Wireless Internet Security - Chicagoland Sportbikes
Chicagoland Sportbikes
 
Geek Squad to the rescue! fucken computer crashing on you again? another porn site infected your computer? tierd of your wife seeing your anal fisting videos and want to lock her out of the external HD? get the answers you need from our local computer experts.

 
LinkBack Thread Tools Display Modes
post #1 of 30 (permalink) Old 04-03-2006, 02:48 PM Thread Starter
Registered User
 
logtar's Avatar
 
Join Date: Mar 2003
Location: Glenview
Posts: 5,054
Location: Glenview
Sportbike: CURRENTLY LOOKING
Years Riding: since I was 8
How you found us: The NET is MINE
           
Wireless Internet Security

So you have a wireless router. Aren't you the cool kid around.

It has become easier and easier to use "open" wireless connections. Some routers are easy to break into with just a couple of programs. The best way to protect your connection speed as well as your overall connection (if someone misuses your line and you might lose service) is to lock up your router completely.

But then how do I get on? simple. Allow only MAC address access. It is very simple to set up on any router. Basically the way it will work is that a list of computers trying to connect to your router would appear, and you can add yours to a safe list. This is not necessary, but I even stop my router from broadcasting its ID.

So How do I do this? Most routers are pretty easy to get into. There is a default IP for the router, and once you log in (if this is your first time connecting to your router, the manufacturer will provide you with the default user name and password). Change your admin password. (if you have a hard time remember passwords, I actually wrote a whole article about that here.)

Once you have a new admin password, locate your wireless settings and restrict access by using only MAC addresses. If you do not see the settings or want to follow a step by step, the manufacturer of your router will have detailed instructions on their website.

Be safe, the internet is a jungle.

Logtar - John

My Blog - @Logtar - Google+
logtar is offline  
Sponsored Links
Advertisement
 
post #2 of 30 (permalink) Old 04-05-2006, 10:37 AM
 
Join Date: Apr 2002
Posts: 6,882
           
Question. At this time, aren't you about 99% safe simply by using WPA encryption? MAC address is nice, but takes more work and takes more work to get a friend connected. I would filter for it myself if I wasn't confident in WPA...where's the flaw in my thinking? Ease vs security?
BIGGY is offline  
post #3 of 30 (permalink) Old 04-05-2006, 10:46 AM
Irony helps us play!
 
Arch's Avatar
 
Join Date: Jan 2006
Location: N'ville
Posts: 29,508
Location: N'ville
Sportbike: 2000 F4
Years Riding: Long enough to know better
How you found us: some hot MILF whispered it in my ear
           
WPA (or WPA2) and making the router REQUIRE IT is one of the single best things you can do.

MAC addrs are easy to snoop and get. If you can break WPA, you certainly know how to and can fake a MAC address.

Not to mention, by using WPA/WPA2, your data is not being transmitted in the clear.

Personally, I use WPA, *AND* tunnel *EVERYTHING* over an ssh connection to a hardwired server on my lan. This includes DNS, web data, email, EVERYTHING.

Everyone Exaggerates

We're being taken for a ride... agaaaaaaain.....


Best Auto/Moto Insurance | Motorcycle Protection Today | FREE Trade-In Quote
Arch is offline  
Sponsored Links
Advertisement
 
post #4 of 30 (permalink) Old 04-05-2006, 10:48 AM
 
Join Date: Apr 2002
Posts: 6,882
           
Quote:
Originally Posted by Arch
WPA (or WPA2) and making the router REQUIRE IT is one of the single best things you can do.

MAC addrs are easy to snoop and get. If you can break WPA, you certainly know how to and can fake a MAC address.

Not to mention, by using WPA/WPA2, your data is not being transmitted in the clear.

Personally, I use WPA, *AND* tunnel *EVERYTHING* over an ssh connection to a hardwired server on my lan. This includes DNS, web data, email, EVERYTHING.
There is no breaking WPA at this time. And yea, I left off the MAC address part...I could spoof those long before being able to do most other things.
BIGGY is offline  
post #5 of 30 (permalink) Old 04-05-2006, 10:54 AM Thread Starter
Registered User
 
logtar's Avatar
 
Join Date: Mar 2003
Location: Glenview
Posts: 5,054
Location: Glenview
Sportbike: CURRENTLY LOOKING
Years Riding: since I was 8
How you found us: The NET is MINE
           
Not everyone has WPA, if you have an older version I believe MAC address is the most secure alternative. If you have WPA, of course that is more secure (until it is broken into). My favorite is not broadcasting, next the MAC address, because it keeps away most people... if you know how to spoof a Mac address you also know how to brute force, and when a vulnerability is found with WPA2, then you can also get in...

