[palandri]

I own a townhouse. I know all of my neighbors. My Cisco wireless router died. No big deal, I bought another one. I set up the new one up with the same SSID and WPA2 password. The difference with the new one is I could now see the activity lights.

After I set it up, I checked all of my wireless devices (8 total) and they were all working fine. Later on I noticed my 2.4GHz band seemed really active. I thought I must be getting an update on one of my devices. The activity continued and I thought, what the heck is going on. I pulled up a network map and there are 10 devices connected to my wireless router. I thought, what device am I missing. I even checked the MAC address of all my devices. I wasn't missing any. There were 2 devices connected to my WiFi that I didn't recognize.

I changed the WPA2 password on my router. Then changed the WPA2 password on my 8 wireless devices. Now when I pulled a network map up I get 8 devices connected. Some body, obviously one of my neighbors was tapped into my WiFi.

[Laura Knotek]

That's messed up. How did the neighbors get your password?

[ImmortalWarrior]

I can brute force a wpa in a decent time if you use common words or variants to make it.

[Alex Rodriguez]

Routers are easy to hack if you have knowledge using Linux (Backtrack specifically)

[palandri]

That's messed up. How did the neighbors get your password?

I have no idea. I asked my wife if she had given it out to anyone and she said no, I don't even remember it. I also checked firmware updates for my old Cisco router. I was behind one update. I was running 1.0.0.4, and the latest firmware was 1.0.0.5, but there was no mention of a security issue with the 1.0.0.5 update. It was a 10 digit password, which would normally be pretty secure, i.e., 47kLJttYeU.

[palandri]

I can brute force a wpa in a decent time if you use common words or variants to make it.

Thanks for letting me know that. It's appreciated.

[Laura Knotek]

I have no idea. I asked my wife if she had given it out to anyone and she said no, I don't even remember it. I also checked firmware updates for my old Cisco router. I was behind one update. I was running 1.0.0.4, and the latest firmware was 1.0.0.5, but there was no mention of a security issue with the 1.0.0.5 update. It was a 10 digit password, which would normally be pretty secure, i.e., 47kLJttYeU.

That's weird. That wouldn't be considered a weak password.

[palandri]

Routers are easy to hack if you have knowledge using Linux (Backtrack specifically)

Thanks! Now i know.

[palandri]

That's weird. That wouldn't be considered a weak password.

That's what i thought.

[Alex Rodriguez]

That's weird. That wouldn't be considered a weak password.

It becomes stronger if you put symbols like @#* instead of a use @, if you use i use ! or 1, things like that.

[CJ Thunder]

Routers are easy to hack if you have knowledge using Linux (Backtrack specifically)

How? Isn't there a lockout after so many failed attempts from the same mac address?

[palandri]

It becomes stronger if you put symbols like @#* instead of a use @, if you use i use ! or 1, things like that.

Thanks!

[dipayanster]

on my belkin i have hidden ssid broadcast, use a strong password for wpa2, enabled mac id filtering and added my connecting devices mac ids in allowed list and set a strong password for router configuration access. i guess that as much as i can do. anything more can be done to secure the router?

[ImmortalWarrior]

Sure there is, but you don't brute force the router itself. You brute force the "handshake" files locally. Using monitoring you can capture the handshake packets, save them locally, then run them through a brute force with a 40 gb dictionary file.

MAC address filtering is also useless. It's the easiest thing to spoof using almost any distro of Linux.

[ImmortalWarrior]

on my belkin i have hidden ssid broadcast, use a strong password for wpa2, enabled mac id filtering and added my connecting devices mac ids in allowed list and set a strong password for router configuration access. i guess that as much as i can do. anything more can be done to secure the router?

Hidden SSID does nothing to protect your network. It's the same level of protection provided by using a POST http request over a GET.

Mac address filtering cam be spoofed in 2 seconds. I spoof all my hack attempts before I even touch the router. Valid MAC addresses are broadcast with the packets from those devices

The only thing you can do is use a fairly long complex password. Make sure you do the same for your router login.

