Domain: aircrack-ng.org
Stories and comments across the archive that link to aircrack-ng.org.
Comments · 24
-
Re:KNetworkManager
Simple. Stop using Gnome shit.
How can I store passphrases associated with encrypted wireless networks?
The first time KNetworkManager is used, it will try to set up the KDE Wallet (encrypted password storage) to save wireless network passphrases and other passwords. If you choose not to use KWallet, KNetworkManager will store passwords in its configuration files, only readable by the logged in user.http://old-en.opensuse.org/Projects/KNetworkManager#Wireless_LAN
These configuration files are only readable by root on my opensuse box (specifically NOT by the logged in user). NetworkManager uses a privileged back end to read these files. (That's another issue, obsessed over up-thread).
So realistically, the story is pretty much a bunch of FUD. (In fact, if you read the article they pretty much discredit any of their recommended solutions by pointing out how easy it is to get around them).
True, if someone gets your laptop and puts in linux boot/recovery CD, they can get at your wifi passwords. But they already have your MACHINE IN HAND, so that war is already lost.
When you consider how easy it is to crack a wifi password the specter of any one stealing your laptop to get them seems a bit over the top.
Ok, sure, they should be stored encrypted, but if you wanted that option you could have and / should have chosen to store them in your wallet.
And in this day and age, you could have and should have used an encrypted hard disk. Either way, there is going to be another password you will need to remember somewhere. -
Re:i like to limit my DHCP scope
Here you go AC, but next time do your own homework. Or at least have Google do it for you,
http://netsecurity.about.com/od/secureyourwifinetwork/a/WPA2-Crack.htm
http://www.aircrack-ng.org/doku.php?id=cracking_wpa
http://arstechnica.com/security/2012/08/wireless-password-easily-cracked/ -
Re:So how do you monitor your home wifi?
http://dl.aircrack-ng.org/breakingwepandwpa.pdf
And, bear in mind, that paper is from 2008. It's also linked to from several major security lists from around the same time. Though it can have countermeasures deployed against it, that attack is 3 years old and thus not state-of-the-art - things have moved on.
Now how much longer do you think WPA is going to last, and how long have you been trusting ARP packets that are sent over WPA?
-
Re:Would MAC address filtering counter this proble
Most NICs support either intentional or "back-door" MAC address cloning. Cloud-computing resources can crack your WEP (trivial), WPA (harder/slower), and WPA2 (much harder and slower, but still doable, unless you rotate them daily).
Your comment about MAC address cloning is correct.
However, it would be nice with some citations to back up your claims about WPA2. If what you are saying is true, then I would have expected to see publications that describe such a revolutionary attack against WPA2.
First of all, a WEP attack does not require any cloud computing. The bottleneck is capturing enough traffic (802.11 frames). The attack itself can be run on any ordinary computer and will find the key quickly. With an active attack (e.g. aircrack-ng in PTW mode), WEP can be broken in 1-2 minutes. A passive attack takes far more time, and depends on the amount of traffic on the network. Since the attacker spent 2 weeks cracking the WEP encryption, I assume that he was using a passive attack. Note that the WEP attacks are exploiting protocol vulnerabilities, they do not assume anything about the passphrase.
Now, for WPA and WPA2. There are some published vulnerabilities in TKIP, which is used in WPA and (optionally) in WPA2. Exploiting these vulnerabilities lets an attacker inject traffic on the network, but only from the access point to the client. AES-CCMP, which is supported by WPA2, does not have these vulnerabilities.
Your reference to cloud computing is probably based on dictionary attacks against the passphrase used in WPA-PSK and WPA2-PSK. This kind of attack can only succeed if the entropy of the passphrase is low. If you have a long enough and random enough passphrase, then this kind of attack will not work. Example: 'pwgen -s 32' will give you approximately 190 bits of entropy (pwgen -s uses [a-zA-Z0-9], which is 62 different characters, so a random passphrase of 32 characters gives log_2(62^(32)) bits of entropy). Have a look at the theoretical limits of brute-force attacks to put that into perspective.
To summarize: You are wrong, possibly suffering from False Authority Syndrome, and spreading FUD. The fact that you comment is modded +5 Insightful says quite a lot about the knowledge of slashdot moderators. The proper advice would be to tell people to use WPA2 with AES-CCMP only, and to use a long, random passphrase. 'pwgen -s 32' has more than enough entropy to prevent dictionary attacks with cloud computing.