Logtar - John

My Blog - @Logtar - Google+
logtar is offline  
post #6 of 30 (permalink) Old 04-05-2006, 11:00 AM
Irony helps us play!
 
Arch's Avatar
 
Join Date: Jan 2006
Location: N'ville
Posts: 29,508
Location: N'ville
Sportbike: 2000 F4
Years Riding: Long enough to know better
How you found us: some hot MILF whispered it in my ear
           
If one tracks rebates, for a measly $20-$40 TOPS one can have a WPA capable router.

Everyone Exaggerates

We're being taken for a ride... agaaaaaaain.....


Best Auto/Moto Insurance | Motorcycle Protection Today | FREE Trade-In Quote
Arch is offline  
post #7 of 30 (permalink) Old 04-05-2006, 11:09 AM Thread Starter
Registered User
 
logtar's Avatar
 
Join Date: Mar 2003
Location: Glenview
Posts: 5,054
Location: Glenview
Sportbike: CURRENTLY LOOKING
Years Riding: since I was 8
How you found us: The NET is MINE
           
If you already have router, why would you shell out more money? I believe all the tips are good for most users, as long as people are not leaving the router completely open, must people should be ok. If someone wants to break into your stuff, it only takes time.

Logtar - John

My Blog - @Logtar - Google+
logtar is offline  
post #8 of 30 (permalink) Old 04-05-2006, 11:18 AM
-= OuterSpace =-
 
OldSkoolMC's Avatar
 
Join Date: Sep 2002
Location: Homer Glen, MaDaFaKa!
Posts: 3,513
Location: Homer Glen, MaDaFaKa!
Sportbike: Yamaha YZ450
Years Riding: too many to keep track
How you found us: Shizzle
           
You can also just limit the number clients issued in dhcp or better yet... turn off dhcp completely, and change your ip scheme. Pretty simple. If all IP's are in use no more users can get added to the wireless router. 100% secure

04 Yamaha YZ450F - Off-Road it, mang
06 Kawasaki BruteForce 750i
09 Yamaha Raptor 700r

- Mike - OldSkool - MC -
OldSkoolMC is offline  
post #9 of 30 (permalink) Old 04-05-2006, 11:38 AM
Irony helps us play!
 
Arch's Avatar
 
Join Date: Jan 2006
Location: N'ville
Posts: 29,508
Location: N'ville
Sportbike: 2000 F4
Years Riding: Long enough to know better
How you found us: some hot MILF whispered it in my ear
           
MAC fiddling only keeps someone from USING it.
It does not prevent someone from VIEWING what you are doing.

use encryption, encryption, encryption....

Everyone Exaggerates

We're being taken for a ride... agaaaaaaain.....


Best Auto/Moto Insurance | Motorcycle Protection Today | FREE Trade-In Quote
Arch is offline  
post #10 of 30 (permalink) Old 04-05-2006, 12:03 PM
Moderator
 
Chills's Avatar
 
Join Date: Aug 2003
Location: Naperville, IL
Posts: 23,640
Location: Naperville, IL
Sportbike: Kawi ZX-10R
Years Riding: Since February 2012
How you found us: NESBA bbs
           
Send a message via Yahoo to Chills
I have a 2 year old Linksys router and I use the WEP key, MAC filter, and I have the SSID broadcast disabled.

Would it be possible to flash the router so that I can use this WPA stuff you guys are talking about?

Never a bad time to climb... unless the weather is really horrible, and then you climb inside!

I bleed GREEN
Chills is offline  
post #11 of 30 (permalink) Old 04-05-2006, 12:06 PM
Registered User
 
RSV4win's Avatar
 
Join Date: Apr 2002
Location: NW
Posts: 1,724
Location: NW
Sportbike: 2002
Years Riding: 5
How you found us: sbn- ran into 20bikes riding
         
Quote:
Originally Posted by Chills
I have a 2 year old Linksys router and I use the WEP key, MAC filter, and I have the SSID broadcast disabled.

