TechTalkz.com Logo Ask the Experts!

Go Back   TechTalkz.com Technology & Computer Troubleshooting Forums > Tech Support Archives > Security

wireless router password security

Security

 
 
Thread Tools Display Modes
Unread 07-05-2008, 02:25 PM   #1
RS
Guest
 
Posts: n/a
wireless router password security

Hi all,

I don't know much about wireless security. I have a friend who uses a
Linksys WRT54G router connected to his cable modem so that an OS X
machine in a different room connect to the web using airport.

My understanding is that WRT54G is a very common router, so I hoping
that someone here can help me with this. I have noticed that the airport
in OS X can see several connections (presumably from neighbors),
including the Linksys one. But while all other connections are password
protected, the connection to the Linksys is not, and this troubles me.

On the comuter that is physically connected to the router, I have httpd
to 192.168.0.1 and I've noticed that there is a place to set the
password, however changing the password would not deny connections to
the OS X machine. The machine sees the Linksys router and doesn't even
ask for password. it gets connected right away. So I am guessing that
the password is an administrative password, and not for connections.

Does the WRT54G model have a capability to be password protected? The
firmware has never been updated, how essential is that for password
capability or for security in general (How does one update the firmware
anyway?) Since this a relatively old router, should a more up-to-date
one be purchased? If not, what is the best way to secure a connection
with this router?

Thanks very much,
RS

Sponsored Links
 
Unread 07-05-2008, 06:30 PM   #2
Kyle T. Jones
Guest
 
Posts: n/a
Re: wireless router password security

RS wrote:
> Hi all,
>
> I don't know much about wireless security. I have a friend who uses a
> Linksys WRT54G router connected to his cable modem so that an OS X
> machine in a different room connect to the web using airport.
>
> My understanding is that WRT54G is a very common router, so I hoping
> that someone here can help me with this. I have noticed that the airport
> in OS X can see several connections (presumably from neighbors),
> including the Linksys one. But while all other connections are password
> protected, the connection to the Linksys is not, and this troubles me.
>
> On the comuter that is physically connected to the router, I have httpd
> to 192.168.0.1 and I've noticed that there is a place to set the
> password, however changing the password would not deny connections to
> the OS X machine. The machine sees the Linksys router and doesn't even
> ask for password. it gets connected right away. So I am guessing that
> the password is an administrative password, and not for connections.
>
> Does the WRT54G model have a capability to be password protected? The
> firmware has never been updated, how essential is that for password
> capability or for security in general (How does one update the firmware
> anyway?) Since this a relatively old router, should a more up-to-date
> one be purchased? If not, what is the best way to secure a connection
> with this router?
>
> Thanks very much,
> RS


Sure it does. Go back in the way you had (192.168.0.1), enter username
and password to access admin controls.

Then simply follow these directions:

http://www.howtodothings.com/compute...ng-wap-and-wep

Cheers.
 
Unread 07-05-2008, 06:31 PM   #3
Sebastian G.
Guest
 
Posts: n/a
Re: wireless router password security

Kyle T. Jones wrote:


> http://www.howtodothings.com/compute...ng-wap-and-wep



But please omit the step where disabling SSID broadcast. It doesn't change
anything about the security, doesn't make your network invisible at all, but
surely creates a lot of trouble with your client accidentially trying to
connect to someone else's network.
 
Unread 08-05-2008, 07:33 PM   #4
Kyle T. Jones
Guest
 
Posts: n/a
Re: wireless router password security

Sebastian G. wrote:
> Kyle T. Jones wrote:
>
>
>> http://www.howtodothings.com/compute...ng-wap-and-wep
>>

>
>
> But please omit the step where disabling SSID broadcast. It doesn't change
> anything about the security, doesn't make your network invisible at all,
> but
> surely creates a lot of trouble with your client accidentially trying to
> connect to someone else's network.



Good point.
 
Unread 09-05-2008, 03:32 PM   #5
bz
Guest
 
Posts: n/a
Re: wireless router password security

"Kyle T. Jones" <Email@reallyrealdomain.net> wrote in
news:fvvj3k$a5m$1@aioe.org:

> Sebastian G. wrote:
>> Kyle T. Jones wrote:
>>
>>
>>> http://www.howtodothings.com/compute...otect-a-linksy
>>> s-wrt54g-router-using-wap-and-wep
>>>

>>
>>
>> But please omit the step where disabling SSID broadcast. It doesn't
>> change anything about the security, doesn't make your network invisible
>> at all, but
>> surely creates a lot of trouble with your client accidentially trying
>> to connect to someone else's network.

>
>
> Good point.


I don't follow the logic. Disabling SSID makes it more difficult for
someone to connect to my wireless router (WEP turned on also).
They will have to wait until I have a connection in progress and sniff that
to find the router's SSID. During the times when there is nothing
connected, the SSID is not broadcast, so they can't WAR DRIVE by my house
when I am not there and try to bust in.

