Welcome to the Windows Central Forums Create Your Account or Ask a Question Answers in 5 minutes - no registration required!
Page 1 of 2 12 LastLast
Results 1 to 25 of 34
Like Tree13Likes
  1. palandri's Avatar
    Retired Moderator

    Posts
    7,122 Posts
    Global Posts
    9,262 Global Posts
       #1  
    I own a townhouse. I know all of my neighbors. My Cisco wireless router died. No big deal, I bought another one. I set up the new one up with the same SSID and WPA2 password. The difference with the new one is I could now see the activity lights.

    After I set it up, I checked all of my wireless devices (8 total) and they were all working fine. Later on I noticed my 2.4GHz band seemed really active. I thought I must be getting an update on one of my devices. The activity continued and I thought, what the heck is going on. I pulled up a network map and there are 10 devices connected to my wireless router. I thought, what device am I missing. I even checked the MAC address of all my devices. I wasn't missing any. There were 2 devices connected to my WiFi that I didn't recognize.

    I changed the WPA2 password on my router. Then changed the WPA2 password on my 8 wireless devices. Now when I pulled a network map up I get 8 devices connected. Some body, obviously one of my neighbors was tapped into my WiFi.
    Check out the great deals on Windows Phone Accessories: http://store.wpcentral.com
  2. Laura Knotek's Avatar

    Posts
    16,870 Posts
    Global Posts
    32,246 Global Posts
    PIN
    Email
    #2  
    That's messed up. How did the neighbors get your password?
  3. #3  
    I can brute force a wpa in a decent time if you use common words or variants to make it.
    palandri likes this.
  4. #4  
    Routers are easy to hack if you have knowledge using Linux (Backtrack specifically)
    Thanked by:
    palandri likes this.
  5. palandri's Avatar
    Retired Moderator

    Posts
    7,122 Posts
    Global Posts
    9,262 Global Posts
       #5  
    Quote Originally Posted by lak611 View Post
    That's messed up. How did the neighbors get your password?
    I have no idea. I asked my wife if she had given it out to anyone and she said no, I don't even remember it. I also checked firmware updates for my old Cisco router. I was behind one update. I was running 1.0.0.4, and the latest firmware was 1.0.0.5, but there was no mention of a security issue with the 1.0.0.5 update. It was a 10 digit password, which would normally be pretty secure, i.e., 47kLJttYeU.
    Check out the great deals on Windows Phone Accessories: http://store.wpcentral.com
  6. palandri's Avatar
    Retired Moderator

    Posts
    7,122 Posts
    Global Posts
    9,262 Global Posts
       #6  
    Quote Originally Posted by ImmortalWarrior View Post
    I can brute force a wpa in a decent time if you use common words or variants to make it.
    Thanks for letting me know that. It's appreciated.
    Check out the great deals on Windows Phone Accessories: http://store.wpcentral.com
  7. Laura Knotek's Avatar

    Posts
    16,870 Posts
    Global Posts
    32,246 Global Posts
    PIN
    Email
    #7  
    Quote Originally Posted by palandri View Post
    I have no idea. I asked my wife if she had given it out to anyone and she said no, I don't even remember it. I also checked firmware updates for my old Cisco router. I was behind one update. I was running 1.0.0.4, and the latest firmware was 1.0.0.5, but there was no mention of a security issue with the 1.0.0.5 update. It was a 10 digit password, which would normally be pretty secure, i.e., 47kLJttYeU.
    That's weird. That wouldn't be considered a weak password.
    Thanked by:
    palandri likes this.
  8. palandri's Avatar
    Retired Moderator

    Posts
    7,122 Posts
    Global Posts
    9,262 Global Posts
       #8  
    Quote Originally Posted by Alex Rodriguez View Post
    Routers are easy to hack if you have knowledge using Linux (Backtrack specifically)
    Thanks! Now i know.
    Check out the great deals on Windows Phone Accessories: http://store.wpcentral.com
  9. palandri's Avatar
    Retired Moderator