[ttsoldier]

Nothing on the internet is safe.

I have a friend who can hack you without being anywhere close to you or your router. The interweb + right tools in the wrong hands = destruction

[jdevenberg]

I've got a 16 digit password that has no basis on real words or meaningful number combos. Purely a random string. Pain in the **** for entering into things like wifi printers and such, but its secure and more and more devices are supporting WPS so I don't have to type it as often as before.

[beachhoppr]

Its not the character combination that only matters its the length. Technically p1G............... is a tougher password to crack than say Hgh13&#

[ImmortalWarrior]

Its not the character combination that only matters its the length. Technically p1G............... is a tougher password to crack than say Hgh13&#

This is important. I haven't done a lot of digging into brute force algorithms and haven't yet written my own, but the first thing I would do is take a dictionary file and run through all the variations of each word and combinations of words. The last step would be to run a systematic one step at a time process of password attempts. Sequentially.....which could take eons.

[ImmortalWarrior]

Nothing on the internet is safe.

I have a friend who can hack you without being anywhere close to you or your router. The interweb + right tools in the wrong hands = destruction

Not true at all. If the protocols are configured correctly and a strong SSL encryption is used the data is safer than if you kept a written copy of it in your wallet.

The problem comes when someone uses an open network and passes user credentials and session information unencrypted. I can sniff that out immediately using common tools such as wireshark.

There is a whole gamut of security concerns with database data, cross site scripting and injection attacks but that's not quite the same.

[Paladinleeds]

If it isn't an infinite number of characters in length, it ain't secure. Basically, you can never be too cautious. If someone wants to hack your stuff, they will no matter what it takes. Even if it isn't stored electronically, they'll just hire somebody to burgle your house for it.

[jarettp]

Yea I've hacked my neighbors router before. It really isn't that difficult if you put your mind to it...

[gedzum]

Wow this thread opened my eyes more than I'd like. I hope none of my neighbours are smart enough to hack into my router. Some nice tips on making passwords tougher to crack which I'll try and put to use.

[palandri]

Wow this thread opened my eyes more than I'd like. I hope none of my neighbours are smart enough to hack into my router. Some nice tips on making passwords tougher to crack which I'll try and put to use.

It really opened my eyes also. I even added French letters with accent marks to make it a little harder. I am also watching my network map and log closely.

[ImmortalWarrior]

Wow this thread opened my eyes more than I'd like. I hope none of my neighbours are smart enough to hack into my router. Some nice tips on making passwords tougher to crack which I'll try and put to use.

Precisely. Simple fact, if you have the CPU power, you can brute force well established algorithms. The problem is that some of the more complex algorithms in the 128 and 256 bit range are ridiculous and could take years and years for even the most powerful of computers to crack.

What crackers do is use dictionary files of the most common passphrases and words that are used for passwords and go through a "trial and error" test on each one. If you pick common words, they can do it fairly easily. If you pick uncommon words, but use a short password, they can brute force it systematically pretty easily. The moment you use a long and complex password based on no real pattern, the number of permutations that a brute force algorithm would need to run through to crack it could take centuries. Literally.

As for information passed over the air, ie. networks wired or wireless, unless it is encrypted it can be read in it's raw format. So ensure that SSL is used for logins when on public networks. If you are wired, on your secure home network with only you and your family etc, you'll be fine...unless your brother or someone is trying to sneak your passwords for fun.

Over the air on a public network, even if it has a password, is still visible by anyone on that network. Open wifi is even worse.

Moral of the story. Make sure sites use https (SSL through self signed or commercial certs) when passing sensitive information, use SSH2 when doing server to server stuff. Use FTP over SSH or FTPES with a cert and keep an eye out for news on security loopholes for the "secure" services you do use. SSL means jack squat if the server is passing session information back and forth without encryption. I could just snag that session and use it to masquerade as you on facebook without ever knowing your password to do it.

Aside from that, not much more you can do.