Also, my laptop, doesn't try to 'accidental' connect to other networks.
It needs to know the SSID for my wireless router in order to establish
connection.
I don't tell my laptop wireless card to connect to any available access
point, so it isn't going to connect to anything unless I tell it to do so.

Clearly, there are things about wireless that I don't yet understand.
Perhaps someone can explain more clearly.





--
bz

please pardon my infinite ignorance, the set-of-things-I-do-not-know is an
infinite set.

bz+csm@ch100-5.chem.lsu.edu remove ch100-5 to avoid spam trap
 
Unread 09-05-2008, 09:20 PM   #6
Sebastian G.
Guest
 
Posts: n/a
Re: wireless router password security

bz wrote:

> "Kyle T. Jones" <Email@reallyrealdomain.net> wrote in
> news:fvvj3k$a5m$1@aioe.org:
>
>> Sebastian G. wrote:
>>> Kyle T. Jones wrote:
>>>
>>>
>>>> http://www.howtodothings.com/compute...otect-a-linksy
>>>> s-wrt54g-router-using-wap-and-wep
>>>>
>>>
>>> But please omit the step where disabling SSID broadcast. It doesn't
>>> change anything about the security, doesn't make your network invisible
>>> at all, but
>>> surely creates a lot of trouble with your client accidentially trying
>>> to connect to someone else's network.

>>
>> Good point.

>
> I don't follow the logic. Disabling SSID makes it more difficult for
> someone to connect to my wireless router (WEP turned on also).



Actually it makes them easier to accidentally to connect to your network
instead of another SSID-disabled network.

> They will have to wait until I have a connection in progress and sniff that
> to find the router's SSID.



This would require cracking the encryption.

> During the times when there is nothing


> connected, the SSID is not broadcast, so they can't WAR DRIVE by my house
> when I am not there and try to bust in.



Bullshit. They can simply send packet to the router, which then replies with
packets. So they can create their own traffic required for the encryption
cracking attempt.

> Also, my laptop, doesn't try to 'accidental' connect to other networks.
> It needs to know the SSID for my wireless router in order to establish
> connection.



Argh, it seems like you really don't have a clue how things works. Hint:
Your laptop tries to connect to the other router on the MAC layer, tries to
establish an association, with the SSID, and fails. Now it connects to a
third router, tries the same, fails. Now it connects to the second router...
long story short, it can very easily happen that you'll never connect to the
right router at all, since you're intentionally suppressing the required
information for locating the right one.

> I don't tell my laptop wireless card to connect to any available access
> point, so it isn't going to connect to anything unless I tell it to do so.



OK, you can connect to (NAMELESS NETWORK), (NAMELESS NETWORK) or (NAMELESS
NETWORK). Now which one is it?
 
Unread 10-05-2008, 12:31 AM   #7
bz
Guest
 
Posts: n/a
Re: wireless router password security

"Sebastian G." <seppi@seppig.de> wrote in
news:68jrooF2t4jo8U1@mid.dfncis.de:

> bz wrote:
>
>> "Kyle T. Jones" <Email@reallyrealdomain.net> wrote in
>> news:fvvj3k$a5m$1@aioe.org:
>>
>>> Sebastian G. wrote:
>>>> Kyle T. Jones wrote:
>>>>
>>>>
>>>>> http://www.howtodothings.com/compute...protect-a-link
>>>>> sy s-wrt54g-router-using-wap-and-wep
>>>>>
>>>>
>>>> But please omit the step where disabling SSID broadcast. It doesn't
>>>> change anything about the security, doesn't make your network
>>>> invisible at all, but
>>>> surely creates a lot of trouble with your client accidentially trying
>>>> to connect to someone else's network.
>>>
>>> Good point.

>>
>> I don't follow the logic. Disabling SSID makes it more difficult for
>> someone to connect to my wireless router (WEP turned on also).

>
>
> Actually it makes them easier to accidentally to connect to your network
> instead of another SSID-disabled network.


HOW? They need to know my router's SSID. It has an SSID, it just doesn't
broadcast it.

It DOES respond when my WiFi card says 'hey, (MyRouterSSID), I want to
connect to you, doesn't it?

If I understand stuff correctly, this stuff is loosely based on packet radio
technology.
In packet radio, I would send a transmission something like
Node#1 this is Node#2 k
then Node#1 would answer Node#2 this is Node#1 k
Node#2 would then go ahead and establish a link or send a command to node#1.

If Node#1 isn't busy but is available, it would periodically say something
like
CQ de Node#1 K

If Node#1 isn't broadcasting anything, I need to know its name to contact it,
(and the channel/frequency it listens on).

>
>> They will have to wait until I have a connection in progress and sniff
>> that to find the router's SSID.