    Posts
    7,122 Posts
    Global Posts
    9,262 Global Posts
       #9  
    Quote Originally Posted by lak611 View Post
    That's weird. That wouldn't be considered a weak password.
    That's what i thought.
    Check out the great deals on Windows Phone Accessories: http://store.wpcentral.com
  10. #10  
    Quote Originally Posted by lak611 View Post
    That's weird. That wouldn't be considered a weak password.
    It becomes stronger if you put symbols like @#* instead of a use @, if you use i use ! or 1, things like that.
    Thanked by:
  11. CJ Thunder's Avatar
    Member

    Posts
    607 Posts
    #11  
    Quote Originally Posted by Alex Rodriguez View Post
    Routers are easy to hack if you have knowledge using Linux (Backtrack specifically)
    How? Isn't there a lockout after so many failed attempts from the same mac address?
  12. palandri's Avatar
    Retired Moderator

    Posts
    7,122 Posts
    Global Posts
    9,262 Global Posts
       #12  
    Quote Originally Posted by Alex Rodriguez View Post
    It becomes stronger if you put symbols like @#* instead of a use @, if you use i use ! or 1, things like that.
    Thanks!
    Check out the great deals on Windows Phone Accessories: http://store.wpcentral.com
  13. dipayanster's Avatar
    Member

    Posts
    111 Posts
    #13  
    on my belkin i have hidden ssid broadcast, use a strong password for wpa2, enabled mac id filtering and added my connecting devices mac ids in allowed list and set a strong password for router configuration access. i guess that as much as i can do. anything more can be done to secure the router?
  14. #14  
    Sure there is, but you don't brute force the router itself. You brute force the "handshake" files locally. Using monitoring you can capture the handshake packets, save them locally, then run them through a brute force with a 40 gb dictionary file.

    MAC address filtering is also useless. It's the easiest thing to spoof using almost any distro of Linux.
    Laura Knotek likes this.
  15. #15  
    Quote Originally Posted by dipayanster View Post
    on my belkin i have hidden ssid broadcast, use a strong password for wpa2, enabled mac id filtering and added my connecting devices mac ids in allowed list and set a strong password for router configuration access. i guess that as much as i can do. anything more can be done to secure the router?
    Hidden SSID does nothing to protect your network. It's the same level of protection provided by using a POST http request over a GET.

    Mac address filtering cam be spoofed in 2 seconds. I spoof all my hack attempts before I even touch the router. Valid MAC addresses are broadcast with the packets from those devices

    The only thing you can do is use a fairly long complex password. Make sure you do the same for your router login.
    palandri likes this.
  16. ttsoldier's Avatar
    Member

    Posts
    2,233 Posts
    Global Posts
    2,906 Global Posts
    #16  
    Nothing on the internet is safe.

    I have a friend who can hack you without being anywhere close to you or your router. The interweb + right tools in the wrong hands = destruction
  17. jdevenberg's Avatar
    Member

    Posts
    1,037 Posts
    Global Posts
    2,525 Global Posts
    #17  
    I've got a 16 digit password that has no basis on real words or meaningful number combos. Purely a random string. Pain in the **** for entering into things like wifi printers and such, but its secure and more and more devices are supporting WPS so I don't have to type it as often as before.
    palandri likes this.
  18. beachhoppr's Avatar
    Member

    Posts
    332 Posts
    Global Posts
    460 Global Posts
    #18  
    Its not the character combination that only matters its the length. Technically p1G............... is a tougher password to crack than say Hgh13&#
    Last edited by beachhoppr; 12-20-2012 at 11:59 AM.
    palandri likes this.
  19. #19  
    Quote Originally Posted by beachhoppr View Post
    Its not the character combination that only matters its the length. Technically p1G............... is a tougher password to crack than say Hgh13&#
    This is important. I haven't done a lot of digging into brute force algorithms and haven't yet written my own, but the first thing I would do is take a dictionary file and run through all the variations of each word and combinations of words. The last step would be to run a systematic one step at a time process of password attempts. Sequentially.....which could take eons.
  20. #20  
    Quote Originally Posted by ttsoldier View Post
    Nothing on the internet is safe.