-
Re:Two routers
Spend a little time playing with aircrack-ng http://www.aircrack-ng.org/doku.php and you will see just how little an inconvenience a hidden SSID or MAC filter really is. It's actually a lot of fun trying to break into your own network. It's not a big deal to leave airmon-ng running for a few hours or even days on a netbook attached to a cantenna to sniff out the ssid and a mac, waiting for a device to connect (obviously it's much faster if you can de-auth one). However, using WPA/WPA2 with a non-default SSID (like "dlink" or "linksys") is much more effective, since the SSID is used as a seed in the encryption and thus would require an intruder to generate their own rainbow tables.
From your description it sounds like you never use the wireless network though, so it is really necessary to even have one on all the time? Just toggle the switch on a power bar the router is plugged in to.
-
Re:Welcome to 1994...
Transmitting the data through the air, you mean like WiFi and cell phones do all the time? Too bad we don't have a way to scramble the data in a way that makes its contents inaccessible unless someone has the "key"...
I assume you're suggesting they secure the data transmitted through the air scrambled with proven commercial protections like WEP, WPA-PSK, or were you thinking they might secure it with a product more widely used, like GSM?
Last month when I read the article about their system, they claimed it was a "highly secure solution." But they did did not reveal any technical details that said "we're using protocol x with algorithm y to secure communications." So for now, we know only that they claim their system is highly secure, but they've given us no basis for that claim.
-
Re:Change channel / Try Kismet
1. Download a Ubuntu Live CD.
2. Open a terminal and type "sudo apt-get install aircrack-ng"
3. If aircrack-ng installs successfully (you may need to connect an ethernet cable to get an internet connection), type "sudo airmon-ng start wlan0".
4. Type in "sudo airodump-ng mon0" and you'll get a nice list of all the wireless access points in your area (even the hidden ones).
Aircrack-ng (and airodump-ng) documentation can be found here.You can also try NetStumbler, which runs on Windows, but it much less powerful.
-
Re:Drive-by installing
Sure it's never going to be 100% secure, but it's almost laughable how quickly the protection [of WPA] turns out to be easily breached.
Sounds like you have never done this before!
While WEP is easily cracked, I do it in 2-3 minutes on my 5 year old laptop, WPA is not that insecure.
Cracking WPA requires more work and preparation and is not something you can do while driving around using your laptop.I myself use WPA2 encryption because it is still good enough. Change the password every now and then and it is "secure"
http://www.aircrack-ng.org/doku.php?id=cracking_wpa -
Re:Are these available in the states?
Sure are available DIY, for the price of a halfway decent wireless card (optimally supporting injection), a box running linux, and the requisite AirCrack (the latter for the total price of free).
-
Re:Are these available in the states?
Sure are available DIY, for the price of a halfway decent wireless card (optimally supporting injection), a box running linux, and the requisite AirCrack (the latter for the total price of free).
-
Re:Apartment Wifi
http://www.aircrack-ng.org/doku.php?id=arp-request_reinjection
I was using WEP because my wireless router was someone else's cast-off and I reasoned that 'any encryption is better than nothing', then I tried out aircrack and was alarmed by how fast it worked. Fortunately I could flash the router to make it capable of WPA-TKIP, so I still have not had to buy a router.
:-) -
This is under reported
With http://www.aircrack-ng.org/ you can have many more available WiFi hotspots.
-
Re:WEP_IS_LIKE_OPEN
I've moved to a new apartment 3 months ago. My building is in a very dense populated area. Due to bureaucrat issues, I was over one month without an internet connection. Since I had over 25 available wireless networks on my house I gave the http://www.aircrack-ng.org/doku.php?id=tutorial aircrack online tutorials a shot. It was amazing how easy it is to crack a WEP connection. On average I took less than 10 minutes to crack a WEP wireless. Over 40% of people(at least around here), still use this totally insecure encryption method.
Yep, I use WEP. I still own devices that won't do anything newer. I don't really see the insecurity as a big deal - an open AP is an advertisement that you don't mind random people using it, an AP with some kind of security (even if it's weak) tells people it isn't for public use. If you choose to break the WEP key then you're choosing to break the law.
I live in a neighbourhood where there are at least 2 other networks within range that are totally open, so I suspect people won't care about mine, but more importantly all my machines are secure and the traffic between internal machines on the network is encrypted, so it isn't really that big a deal if someone breaks into it.
If I had an access point that could reliably do virtual SSIDs (sadly the WRT54GL won't - it can do virtual SSIDs but they have to share the same address which confuses too many clients), I would likely set up a separate open network that used a transparent proxy to do logging so that anyone could use it.
I have a HP shop on the other side of the street, that has a big splash symbol on the window "Microsoft Certified". They have IT consultants and they are using WEP. What a joke.