>
>
> This would require cracking the encryption.


Agreed.

>
> > During the times when there is nothing

>
>> connected, the SSID is not broadcast, so they can't WAR DRIVE by my
>> house when I am not there and try to bust in.

>
>
> Bulls***.


Please keep the language clean.

> They can simply send packet to the router


HOW do they send a packet to the router? They don't even know it is there.

It isn't broadcasting. It is sitting there listening for broadcasts addressed
to it. It does NOT respond to a transmission unless it is addressed to it.

I don't think there is a 'all routers please broadcast' command for IEEE
802.11, but I could be wrong. I know that such a command exists on wired
ethernet but would not expect it on wireless.

> , which then replies
> with packets. So they can create their own traffic required for the
> encryption cracking attempt.


How? I thought their best bet was to monitor for a day or so and then crack
the WEP key from accumulated traffic.

>
>> Also, my laptop, doesn't try to 'accidental' connect to other networks.
>> It needs to know the SSID for my wireless router in order to establish
>> connection.

>
>
> Argh, it seems like you really don't have a clue how things works.


That is why I asked. Because, from what you said not matching with what I
thought I knew, I want to find out where my misunderstands are.

I asked. Do you have a problem with helping people that ask you questions?

> Hint:
> Your laptop tries to connect to the other router on the MAC layer, tries
> to establish an association, with the SSID, and fails.


My laptop knows the SSID because I configured it to talk to (MyRouterSSID),
doesn't it?

> Now it connects
> to a third router, tries the same, fails.


Why would it try to connect to (YourRouterSSID)? It keeps sending
(MyRouterSSID) this is MyLaptopSSID please answer!
Doesn't it????

> Now it connects to the second
> router... long story short, it can very easily happen that you'll never
> connect to the right router at all, since you're intentionally
> suppressing the required information for locating the right one.


I am sorry to be so dense but it still doesn't make sense to me.

The router can run its beacon, saying 'This is MyRouterSSID' every 100 ms(or
other time interval, as configured) or it can sit there and just listen for
calls such as
(MyRouterSSID) this is (MyLaptopSSID), do you copy?
and respond to the calls.

One way [in my opinion] makes it easier for someone unauthorized to connect
to MyRouterSSID. But, I could be wrong [and you clearly think it makes it
HARDER for me to keep my computer from connecting to the wrong router, but I
don't understand why.]

>> I don't tell my laptop wireless card to connect to any available access
>> point, so it isn't going to connect to anything unless I tell it to do
>> so.

>
>
> OK, you can connect to (NAMELESS NETWORK), (NAMELESS NETWORK) or
> (NAMELESS NETWORK). Now which one is it?


I don't try to connect to (nameless network), I try to connect to
(MYROUTERSSID) and if I can't find (MYROUTERSSID) then I don't get a
connection unless there is a network with an SSID that I have previously
configured for connection.

I just tried an experiment. I turned off the SSID broadcast on my wireless
router (It was on).
I turned off my network card.
I started netstumbler and turned on my card. I could not see my wireless
router. (net stumbler prevents connection).
There were no broadcasts from the Wireless MAC address.

I shut down stumbler and cycled my WiFi card off and back on.
It established contact with my wireless router. It DID see a neighbors OPEN
router that broadcasts its SSID the first time I powered it on and would have
connected, if I allowed it to do so, however I doubt it would connect to
anything that does NOT broadcast an SSID.
Unfortunately, I am not seeing any other wireless routers that are not
broadcasting SSID at this time so I can't be sure who is right.
My Dell network card manager sees only one (nonbroadcasting) in its
monitoring window.

When I run NetCrumbler (a patched version of Stumbler that does NOT interfer
with connections) I see my router just fine, along with 5 other named
routers.
But I don't see anyone else running with broadcast off (and am unlikely to do
so with these tools).

So, what is it that I am failing to understand about how these things work?

Are you assuming OPEN routers running with default SSIDs but with broadcast
turned off? I guess that if my router was named Linksys but had broadcast
turned off and there was another router named Linksys that also had broadcast
turned off, it would be easy to connect to the wrong one but operating with a
default router SSID or ANY as an SSID _would_ be kind of clueless.

Surely that is NOT what you are talking about, is it?

Thank you for your patience and for NOT using bad language.

