Guy didn't secure his router, got raided by ICE agents

[ljadayton]

I try

 

[Yeah]

2 dollars an hour with amazon cloud servers, the right software and the right dictionaries there are hundreds of proof of concept videos online

My buddy does that with his mac constantly just for fun

Your buddy is cracking AES with a desktop computer? Can you note what package he is using?

Even with some significant horsepower, beyond what a person could buy on a conmercially shared machine, this would be quite a surprise unless an AES vulnerability has slipped by me. Which is definitely possible.

Though I'm not sure that a person would need to break AES to sneak into a router in most places. Based on low level passes over places like Martinsville, there are thousands of more readily accessible access points.

 

[snowman46919]

Your buddy is cracking AES with a desktop computer? Can you note what package he is using?

Even with some significant horsepower, beyond what a person could buy on a conmercially shared machine, this would be quite a surprise unless an AES vulnerability has slipped by me. Which is definitely possible.

Though I'm not sure that a person would need to break AES to sneak into a router in most places. Based on low level passes over places like Martinsville, there are thousands of more readily accessible access points.

I think at the time it was a fairly late model MBP using airsnort-ng and probably a few other nice programs not available for windows. That combined with the IT group probably responsible for maintaining the router (they completely took it offline because they couldn't figure out how an unauthorized person got access to it) taking it completely offline I would attribute it to the weakest possible combination of that security protocol that even a test dictionary of keys could crack.

I also know that he spent quite some time collecting traffic, and as such had a lot better advantage than most. Think leaving your laptop connected for multiple days if not weeks sniffing traffic 24 hours a day. The more packets your able to pick up the easier it gets.

 

[misconfig]

MAC addresses are easy to spoof. You need to run wpa2 with AES only to be secure.

This is exactly right, although it'll only be a matter of time before these security algorithms flaws will be discovered.

If you really want to split hairs, you can get into the matter of brute forcing wifi, Taking the router down and acting like you're the AP itself will cause clients to connect to YOU instead of the AP.

No way really to be secure and I doubt many people put multiple layers of their network together " trusted, DMZ and wifi area's".

 

[snowman46919]

This is exactly right, although it'll only be a matter of time before these security algorithms flaws will be discovered.

If you really want to split hairs, you can get into the matter of brute forcing wifi, Taking the router down and acting like you're the AP itself will cause clients to connect to YOU instead of the AP.

No way really to be secure and I doubt many people put multiple layers of their network together " trusted, DMZ and wifi area's".

I go through a commercial vpn router before I ever go to wifi, I do not broadcast, I use mac address filtering and randomly generated keys, with client connection/disconnect notifications when I am too lazy to run wire... Usually I just run wire.

 

[misconfig]

Cracking WPA2 with AES is very difficult... I've tried for work, running on high end servers and couldn't do it after 14 days.

Brute forcing any type of encryption is tough, unless there is a published vulnerability, : see WEP.

There are many other methods that allow one to gain access to an internal WIFI network, I'd rather exploit other area's of the network than do this.

Truth is, how many *real* crackers are out there trying to get in your wifi network? Most people look for open wifi area's and wouldn't even know how to crack WEP if their life depended on it, ( even though a skilled person could generate enough IV's to crack WEP in a matter of minutes ).

Even WEP is ok for most home networks.


If you REALLY want to get crazy, build a proper network with a managed switch and a nice router like PFSense, THEN use RADIUS + TKIP authentication, lock down your device certs to which client's you'd prefer to be issued a cert.

This is fairly full proof.

Snowman: these are good steps you're taking, albeit not broadcasting SSID's only keeps normal users at bay.

 

[snowman46919]

Brute forcing any type of encryption is tough, unless there is a published vulnerability, : see WEP.

There are many other methods that allow one to gain access to an internal WIFI network, I'd rather exploit other area's of the network than do this.

Truth is, how many *real* crackers are out there trying to get in your wifi network? Most people look for open wifi area's and wouldn't even know how to crack WEP if their life depended on it, ( even though a skilled person could generate enough IV's to crack WEP in a matter of minutes ).

Even WEP is ok for most home networks.


If you REALLY want to get crazy, build a proper network with a managed switch and a nice router like PFSense, THEN use RADIUS + TKIP authentication, lock down your device certs to which client's you'd prefer to be issued a cert.

