem and router), etc. I'd think it might be a ghost of my own if it weren't for such the distinct differences between the two networks.

What do you computer and network guys think; Should I be concerned?

CalBear
09-19-2010, 5:36 PM
My advice to anyone using a wireless network: get the hell off of WEP and use WPA-PSK. MAC filtering does nothing. I have broken into my own wireless network when I had WEP mode and MAC filtering enabled (without the intruding PC on the list) and it took no more than 5 minutes. You can easily scan for clients connected to the router, and you can spoof one their MAC addresses. From there, it's just a matter of performing packet injection and using a statistical analysis tool to get the key. I'm not sure you should be worried about what you've been seeing, but WEP is totally insecure.

WPA-PSK on the other hand, requires brute force dictionary attacks. A lengthy key with various character classes will typically be extremely difficult or next to impossible to crack.

nick
09-19-2010, 6:04 PM
WEP - takes about 5 min to break. MAC filtering - add another 30 sec or so to spoof the MAC address.

You might want to get a router than supports WPA-PSK/WPA-PSK2, or, if you have multiple computers and a domain, you might want to consider 802.1x, IPSec, and a proper PKI :)

us.marshal
09-19-2010, 6:05 PM
My advice to anyone using a wireless network: get the hell off of WEP and use WPA-PSK. MAC filtering does nothing. I have broken into my own wireless network when I had WEP mode and MAC filtering enabled (without the intruding PC on the list) and it took no more than 5 minutes. You can easily scan for clients connected to the router, and you can spoof one their MAC addresses. From there, it's just a matter of performing packet injection and using a statistical analysis tool to get the key. I'm not sure you should be worried about what you've been seeing, but WEP is totally insecure.

WPA-PSK on the other hand, requires brute force dictionary attacks. A lengthy key with various character classes will typically be extremely difficult or next to impossible to crack.

Excellent advice. A quick Google search will net you a great instructional website: http://www.practicallynetworked.com/support/wireless_secure.htm

Also, when is comes to developing a truly secure key, use a key generator and then substitute a few of the digits to make it your own. Pretty much "hack" proof at that point.

GRC has a nice key gen located here: https://www.grc.com/passwords.htm
Go with the 63 character password (Printable ASCII characters).

Good luck

Exile Machine
09-19-2010, 6:19 PM
+1 on the WPA2. If you want totally secure network, bolt your doors and windows and run Cat-5 cable everywhere. Father-in-law does just that. Won't trust any wireless network.

JDay
09-19-2010, 6:43 PM
My advice to anyone using a wireless network: get the hell off of WEP and use WPA-PSK. MAC filtering does nothing. I have broken into my own wireless network when I had WEP mode and MAC filtering enabled (without the intruding PC on the list) and it took no more than 5 minutes. You can easily scan for clients connected to the router, and you can spoof one their MAC addresses. From there, it's just a matter of performing packet injection and using a statistical analysis tool to get the key. I'm not sure you should be worried about what you've been seeing, but WEP is totally insecure.

WPA-PSK on the other hand, requires brute force dictionary attacks. A lengthy key with various character classes will typically be extremely difficult or next to impossible to crack.

I'd go so far as to use WPA2-PSK and set it to only allow AES encrypted connections, TKIP has been cracked.

nick
09-19-2010, 7:03 PM
+1 on the WPA2. If you want totally secure network, bolt your doors and windows and run Cat-5 cable everywhere. Father-in-law does just that. Won't trust any wireless network.

Smart man, and I'm not being sarcastic :thumbsup:

Satex
09-19-2010, 8:49 PM
I have broken into my own wireless network when I had WEP mode and MAC filtering enabled (without the intruding PC on the list) and it took no more than 5 minutes. You can easily scan for clients connected to the router, and you can spoof one their MAC addresses. From there, it's just a matter of performing packet injection and using a statistical analysis tool to get the key. I'm not sure you should be worried about what you've been seeing, but WEP is totally insecure.


5 minutes? I wave the BS flag on that. What did you use to perform the packet injection and statistical analysis?

WEP - takes about 5 min to break. MAC filtering - add another 30 sec or so to spoof the MAC address.


Same as above.

WPA2 is the only real way to secure a home wireless network these days.


