Wireless router question
Joined: Sep 2002
Posts: 1,650
Likes: 0
From: Chichester, UK
I run my wifi LAN with SSID disabled, with an access list containing just the laptops that should have access, and with WPA/PSK/TKIP. Only the last bit actually does anything for security; the others just remove the open invitation to the neighbours and to anybody driving by with their wireless-enabled laptop on the car seat. There are no plausible attacks on WPA/PSK in the public domain.
$ ./cowpatty -r eap-test.dump -f dict -s somethingclever
coWPAtty 2.0 - WPA-PSK dictionary attack.
Collected all necessary data to mount crack against passphrase.
Loading words into memory, please be patient ... Done (10201 words).
Starting dictionary attack. Please be patient.
[1000] [2000] [3000] [4000]
The PSK is "family movie night".
coWPAtty 2.0 - WPA-PSK dictionary attack.
Collected all necessary data to mount crack against passphrase.
Loading words into memory, please be patient ... Done (10201 words).
Starting dictionary attack. Please be patient.
[1000] [2000] [3000] [4000]
The PSK is "family movie night".
Joined: Jun 2003
Posts: 13,787
Likes: 0
From: EuroGA.org
Hmmm, interesting. I wonder what the probability is of finding a passphrase of four unrelated words - even taking the vocabulary of the Sun newspaper (3000 words 
) ?
Common quotes and sentences - I agree.
For best security one would leave the wifi link wide open (for maximum compatibility) and run a VPN but very few cheap wifi routers will run a VPN to their wifi port.
A friend works for THE major network gear manufacturer (yes you can guess the name) and after their networks got repeatedly hacked by wardrivers they now insist on triple-DES for every employee using wifi for anything to do with company business, at work or at home. Of course this means they all have to use access points made by this same company - most of the cheap routers don't support the more esoteric wifi authentication and encryption modes.
I am still struggling with a tablet PC with an internal Cisco 350 wifi PCMCIA card which supports every flavour of WPA except WPA/PSK, while my router supports WPA/PSK only. And I do know how it "should work" but for some reason it doesn't. So I am now looking at Cisco access points on Ebay - let's face it, anybody making wifi equipment isn't going to test it against every no-name box with two aerials on top; they will make sure it works with Cisco access points though because that's what most serious users have. I wouldn't dream of running an internet cafe for example unless I used Cisco APs.
Getting back to breaking peoples' fingers yes I agree if done maliciously. However, imagine yourself in some dodgy hotel abroad; 11pm; you need to get the weather for tomorrow and there is no internet, no fax, no GPRS, not even 9.6k GSM data at £1/minute, no nuffing, and nobody at the airport can speak English. But there is a wireless signal, with no security, and the SSID is "Linksys" - clearly installed by a mug. What would one do? There's a nice question for an IT ethics Masters at Milton Keynes
) ?Common quotes and sentences - I agree.
For best security one would leave the wifi link wide open (for maximum compatibility) and run a VPN but very few cheap wifi routers will run a VPN to their wifi port.
A friend works for THE major network gear manufacturer (yes you can guess the name) and after their networks got repeatedly hacked by wardrivers they now insist on triple-DES for every employee using wifi for anything to do with company business, at work or at home. Of course this means they all have to use access points made by this same company - most of the cheap routers don't support the more esoteric wifi authentication and encryption modes.
I am still struggling with a tablet PC with an internal Cisco 350 wifi PCMCIA card which supports every flavour of WPA except WPA/PSK, while my router supports WPA/PSK only. And I do know how it "should work" but for some reason it doesn't. So I am now looking at Cisco access points on Ebay - let's face it, anybody making wifi equipment isn't going to test it against every no-name box with two aerials on top; they will make sure it works with Cisco access points though because that's what most serious users have. I wouldn't dream of running an internet cafe for example unless I used Cisco APs.
Getting back to breaking peoples' fingers
yes I agree if done maliciously. However, imagine yourself in some dodgy hotel abroad; 11pm; you need to get the weather for tomorrow and there is no internet, no fax, no GPRS, not even 9.6k GSM data at £1/minute, no nuffing, and nobody at the airport can speak English. But there is a wireless signal, with no security, and the SSID is "Linksys" - clearly installed by a mug. What would one do? There's a nice question for an IT ethics Masters at Milton Keynes