--
bz

please pardon my infinite ignorance, the set-of-things-I-do-not-know is an
infinite set.

bz+nanae@ch100-5.chem.lsu.edu
 
Unread 10-05-2008, 02:22 AM   #8
Sebastian G.
Guest
 
Posts: n/a
Re: wireless router password security

bz wrote:

> "Sebastian G." <seppi@seppig.de> wrote in
> news:68jrooF2t4jo8U1@mid.dfncis.de:
>
>> bz wrote:
>>
>>> "Kyle T. Jones" <Email@reallyrealdomain.net> wrote in
>>> news:fvvj3k$a5m$1@aioe.org:
>>>
>>>> Sebastian G. wrote:
>>>>> Kyle T. Jones wrote:
>>>>>
>>>>>
>>>>>> http://www.howtodothings.com/compute...protect-a-link
>>>>>> sy s-wrt54g-router-using-wap-and-wep
>>>>>>
>>>>> But please omit the step where disabling SSID broadcast. It doesn't
>>>>> change anything about the security, doesn't make your network
>>>>> invisible at all, but
>>>>> surely creates a lot of trouble with your client accidentially trying
>>>>> to connect to someone else's network.
>>>> Good point.
>>> I don't follow the logic. Disabling SSID makes it more difficult for
>>> someone to connect to my wireless router (WEP turned on also).

>>
>> Actually it makes them easier to accidentally to connect to your network
>> instead of another SSID-disabled network.

>
> HOW? They need to know my router's SSID. It has an SSID, it just doesn't
> broadcast it.



We're talking about MAC layer connections. First you connect on the MAC
layer, eventually guided by a known SSID, and then the connection partners
negotiate about the actual connection parameters.

> It DOES respond when my WiFi card says 'hey, (MyRouterSSID), I want to
> connect to you, doesn't it?



It also responds to "hey, nameless router, let's setup an encrypted session.
If you can decrypt what I sent, and it shows your SSID, then we're partners.
If not, then let's try it again."

> If I understand stuff correctly, this stuff is loosely based on packet radio
> technology.
> In packet radio, I would send a transmission something like
> Node#1 this is Node#2 k
> then Node#1 would answer Node#2 this is Node#1 k
> Node#2 would then go ahead and establish a link or send a command to node#1.



And the Node number is the MAC address combined with the channel number.

> If Node#1 isn't broadcasting anything, I need to know its name to contact it,
> (and the channel/frequency it listens on).



Hey, nameless routers on channel 7. Give me some random identifiers. Hey,
router SOME_RANDOM_IDENTIFIER on channel 7, let's try setting up a session.


>>> They will have to wait until I have a connection in progress and sniff
>>> that to find the router's SSID.

>>
>> This would require cracking the encryption.

>
> Agreed.



And as such the SSID is obviously a public parameter. If you broadcast the
SSID, they would still have to crack the encryption to get access. If you
don't broadcast the SSID, well, then they have to break the encryption or
the currently nameless network, and if they were successful, they would also
immediately find the SSID. That is, the SSID would always end up with them
if they break it, and would be useless anyway if they don't break it.

And breaking it doesn't require the SSID.

>> They can simply send packet to the router

>
> HOW do they send a packet to the router? They don't even know it is there.



They can clearly see how it sends beacon requests on a fixed channel with a
pseudo-unique identifier, and also with its MAC addressing

> It isn't broadcasting.



It is. It just doesn't broadcast INVITE requests.

> It does NOT respond to a transmission unless it is addressed to it.



And you can address either be its channel, its channel and a pseudo-unique
identifier delivered upon request, or by its MAC address.

> I don't think there is a 'all routers please broadcast' command for IEEE
> 802.11, but I could be wrong.



There is.

> I know that such a command exists on wired
> ethernet but would not expect it on wireless.



Why not? After all it's an ISO/OSI stack protocol. Heck, it even has an
Ethernet emulation layer.

>> Your laptop tries to connect to the other router on the MAC layer, tries
>> to establish an association, with the SSID, and fails.

>
> My laptop knows the SSID because I configured it to talk to (MyRouterSSID),
> doesn't it?



This is for association setup that only happens after you have negotiated on
the MAC layer. After all, how should this work? You can't identify which
router is yours (since it doesn't broadcast the SSID), and you're supposed
to choose to which one you want to talk to.


> The router can run its beacon, saying 'This is MyRouterSSID' every 100 ms(or
> other time interval, as configured)



Well, then it would be broadcasting the SSID...

> or it can sit there and just listen for calls such as



nameless router, I'm nameless laptop. Let's talk encrypted. encrypted("is
this your SSID?"). No, damn. OK, everyone, who is here? Ah you! Hello
nameless router... (and you wouldn't even notice that you're always talking
to the same).

>> OK, you can connect to (NAMELESS NETWORK), (NAMELESS NETWORK) or
>> (NAMELESS NETWORK). Now which one is it?

>
> I don't try to connect to (nameless network), I try to connect to
> (MYROUTERSSID)



And how would you find this one if you have disabled SSID broadcasting?

> and if I can't find (MYROUTERSSID) then I don't get a


> connection unless there is a network with an SSID that I have previously
> configured for connection.



Right. But you may also not get a connection even if your router is among
these, since you're only trying to talk to the other ones. A wonderful way
to shoot yourself in the foot.

