Your WiFi Router - Is It Secure?

Daniel Ratcliffe

New member
Dec 5, 2011
3,061
0
0
Visit site
If it isn't an infinite number of characters in length, it ain't secure. Basically, you can never be too cautious. If someone wants to hack your stuff, they will no matter what it takes. Even if it isn't stored electronically, they'll just hire somebody to burgle your house for it.
 

gedzum

New member
Jan 31, 2012
1,984
0
0
Visit site
Wow this thread opened my eyes more than I'd like. I hope none of my neighbours are smart enough to hack into my router. Some nice tips on making passwords tougher to crack which I'll try and put to use.
 

palandri

Retired Moderator
Jul 25, 2009
7,586
3
0
Visit site
Wow this thread opened my eyes more than I'd like. I hope none of my neighbours are smart enough to hack into my router. Some nice tips on making passwords tougher to crack which I'll try and put to use.

It really opened my eyes also. I even added French letters with accent marks to make it a little harder. :grin:I am also watching my network map and log closely.
 

ImmortalWarrior

New member
Apr 30, 2011
523
0
0
Visit site
Wow this thread opened my eyes more than I'd like. I hope none of my neighbours are smart enough to hack into my router. Some nice tips on making passwords tougher to crack which I'll try and put to use.

Precisely. Simple fact, if you have the CPU power, you can brute force well established algorithms. The problem is that some of the more complex algorithms in the 128 and 256 bit range are ridiculous and could take years and years for even the most powerful of computers to crack.

What crackers do is use dictionary files of the most common passphrases and words that are used for passwords and go through a "trial and error" test on each one. If you pick common words, they can do it fairly easily. If you pick uncommon words, but use a short password, they can brute force it systematically pretty easily. The moment you use a long and complex password based on no real pattern, the number of permutations that a brute force algorithm would need to run through to crack it could take centuries. Literally.

As for information passed over the air, ie. networks wired or wireless, unless it is encrypted it can be read in it's raw format. So ensure that SSL is used for logins when on public networks. If you are wired, on your secure home network with only you and your family etc, you'll be fine...unless your brother or someone is trying to sneak your passwords for fun.

Over the air on a public network, even if it has a password, is still visible by anyone on that network. Open wifi is even worse.

Moral of the story. Make sure sites use https (SSL through self signed or commercial certs) when passing sensitive information, use SSH2 when doing server to server stuff. Use FTP over SSH or FTPES with a cert and keep an eye out for news on security loopholes for the "secure" services you do use. SSL means jack squat if the server is passing session information back and forth without encryption. I could just snag that session and use it to masquerade as you on facebook without ever knowing your password to do it.

Aside from that, not much more you can do.
 

ImmortalWarrior

New member
Apr 30, 2011
523
0
0
Visit site
I used to work for a network security company that had their own monitoring servers monitoring the internal network as well as clients. I used to log into youtube and hotmail all the time knowing full well that they couldn't read my information from the network data. I knew it because I could see the exact same traffic from client networks and it was encrypted gibberish every time.
 

gedzum

New member
Jan 31, 2012
1,984
0
0
Visit site
Thanks for the tips and info ImmortalWarrior, very useful for future reference. I saw an article on Ars Technica a couple of days ago about password cracking, I found it quite fascinating and also quite disturbing. The article can be found here: 25-GPU cluster cracks every standard Windows password in <6 hours | Ars Technica

I don't know much about the subject, but like this thread, that article really struck a chord with me about what could potentially be out there. The comments section also has some interesting info.

It really opened my eyes also. I even added French letters with accent marks to make it a little harder. :grin:I am also watching my network map and log closely.

Nice idea :grin: I might have to try something like that also. I'm definitely going to incorporate symbols in more of my passwords.
 

nidO#WN

New member
Nov 28, 2012
11
0
0
Visit site
Just to add to the original query raised, bear in mind that it isn't just WPA network keys that can be cracked directly, but also (particularly with older or non-updated routers) pin-based WPS that can be breached which in turn provides the router's WPA key - the vulnerability of most routers' WPS pin was made public at the beginning of this year and a tool to do the job released (see: Hands-on: hacking WiFi Protected Setup with Reaver | Ars Technica or Tactical Network Solutions - News - Cracking WiFi Protected Setup with*Reaver).
Most router manufactures subsequently released updates that gave the option of disabling pin-based WPS, in the case of a swathe of Linksys routers (particularly the popular E4200) this fix was included in the 1.0.0.4 firmware (which you've mentioned is what you were running) however crucially, if a neighbour cracked your WPS prior to you updating to 1.0.0.4 he will have had your network key the whole time, up until you changed it.
 

