dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2374
share rss forum feed


Omega
Displaced Ohioan
Premium
join:2002-07-30
Denver, CO

So....

What's stopping someone from using this service to attack someone else's WPA network?

Say your neighbor has WPA. A one time $17 payment means unlimited and free internet for a long long time.
--
Whats smells like blue?


Hazy Arc

join:2006-04-10
Greenwood, SC
I think that's why it is on DSLR.


BabyBear
Keep wise ...with Nite-Owl

join:2007-01-11

1 recommendation

reply to Omega
said by Omega:

Say your neighbor has WPA. A one time $17 payment means unlimited and free internet for a long long time.
Just better hope they don't get details of your transaction. Since afterall hacking into someone's network is illegal.

33358088
Premium
join:2008-09-23
kudos:2
reply to Omega
nothing...
and
network security penetration consultant
is proper corporate term
you can call em hackers like they are
just this breed is cowardly and dont want to be called what they really are

k1ll3rdr4g0n

join:2005-03-19
Homer Glen, IL

1 recommendation

reply to Omega
said by Omega:

What's stopping someone from using this service to attack someone else's WPA network?

Say your neighbor has WPA. A one time $17 payment means unlimited and free internet for a long long time.
This same idea was posted before (hacking WPA using GPUs).

Nothing, and I repeat NOTHING will 100% stop your neighbor from getting into your wireless AP. If a person is determined enough, they can and WILL get in. I don't care how many bits encryption you use - there is still one factor that can ALWAYS be exploited and that is, of course, the human factor. Are you sure that is an "official" Comcast guy coming into your house checking up on your service? You may say "Well, I am always cautious about stuff like that." But can you honestly say the same thing about your roommate or significant other?

With that said, how many people do you know are actually taking the time out of their day to steal wifi from encrypted APs (WEP/WPA/WPA2)? I know exactly 0 people doing this. Why? It takes time, hardware (thus money) to do it.
We know that WEP is crackable. This is a fact. It is also a fact that people aren't zooming up and down the street in a van cracking WEP encrypted APs. And if they are, I would bet that they would be more interested in getting into unsecured APs than secured ones. And I would say that the open ones are more interesting because you have a wider radius of clients rather than one household. Sometimes you have to compare facts with reality. And if you don't accept reality, I can find a number for a good shrink.

In my opinion, who cares what AP encryption is cracked or not - the point that many people seem to miss is that while the older encryption algorithms aren't as secure it still keeps Average Joe from connecting to your AP. Nothing will stop Hacker Joe from getting in - it will deter him, but it won't stop him.

In fact to contrast with another algorithm; MD5. Many people say that it is "cracked". I'll tell you what, if I take an MD5 hash if a 1GB file and you can tell me what the contents was I will have a very big red face on and be sure to work for you because you have just discovered a very good compression technique. Nope? Didn't think so.

Lazlow

join:2006-08-07
Saint Louis, MO

1 edit
As far as people driving around and doing this; I suggest you google war driving and its variations. There are a lot of people doing this. To some it is just a sport. There are several groups here is St. Louis each with well over fifty members. In any town of over 10K I have been in the last ten years, there are people doing this. To be clear, I do not go out of my way to find these people, I just keep an eye out. If you have a college or computer school in your area, there are definitely people doing it.

As far as the hardware goes, for the sub 12 digit stuff, just about anybody has enough hardware to crack one in under a week(in most cases under a day).

Assuming the essid is in the top 1000 popular list, you would download a 30Mb(specific to that essid) file and run it against the password. A 700Mhz PIII can run about 17,000 passwords a second. It does not require an uber computer or any great computer genius.

If you use a long essid and a long password with regular changes(once every 3 months?), you can probably keep 99% of them out. Anybody with a large zombie collection you are not going to keep out, but anybody with those kinds of resources are unlikely to be going after an AP.

Kearnstd
Space Elf
Premium
join:2002-01-22
Mullica Hill, NJ
kudos:1
reply to Omega
with enough resources you can hack/crack anything on the net, but really secured wireless is like locking your house when you head to work. WPA is like having a deadbolt, WPA2 is adding motion sensing lights.

all of them add security but none prevent the breakin if someone wants in, but they make you far less attractive to the smash and grab.
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports

k1ll3rdr4g0n

join:2005-03-19
Homer Glen, IL
reply to Lazlow
said by Lazlow:

As far as people driving around and doing this; I suggest you google war driving and its variations. There are a lot of people doing this. To some it is just a sport. There are several groups here is St. Louis each with well over fifty members. In any town of over 10K I have been in the last ten years, there are people doing this. To be clear, I do not go out of my way to find these people, I just keep an eye out. If you have a college or computer school in your area, there are definitely people doing it.