Would it be possible to flash the router so that I can use this WPA stuff you guys are talking about?
Yes.
RSV4win is offline  
post #12 of 30 (permalink) Old 04-05-2006, 12:39 PM
 
Join Date: Apr 2002
Posts: 6,882
           
Quote:
Originally Posted by logtar
If you already have router, why would you shell out more money? I believe all the tips are good for most users, as long as people are not leaving the router completely open, must people should be ok. If someone wants to break into your stuff, it only takes time.
Many routers can be flashed to implement WPA. When a crack is found for WPA, then something else will come out.

We're on the track of saying that it will be cracked..first, you're not going to brute force WPA. The encryption is strong and from all the research I read, cryptogrophers agree that it's strong enough that it will take long enough to break to be insignificant.

WEP on the other hand is also very strong encryption. To sum up, it's implementation was the weak point which was very clear to all. MAC filtering was simply a nice backup for WEP but not necessary with WPA. I usually don't side with the security side, but I'd be willing to bet that it'll be a while before we see WPA truly fail.
BIGGY is offline  
post #13 of 30 (permalink) Old 04-05-2006, 12:41 PM
Moderator
 
Chills's Avatar
 
Join Date: Aug 2003
Location: Naperville, IL
Posts: 23,640
Location: Naperville, IL
Sportbike: Kawi ZX-10R
Years Riding: Since February 2012
How you found us: NESBA bbs
           
Send a message via Yahoo to Chills
Quote:
Originally Posted by Jughead
Yes.
Okay Kevin could you tell me how?

Never a bad time to climb... unless the weather is really horrible, and then you climb inside!

I bleed GREEN
Chills is offline  
post #14 of 30 (permalink) Old 04-05-2006, 12:44 PM
Irony helps us play!
 
Arch's Avatar
 
Join Date: Jan 2006
Location: N'ville
Posts: 29,508
Location: N'ville
Sportbike: 2000 F4
Years Riding: Long enough to know better
How you found us: some hot MILF whispered it in my ear
           
WEP has a programatically guessable key segment in the data stream. You can actually 'snag' it

Anything can be brute forced (speaking of WPA).. all one needs is time.

Someone can bruteforce a WPA password of 'default' with no problem whatsoever, if someone is dumb enough to use that as their password.

Everyone Exaggerates

We're being taken for a ride... agaaaaaaain.....


Best Auto/Moto Insurance | Motorcycle Protection Today | FREE Trade-In Quote
Arch is offline  
post #15 of 30 (permalink) Old 04-05-2006, 12:51 PM Thread Starter
Registered User
 
logtar's Avatar
 
Join Date: Mar 2003
Location: Glenview
Posts: 5,054
Location: Glenview
Sportbike: CURRENTLY LOOKING
Years Riding: since I was 8
How you found us: The NET is MINE
           
if someone uses default as their password you don't need bruteforce...

nor admin nor letmein nor guess nor question nor secret nor password. Those are just some of the standard ones that people will use. Ah and the famous no password.

Logtar - John

My Blog - @Logtar - Google+
logtar is offline  
post #16 of 30 (permalink) Old 04-05-2006, 12:55 PM
Registered User
 
RSV4win's Avatar
 
Join Date: Apr 2002
Location: NW
Posts: 1,724
Location: NW
Sportbike: 2002
Years Riding: 5
How you found us: sbn- ran into 20bikes riding
         
Quote:
Originally Posted by Chills
Okay Kevin could you tell me how?
Go to linksys's website. support area. Choose your model router. download the firmware file to your desktop.

you need to get in the web admin screen of the router.
192.168.1.1 unless you changed it.

username=admin
password=admin
unless you changed it.

Go to administration tab? look for upgrade firmware.
RSV4win is offline  
post #17 of 30 (permalink) Old 04-05-2006, 12:57 PM
 
Join Date: Apr 2002
Posts: 6,882
           
Correct Arch...sit and sniff for a while then you can crack the hash. Snagging it alone ain't enough. Best bet is to have 2 systems...one sniffing and one cracking if you wanna sit outside someones house. Not that I've done it, but PM me for step by step instructions on how to crack WEP

WPA you will never brute force. Let me be clear when I use the word "never" I define it as..."Any time soon with many many many machines that's of any relevant time to us. This takes into account any secret super computers that we think the gov't has." It's just easier to say "never" rather than say a whole sentence each time

Your better bet is to shoot for the password that the person used. So the weak point becomes the password and not WPA because passwords can make even the most secure technology useless.