> I just tried an experiment. I turned off the SSID broadcast on my wireless
> router (It was on).
> I turned off my network card.
> I started netstumbler and turned on my card. I could not see my wireless
> router. (net stumbler prevents connection).
> There were no broadcasts from the Wireless MAC address.



But you could see a SSID-less network, couldn't you?

> I shut down stumbler and cycled my WiFi card off and back on.
> It established contact with my wireless router. It DID see a neighbors OPEN
> router that broadcasts its SSID the first time I powered it on and would have
> connected, if I allowed it to do so, however I doubt it would connect to
> anything that does NOT broadcast an SSID.



Like your very own router? Hm?

> My Dell network card manager sees only one (nonbroadcasting) in its
> monitoring window.



Which might be yours, or someone else's.


> But I don't see anyone else running with broadcast off (and am unlikely to do
> so with these tools).



Maybe you're living far away from civilization? Heck, just on my weekly
2hour train+bus tour I can catch hundreds of network.

> Are you assuming OPEN routers running with default SSIDs but with broadcast
> turned off?



I suggest adjusting the SSID to clearify the purpose of your network,
thereby exactly fulfilling its functionality, f.e. PRIVATE. And to make sure
to not duplicate any existing name of a nearby network. That is, your
network is clearly visible to both you and outsiders, but they should
understand that it's your private network, so you could hold them legally
responsible if they try to interfere with it. And you can clearly identify
it as yours.
 
Unread 12-05-2008, 12:22 AM   #9
bz
Guest
 
Posts: n/a
Re: wireless router password security

"Sebastian G." <seppi@seppig.de> wrote in
news:68kcijF2sbr7oU1@mid.dfncis.de:

> bz wrote:
>
>> "Sebastian G." <seppi@seppig.de> wrote in
>> news:68jrooF2t4jo8U1@mid.dfncis.de:
>>
>>> bz wrote:
>>>
>>>> "Kyle T. Jones" <Email@reallyrealdomain.net> wrote in
>>>> news:fvvj3k$a5m$1@aioe.org:
>>>>
>>>>> Sebastian G. wrote:
>>>>>> Kyle T. Jones wrote:
>>>>>>
>>>>>>
>>>>>>> http://www.howtodothings.com/compute...o-protect-a-li
>>>>>>> nk sy s-wrt54g-router-using-wap-and-wep
>>>>>>>
>>>>>> But please omit the step where disabling SSID broadcast. It doesn't
>>>>>> change anything about the security, doesn't make your network
>>>>>> invisible at all, but
>>>>>> surely creates a lot of trouble with your client accidentially
>>>>>> trying to connect to someone else's network.
>>>>> Good point.
>>>> I don't follow the logic. Disabling SSID makes it more difficult for
>>>> someone to connect to my wireless router (WEP turned on also).
>>>
>>> Actually it makes them easier to accidentally to connect to your
>>> network instead of another SSID-disabled network.

>>
>> HOW? They need to know my router's SSID. It has an SSID, it just
>> doesn't broadcast it.

>
>
> We're talking about MAC layer connections. First you connect on the MAC
> layer, eventually guided by a known SSID, and then the connection
> partners negotiate about the actual connection parameters.


Hmmm. From what I can gather from reading the IEEE 802.11 working doc
80.11 2007.pdf from the IEEE web site, neither one of us has been using
the right terminology. It looks like both my router and my laptop network
devices are STAs, one(the laptop) is an STA client, the other is an
AP(access point) STA. They can be 'associated' or 'disassociated'.
"Before a STA is allowed to send a data message via an AP, it shall first
become associated with the AP."

And they talk to each other over PHY (the physical layer).
"STAs may be hidden from each other".
"IEEE 802.11 is required to look like a wired network to higher layers."

It appears that the SSID is used as part of the associate request at the
MAC level.

It is going to take me a while to read through the 1232 pages of the
document.

Perhaps you can save me some trouble and tell me how my router STA is
supposed to respond to active probing (is that legal in this
jurisdiction?) when bulletin broadcasting is turned off and how the
wardriver even knows my STA is here. Assuming, of course, that the
wardriver passes when I am not using my network but my router is turned
on.

>> It DOES respond when my WiFi card says 'hey, (MyRouterSSID), I want to
>> connect to you, doesn't it?

>
>
> It also responds to "hey, nameless router, let's setup an encrypted
> session. If you can decrypt what I sent, and it shows your SSID, then
> we're partners. If not, then let's try it again."



>
>
> And the Node number is the MAC address combined with the channel number.


What is this called?

>
>> If Node#1 isn't broadcasting anything, I need to know its name to
>> contact it, (and the channel/frequency it listens on).

>
>
> Hey, nameless routers on channel 7. Give me some random identifiers.
> Hey, router SOME_RANDOM_IDENTIFIER on channel 7, let's try setting up a
> session.