    I have a friend who can hack you without being anywhere close to you or your router. The interweb + right tools in the wrong hands = destruction
    Not true at all. If the protocols are configured correctly and a strong SSL encryption is used the data is safer than if you kept a written copy of it in your wallet.

    The problem comes when someone uses an open network and passes user credentials and session information unencrypted. I can sniff that out immediately using common tools such as wireshark.

    There is a whole gamut of security concerns with database data, cross site scripting and injection attacks but that's not quite the same.
    palandri likes this.
  21. Daniel Ratcliffe's Avatar
    Retired Moderator

    Posts
    2,817 Posts
    Global Posts
    4,473 Global Posts
    #21  
    If it isn't an infinite number of characters in length, it ain't secure. Basically, you can never be too cautious. If someone wants to hack your stuff, they will no matter what it takes. Even if it isn't stored electronically, they'll just hire somebody to burgle your house for it.

    "Fortune cookie said: 'Outlook not so good'. I said: 'Sure, but Microsoft ships it anyway'."
    palandri likes this.
  22. jarettp's Avatar
    Member

    Posts
    49 Posts
    Global Posts
    83 Global Posts
    #22  
    Yea I've hacked my neighbors router before. It really isn't that difficult if you put your mind to it...
  23. #23  
    Wow this thread opened my eyes more than I'd like. I hope none of my neighbours are smart enough to hack into my router. Some nice tips on making passwords tougher to crack which I'll try and put to use.
    palandri likes this.
  24. palandri's Avatar
    Retired Moderator

    Posts
    7,122 Posts
    Global Posts
    9,262 Global Posts
       #24  
    Quote Originally Posted by gedzum View Post
    Wow this thread opened my eyes more than I'd like. I hope none of my neighbours are smart enough to hack into my router. Some nice tips on making passwords tougher to crack which I'll try and put to use.
    It really opened my eyes also. I even added French letters with accent marks to make it a little harder. I am also watching my network map and log closely.
    Check out the great deals on Windows Phone Accessories: http://store.wpcentral.com
  25. #25  
    Quote Originally Posted by gedzum View Post
    Wow this thread opened my eyes more than I'd like. I hope none of my neighbours are smart enough to hack into my router. Some nice tips on making passwords tougher to crack which I'll try and put to use.
    Precisely. Simple fact, if you have the CPU power, you can brute force well established algorithms. The problem is that some of the more complex algorithms in the 128 and 256 bit range are ridiculous and could take years and years for even the most powerful of computers to crack.

    What crackers do is use dictionary files of the most common passphrases and words that are used for passwords and go through a "trial and error" test on each one. If you pick common words, they can do it fairly easily. If you pick uncommon words, but use a short password, they can brute force it systematically pretty easily. The moment you use a long and complex password based on no real pattern, the number of permutations that a brute force algorithm would need to run through to crack it could take centuries. Literally.

    As for information passed over the air, ie. networks wired or wireless, unless it is encrypted it can be read in it's raw format. So ensure that SSL is used for logins when on public networks. If you are wired, on your secure home network with only you and your family etc, you'll be fine...unless your brother or someone is trying to sneak your passwords for fun.

    Over the air on a public network, even if it has a password, is still visible by anyone on that network. Open wifi is even worse.

    Moral of the story. Make sure sites use https (SSL through self signed or commercial certs) when passing sensitive information, use SSH2 when doing server to server stuff. Use FTP over SSH or FTPES with a cert and keep an eye out for news on security loopholes for the "secure" services you do use. SSL means jack squat if the server is passing session information back and forth without encryption. I could just snag that session and use it to masquerade as you on facebook without ever knowing your password to do it.

    Aside from that, not much more you can do.
    Thanked by:
    gedzum 
Page 1 of 2 12 LastLast

Similar Threads

  1. Is it possible to factory reset your phone?
    By podsnap in forum Windows Phone 7
    Replies: 1
    Last Post: 10-07-2011, 03:14 AM

Posting Permissions