Announcement

Collapse
No announcement yet.

WiFi PSA

Collapse
X
Collapse
 
  • Page of 6
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 5 6 template Next
  • #16
    I don't recall wireshark working on wireless interfaces..? At least none of the versions I've used. And I use it all the time 'cause my classes require it.

    The issue isn't so much gaining access to the network as the fact that a) wireless is a huge collision domain and b) you can hear what people are saying. If you gain access to a fully switched network which is resistant to arp poisoning or whatever kind of attacks can make your lovely switches turn into hubs then hooray, go you. Unless the admins are thoroughly incompetent I guess and rely on something like a NAT to protect them.

    Comment

    • #17
      Originally posted by Asher View Post
      I didn't use a rainbow table.

      I used a GPU-based dictionary-based attack with a 15GB wordlist.

      If that had failed, I could have used a 4.2B-entry table with results in under 2 hours for about $130 using a cloud service. It's as simple as uploading a file and specifying the SSID. Then it emails you the password.
      So bottom line you just programmed CUDA to run hashes on a bunch of words. Yes, that would be a fairly effective application of GPU architecture. Still, a 15GB file and a fairly significant amount of processing power to break into someone's wifi where you have to be in pretty close proximity to be in range. I don't think this is something for the average joe to seriously concern himself with. As computers get more powerful, we'll use better encryption. I can think of a few ways you could employ public-private key encryption to make this impossible.
      If there is no sound in space, how come you can hear the lasers?
      ){ :|:& };:

      Comment

      • #18
        Originally posted by Hauldren Collider View Post
        Look, the bottom line is that you need to be in proximity to the network to cause any trouble. Also, if I DID have anything like my home alarm on the network, I would put that on a virtual network separate from the wireless.
        Look, why are you being such a tool? Just use a ****ing intelligent password is all I'm saying. You're going through a lot of effort in justifying your stupidity with even more stupidity.

        I can see 50 SSIDs and I live in suburbia. Proximity isn't an issue. It'll become even less of an issue once 802.11ac becomes widespread (up to 5km range).
        "The issue is there are still many people out there that use religion as a crutch for bigotry and hate. Like Ben."
        Ben Kenobi: "That means I'm doing something right. "

        Comment

        • #19
          If you can see 50 SSIDs in suburbia then the following must be true in some combination:

          1) lots of people have multiple networks
          2) your lot sizes are pretty small
          3) you have a really really high gain antenna that is probably not allowed under FCC rules in the US (unless it is receive-only I suppose)

          Comment

          • #20
            I've seen your lots asher, from your house thread. Your have like two yards, maybe three? between your walls. The closest house to mine is probably 25 yards away, minimum.
            If there is no sound in space, how come you can hear the lasers?
            ){ :|:& };:

            Comment

            • #21
              Originally posted by Hauldren Collider View Post
              So bottom line you just programmed CUDA to run hashes on a bunch of words.
              I'm an ATI guy, not Nvidia.

              Yes, that would be a fairly effective application of GPU architecture. Still, a 15GB file and a fairly significant amount of processing power to break into someone's wifi
              Yeah, my $200 video card crunching 200,000 WPA2 passwords per second is pretty cost prohibitive...

              where you have to be in pretty close proximity to be in range. I don't think this is something for the average joe to seriously concern himself with. As computers get more powerful, we'll use better encryption. I can think of a few ways you could employ public-private key encryption to make this impossible.
              Just. Use. A. ****ing. Intelligent. Password.

              Jesus Christ you are a child.
              "The issue is there are still many people out there that use religion as a crutch for bigotry and hate. Like Ben."
              Ben Kenobi: "That means I'm doing something right. "

              Comment

              • #22
                A password on a wpa2 network that takes 2 hours to crack is more than good enough. There are enough wep networks out there that people wardriving wifi are going to go for the much lower hanging fruit.

                e: unless of course you're running some kind of business, especially a high profile one, in which case you should be using 802.11x/RADIUS or whatever, not PSK.

                Comment

                • #23
                  My password is perfectly intelligent. None of my neighbors would guess it. My dad can remember it when he attaches a new device. Any more complicated and we'd have to write it down and then someone would forget it and we'd have to reset our router. There's a downside too. The convenience is worth the minimal risk.
                  If there is no sound in space, how come you can hear the lasers?
                  ){ :|:& };:

                  Comment

                  • #24
                    I don't see a single WEP network in range. They're all WPA2.
                    "The issue is there are still many people out there that use religion as a crutch for bigotry and hate. Like Ben."
                    Ben Kenobi: "That means I'm doing something right. "

                    Comment

                    • #25
                      Originally posted by Hauldren Collider View Post
                      My password is perfectly intelligent. None of my neighbors would guess it. My dad can remember it when he attaches a new device. Any more complicated and we'd have to write it down and then someone would forget it and we'd have to reset our router. There's a downside too. The convenience is worth the minimal risk.
                      *shrug*

                      There will always be suckers. As long as you're content being one.

                      I think choosing an intelligent password is easy enough. How often do you add a new device to your network? Jesus Christ. You guys are sad.

                      Ignore the advice at your own risk. I don't think it's that much to use a non-dictionary based word.
                      "The issue is there are still many people out there that use religion as a crutch for bigotry and hate. Like Ben."
                      Ben Kenobi: "That means I'm doing something right. "

                      Comment

                      • #26
                        Get in a car. Drive around with your computer (or smartphone!). Write up a script to repeat something like iwconfig --list or whatever the command is in linux and match up detections of WEP networks with GPS locations.

                        The reason you're not seeing WEP networks is because you are in a new subdivision. The cable guys who installed the networks would have used newer access points with WPA2 support. Go to a neighborhood that is 6 or more years old and you'll find them.

                        Comment

                        • #27
                          Oh, yeah, another observation about your "hack his thermostat": So you're on his network, awesome! Have you figured out the password for his thermostat, too? I'm assuming it's on the wired network, so when it talks to everyone, you usually wouldn't be able to see that on wireshark. Why the hell would anything related to that get broadcast over wifi? And presumably it has a password too, and I doubt you'd just be able to snoop that if it uses encryption.
                          If there is no sound in space, how come you can hear the lasers?
                          ){ :|:& };:

                          Comment

                          • #28
                            Originally posted by Hauldren Collider View Post
                            Oh, yeah, another observation about your "hack his thermostat": So you're on his network, awesome! Have you figured out the password for his thermostat, too? I'm assuming it's on the wired network
                            You assume wrong. ****ing google Nest thermostat.

                            You don't know much about networking, as an aside...
                            "The issue is there are still many people out there that use religion as a crutch for bigotry and hate. Like Ben."
                            Ben Kenobi: "That means I'm doing something right. "

                            Comment

                            • #29
                              Wireshark can't snoop wireless traffic promiscuously. It can only detect packets to/from your machine.

                              xpost

                              Comment

                              • #30
                                I know lots about networking, having managed a network at TJ for four years, running a cisco managed switch (including administrating IOS!) setting up DMZs, BIND, DHCP, all sorts of crap. I even rewired several rooms with CAT-6 cabling. I actually know my stuff.
                                If there is no sound in space, how come you can hear the lasers?
                                ){ :|:& };:

                                Comment

                                Previous 1 2 3 4 5 6 template Next
                                Working...
                                X