Hey, computer owner, I see the following access points. Which one do you
want me to establish an association with? [I do NOT see any of the SSIDs
that you have previously told me to talk to.]

>>>> They will have to wait until I have a connection in progress and
>>>> sniff that to find the router's SSID.
>>>
>>> This would require cracking the encryption.

>>
>> Agreed.

>
>
> And as such the SSID is obviously a public parameter. If you broadcast
> the SSID, they would still have to crack the encryption to get access.


And cracking the encryption takes either
1) collecting lots of encrypted transmissions [about a days worth]
or
2) a very lucky guess. [would 'normally' take weeks of guesses to hit.]

> If you don't broadcast the SSID, well, then they have to break the
> encryption or the currently nameless network, and if they were
> successful, they would also immediately find the SSID. That is, the SSID
> would always end up with them if they break it, and would be useless
> anyway if they don't break it.
>
> And breaking it doesn't require the SSID.



>
>>> They can simply send packet to the router

>>
>> HOW do they send a packet to the router? They don't even know it is
>> there.

>
>
> They can clearly see how it sends beacon requests on a fixed channel
> with a pseudo-unique identifier, and also with its MAC addressing


Where do I find this in the specs?

>
>> It isn't broadcasting.

>
>
> It is. It just doesn't broadcast INVITE requests.


Where do I find this in the specs?

>
>> It does NOT respond to a transmission unless it is addressed to it.

>
>
> And you can address either be its channel, its channel and a
> pseudo-unique identifier delivered upon request, or by its MAC address.


If it isn't broadcasting, I would need to send a probe request on each
channel asking 'who hears me'? If it is broadcasting, all I need to do is
listen for a while [on all channels].

>> I don't think there is a 'all routers please broadcast' command for
>> IEEE 802.11, but I could be wrong.

>
>
> There is.


What is it called?

>
>> I know that such a command exists on wired
>> ethernet but would not expect it on wireless.

>
>
> Why not? After all it's an ISO/OSI stack protocol. Heck, it even has an
> Ethernet emulation layer.


Yes but that should be at a higher layer, shouldn't it?
It should EMULATE not duplicate.

But I must admit that the specs are a bit confusing.

>>> Your laptop tries to connect to the other router on the MAC layer,
>>> tries to establish an association, with the SSID, and fails.

>>
>> My laptop knows the SSID because I configured it to talk to
>> (MyRouterSSID), doesn't it?

>
>
> This is for association setup that only happens after you have
> negotiated on
> the MAC layer. After all, how should this work? You can't identify
> which
> router is yours (since it doesn't broadcast the SSID), and you're
> supposed to choose to which one you want to talk to.


I would think that it knows its own ID and listens for calls addressed to
that ID, properly encrypted, on the proper channel. I would expect it to
ignore improper calls, those not addressed to it and those not properly
encrypted.

>> The router can run its beacon, saying 'This is MyRouterSSID' every 100
>> ms(or other time interval, as configured)

>
>
> Well, then it would be broadcasting the SSID...


Yep. But broadcast can be turned off, and I have done so now.

>
>> or it can sit there and just listen for calls such as

>
>
> nameless router, I'm nameless laptop. Let's talk encrypted.
> encrypted("is this your SSID?"). No, damn. OK, everyone, who is here? Ah
> you! Hello nameless router... (and you wouldn't even notice that you're
> always talking to the same).


Why not encrypted(MyRouterSSID) this is encrypted(MyLaptopSSID). Do you
copy??? Over (repeat until answer received or timeout period has expired,
then report: No (MyRouterSSID) heard. Here is a list of APs heard. Do you
want to talk to one of them?

.....

>
>>> OK, you can connect to (NAMELESS NETWORK), (NAMELESS NETWORK) or
>>> (NAMELESS NETWORK). Now which one is it?

>>
>> I don't try to connect to (nameless network), I try to connect to
>> (MYROUTERSSID)

>
>
> And how would you find this one if you have disabled SSID broadcasting?


It is ALWAYS listening for proper calls. It just doesn't say
HEY any STA, this is (MyRouterSSID) listening for properly encrypted calls
on this channel. Go ahead.

>
> > and if I can't find (MYROUTERSSID) then I don't get a

>
>> connection unless there is a network with an SSID that I have
>> previously configured for connection.

>
>
> Right. But you may also not get a connection even if your router is
> among these, since you're only trying to talk to the other ones. A
> wonderful way to shoot yourself in the foot.


I have not seen any such problem yet.
Now at my office, we have two wireless networks and IF I allow my laptop
to connect to ANY network AND if the secure net is down, my laptop will
talk to the insecure routers. But it is pretty easy to remove the
configuration for the insecure net from the list of permitted networks.
Then, if the secure net is down, I don't get any connection.