WPA2-AES is probably the best way to go nowadays.

Corbin Dallas
09-19-2010, 9:01 PM
I'd go so far as to use WPA2-PSK and set it to only allow AES encrypted connections, TKIP has been cracked.

This is the answer for a secure connection with consumer grade technology.


Any to answer Satex, with a highly active connection, one could receive enough information on a WEP to crack it in about 5 minutes.

Check into backtrack 4 and read some of the success stories in the forum.

CalBear
09-19-2010, 9:04 PM
5 minutes? I wave the BS flag on that. What did you use to perform the packet injection and statistical analysis?

The aircrack-ng suite (aircrack, airodump, aireplay) and kismet, along with a good, high powered wireless G device. It seriously only takes a matter of minutes to obtain a key. As was mentioned, it does depend on the activity of the network. If a device is connected to the network and is transferring significant amounts of data, the process is going to be very, very fast.

JDay
09-19-2010, 9:57 PM
Any to answer Satex, with a highly active connection, one could receive enough information on a WEP to crack it in about 5 minutes.

Check into backtrack 4 and read some of the success stories in the forum.

I've done it in less. The point being, WEP is not by any means secure.

GbguLuHD_I8

JDay
09-19-2010, 10:03 PM
If a device is connected to the network and is transferring significant amounts of data, the process is going to be very, very fast.

You just need two wifi cards, one must support injecting packets. This makes it very fast and easy to crack the WEP key on a wifi access point that nobody is even using.

Scratch705
09-20-2010, 4:10 AM
how would i check if others are on my network? through the router or ?

ocabj
09-20-2010, 6:56 AM
If your router has logging, that will give you the information you need to see if any rogue clients have been connecting and using your network (over wifi).

Otherwise, you could set up some other mechanism that would trigger some sort of footprint (e.g. a captive web portal).

JDay
09-20-2010, 1:38 PM
how would i check if others are on my network? through the router or ?

In the router's status page there should be a list of remembered DHCP mappings from the clients that have connected. You can also see the connected wireless clients from in there.

Scratch705
09-20-2010, 4:26 PM
icic, then woot, no unauthorized access on my wifi! wonder if it helps that i disabled SSID broadcast? so you can't even see the router when you do the windows wifi network search.

JDay
09-20-2010, 4:37 PM
icic, then woot, no unauthorized access on my wifi! wonder if it helps that i disabled SSID broadcast? so you can't even see the router when you do the windows wifi network search.

Tools such as Kismet and Netstumbler will see your network when wireless clients are connected.

OnlyKetchup
09-20-2010, 6:38 PM
As others have said you need to switch to WPA2. It's possible that your neighbor may have cracked your WEP key and is repeating your signal through their router, which is why you might be seeing the other network follow yours.

NeoWeird
09-20-2010, 10:12 PM
Sorry guys and gals, busy 12+ hour days and church every night this week so I'm not around much.

As for encryption, I don't really care much at this point in time. The network really only supplies internet to three computers that have no personal information on them outside of emails, which let's face it, 90% of mine is MidwayUSA and Brownells spam. I plan on going to something more secure in the future when I setup a media RAID server but until that point I rather like the ability to share my connection with friends and family easily - the key is more of a deterant to some random high schooler down the street. Kind of like people that put the alarm stickers on their house windows. It does nothing but turns most non-serious threats away.

Back to the original topic though, should I be concerned about this piggybacking network? The fact that it is shadowing my channels is suspect, but if my router is not actually logging any traffic from it, should I even care? Some random kid honing his 'hacker' skills on local networks? Is there anyway to hide traffic from the host device? etc. etc. I personally can't think of a reason, but networks are not my strong point so I figured I'd ask.

CalBear
09-20-2010, 10:31 PM
You can usually look at the clients connected to your router. If you never see any unidentified clients, or any unexpected spike in data usage, you're probably ok. Still, I would recommend the following steps:

1) At the very least, make sure you have root access password protected on your router.

2) Switch security to WPA-PSK2 w/ AES encryption. It is the most secure consumer level protection. Don't bother with MAC filtering. WPA keys don't have to be absurdly long to be safer than WEP. Just pick a decent key everyone in your family can remember.

