[ImmortalWarrior]

I used to work for a network security company that had their own monitoring servers monitoring the internal network as well as clients. I used to log into youtube and hotmail all the time knowing full well that they couldn't read my information from the network data. I knew it because I could see the exact same traffic from client networks and it was encrypted gibberish every time.

[gedzum]

Thanks for the tips and info ImmortalWarrior, very useful for future reference. I saw an article on Ars Technica a couple of days ago about password cracking, I found it quite fascinating and also quite disturbing. The article can be found here: 25-GPU cluster cracks every standard Windows password in <6 hours | Ars Technica

I don't know much about the subject, but like this thread, that article really struck a chord with me about what could potentially be out there. The comments section also has some interesting info.

It really opened my eyes also. I even added French letters with accent marks to make it a little harder. I am also watching my network map and log closely.

Nice idea I might have to try something like that also. I'm definitely going to incorporate symbols in more of my passwords.

[nidO#WN]

Just to add to the original query raised, bear in mind that it isn't just WPA network keys that can be cracked directly, but also (particularly with older or non-updated routers) pin-based WPS that can be breached which in turn provides the router's WPA key - the vulnerability of most routers' WPS pin was made public at the beginning of this year and a tool to do the job released (see: Hands-on: hacking WiFi Protected Setup with Reaver | Ars Technica or Tactical Network Solutions - News - Cracking WiFi Protected Setup with*Reaver).
Most router manufactures subsequently released updates that gave the option of disabling pin-based WPS, in the case of a swathe of Linksys routers (particularly the popular E4200) this fix was included in the 1.0.0.4 firmware (which you've mentioned is what you were running) however crucially, if a neighbour cracked your WPS prior to you updating to 1.0.0.4 he will have had your network key the whole time, up until you changed it.

[Paladinleeds]

Thanks for the tips and info ImmortalWarrior, very useful for future reference. I saw an article on Ars Technica a couple of days ago about password cracking, I found it quite fascinating and also quite disturbing. The article can be found here: 25-GPU cluster cracks every standard Windows password in <6 hours | Ars Technica

I don't know much about the subject, but like this thread, that article really struck a chord with me about what could potentially be out there. The comments section also has some interesting info.



Nice idea I might have to try something like that also. I'm definitely going to incorporate symbols in more of my passwords.

And by 2015, you'll be able to crack a 3904309345980345690845690845609845689034690845643298432895 character length password featuring letter, numbers, and symbols, from all different character sets (including Unicode, Arabic, etc), in less than 1 nanosecond.

[beachhoppr]

Allow me to move this thread forward and help everyone: https://www.grc.com/haystack.htm

[Allen Balkema]

Hidden SSID does nothing to protect your network. It's the same level of protection provided by using a POST http request over a GET.

Mac address filtering cam be spoofed in 2 seconds. I spoof all my hack attempts before I even touch the router. Valid MAC addresses are broadcast with the packets from those devices

The only thing you can do is use a fairly long complex password. Make sure you do the same for your router login.

im pretty sure this guy is Palandris neighbor and is trying to get him to give up so he wont have to keep hacking his wifi :P

[jdevenberg]

I used to work for a network security company that had their own monitoring servers monitoring the internal network as well as clients. I used to log into youtube and hotmail all the time knowing full well that they couldn't read my information from the network data. I knew it because I could see the exact same traffic from client networks and it was encrypted gibberish every time.

Okay, I use Hotmail as well (well, outlook now). So if I go there to check my email (which is allowed), they can see I went to live.com, but can't see my email or any of the content?

[stmav]

The first thing I do when I set up my wireless router is change the default login and password. Then I change the default ip range to something different. I know it's not going to keep out super hackers but at least people with a little working knowledge to look for 192.168.x.x are deterred. I also make the password a sentence, but only use the first letter of each work in the sentence. The first letter is capitol following sentence structure and ends with a . ! ? depending on the sentence. Then sentence can make no sense what soever, but I find myself thinking it as I type in the letters and punctuation.

[ImmortalWarrior]

The first thing I do when I set up my wireless router is change the default login and password. Then I change the default ip range to something different. I know it's not going to keep out super hackers but at least people with a little working knowledge to look for 192.168.x.x are deterred. I also make the password a sentence, but only use the first letter of each work in the sentence. The first letter is capitol following sentence structure and ends with a . ! ? depending on the sentence. Then sentence can make no sense what soever, but I find myself thinking it as I type in the letters and punctuation.

Internal address range won't even deter a noob hacker. Internal ranges are defined by IANA. If they were used for security they wouldn't be defined.

An internal range is used for NAT. It protects individual computers on your network from external machines making unauthorized connections. In reality, its far more complicated than that, but more details are irrelevant to the point.

Your router, when a user cracks your WiFi code will give the user an address from the pool so long as DHCP is enabled. If it isn't, they will literally tell the router what ip it wants.

At any point if the user isn't given an IP or the one it asks for is not within the subnet or already leased, they will be assigned a default IP by the OS. From here they can query the network adapter for the address and subnet mask of the gateway and bam, they know exactly the internal range you chose.