Not really - they may require a WEP network in order to connect older devices that have no WPA/WPA2 support. Unless you've broken the law and actually cracked the key and investigated further then you have no idea what underlying security they have beneath the WEP - they might only allow ESP+AH traffic, in which case there is absolutely no security problem at all.
Also WAP is not difficult to crack with weak passwords, and most of the people don't have a clue about strong passwords.
Guess what - most people have door locks that are trivial to pick if you have the right knowledge and tools. There is only so much you can do to stop criminals. I'm sure you don't upgrade all your door locks to the latest greatest high security ones every time someone works out how to pick them, why should you expect people to replace all their wireless kit every time a compromise is found?
-
WEP_IS_LIKE_OPEN
Does the police specified that people should use WAP and Strong passwords, if they really wanted to protect their networks.
I've moved to a new apartment 3 months ago. My building is in a very dense populated area. Due to bureaucrat issues, I was over one month without an internet connection. Since I had over 25 available wireless networks on my house I gave the http://www.aircrack-ng.org/doku.php?id=tutorial aircrack online tutorials a shot. It was amazing how easy it is to crack a WEP connection. On average I took less than 10 minutes to crack a WEP wireless. Over 40% of people(at least around here), still use this totally insecure encryption method.
I've started to get curious about who is Using Wep. So I've made a survey with my laptop, and my phone(it has wireless), to see who is using Wep. I have a HP shop on the other side of the street, that has a big splash symbol on the window "Microsoft Certified". They have IT consultants and they are using WEP. What a joke.
My local Social Security Center is using WEP possibily exposing the entire contry database(it's just a guess. I didn't really crack it). Also WAP is not difficult to crack with weak passwords, and most of the people don't have a clue about strong passwords.
I currently have my network open, only closing when I need full bandwidth, and my SSID is something like WEP_IS_LIKE_OPEN, but in my language.
I guess worst than having an open network is to wrongly think you are secure. -
Re:Shame on you Broadcom
Yup. Luckily my new dell laptop allowed me to swap out the broadcom stuff that came with it for an intel wireless card instead. $20. Works flawlessly, even with kismet. Bonus, can run managed and monitor mode at the same time:
http://www.aircrack-ng.org/doku.php?id=iwl3945
http://www.google.com/products?q=intel+3945&btnG=Search+Products&show=ddSo, for the hassle, I'd rather have a card that is properly supported, and companies *other* than broadcom will continue to get my money.
-
Re:Autoconfig?
You mean wesside ?
-
Re:A little oversimplified...
trivial != easy
I apologize if I made that seem like it was the case. If a locksmith said that a given lock is really easy to break into, and you tried to do it and couldn't, it doesn't mean that he was wrong. The problem is that is meant as a comparative statement than a directly descriptive one. That is, compared to other available security methods it is relatively simple to break. That is, not easy for anyone but easy in comparison.
I don't understand what you mean in the first part of your main point. I'll try to be less thoughtful in my subsequent responses. =D
I'm genuinely just trying to be helpful, and yes, I'm stupid, and I actually sometimes take 20 or 30 minutes of editing and rewriting my responses to try to make them as clear and concise as possible. As is apparent, neither clear nor concise are my strong points.
Seriously though, I'm going to go ahead and suggest that it's not legal to break into someone's network. This might seem like crazy talk, but hear me out. Permission to access doesn't mean you have permission to access through whatever means you please. Granted, you probably had a case where you could have been reimbursed some money, had you paid specifically for wireless Internet access. But it's very important to realize that you are placing yourself at serious risk if you attempt to force access to the network without explicit permission to do so. Furthermore, I will suggest that it certainly isn't ethical, on the grounds that two wrongs don't make a right, but I won't go so far as to say that it is completely unethical, unless of course you had prior permission to do so. In which case, I'd say go for it. You didn't mention that you had asked and been granted permission, so I assume you didn't have permission to break into their network. Or, the crazy /. brand analogous situation: If for some reason you were locked out of your hotel room, and no one had the key handy because no one uses that room very often, I imagine you'd be more inclined to request a refund for your hotel room instead of trying to break into it through the window.
Here's the software.
Here's the hardware compatibility list.
Try it out on your home wireless network if you want to see what little protection WEP actually provides.
Do not break into any equipment that you do not own. *insert standard "I cannot be held liable" disclaimer here* -
Re:A little oversimplified...
trivial != easy
I apologize if I made that seem like it was the case. If a locksmith said that a given lock is really easy to break into, and you tried to do it and couldn't, it doesn't mean that he was wrong. The problem is that is meant as a comparative statement than a directly descriptive one. That is, compared to other available security methods it is relatively simple to break. That is, not easy for anyone but easy in comparison.