This is fairly full proof.

Snowman: these are good steps you're taking, albeit not broadcasting SSID's only keeps normal users at bay.

The storys and things I could tell about driving through an IWU campus with my old laptop.. could probably get most of those girls expelled.

 

[misconfig]

The storys and things I could tell about driving through an IWU campus with my old laptop.. could probably get most of those girls expelled.

I'm moving today, I may have to break out the ol' KnoppixSTD disk and get myself interents ( they're not making it to my house until Friday for my internets ).

Funny this thread pop'd it's head out. Snowman, have any experience with Yagi // parabolic antenna's?

I'm going to get my parabolic out tonight and see what I can find, since I will be so bored with no internets anyway.

 

[snowman46919]

something like this:

NEVER

 

[Yeah]

The more packets your able to pick up the easier it gets.

Not in the case of WPA2. One needs only a handshake, which makes capturing the appropriate traffic a binary thing.

Handshakes are simple to get but without a stock ESSID and dictionary password I don't see them being brute forced.

 

[snowman46919]

Not in the case of WPA2. One needs only a handshake, which makes capturing the appropriate traffic a binary thing.

Handshakes are simple to get but without a stock ESSID and dictionary password I don't see them being brute forced.

Correct me if my memory is failing me but you can run an algorithm to analyze packets to recognize the handshake of another client, collect enough of these and you can piece together the handshake. So in essence collecting the packets would serve to be quite useful.

 

[Yeah]

The tool you mentioned earlier (I assumed you meant aircrack-ng) can be used to force wireless clients off the network so that a person sniffing the traffic can watch them reattach and capture the handshake that occurs when they do.

That is all that is needed to determine the keys the network is using. Getting from there to the actual key is the time consuming part, because there are no vulnerabilities in AES. That I know of anyway.

 

[snowman46919]

The tool you mentioned earlier (I assumed you meant aircrack-ng) can be used to force wireless clients off the network so that a person sniffing the traffic can watch them reattach and capture the handshake that occurs when they do.

That is all that is needed to determine the keys the network is using. Getting from there to the actual key is the time consuming part, because there are no vulnerabilities in AES. That I know of anyway.

yeah snort is a part of the aircrack package for windows. I have no first hand experience because about the only worthy network trying to crack in this area would be my work and what's the fun if you already know the end result and better yet the passwords.

 

[misconfig]

The tool you mentioned earlier (I assumed you meant aircrack-ng) can be used to force wireless clients off the network so that a person sniffing the traffic can watch them reattach and capture the handshake that occurs when they do.

That is all that is needed to determine the keys the network is using. Getting from there to the actual key is the time consuming part, because there are no vulnerabilities in AES. That I know of anyway.

Yes, aircrack-ng also has nice utilities that don't require you to DoS the AP off of the network to get these client requests. You can also use it to INJECT packets in order to collect more IV's.

 

[ljadayton]

I am completely totally lost. Thanks guys

 

[misconfig]

Another thing I think about here is.. What if someone has their network protected with WPA or WEP. How are they going to make the case or even know the encryption they're using is vulnerable?

That would be a hard one for a non-techy to explain to the jury IMO.

 

[Expat]

[Video] How to: Crack WPA/WPA2 (aircrack-ng + airolib-ng)

 

[misconfig]

[Video] How to: Crack WPA/WPA2 (aircrack-ng + airolib-ng)

This day and age it's overwhelmingly easy to do these things, so what happens when you actually rely on encryption and your home gets raided because of a rogue pervert?

 

[Expat]

This day and age it's overwhelmingly easy to do these things, so what happens when you actually rely on encryption and your home gets raided because of a rogue pervert?

I assume it will go the same way as the copyright suits have. As you or someone above commented, no judge or jury is going to understand any of this and will think it is just an excuse and find in favor of the state. So prepare to go to prison.

 

[Scutter01]

[Video] How to: Crack WPA/WPA2 (aircrack-ng + airolib-ng)

That technique pretty much requires that your key is a dictionary word, otherwise you have to brute-force it. Given the current level of technology, a decently long random (or pseudo-random) key would take the combined computing power of the entire world longer than the heat-death of the universe to crack.