Daniel Ratcliffe

New member
Dec 5, 2011
3,061
0
0
Visit site
Thanks for the tips and info ImmortalWarrior, very useful for future reference. I saw an article on Ars Technica a couple of days ago about password cracking, I found it quite fascinating and also quite disturbing. The article can be found here: 25-GPU cluster cracks every standard Windows password in <6 hours | Ars Technica

I don't know much about the subject, but like this thread, that article really struck a chord with me about what could potentially be out there. The comments section also has some interesting info.



Nice idea :grin: I might have to try something like that also. I'm definitely going to incorporate symbols in more of my passwords.

And by 2015, you'll be able to crack a 3904309345980345690845690845609845689034690845643298432895 character length password featuring letter, numbers, and symbols, from all different character sets (including Unicode, Arabic, etc), in less than 1 nanosecond.
 

Allen Balkema

New member
Dec 3, 2012
34
0
0
Visit site
Hidden SSID does nothing to protect your network. It's the same level of protection provided by using a POST http request over a GET.

Mac address filtering cam be spoofed in 2 seconds. I spoof all my hack attempts before I even touch the router. Valid MAC addresses are broadcast with the packets from those devices

The only thing you can do is use a fairly long complex password. Make sure you do the same for your router login.

im pretty sure this guy is Palandris neighbor and is trying to get him to give up so he wont have to keep hacking his wifi :p
 

jdevenberg

New member
Jul 19, 2011
1,037
0
0
Visit site
I used to work for a network security company that had their own monitoring servers monitoring the internal network as well as clients. I used to log into youtube and hotmail all the time knowing full well that they couldn't read my information from the network data. I knew it because I could see the exact same traffic from client networks and it was encrypted gibberish every time.

Okay, I use Hotmail as well (well, outlook now). So if I go there to check my email (which is allowed), they can see I went to live.com, but can't see my email or any of the content?
 

stmav

Retired Moderator
Sep 18, 2012
3,684
0
0
Visit site
The first thing I do when I set up my wireless router is change the default login and password. Then I change the default ip range to something different. I know it's not going to keep out super hackers but at least people with a little working knowledge to look for 192.168.x.x are deterred. I also make the password a sentence, but only use the first letter of each work in the sentence. The first letter is capitol following sentence structure and ends with a . ! ? depending on the sentence. Then sentence can make no sense what soever, but I find myself thinking it as I type in the letters and punctuation.
 

ImmortalWarrior

New member
Apr 30, 2011
523
0
0
Visit site
The first thing I do when I set up my wireless router is change the default login and password. Then I change the default ip range to something different. I know it's not going to keep out super hackers but at least people with a little working knowledge to look for 192.168.x.x are deterred. I also make the password a sentence, but only use the first letter of each work in the sentence. The first letter is capitol following sentence structure and ends with a . ! ? depending on the sentence. Then sentence can make no sense what soever, but I find myself thinking it as I type in the letters and punctuation.

Internal address range won't even deter a noob hacker. Internal ranges are defined by IANA. If they were used for security they wouldn't be defined.

An internal range is used for NAT. It protects individual computers on your network from external machines making unauthorized connections. In reality, its far more complicated than that, but more details are irrelevant to the point.

Your router, when a user cracks your WiFi code will give the user an address from the pool so long as DHCP is enabled. If it isn't, they will literally tell the router what ip it wants.

At any point if the user isn't given an IP or the one it asks for is not within the subnet or already leased, they will be assigned a default IP by the OS. From here they can query the network adapter for the address and subnet mask of the gateway and bam, they know exactly the internal range you chose.
 

Members online

Forum statistics

Threads
322,913
Messages
2,242,887
Members
428,005
Latest member
COME ON WIN ANDROID (ADI)