Here are some reasons I can think of for making this switch:

1) Intranet protection. Most important transactions are done via HTTPS w/ encryption anyway, but you don't want to expose your computers or net transfers any more than necessary.

2) Speed. You don't want people mooching from your network. Also, many routers have hardware encryption for WPA w/ AES, which means encryption is very fast. I think WEP actually has a bigger performance hit on some routers.

3) Bandwidth caps. Again, you don't want someone leeching your connection and pushing your data usage toward the ISP's monthly bandwidth cap.

4) Illegal usage. Some people use the internet for illegal purposes. You don't want them using your internet connection to do this. After all, it's your IP address, your home address, your internet connection.

Sorry guys and gals, busy 12+ hour days and church every night this week so I'm not around much.

As for encryption, I don't really care much at this point in time. The network really only supplies internet to three computers that have no personal information on them outside of emails, which let's face it, 90% of mine is MidwayUSA and Brownells spam. I plan on going to something more secure in the future when I setup a media RAID server but until that point I rather like the ability to share my connection with friends and family easily - the key is more of a deterant to some random high schooler down the street. Kind of like people that put the alarm stickers on their house windows. It does nothing but turns most non-serious threats away.

Back to the original topic though, should I be concerned about this piggybacking network? The fact that it is shadowing my channels is suspect, but if my router is not actually logging any traffic from it, should I even care? Some random kid honing his 'hacker' skills on local networks? Is there anyway to hide traffic from the host device? etc. etc. I personally can't think of a reason, but networks are not my strong point so I figured I'd ask.

MissionMTMan
09-20-2010, 10:32 PM
Sorry to say this but they are all hackable. All it takes is the right guy at the right place and you're screwed. Like everyone says, go with WPA 2. It will be your best bet and keep 99% of people out.

Ricky-Ray
09-20-2010, 11:01 PM
Are you sure there's nothing else plugged into your network that your forgetting? I forgot about 2nd DVR that I installed and I was freaking out for about a week that there was a new MAC address on my network and they were able to get in after me changing the SSID, enabling MAC filtering, and changing the wpa2 passkey.

NeoWeird
09-20-2010, 11:16 PM
Ok, maybe I'm not being clear - the message I try to convey frequently gets lost so I think it's me. I will try to outline what I'm asking in as short and precise of statements as I can.



I am using Inssider to scan other wireless networks being broadcasted in my area so I can determine the best channel to keep my network on with the least interference. All information about ANY other network is being obtained through this scanner.

There are ZERO unauthorized connections to my router or my modem. None. I know EVERY single one of them both current and in logs.

HOWEVER... a SEPARATE WIRELESS NETWORK being broadcasted somewhere near me is following me every time I change channels. As far as I can tell, this network or any device on it are NOT actually interacting with my network or any device on it. They are simply occupying the same channel I am, and follow to any channel I change to.

The other network has distinct information that is repeatedly being reported via Inssider. It has a name very different from any name given to my network or any of my devices, it is made by a manufacturer that I own NO components for, and has a unique MAC address that is not changing.

Should I be concerned with this behavior? It's obviously intentional, but I can not figure out why.

CalBear
09-20-2010, 11:28 PM
Sorry, I've kind of taken the opportunity to lecture on wireless security, rather than answer your question. Some router's have a feature that automatically chooses the best available channel. Your neighbor may have a router that is acting up for some reason, and keeps changing its channel to match your router's channel. It may be a bad or strange algorithm. Either way, I'm pretty sure it's just his router auto selecting channels. I highly doubt it's anything malicious.

Ok, maybe I'm not being clear - the message I try to convey frequently gets lost so I think it's me. I will try to outline what I'm asking in as short and precise of statements as I can.

I am using Inssider to scan other wireless networks being broadcasted in my area so I can determine the best channel to keep my network on with the least interference. All information about ANY other network is being obtained through this scanner.

There are ZERO unauthorized connections to my router or my modem. None. I know EVERY single one of them both current and in logs.

HOWEVER... a SEPARATE WIRELESS NETWORK being broadcasted somewhere near me is following me every time I change channels. As far as I can tell, this network or any device on it are NOT actually interacting with my network or any device on it. They are simply occupying the same channel I am, and follow to any channel I change to.