>
>> I just tried an experiment. I turned off the SSID broadcast on my
>> wireless router (It was on).
>> I turned off my network card.
>> I started netstumbler and turned on my card. I could not see my
>> wireless router. (net stumbler prevents connection).
>> There were no broadcasts from the Wireless MAC address.

>
>
> But you could see a SSID-less network, couldn't you?


I could see MINE, after I established connection to it.
I did NOT see it by just listening.

I would need to fire up a computer that had not previously connected to my
router and see what it reports.

I just tried my SMC usb wireless adapter on my laptop but I seem to have
problems finding drivers.

>> I shut down stumbler and cycled my WiFi card off and back on.
>> It established contact with my wireless router. It DID see a neighbors
>> OPEN router that broadcasts its SSID the first time I powered it on and
>> would have connected, if I allowed it to do so, however I doubt it
>> would connect to anything that does NOT broadcast an SSID.

>
>
> Like your very own router? Hm?


So to test the idea I really need two AP STAs (non broadcasting) plus at
least one STA client.

I will check with our campus wireless experts and see what they say about
your idea.

>> My Dell network card manager sees only one (nonbroadcasting) in its
>> monitoring window.

>
>
> Which might be yours, or someone else's.


It was mine.

>> But I don't see anyone else running with broadcast off (and am unlikely
>> to do so with these tools).

>
>
> Maybe you're living far away from civilization? Heck, just on my weekly
> 2hour train+bus tour I can catch hundreds of network.


They are broadcasting their SSID.

How would you know anything about those that don't?

>
>> Are you assuming OPEN routers running with default SSIDs but with
>> broadcast turned off?

>
>
> I suggest adjusting the SSID to clearify the purpose of your network,
> thereby exactly fulfilling its functionality, f.e. PRIVATE. And to make
> sure to not duplicate any existing name of a nearby network. That is,
> your network is clearly visible to both you and outsiders, but they
> should understand that it's your private network, so you could hold them
> legally responsible if they try to interfere with it. And you can
> clearly identify it as yours.


I think that deliberately using someones wireless without their express
permission could be expensive. That is regardless of whether they have
taken any steps to secure their router.

As for getting caught... it happens. It may not be likely but it does
happen.






--
bz

please pardon my infinite ignorance, the set-of-things-I-do-not-know is an
infinite set.

bz+csm@ch100-5.chem.lsu.edu remove ch100-5 to avoid spam trap
 
Unread 12-05-2008, 01:24 AM   #10
Sebastian G.
Guest
 
Posts: n/a
Re: wireless router password security

Sponsored Links
bz wrote:

> "Sebastian G." <seppi@seppig.de> wrote in
> news:68kcijF2sbr7oU1@mid.dfncis.de:
>
>> bz wrote:
>>
>>> "Sebastian G." <seppi@seppig.de> wrote in
>>> news:68jrooF2t4jo8U1@mid.dfncis.de:
>>>
>>>> bz wrote:
>>>>
>>>>> "Kyle T. Jones" <Email@reallyrealdomain.net> wrote in
>>>>> news:fvvj3k$a5m$1@aioe.org:
>>>>>
>>>>>> Sebastian G. wrote:
>>>>>>> Kyle T. Jones wrote:
>>>>>>>
>>>>>>>
>>>>>>>> http://www.howtodothings.com/compute...o-protect-a-li
>>>>>>>> nk sy s-wrt54g-router-using-wap-and-wep
>>>>>>>>
>>>>>>> But please omit the step where disabling SSID broadcast. It doesn't
>>>>>>> change anything about the security, doesn't make your network
>>>>>>> invisible at all, but
>>>>>>> surely creates a lot of trouble with your client accidentially
>>>>>>> trying to connect to someone else's network.
>>>>>> Good point.
>>>>> I don't follow the logic. Disabling SSID makes it more difficult for
>>>>> someone to connect to my wireless router (WEP turned on also).
>>>> Actually it makes them easier to accidentally to connect to your
>>>> network instead of another SSID-disabled network.
>>> HOW? They need to know my router's SSID. It has an SSID, it just
>>> doesn't broadcast it.

>>
>> We're talking about MAC layer connections. First you connect on the MAC
>> layer, eventually guided by a known SSID, and then the connection
>> partners negotiate about the actual connection parameters.

>
> Hmmm. From what I can gather from reading the IEEE 802.11 working doc
> 80.11 2007.pdf from the IEEE web site, neither one of us has been using
> the right terminology. It looks like both my router and my laptop network
> devices are STAs, one(the laptop) is an STA client, the other is an
> AP(access point) STA. They can be 'associated' or 'disassociated'.
> "Before a STA is allowed to send a data message via an AP, it shall first
> become associated with the AP."
>
> And they talk to each other over PHY (the physical layer).
> "STAs may be hidden from each other".
> "IEEE 802.11 is required to look like a wired network to higher layers."
>
> It appears that the SSID is used as part of the associate request at the
> MAC level.
>
> It is going to take me a while to read through the 1232 pages of the
> document.
>
> Perhaps you can save me some trouble and tell me how my router STA is
> supposed to respond to active probing (is that legal in this
> jurisdiction?) when bulletin broadcasting is turned off and how the
> wardriver even knows my STA is here.