As far as the hardware goes, for the sub 12 digit stuff, just about anybody has enough hardware to crack one in under a week(in most cases under a day).

Assuming the essid is in the top 1000 popular list, you would download a 30Mb(specific to that essid) file and run it against the password. A 700Mhz PIII can run about 17,000 passwords a second. It does not require an uber computer or any great computer genius.

If you use a long essid and a long password with regular changes(once every 3 months?), you can probably keep 99% of them out. Anybody with a large zombie collection you are not going to keep out, but anybody with those kinds of resources are unlikely to be going after an AP.
Something sounds fishy about your groups. Why would anyone in their right mind say they are wardrivers, users that are attempting to illegally gain access to an AP. To me that sounds like a recipe for disaster. I never said people it wasn't a possibility they were, I just don't think they are.

I have actually eyed my college, and there was only one person who I know of who claimed to be able to do it and he wasn't exactly an A student. I would say 1/~1000 is good odds that there isn't people running up and down my street looking for WEP APs.
There are people who have supposedly hooked up a wireless router wrong (plugged the LAN side BACK into the wall and serving DHCP to the other residents in the dorm).
We have 2 networking courses that teach you all about networking and routing. With that said, everyone complains about having to download some crappy AV and clean access if you run Windows yet if you run Linux/Mac you are let right on. What is really amazing is that the computer science majors haven't figured out that enabling ip forwarding in Linux will allow them to by pass this requirement (plug the Linux box into the wall, take another cable from the Linux box and plug it into an AP, the rest isn't that hard either). This goes to show you how lazy they are.

So as far as the college campus is concerned, the probabilty of someone having both the knowledge and the equipment to do any sort of cracking is very low. Then again it is a small college to begin with. But, you still have to apply reality with the facts.

Of course, I can't comment outside of my area, but from my observations of people around my area - wireless security not a concern of mine. And even if it was a concern, it is illegal and if I ever caught someone I would press charges. From your comment, you seem like the kind of person who just watches and laughs with them. Me, I would pick up the phone and call the police.

And what does the essid have to do with anything?
Neither WEP or WPA utilize the essid in any form.
»en.wikipedia.org/wiki/Wired_Equi···_Privacy
»en.wikipedia.org/wiki/Wi-Fi_Protected_Access

WEP cracking is best done under Linux which, even if you are copying/pasting commands, you still need a certain familiarity with Linux and commands. You also need a card that can go into promiscuous mode - which you MAY be able to pick up at your local Best Buy...however its not like it has it on the box. And Little Johnny or Average Joe wouldn't know.

Lazlow

join:2006-08-07
Saint Louis, MO

1 edit

1 recommendation

1st. If you had bothered to look up war driving you would have seen that it is not illegal. The groups often get together and have competitions. Some are how many APs you can find in a given period of time(usually tied in with gps for proof). Another game is similar to geocaching where clues are left on essids. Some games do step over the line (as in not legal) and actually access the AP.

From your almost total lack of knowledge on the subject I am not surprised that you cannot find anyone. Do you even no the basic symbols to look for?

Once again the hardware requirements are really minimal. A 700Mhz PIII is sufficient, especially if one can use the pre made tables. Virtually all the software (windows or Linux) provides a list of cards that are best to get the job done. Again many of these cards are in the $20 range, so it is within reach of virtually anyone.

"WPA uses the passphrase you provide and the ESSID as a seed to create the actual encryption key."

From:»www.fonerahacks.com/forums/viewt···=4&t=158

Which was just the first reference I happened to find.

A simple google search on howto X, will yeild a step by step guide on how to do this. Most include the software and hardware requirements required to get the job done.

I think you are vastly underestimating the number of people who are now using Linux. While Linux may be the preferred platform, the software to do this is also available for windows.

Our local Walmart carries three usb dongles that have the proper chipsets to use for this activities.

Lazlow

join:2006-08-07
Saint Louis, MO
reply to k1ll3rdr4g0n
It also occurred to me that the guy hooking the university's Ethernet cord into a lan port (instead of wan port) may not have been a mistake. Most universities have a ban on game servers and file sharing on their network. They usually monitor this by the IP they have assigned. Hooking a router in as you described would allow one to create a private lan, using a different subnet than the university. Since most routers allow you to set whatever mac you like and the router would not need a university assigned IP, it would be difficult to track down. One would set the router to filter for macs, allowing only those that one invited onto the private lan. Hopefully those macs would all be spoofed macs (keep the other members anonymous as well). While such a lan would not have any connection capability beyond the student side of the router(no internet access) many (most?) universities only have one router for the student body(on campus of course). This would mean that one could have a file sharing network with a lot of members, only limited by the number of IPs the router could support. As most universities use 100Mbps hardware (some even GigE) the network would be very fast. The only way to track down such a network is to physically track the signal back through all the switches one at a time( time consuming). Assuming the network was only run during after hours (outside of 7am-7pm) most IT departments probably would never discover the network, and even if they did they would not have the resources(or the motivation in most cases) to track it down.

k1ll3rdr4g0n

join:2005-03-19
Homer Glen, IL
said by Lazlow:

It also occurred to me that the guy hooking the university's Ethernet cord into a lan port (instead of wan port) may not have been a mistake. Most universities have a ban on game servers and file sharing on their network. They usually monitor this by the IP they have assigned. Hooking a router in as you described would allow one to create a private lan, using a different subnet than the university. Since most routers allow you to set whatever mac you like and the router would not need a university assigned IP, it would be difficult to track down. One would set the router to filter for macs, allowing only those that one invited onto the private lan. Hopefully those macs would all be spoofed macs (keep the other members anonymous as well). While such a lan would not have any connection capability beyond the student side of the router(no internet access) many (most?) universities only have one router for the student body(on campus of course). This would mean that one could have a file sharing network with a lot of members, only limited by the number of IPs the router could support. As most universities use 100Mbps hardware (some even GigE) the network would be very fast. The only way to track down such a network is to physically track the signal back through all the switches one at a time( time consuming). Assuming the network was only run during after hours (outside of 7am-7pm) most IT departments probably would never discover the network, and even if they did they would not have the resources(or the motivation in most cases) to track it down.
Have you ever used a managed switch?
Those things are POWERFUL, I couldn't tell you exactly how but I am sure that if you feed DHCP back into the network I am almost sure that using a Cisco managed switch you can find exactly what port the DHCP is coming out of. All without having to get out of your chair.

»itknowledgeexchange.techtarget.c···network/

Knowing that, it would be really stupid to hook it up like that because the networking team could see it right away.

k1ll3rdr4g0n

join:2005-03-19
Homer Glen, IL
reply to Lazlow
said by Lazlow:

1st. If you had bothered to look up war driving you would have seen that it is not illegal. The groups often get together and have competitions. Some are how many APs you can find in a given period of time(usually tied in with gps for proof). Another game is similar to geocaching where clues are left on essids. Some games do step over the line (as in not legal) and actually access the AP.
I would still air on the side of caution for that.
Even DSLR even says its both: »Wireless Security »Isn't wardriving illegal?

Now, I don't know about you, but I certianly don't want people sniffing around my APs.

said by Lazlow:

From your almost total lack of knowledge on the subject I am not surprised that you cannot find anyone. Do you even no the basic symbols to look for?
Personal attacks will only make your argument weaker.

said by Lazlow:

Once again the hardware requirements are really minimal. A 700Mhz PIII is sufficient, especially if one can use the pre made tables. Virtually all the software (windows or Linux) provides a list of cards that are best to get the job done. Again many of these cards are in the $20 range, so it is within reach of virtually anyone.

"WPA uses the passphrase you provide and the ESSID as a seed to create the actual encryption key."

From:»www.fonerahacks.com/forums/viewt···=4&t=158

Which was just the first reference I happened to find.
I would love to accept that as actual fact, however, the whois for that domain is as follows:
nguyen, eric webmaster@fonerahacks.com
asdf
asdf
asdf, Kansas 31241
United States
1234124123 Fax --

Somehow, I cannot take that as a reliable source, and I think you would agree. It may be true that WPA uses ssid, however, by posting illegitimate sources you only weaken any argument you make even further.
Though, in general terms WPA isn't itself an encryption used - it uses different encryption algorithms as a backbone; one of them is TKIP.
»en.wikipedia.org/wiki/Temporal_K···Protocol

Here is the TKIP overview: »libtomcrypt.com/files/tkip.pdf
There is NO mention of using essid.

With that said, the router could use the essid in forming keys BUT it isn't a fact that they will; so you shouldn't assume they will.

said by Lazlow:

A simple google search on howto X, will yeild a step by step guide on how to do this. Most include the software and hardware requirements required to get the job done.
No doubt there, however, I would bet that most people don't have the hardware on hand.

said by Lazlow:

I think you are vastly underestimating the number of people who are now using Linux. While Linux may be the preferred platform, the software to do this is also available for windows.
I don't think so. I am arguably the only person in my school that actually uses Linux on a day-to-day basis. The rest, complain of its complicatedness (is that a word?, regardless it isn't a good excuse not to use Linux), and are too attached to Windows to actually use Linux.
Yes, I have heard the complaints and queried people on what they use. The general consensus is Windows.
And when I tried to utilize the necessary software under Windows, I couldn't get it to work. Booted up Linux and it worked perfectly.

said by Lazlow:

Our local Walmart carries three usb dongles that have the proper chipsets to use for this activities.
Care to share specs?

Lazlow

join:2006-08-07
Saint Louis, MO
As long as you are just listening it is legal. If you transmit to connect to the AP then you are probably over the line.

From your link:

"No. Wardriving solely to detect the presence of wireless access points without malicious intent in and of itself is not illegal."

I noticed you did not bother to answer the question, which would indicate the answer to be no. Proving my point.

Considering the way the legal system has been going lately, you are unlikely to find a source that you could sue(reputable source) that will post any information on the topic.

There are five linux users within a block of me, and one of those is over 70. The local LUG had to find a new place to hold its meeting becuase there was not enough space.

All three of these(below) use the 2870 chipset which requires using the nemesis driver(for injection). They are all three on the shelf at our local Walmart. There are probably others that would be functional too, I just have not taken the time to look around and see.

Linksys USB600N
Linksys WUSB100
Belkin F6D4050

k1ll3rdr4g0n

join:2005-03-19
Homer Glen, IL
said by Lazlow:

As long as you are just listening it is legal. If you transmit to connect to the AP then you are probably over the line.

From your link:

"No. Wardriving solely to detect the presence of wireless access points without malicious intent in and of itself is not illegal."
It is a very gray area. Lets leave it at that.
For example, taking pictures publicly is not a crime, however, if a person wishes for you not to take their picture then it is illegal. Which one would say "how would one know the other people also don't want their picture taken?".

said by Lazlow:

I noticed you did not bother to answer the question, which would indicate the answer to be no. Proving my point.
I didn't answer your question directly because it was a personal attack. I refuse to encourage ignorance.

said by Lazlow:

Considering the way the legal system has been going lately, you are unlikely to find a source that you could sue(reputable source) that will post any information on the topic.
Wait, what? I would press charges against the person?

said by Lazlow:

There are five linux users within a block of me, and one of those is over 70. The local LUG had to find a new place to hold its meeting becuase there was not enough space.
Like I said, in my area this is what I noticed. I acknlowedge there are different parts in the world. Different people; different interests.

said by Lazlow:

All three of these(below) use the 2870 chipset which requires using the nemesis driver(for injection). They are all three on the shelf at our local Walmart. There are probably others that would be functional too, I just have not taken the time to look around and see.

Linksys USB600N
Linksys WUSB100
Belkin F6D4050
I looked up the first one here: »linux-wless.passys.nl/query_host···stif=USB
And found that it used the Ralink chipset.

Jumping to the aircrack project:
»www.aircrack-ng.org/doku.php?id=···_drivers

quote:
Ralink makes some nice b/g chipsets, and has been very cooperative with the open-source community to release GPL drivers. Packet injection is now fully supported under Linux on PCI/CardBus RT2500 cards, and also works on USB RT2570 devices. However, these cards are very temperamental, hard to get working, and have a tendency to work for a while then stop working for no reason. Furthermore, the RT2570 driver (such as that for the chipset inside the Linksys WUSB54Gv4) is currently unusable on big endian systems, such as the PowerPC. Cards with Ralink chipsets should not be your first choice.
You are right in saying it may be supported, but from that do you really think that card is a good choice?

I couldn't find the WUSB100, but the F6D4050 is in that list and it is also Ralink. Again, this only strengthens my theory that the cards you need aren't readily avaiable at your local Best Buy.

Unless you know of another wireless cracking project that DOES support Ralink without any negative comments?

Lazlow

join:2006-08-07
Saint Louis, MO
Ok, if you do not have the vocabulary or know the symbols to look for(most basic skill), it is a little like hunting deer without knowing what they look like. In either case you are not going to find what you are looking for.

Poor choice of words on my part, I did not mean to infer you. I meant that some company (riaa/mpaa like in nature).

All three of those do work IF you use the nemesis driver instead of the manufactures drivers, which is why I specifically mentioned it. With this driver it seems to function acceptably. I assume that the nemesis driver is newer than that list you used.


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:7
Reviews:
·PenTeleData
·Verizon Online DSL
reply to k1ll3rdr4g0n
said by k1ll3rdr4g0n:

said by Lazlow:

1st. If you had bothered to look up war driving you would have seen that it is not illegal. The groups often get together and have competitions. Some are how many APs you can find in a given period of time(usually tied in with gps for proof). Another game is similar to geocaching where clues are left on essids. Some games do step over the line (as in not legal) and actually access the AP.
I would still air on the side of caution for that.
Even DSLR even says its both: »Wireless Security »Isn't wardriving illegal?

I Point you to »www.wardrive.net/wardriving/faq

where they talk about Part II: Legalities and Ethics

^^
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.

k1ll3rdr4g0n

join:2005-03-19
Homer Glen, IL
reply to Lazlow
said by Lazlow:

Ok, if you do not have the vocabulary or know the symbols to look for(most basic skill), it is a little like hunting deer without knowing what they look like. In either case you are not going to find what you are looking for.

Poor choice of words on my part, I did not mean to infer you. I meant that some company (riaa/mpaa like in nature).

All three of those do work IF you use the nemesis driver instead of the manufactures drivers, which is why I specifically mentioned it. With this driver it seems to function acceptably. I assume that the nemesis driver is newer than that list you used.
I know exactly what to look for, and the fact that EVERYONE I have run into defiantly don't show an interest in anything like this. Granted I don't bust into people's homes and check out their setup so my experience can only account for a small percentile...but I can only present my facts. I am not doubting that there are other Linux users in my neighborhood, it just seems like they choose not to be known for whatever reason. Do you really want me to poll the computer scientists just to prove a point?

And wait, I didn't list a driver? I used the actual wireless cracking program's site as evidence. Nemesis driver or not, they go out of their way to mention that. Can you post a link to the Nemesis driver that specifically says "this will work better than any other driver" or something similar. I would like to take your word for it, however, since you mentioned as evidence in your argument I feel it is your responsibility to back up your claims. And if its a hardware issue causing the malfunction of the card, then a different driver will most likely not fix the problem.

hrickpa

join:2001-06-07
Reading, PA
Reviews:
·Verizon Online DSL

1 edit
reply to Omega
what is stopping my neighbors from using the service
my neighbors has been harassing me to give them access to my Wi-Fi connection. I use wpa2/aes. I change the SSID and the shared key often using Steves key generator
i found out that thier church has a list of unsecured accesspoints posted and they are offering a reward for any one who cracks my key and a few others around the city
my aacces point was listed i had changed my ssid when i found an ad on the internet.
I also shut the access point of when it is not being used

Lazlow

join:2006-08-07
Saint Louis, MO

1 edit
reply to k1ll3rdr4g0n
The symbols I was referring to have nothing to do with Linux, which seems to be what your first paragraph is inferring.

I forgot that the nemesis driver is just the modified(for linksys) hirte driver.

»forums.remote-exploit.org/136476-post1.html

"One thing to keep in mind is you can find an official, better working driver for this chipset from Ralink's website. This driver DOES support monitor mode but DOESN'T support injection. Seeing as how injection is kind of necessary to the point of thats probably why you got Backtrack, this is the answer for you"

You will note that the driver is stored on aircrack-ng.org. I suspect that the link that you posted is just dated. On the original driver series it did not work very well. Newer drivers came along that do, but your link just did not get updated.

IF I recall correctly the reason the original driver series did not work very well had to do with the driver not properly handling the transmit power control on the chipset. The driver would leave the power at full blast all the time until it overheated. The newer drivers do not seem to have a problem.