How To, And How Not To, Kind of Half-Heartedly Secure Your Wireless Network

So we finally got our own internet for the house.

It’s BigPond cable broadband with the wi-fi net gateway option so we don’t have to have a million network cables running all through the house like back in the good old days. And thus so, we have successfully added to the band of happy little access points that seem to be peppered around the various units and houses surrounding us.

Most these days popping up seem to be of the WPA or WPA2 variety (essentially the same thing), though there are still a few of the tired old WEP strains still kicking around in the wild. We even managed to spot one or two of the rare unsecured, unencrypted access points, sitting and waiting,  inviting, though at least they seemed to have evolved the ability to filter MAC addresses in the event of any attempted interfacing.

Well, first off, MAC filtering might sound like a pretty good defence mechanism against parasites and leeches, blocking packets from any and all devices excepting the trusted few. Unfortunately it is quite easy with a program like Macshift for a device to masquerade as another device, thus fooling the little unwary access point into serving tasty data — a bit like those cuckoo birds that trick other birds into raising their young.

WEP is not that much better. It’s been dead for years. Most can be successfully penetrated within ten minutes using linux, a bit of know-how and the aircrack suite.

WPA seems pretty solid at the moment, and that’s what we’re using. If you can capture a handshake between a client and an access point you can run a dictionary attack if their password is pretty simple, or a brute force attack, which can take considerably longer — at worst up to a few billion years of computation.

We didn’t want to make ours too difficult to crack however (where’s the fun in that?), so you’re welcome to come down Brunswick Street and give it a try. SSID is currently beaconing as “rocknroll” and we’ll even give you a special clue: the passphrase is a line from a song befitting the SSID.

The prize is free internet! At least until we change the password :)

But seriously, if you know you’re the jealous type with who your wireless access point associates with, use WPA encryption and a long password, preferably one with a random series of letters, numbers, and special characters. Then people would probably have more luck physically breaking into the house and plugging a network cable in directly than they would trying to hack your wireless.

Stay safe!

Tags: ,

5 Responses to “How To, And How Not To, Kind of Half-Heartedly Secure Your Wireless Network”

  1. Ash Says:

    Neato writeup. Just so you know; there’s a vulnerability in WPA if you’re using TKIP, which will let crackers at read parts of your digital conversation. There’s no effective way to break in yet though.

    Not sure what the go is, but your last paragraph is really funky. I’d suggest you re-read it, because I honestly can’t understand what you mean. >_>

  2. Kerri Says:

    hahaha, love it! how often I see guys squatting on the footpath with a laptop around the CBD. and how many clients do i have who use the wife or dog’s name as their password and wonder why they get hacked? maybe they even get high tec and tag 1 on the end…lol…

  3. Ben Grubb Says:

    Lulz.

    I saw your tweet about 30Mbps Cable extreme the other day, now that certainly is a prize worth cracking for.

    nom nom nom.

  4. Joshua Says:

    Thanks Ash, I was writing very late at night. Fixed the wording a little bit, though probably still out a bit. I’m researching the TKIP vulnerability now. Catch you around.

  5. Morgan Daly Says:

    I heard recently that WPA has been broken and that the method will be revealed to the world early this year.

Leave a Reply