You can create a password that will never be cracked too...simply cut and paste from this site:

https://www.grc.com/passwords

The passwords never repeat, the writer made sure of it and took different sections of the passwords from different things and based it on the fact that they do not repeat. The passwords are also not cached so if you see one you like, better copy and paste it because you'll never see it again.
BIGGY is offline  
post #18 of 30 (permalink) Old 04-05-2006, 01:03 PM
 
Join Date: Apr 2002
Posts: 6,882
           
And let's think of it this way. If you're running WPA with a strong password. Someone like me is not going to waste his time on it. There's tons of people running WEP out there for me to chase after and even quite a few still left who run no security with ADMIN and ADMIN as login and password if I'm really feeling lazy.

Not to mention my new hobby has become SQL Injection on ASP and PHP based forums...lotta open holes there especially when people use the same password for the forum and their emails
BIGGY is offline  
post #19 of 30 (permalink) Old 04-05-2006, 01:03 PM
Irony helps us play!
 
Arch's Avatar
 
Join Date: Jan 2006
Location: N'ville
Posts: 29,508
Location: N'ville
Sportbike: 2000 F4
Years Riding: Long enough to know better
How you found us: some hot MILF whispered it in my ear
           
Steve's cool.. been a fan of his for many years now

Everyone Exaggerates

We're being taken for a ride... agaaaaaaain.....


Best Auto/Moto Insurance | Motorcycle Protection Today | FREE Trade-In Quote
Arch is offline  
post #20 of 30 (permalink) Old 04-05-2006, 01:04 PM
-= OuterSpace =-
 
OldSkoolMC's Avatar
 
Join Date: Sep 2002
Location: Homer Glen, MaDaFaKa!
Posts: 3,513
Location: Homer Glen, MaDaFaKa!
Sportbike: Yamaha YZ450
Years Riding: too many to keep track
How you found us: Shizzle
           
Like I said before = no ip address = no hack, no worry, don't even need encryption at all.

04 Yamaha YZ450F - Off-Road it, mang
06 Kawasaki BruteForce 750i
09 Yamaha Raptor 700r

- Mike - OldSkool - MC -
OldSkoolMC is offline  
post #21 of 30 (permalink) Old 04-05-2006, 01:05 PM
Irony helps us play!
 
Arch's Avatar
 
Join Date: Jan 2006
Location: N'ville
Posts: 29,508
Location: N'ville
Sportbike: 2000 F4
Years Riding: Long enough to know better
How you found us: some hot MILF whispered it in my ear
           
Quote:
Originally Posted by BIGGY
Not to mention my new hobby has become SQL Injection on ASP and PHP based forums...lotta open holes there especially when people use the same password for the forum and their emails
Amazing what you can find. Even more fun are sites that rely on the URL encoding for 'security'


Everyone Exaggerates

We're being taken for a ride... agaaaaaaain.....


Best Auto/Moto Insurance | Motorcycle Protection Today | FREE Trade-In Quote
Arch is offline  
post #22 of 30 (permalink) Old 04-05-2006, 01:08 PM
 
Join Date: Apr 2002
Posts: 6,882
           
Quote:
Originally Posted by Arch
Amazing what you can find. Even more fun are sites that rely on the URL encoding for 'security'

Why...if you did that, then you could easily crack sites by using simple conversions found on sites like this one!

http://www.prepressure.com/library/binhex.htm
BIGGY is offline  
post #23 of 30 (permalink) Old 04-05-2006, 01:11 PM
Moderator
 
Chills's Avatar
 
Join Date: Aug 2003
Location: Naperville, IL
Posts: 23,640
Location: Naperville, IL
Sportbike: Kawi ZX-10R
Years Riding: Since February 2012
How you found us: NESBA bbs
           
Send a message via Yahoo to Chills
Quote:
Originally Posted by Jughead
Go to linksys's website. support area. Choose your model router. download the firmware file to your desktop.

you need to get in the web admin screen of the router.
192.168.1.1 unless you changed it.

username=admin
password=admin
unless you changed it.

Go to administration tab? look for upgrade firmware.

Thanks, Kevin. I'll go there tonight.

I have changed my username and password but not the IP addy of the router. I guess I should change that too.

Never a bad time to climb... unless the weather is really horrible, and then you climb inside!

I bleed GREEN
Chills is offline  
post #24 of 30 (permalink) Old 04-05-2006, 01:16 PM
 
Join Date: Apr 2002
Posts: 6,882
           
Quote:
Originally Posted by Chills
Thanks, Kevin. I'll go there tonight.

