Don't you just hate it when you get schooled?

[Goosemaster]

I was so embarrassed.

I have a rather simple setup, meant for convenience more than anything else.
WPA1+TKIP, timed outages, targeted coverage, network segmentation, firewalling, and the dude just brute forced my ass

I thought he was lying...until I....:shurg;...it's not like they got access to the private LAN or anything, but they could sniff all they wanted. Needless to say I am implementing wp2, radius and some other, frankly, procedural crap.

It just sucks when sh!t like this happens. It's not like a need a wireless fortress, or so I tell myself..

edit: I am guess what I am asking for is a hug and a cup of cocoa if you have some

 

[Old Hippie]

You guys must live in some heavily populated computer areas.

I've lived here 15 yrs. and the only other wireless signals I've ever seen, are when a relator sets-up a temporary base for selling a home.

 

[Goosemaster]

Originally posted by: Old Hippie
You guys must live in some heavily populated computer areas.

I've lived here 15 yrs. and the only other wireless signals I've ever seen, are when a relator sets-up a temporary base for selling a home.

Yeah, and we have many adjacent buildings...

 

[RebateMonger]

Can you provide more details? WiFi model, password length and complexity? How much WiFi traffic do you generate? You are the second person here in a week to report an apparent WPA crack.

 

[Kaervak]

You can crack WPA, it's not easy but it can be done. If your password is short in length and the SSID of the AP is left to default, there are rainbow tables that have practically all the hard work done for you. http://www.renderlab.net/projects/WPA-tables/

 

[ScottMac]

Originally posted by: Kaervak
You can crack WPA, it's not easy but it can be done. If your password is short in length and the SSID of the AP is left to default, there are rainbow tables that have practically all the hard work done for you. http://www.renderlab.net/projects/WPA-tables/

Agreed. It's not so much a WPA crack, it's just guessing / running a dictionary / brute forcing a weak password. Encryption strength means nothing if you use a short / lame / cute password.

It only has to be entered once on the AP, and once per machine (periodic changes are also recommended); there's no reason to not use a strong passphrase (long, upper/lower case, digits, punctuation).

I suppose you're lucky GooseMaster, it was a friendly guest that found it (as far as you know, they're the only one?).

 

[kevnich2]

Did you have some simple passphrase for your WPA or something?

 

[Goosemaster]

Originally posted by: ScottMac

Originally posted by: Kaervak
You can crack WPA, it's not easy but it can be done. If your password is short in length and the SSID of the AP is left to default, there are rainbow tables that have practically all the hard work done for you. http://www.renderlab.net/projects/WPA-tables/

Agreed. It's not so much a WPA crack, it's just guessing / running a dictionary / brute forcing a weak password. Encryption strength means nothing if you use a short / lame / cute password.

It only has to be entered once on the AP, and once per machine (periodic changes are also recommended); there's no reason to not use a strong passphrase (long, upper/lower case, digits, punctuation).

I suppose you're lucky GooseMaster, it was a friendly guest that found it (as far as you know, they're the only one?).

I am indeed lucky. It was a weak passphrase plus a heavily trafficked WDS. Well, not that weak, but not up to usual complexity standards. I take full responsibility for not actually taking the time to learn how the keys were created. I have done that now and will continue to learn more.

The one thing that keeps me in doubt and the one thing that was confusing was that the guy recommended I stop broadcasting my SSID which seemed suspicious. Can't you fake a disassociation anyways and discover the SSID ppretty quickly anyways?

they are wrt54gls w/ dd-wrt23SP2 in a WPA WDS using PSK for now.

Frankly I would love to believe that I was BS'd, but given this guy's line of work, I wouldn't put it past him.

 

[ScottMac]

Not broadcasting the SSID, while it would seem to make some sense, really doesn't.

The AP will always respond to a probe (which is normal traffic) with the SSID and other information. The most basic tools for looking at 802.11 signals will always show the SSID.
It's doesn't protect you from anything.

In addition to not masking the system, a/the/some Microsoft drivers will ignore the specifically programmed SSID that is masked to attach to one that is forbidden that is it broadcast. The general effect is that you'll be working right along, then everything stops while your client software tries to attach to someone else's AP.

They probably have that mostly fixed by now, but why screw with it. Broadcast your SSID; it will make no difference to a would-be intruder.

Forget MAC filtering too. It's also pretty useless. MACs are easily revealed (probe, ARP) and spoofed in minutes (fill in the blank on a script).

Your best defense is (as you have stated) a long, complex passphrase. It can still be defeated, but the longer it is, the less likely that it can be brute-forced within an acceptable timeframe (given that there are so many tender targets around you). You can prevent that as well by changing the passphrase periodically (every couple weeks, months ... whatever seems reasonable to you).

Good Luck!

 

[Goosemaster]

Thanks Scott.

I guess most everything was okay except the passphrase.I'll have to bite the the bullet and set a proper passphrase,

 

[ThaJollyMan]

go with TKIP and use along password with lots of random characters such as !@#$%^&*(....obviously throw some letters and #'s in there. I met some guy when i was working at circuit city . He was buying one of those wide range antennas that can pick up wireless signals for miles. He was telling me how he gets free wireless internet whenever he wants cause it was sooo easy fo him to get into WPA secured networks. he told me TKIP was the way to go. Its nearly impossible to break into.


Edit: HAHA i reread your post and realized you were running TKIP. I would just suggest lengthening you PW and adding a few variations in it. Go with 20 characters.

 

[ViRGE]

Is there any reason you were using TKIP and not WPA2-AES? It's my understanding that WPA2-AES is the only thing the WiFi Alliance considers "secure" these days.

Edit: I thought DD-WRT didn't support WDS with anything above WEP?

 

[Twr1]

Don?t use passphrase, go directly to keys.
From what I?ve seen of the rainbow tables, there are more than just dictionary passwords.

You can use GRC's random key generator. If there is a possibility your data is getting intercepted, copy several keys to notepad and mix and match your 63/64 characters.

 

[spidey07]

Originally posted by: Twr1
Don?t use passphrase, go directly to keys.
From what I?ve seen of the rainbow tables, there are more than just dictionary passwords.

You can use GRC's random key generator. If there is a possibility your data is getting intercepted, copy several keys to notepad and mix and match your 63/64 characters.

You know where the tables get more than just dictionary passwords?

From people that use internet key generators. There are many scrupulous sites that sell all the keys they generated. I wouldn't trust an online key generator, especially from GRC.

 

[ViRGE]

Originally posted by: spidey07
I wouldn't trust an online key generator, especially from GRC.

Especially from GRC? I know Steve Gibson is an ass at times, but he's always been an honest ass. I don't see him rigging his own RNG.

 

[sjwaste]

Originally posted by: Goosemaster


I was so embarrassed.

I have a rather simple setup, meant for convenience more than anything else.
WPA1+TKIP, timed outages, targeted coverage, network segmentation, firewalling, and the dude just brute forced my ass

I thought he was lying...until I....:shurg;...it's not like they got access to the private LAN or anything, but they could sniff all they wanted. Needless to say I am implementing wp2, radius and some other, frankly, procedural crap.

It just sucks when sh!t like this happens. It's not like a need a wireless fortress, or so I tell myself..

edit: I am guess what I am asking for is a hug and a cup of cocoa if you have some

Maybe you shouldn't have been a whistleblower?

Update your thread.

 

[Goosemaster]

spidey, some of the stuff I read just irks the hell out of me. The rate at which they can crack rars and the general speed of dictionary attacks these days on commodity hardware...

<--going to "try again" with wifi and abuse the **** out of his network next week.

Virge, it does support WPA. WPA2 only with AES. I was using TKIP because from my understanding it provided better security for WPA-PSK. Unfortunately I knew a little more about the mechanism than I did about WPA + AES.
The RCN stuff in WPA2 is pretty neat, and I will definitely move to that. Perhaps the biggest issue I face is just WDS and the immense amount of guest wireless traffic that we have.

In the end I'll vpn any of our clients, but I worry for the guests, since some of them might, once again, get bored' during a meeting.

I've always wanted to setup a practical captive portal with individual ssl connections too. The last one I used still relied on cgi proxy code to relay requests which made it pretty limited.

 

[VirtualLarry]

This is scary news. I've been using WPA-AES128 PSK with WDS mode between a WRT54Gv2 and an WR850Gv2. Haven't changed the passphrase in over a year. There's plenty of wifi networks in the neighborhood though. Most all of the other ones are using WEP, so at least I'm the least attractive target in the neighborhood.

 

[Genx87]

Heh I check my wireless router logs about once a month just to see if anybody has figured out my wireless networks passphrase. I am at WPA\WPA2-AES with a strong passphrase, thoug admittedly it could be stronger. 11 characters deep but only 3 !@# type characters.

So far in 7 months I havent seen anything authenticate other than my Wii and my two laptops. Though I guess they could spoof my mac but the times they authenticate clearly show it is my wife and I after dinner sitting down to watch shows.

 

[Goosemaster]

Originally posted by: Genx87
Heh I check my wireless router logs about once a month just to see if anybody has figured out my wireless networks passphrase. I am at WPA\WPA2-AES with a strong passphrase, thoug admittedly it could be stronger. 11 characters deep but only 3 !@# type characters.

So far in 7 months I havent seen anything authenticate other than my Wii and my two laptops. Though I guess they could spoof my mac but the times they authenticate clearly show it is my wife and I after dinner sitting down to watch shows.

We have quite a bit of logs though but I never noticed anything suspicious.