The other network has distinct information that is repeatedly being reported via Inssider. It has a name very different from any name given to my network or any of my devices, it is made by a manufacturer that I own NO components for, and has a unique MAC address that is not changing.

Should I be concerned with this behavior? It's obviously intentional, but I can not figure out why.

Here is another thread where someone asked a similar question:

http://www.eggheadcafe.com/software/aspnet/34079995/is-my-neighbor-hacking-my-network.aspx

Ricky-Ray
09-20-2010, 11:36 PM
Is SSID broadcast enabled? If so have you tried turning it off and see what happens?

NeoWeird
09-21-2010, 2:10 AM
SSID is not turned off, and I was tempted to try it after you suggested it, but after reading that last link I think I'll stay away from it for now.

If I read that link correctly, it sounds like it's one of those things that happens but 99% of the population has no idea why it happens. Good to know; at least I don't need to worry about anything malicious going on in the background.

Thanks guys.

JDay
09-21-2010, 3:02 AM
Sorry guys and gals, busy 12+ hour days and church every night this week so I'm not around much.

As for encryption, I don't really care much at this point in time. The network really only supplies internet to three computers that have no personal information on them outside of emails, which let's face it, 90% of mine is MidwayUSA and Brownells spam. I plan on going to something more secure in the future when I setup a media RAID server but until that point I rather like the ability to share my connection with friends and family easily - the key is more of a deterant to some random high schooler down the street. Kind of like people that put the alarm stickers on their house windows. It does nothing but turns most non-serious threats away.

WPA and WPA2 are easier to share since you use a password instead of hexadecimal. People can also crack your WEP key and sniff your internet traffic, they could hijack your online banking session or email account if they wanted to. It only takes a minute to switch to WPA2 on the router (just change the setting in the drop down box in wireless security and type in a strong password). You should also look into 128-bit AES encryption (which WPA2 uses), it's used by the DoD to secure classified (Secret) documents. This means that it does not just turn the most non-serious threats away.

JDay
09-21-2010, 3:10 AM
Here are some reasons I can think of for making this switch:

1) Intranet protection. Most important transactions are done via HTTPS w/ encryption anyway, but you don't want to expose your computers or net transfers any more than necessary.

If someone cracks his WEP key they can easily hijack any HTTPS session he is on. This is just one example of why he needs to take this seriously.

http://hackaday.com/2009/02/23/sslstrip-hijacking-ssl-in-network/

sslstrip, hijacking SSL in network
posted Feb 23rd 2009 7:25pm by Eliot Phillips
filed under: cons, downloads hacks, security hacks

Last week at Black Hat DC, [Moxie Marlinspike] presented a novel way to hijack SSL. You can read about it in this Forbes article, but we highly recommend you watch the video. sslstrip can rewrite all https links as http, but it goes far beyond that. Using unicode characters that look similar to / and ? it can construct URLs with a valid certificate and then redirect the user to the original site after stealing their credentials. The attack can be very difficult for even above average users to notice. This attack requires access to the client’s network, but [Moxie] successfully ran it on a Tor exit node.

The fact he managed to run this on a Tor exit node also shows why you shouldn't trust that "secure anonymous" network.

JDay
09-21-2010, 3:17 AM
Are you sure there's nothing else plugged into your network that your forgetting? I forgot about 2nd DVR that I installed and I was freaking out for about a week that there was a new MAC address on my network and they were able to get in after me changing the SSID, enabling MAC filtering, and changing the wpa2 passkey.

How did it get back on if you didn't reconnect it?

JDay
09-21-2010, 3:20 AM
Ok, maybe I'm not being clear - the message I try to convey frequently gets lost so I think it's me. I will try to outline what I'm asking in as short and precise of statements as I can.



I am using Inssider to scan other wireless networks being broadcasted in my area so I can determine the best channel to keep my network on with the least interference. All information about ANY other network is being obtained through this scanner.

Just set the channel to auto, it will switch to the channel with the most interference automatically and you will never notice it.

There are ZERO unauthorized connections to my router or my modem. None. I know EVERY single one of them both current and in logs.

HOWEVER... a SEPARATE WIRELESS NETWORK being broadcasted somewhere near me is following me every time I change channels. As far as I can tell, this network or any device on it are NOT actually interacting with my network or any device on it. They are simply occupying the same channel I am, and follow to any channel I change to.

The other network has distinct information that is repeatedly being reported via Inssider. It has a name very different from any name given to my network or any of my devices, it is made by a manufacturer that I own NO components for, and has a unique MAC address that is not changing.

Should I be concerned with this behavior? It's obviously intentional, but I can not figure out why.

Maybe a neighbor is messing with your for some reason? In any case set the channel to auto and if they try to use the same channel it'll just change again.

Ricky-Ray
09-21-2010, 12:23 PM
How did it get back on if you didn't reconnect it?

It was hard wired to a wireless access point. I knew the MAC of the wireless access point but I didn't bother looking up the MAC of the 2nd DVR since it was hard wired to the access point thinking that it would not show up as a wireless device.

I thought wrong :rolleyes:

ExtremeX
09-21-2010, 3:57 PM
5 minutes? I wave the BS flag on that. What did you use to perform the packet injection and statistical analysis?



Same as above.



WPA2-AES is probably the best way to go nowadays.


Hes not BSing.. its easy, and takes little to no time. Im a network security administrator, part of my job is securing and pen-testing our own networks. WEP can be done in 5 min, if not less, if you are handy with linux and the air-crack suite. Packet injection capable adapter is why itís so fast. MAC address filtering is a joke, I donít even use it, its not a security measure, more of an irritation to the IT staff and a very small hurdle for a hacker.

If you donít know what to use, then I assume you havenít donít it before, thereís a linux distro that is known VERY well to any self-respected white hats and black hats. Heck, I have a boot disk that takes me a whole extra 15 seconds to break windows login passwords. This is why physical security is just as important in the IT world.

WPA2 isnít even that safe, but sure as heck a lot better than WEP. WPA and WPA2 is at least a challenge and possible deterrent . If you are familiar with rainbow tables and CUDA supercomputing cards, even a high end home workstation can be used to "run amuck" in the neighborhood. Chances are, no oneís going to spend the time and effort on a home network. Itís really a focused and targeted attack like corporate networks that do the worrying.

ExtremeX
09-21-2010, 3:59 PM
Is SSID broadcast enabled? If so have you tried turning it off and see what happens?

Turning off ur SSID is useless, an iPhone with a "find wifi app" can still see these networks. If you are using it as a major securiy measure its not a good one.

ExtremeX
09-21-2010, 4:09 PM
If you want to know what the BEST security is, it’s having no wireless at all.

If you need wireless, then take the time to setup a WPA or WPA2 with a LONG random generated key. Cracking WPA is EASY, if you pick passwords like INTERNET, or PASSWORD, or even AppleCheese123. Little time with a dictionary attack and the right tools, ur back to square one.

Pick something like this : &Gl2sbqPCVJj,D,Uz9\\QkT-&#,Xs%AoAwp\NVHa!b9xo7HdFAWgu!fqqcCXWNB
http://www.yellowpipe.com/yis/tools/WPA_key/generator.php
63 digit random generated. Copy it to a USB stick do you don’t have to type it into every PC. We do this at work, but change the key every 60 days.

I can go on and on about anything network related, including using subnets protected by firewall policy across different zones, ill just stop talking now. Remember, if someone is ON your network, they own the network. Session hijacking and even snooping is VERY easy. My work gives me tools to reconstruct secure HTTPS sessions at work. Pretty scary stuff in the wrong hands.
Remember, if there on your network, they own it:
http://www.metasploit.com/
If you can figure out how to use it, ur a haxor
And for the love of god, the above link I gave you, should be enough reason to DO YOUR WINDOWS UPDATES.

Ok.. ill stop talking now.

ExtremeX
09-21-2010, 4:14 PM
+1 on the WPA2. If you want totally secure network, bolt your doors and windows and run Cat-5 cable everywhere. Father-in-law does just that. Won't trust any wireless network.

You sir, are my friend.

JDay
09-21-2010, 6:18 PM
Hes not BSing.. its easy, and takes little to no time. Im a network security administrator, part of my job is securing and pen-testing our own networks. WEP can be done in 5 min, if not less, if you are handy with linux and the air-crack suite. Packet injection capable adapter is why itís so fast. MAC address filtering is a joke, I donít even use it, its not a security measure, more of an irritation to the IT staff and a very small hurdle for a hacker.

If you donít know what to use, then I assume you havenít donít it before, thereís a linux distro that is known VERY well to any self-respected white hats and black hats. Heck, I have a boot disk that takes me a whole extra 15 seconds to break windows login passwords. This is why physical security is just as important in the IT world.

WPA2 isnít even that safe, but sure as heck a lot better than WEP. WPA and WPA2 is at least a challenge and possible deterrent . If you are familiar with rainbow tables and CUDA supercomputing cards, even a high end home workstation can be used to "run amuck" in the neighborhood. Chances are, no oneís going to spend the time and effort on a home network. Itís really a focused and targeted attack like corporate networks that do the worrying.

Rainbow tables take a long time to generate and you have to generate them correctly for the encryption being broken. There are existing tables on the web but who really wants to download a 33GB rainbow table set? You also have to generate those for each SSID you want to crack, not going to happen. The tables I mentioned are only generated for the 1000 most popular SSID's out there, if you set a long, random string for your SSID those tables will be useless for cracking WPA or WPA2 on your network.

This is the description of the two most popular rainbow tables for WPA/WPA2.

7 Gb Set (172,000 words X 1000 SSID's)
33Gb Set (1 Mill words X 1000 SSID's)

Which illustrates why it's a good idea to use a non-dictionary based strong password, since these tables use a dictionary attack.

ExtremeX
09-21-2010, 6:35 PM
Rainbow tables take a long time to generate and you have to generate them correctly for the encryption being broken. There are existing tables on the web but who really wants to download a 33GB rainbow table set? You also have to generate those for each SSID you want to crack, not going to happen. The tables I mentioned are only generated for the 1000 most popular SSID's out there, if you set a long, random string for your SSID those tables will be useless for cracking WPA or WPA2 on your network.

This is the description of the two most popular rainbow tables for WPA/WPA2.



Which illustrates why it's a good idea to use a non-dictionary based strong password, since these tables use a dictionary attack.

I agree, and what you are saying is 100% correct. :)

Each table will be based on the SSID, which is also why itís important to change that and not leave it the default Linksys or NetgearÖ

This is why I made the statement that most home networks never care or worry about this with WPA2, itís the corporate business networks who worry as they are more likely a TARGET.

Now, going back to Rainbow tables, if you have the right tools (CUDA + large raid array in the TBs) like I said above, WPA2 is still vulnerable even with a custom SSID. I can generate tables at eye dropping rates. This is where additional security can be attached like RADIUS and Certificate auth. and or requiring a VPN tunnel after you connect to the network.

Sorry if im going all gung-ho, I treat my home network like a corporate network because itís attached to my office. For the OP, its overkill, but still, STRONG WPA2 key alone with a custom SSID should be adequate security.

odysseus
09-21-2010, 6:40 PM
Which illustrates why it's a good idea to use a non-dictionary based strong password, since these tables use a dictionary attack.

Yep - The essential problem for most home network WPA-PSK networks is a weak passphrase key subject to typical brute force attacks. AES doesn't mean anything if your passphrase is "tool".

To the OP - if you want to make your home wifi simply secure enough to not be worth much effort, make the SSID something original/unique (please not "linksys") and pick a complex long passphrase (13 alpha/numeric or more characters) for your WPA2-PSK using AES. If it is an option on your gear, use AES 256bit keys for warmer fuzzies.

There is more overhead on speed by a percentage, but pretty much you will be a very difficult target over others. Just do it, sounds like your gear supports it.

JDay
09-21-2010, 6:57 PM
Now, going back to Rainbow tables, if you have the right tools (CUDA + large raid array in the TBs) like I said above, WPA2 is still vulnerable even with a custom SSID. I can generate tables at eye dropping rates. This is where additional security can be attached like RADIUS and Certificate auth. and or requiring a VPN tunnel after you connect to the network.

That's a little overkill for most people

Sorry if im going all gung-ho, I treat my home network like a corporate network because itís attached to my office. For the OP, its overkill, but still, STRONG WPA2 key alone with a custom SSID should be adequate security.

Agreed.