I have changed my username and password but not the IP addy of the router. I guess I should change that too.
That's the cherry on top.
BIGGY is offline  
post #25 of 30 (permalink) Old 07-06-2007, 10:41 PM
Who's faster Lupi
 
Champ91's Avatar
 
Join Date: Apr 2002
Location: Lake in the Hills, IL
Posts: 4,957
Location: Lake in the Hills, IL
Sportbike: 2004 ZX10R & 2005 CRF50
Years Riding: 20
How you found us: SBN
           
ok to simplify all this, who is coming over to set me up right.

NESBA #456 Intermediate
Always 1 step ahead of Lupi. 1:24:7 BHF
And 1 step behind Kimmy

"SoB gets to spend yet ANOTHER season faster than me." -LUPI-
Champ91 is offline  
post #26 of 30 (permalink) Old 07-06-2007, 11:42 PM
bwa
Boom
 
bwa's Avatar
 
Join Date: Apr 2003
Location: Kalispell, MT
Posts: 13,320
Location: Kalispell, MT
Sportbike: None :(
Years Riding: not long enough
How you found us: Crazeinc
           
MAC filtering is without a doubt the weakest protection.
bwa is offline  
post #27 of 30 (permalink) Old 07-07-2007, 12:22 AM
BSB > WSBK > MotoGP
 
shadrach's Avatar
 
Join Date: May 2004
Location: South Loop & Cary
Posts: 11,948
Location: South Loop & Cary
Sportbike: '02 GSXR 600 / '98 CBRF3
Years Riding: Since '03
How you found us: Google
           
Like the misconception that not broadcasting the SSID is any layer of protection against hackers. Depending on the situation, hiding the SSID can be WORSE than just broadcasting.

For some truely eye-opening information, check out Marcus Murray's Tech ED 2007 presentation, linked in his blog:

http://truesecurity.se/blogs/murray

Jeff
NESBA #311
'02 GSXR600
'98
Smokin' Joe's F3
shadrach is offline  
post #28 of 30 (permalink) Old 03-19-2008, 08:21 AM
BSB > WSBK > MotoGP
 
shadrach's Avatar
 
Join Date: May 2004
Location: South Loop & Cary
Posts: 11,948
Location: South Loop & Cary
Sportbike: '02 GSXR 600 / '98 CBRF3
Years Riding: Since '03
How you found us: Google
           
I ran across this article recently which does a good job of explaining why disabling SSID Broadcasting is not a good idea. The analogy makes it pretty clear to non-technical people why it's not more secure.

http://blogs.technet.com/networking/...-bad-idea.aspx

Jeff
NESBA #311
'02 GSXR600
'98
Smokin' Joe's F3
shadrach is offline  
post #29 of 30 (permalink) Old 12-10-2013, 10:24 PM
Registered User
 
Join Date: Dec 2013
Location: Miami
Posts: 16
Location: Miami
Sportbike: BMX
Years Riding: 2 years
How you found us: google
 
nice topic
lickx is offline  
post #30 of 30 (permalink) Old 12-11-2013, 01:54 PM
Instigator
 
bigbaddiesel's Avatar
 
Join Date: Oct 2005
Location: Chicago, Illinois
Posts: 283
Location: Chicago, Illinois
Sportbike: 2003 Yamaha R6
Years Riding: 8
How you found us: Google!
  
Quote:
Originally Posted by OldSkoolMC View Post
Like I said before = no ip address = no hack, no worry, don't even need encryption at all.
This actually isn't true in the case of a deauth attack. Skim the network to find out the routers IP address (there are a few ways to do this). Once you've done this, determine or guess the IP address of a connected client. A good way to do this is by looking up either the SSID (in the case of netgear, linksys, etc in their default config), or look up the manufacturer from the MAC address of the private interface on the router (this is broadcast). From that you can infer the default IP space of the router.

Once you've done that broadcast a deauth flood, while (hopefully before reauth of valid clients), trying to bind the IP that you've guessed/determined on another computer.

Its the typical man-in-the-middle type attack -- you stand in for a known host, in order to be perceived as a valid network client.

This is over simplifying the process, but it can be done, and IP space is not absolute security. A savvy person could always change default options or make it difficult, but theres really no such thing as absolute security.

2003 Yamaha R6 Raven Limited Edition

Cages:
1999 Ford F250 (Gas Sucker)
2001 VW Golf TDI (Gas Saver)
bigbaddiesel is offline  
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Chicagoland Sportbikes forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome