Rant How hard is it to crack a wi-fi network these days?

Hey guys,

I have a flat in a area of flats, pretty high density of wifi networks.

Had a chappy move downstairs to me, made some sounds that he wanted to share internet.

I declined as I host a home server which I use for media storage/sharing when I am at my other house. Not really wanting to share a connection anyway.

Since then on two occasions I have found a unknown Android device on my Superhubs mac list.

Now the 1st time I purposefully changed the password to something fairly obscure and a few months had passed without me picking up on it.

Well I checked again this evening and its there again

It is on a wpa2-psk encryption currently. I have just disabled ssid broadcast and changed the ssid. Along with the password.

I can mac filter but that's a bit of a ballache.

So yeah, is this common because its starting to piss me off

 

I believe you need to either very specific wi-fi cards or specialist usb adapters to do it. But with time and patience he could do it. My brother fed his neigbors cat 2 years ago and made a note of the Wi-Fi password. He has been using their broadband ever since the cheeky begger

 

How hard is it?
Isn't it worth it for peice of mind?

 

I have my router set to block all MAC adresses bar the ones i speicifally set... Makes connecting new devices a bit of a pain but i have neighbours that would [and have tried] leech our wifi...

... tbh i'd turn it off if i could


Also i've found my superhub picks up [as in they show up in 'network' in windows] certain devices that are in range, whether they're connected to the hub's wifi or not, they don't show in the MAC list or as a connected device elswehere in the settings...

 

A copy of backtrack in a machine with any wireless card and some graphics cards to run rainbow tables against your password. Also some time(weeks/months). Use a password generator to generate a very very long password(with all the trimmings no dictionary words special characters etc.) Hiding your ssid doesn't do anything especially if the guy can crack your wpapsk password. How to geek have an article on the topic of ssid hiding. I'd get the link but I'm on hillbilly class internet at the mo.

 

Hmmmm interesting, i never knew of this.

tldr, mac filter him, but then he may have copied your mac addresses too.

 

Pretty much what theshadow said. WPA2 PSK is very secure: with a long, non-dictionary (preferably randomized) password it becomes completely infeasible to crack. Hiding SSID broadcasts won't help at all - sniffing wireless traffic can quickly tell an attacker what the SSID is. MAC filtering won't be effective against anyone who can crack a WPA2 PSK access point - it is trivial to sniff wireless traffic to find a MAC that is permitted on the network.

It is far more likely that you have a device on the network with that MAC address (the Superhub might say it's Android, but it could just be any wireless or even wired device on your network). Or, the attacker has gained access to the wireless passcode through some other means.

EDIT: Ah yes, after reading loftie's post it reminded me: turn off WPS! There are many known attacks against it (or more accurately, flawed implementations of it).

 

I think I've read that turning off wps doesn't necessarily stop the associated vulnerability. Damned convenience, always ruining security.

 

Hell, if even the NSA can do it, I'm pretty sure some retard with enough time on his hands can do it.

 

Although, to be fair, they are much of the same thing aren't they?

 

Yea I was going to say exactly what has been said, Even if you mac filter your network, if hes able to break the security you mentioned then im sure hes able to spoof his mac address so you can't stop him

 

Thanks for the replies guys.

WPS has never been active but is indeed an option, always thought that that was a bit of a security flaw.

Will think about disabling wifi for now, I don't depend on it really just nice to have.

 

You could disable wireless on the router and add an access point without wps. A good password and you should be golden.

 

If they have snooped your MAC table your going to have a fair bit of hastle to sort this unless you swap al the devices (effort ahoy).
Its a longshot and is a bit of a pain to setup but, do you have a machine running MS Server at all? If you create your devices as objects on AD then it will be looking for the names you give the devices rather than the MAC. Unless they can see one of your devices names broadcast then they in theory shouldnt be able to get on to your network.
Also if you can do the above get some detection software to see when your being attacked and possibly return the favour.

 

Speaking of detection software. Wifi guard is free and it scans your network for devices marking any you don't approve as unknown.

 

Or, you could be a nice neighbour and setup a secondary wifi network for him that can only access internet.

 

But why?! There would have to be pretty good reasons, or some kind of fiscal stimulation for me to want to share my network/internet with my neighbours!

 

I don't live in a crowded wi-fi area, only next door neighbours can have strong enough signal to use it. But I still have a guest wi-fi setup for whoever want to use it, it's clearly named for guest access and I'll give out its password to any neighbour or guest that asks. (no one have asked, everyone already have their own internet)

Of course, if I find people on my main network, I'll be just as concerned. But if all the chap downstairs want to to is access internet, why not just give him access to the internet to secure your home server network?

That way you can also know if he is hacking into your network. Then have word with him at a later date.

 

Set the guest network bandwidth to a really small percentage of your connection. So for me my DL is 270Kbs, setting mine to 0.5% would give then 1.35Kbs mmmm speedy!

 

Presents the problem of people using your connection for no good too.

Anyway internet is cheap and he isn't such a great neighbour.