Even when it doesn't broadcast INVITE requests with the SSID, it still
broadcasts Beacon requests to notify its presence on the physical layer. It
also responds to Beacon notify requests.

Maybe you should simply try it. Turn off SSID broadcasting, change the
default channel to a very specific one, disconnect from the router, fire up
NetStumbler and you'll see a No-SSID network on exactly this channel.

> Hey, computer owner, I see the following access points. Which one do you
> want me to establish an association with? [I do NOT see any of the SSIDs
> that you have previously told me to talk to.]



Indeed. Since you have no way to differ the routers, you might always
connect to the wrong one. The same happens if you set it up to always try
them all. Same happens on every little interruption.

> And cracking the encryption takes either
> 1) collecting lots of encrypted transmissions [about a days worth]
> or
> 2) a very lucky guess. [would 'normally' take weeks of guesses to hit.]



Dunno what you're talking about, but I only know WEP and WPA/WPAv2/IEEE
802.11i as the two major techniques. WEP can be broken within some minutes
of traffics, or bypassed (by creating a valid (IV, cipher stream) pair to
send, but not receive arbitrary packets) within few seconds. The traffic can
always be generated by sending out Beacon notification requests.

And IEEE 802.11i or its subsets known as WPA can at most be attacked via a
MITM attack on the association setup, which gives you about 30 minutes of
pure bruteforcing until the session key is forcefully renewed, and your
attemt would have to totally start for a new. Also, how exactly would you
bruteforce a random 256 bit key?

> Where do I find this in the specs?



Dunno, the analysis documentation of AirCrack is much clearer to read.

> If it isn't broadcasting, I would need to send a probe request on each
> channel asking 'who hears me'? If it is broadcasting, all I need to do is
> listen for a while [on all channels].



Right.

> Yes but that should be at a higher layer, shouldn't it?
> It should EMULATE not duplicate.



To emulate Ethernet functionally you have to implement a functionally
identical MAC layer, which gives you the required demand for broadcasts.

> I would think that it knows its own ID and listens for calls addressed to
> that ID, properly encrypted, on the proper channel. I would expect it to
> ignore improper calls, those not addressed to it and those not properly
> encrypted.



Indeed, this is how one might have implemented it if the spec wouldn't
require Ethernet MAC layer compatibility.

> It is ALWAYS listening for proper calls.



So are the other APs. But you only know that you got the wrong one after
trying to decipher his reply. That's why you may permanently hit the wrong one.

> I just tried my SMC usb wireless adapter on my laptop but I seem to have
> problems finding drivers.



Well, you cannot always be as lucky as I was. I bought a random No-Name
PCMCIA wlan card, which then turned out to be and AMD PCnet Wireless 800
model based upon the well-known Atheros chipset. You know, the one which was
used for the very first WEP hack.


>> Maybe you're living far away from civilization? Heck, just on my weekly
>> 2hour train+bus tour I can catch hundreds of network.

>
> They are broadcasting their SSID.



No, about half of them doesn't.

> How would you know anything about those that don't?



See above. Beacon request.


> I think that deliberately using someones wireless without their express
> permission could be expensive. That is regardless of whether they have
> taken any steps to secure their router.



Nonsense. In civil law, this is called reasonable expectation of use. If you
built a well near a street and some people would start drinking water from
it, you couldn't sue them (or at least not sucessfully). You'd be required
to install a sign "No drinking from well without permission", then you could
defend.

If my machine is asking your router to establish a connection and it
actually does, I can reasonably expect that this was the full intention of
its owner. Heck, if it even delivers matching IP addresses via DHCP, this
surely must be intentional. After all, if the owner didn't want this access
to be public, he would have configured it differently.

Now if somehow it would be likely that I'd notice his internet access has a
transfer limit, and intentionally utilize it much beyond this limit, I might
get into a little trouble. Unlikely, but possible.

If I were to crack a WEP "encryption", which definitely is a sign of
intended privacy, I would become responsible. Though at least in case of
WEP, I could successfully argue that the owner has been sloppy to allow such
a well-known broken protocols instead of resorting to secure variants (like
WPA) and therefore has to pay a certain share of his damage costs out of his
own pocket.

Sponsored Links
 
 

Thread Tools
Display Modes



< Home - Windows Help - MS Office Help - Hardware Support >


New To Site? Need Help?

All times are GMT. The time now is 08:06 PM.


vBulletin, Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright © 2005-2016, TechTalkz.com. All Rights Reserved - Privacy Policy
Valid XHTML 1.0 Transitional