I don't understand what you mean in the first part of your main point. I'll try to be less thoughtful in my subsequent responses. =D
I'm genuinely just trying to be helpful, and yes, I'm stupid, and I actually sometimes take 20 or 30 minutes of editing and rewriting my responses to try to make them as clear and concise as possible. As is apparent, neither clear nor concise are my strong points.
Seriously though, I'm going to go ahead and suggest that it's not legal to break into someone's network. This might seem like crazy talk, but hear me out. Permission to access doesn't mean you have permission to access through whatever means you please. Granted, you probably had a case where you could have been reimbursed some money, had you paid specifically for wireless Internet access. But it's very important to realize that you are placing yourself at serious risk if you attempt to force access to the network without explicit permission to do so. Furthermore, I will suggest that it certainly isn't ethical, on the grounds that two wrongs don't make a right, but I won't go so far as to say that it is completely unethical, unless of course you had prior permission to do so. In which case, I'd say go for it. You didn't mention that you had asked and been granted permission, so I assume you didn't have permission to break into their network. Or, the crazy /. brand analogous situation: If for some reason you were locked out of your hotel room, and no one had the key handy because no one uses that room very often, I imagine you'd be more inclined to request a refund for your hotel room instead of trying to break into it through the window.
Here's the software.
Here's the hardware compatibility list.
Try it out on your home wireless network if you want to see what little protection WEP actually provides.
Do not break into any equipment that you do not own. *insert standard "I cannot be held liable" disclaimer here* -
Re:In Russian ...My advices before than to buy a WiFi device: many of these that you can't inject packets to crack
aireplay-ng_doesn_t_inject_packets
i_can_t_inject_packets
airodump-ng_freeze_when_i_change_injecting_rate_wh at_can_i_do
why_does_my_computer_locks_up_when_injecting_packe ts_is_there_a_solutionAs a reminder, you can't inject with a Centrino, Hermes, ACX1xx, Aironet, ZyDAS, Marvell or Broadcom chipset because of firmware and/or driver limitations.
Note: You can't inject with OpenWrt devices.I recommend Atheros or HostAP chips for professional hijacking. (e.g. Atheros/madwifi, Prism2.5/HostAP) See http://rfakeap.tuxfamily.org/.
-
Re:In Russian ...My advices before than to buy a WiFi device: many of these that you can't inject packets to crack
aireplay-ng_doesn_t_inject_packets
i_can_t_inject_packets
airodump-ng_freeze_when_i_change_injecting_rate_wh at_can_i_do
why_does_my_computer_locks_up_when_injecting_packe ts_is_there_a_solutionAs a reminder, you can't inject with a Centrino, Hermes, ACX1xx, Aironet, ZyDAS, Marvell or Broadcom chipset because of firmware and/or driver limitations.
Note: You can't inject with OpenWrt devices.I recommend Atheros or HostAP chips for professional hijacking. (e.g. Atheros/madwifi, Prism2.5/HostAP) See http://rfakeap.tuxfamily.org/.
-
Re:In Russian ...My advices before than to buy a WiFi device: many of these that you can't inject packets to crack
aireplay-ng_doesn_t_inject_packets
i_can_t_inject_packets
airodump-ng_freeze_when_i_change_injecting_rate_wh at_can_i_do
why_does_my_computer_locks_up_when_injecting_packe ts_is_there_a_solutionAs a reminder, you can't inject with a Centrino, Hermes, ACX1xx, Aironet, ZyDAS, Marvell or Broadcom chipset because of firmware and/or driver limitations.
Note: You can't inject with OpenWrt devices.I recommend Atheros or HostAP chips for professional hijacking. (e.g. Atheros/madwifi, Prism2.5/HostAP) See http://rfakeap.tuxfamily.org/.
-
Re:In Russian ...My advices before than to buy a WiFi device: many of these that you can't inject packets to crack
aireplay-ng_doesn_t_inject_packets
i_can_t_inject_packets
airodump-ng_freeze_when_i_change_injecting_rate_wh at_can_i_do
why_does_my_computer_locks_up_when_injecting_packe ts_is_there_a_solutionAs a reminder, you can't inject with a Centrino, Hermes, ACX1xx, Aironet, ZyDAS, Marvell or Broadcom chipset because of firmware and/or driver limitations.
Note: You can't inject with OpenWrt devices.I recommend Atheros or HostAP chips for professional hijacking. (e.g. Atheros/madwifi, Prism2.5/HostAP) See http://rfakeap.tuxfamily.org/.
-
Re:More info
Ah, nothing new here. WEP is easy; WPA still takes a dictionary or bruteforce attack. Link
-
Re:More info
Take a look here -> http://www.aircrack-ng.org/doku.php Most of the doc/usage info is here also.