Police raid house because of open wifi network

[jblosser]

just wait til we hack your sh*t, biotch...

[Cheech]

I mentioned enterprise because if you REALLY need it to be secure, you are probably a company of some kind that has the means to implement enterprise.

And as you mentioned, it would take FOREVER to crack AES which in my opinion counts as impossible to crack unless you plan on living for a billion years. This may change years from now when hardware advances but currently it is not possible.

Enterprise involves EAP (or some variation thereof, PEAP, LEAP, EAP-FAST, so on), which in turn involves a authentication mechanism (outside of the pre-shared key, which now no longer exists), which in turn involves a RADIUS server to process those logins. To blow your mind even further, it's possible to do this authentication using certificates instead of the standard user/pass, or in addition to the standard user/pass of AD (or whatever user database system you have that plays with RADIUS)

Now, as far as cracking this, you've got the AES generated key on top of the username/password hash. It's not going to be easily done, but depending on the complexity of the password, you might be able to brute-force it. Of course, in doing so (for any AD admin worth a damn) you'll stand a pretty good chance of locking out the account, so you'll raise some flags pretty quickly.

[InyaAzz]

I took today off so I didn't have to deal with encryption and intrusion prevention.

Stop it.

[Disclaimer]

Re: intrusion prevention -- the only thing you did by taking off today was swap your keyboard for your anus.

[vf1000ride]

I use some of the strongest protection you can get on a wi-fi router for when I am not home. It can guarantee that nobody will use the darn thing.

Mine has a power button.

[baptizo]

Okay, I'm officially not a nerd....whew!

[flounder]

minute, maybe 2 at most. That's allowing for starting up the program and getting going. If it's already up and running - 30 seconds.

Laptop, wireless card in lapper, some free software.

Probably not, but crazy ex-gf or boyfriend of crazy ex-gf might.

Sure has, at least 3 years ago. Not difficult. Waiting for Flounder to jump in.

Official response from the 5-0 for terrorizing the wrong house:

Like Blosser said. Spoofing a mac takes seconds and is step one before attacking any AP, Why would I want my actual mac showing up in WIPS/WIDS (Wireless Intrusion Prevention / Wireless Intrusion Detection) logs. Nope. Spoof then go at it.

Ive cracked WEP keys in just a few minutes but Ive also seen WEP keys that ould not be cracked in 8+hrs. Not that doesnt mean they were safe, their were just additional considerations such as a key that was significantly long, and controls on the networking devices that throttled us. I still recommend switching to WPA2 Enterprise.

The thing to remember is that any password which is a combination of words, #'s, Characters as well as an SSID of the same is potentially able to be compromised.

Not only do you want a password that is of significant complexity, but you want your SSID to be randomly generated and complex as well to avoid the use of pre-computed tables. Its pretty cheap to use a cloud service with pre-computed tables to go after simple SSID/PW combos --> https://www.wpacracker.com/

And not broadcasting your SSID doesnt do anything other than for the average person that is probably not looking for it anyway. It only take a few seconds/minutes to find the SSID's that are not broadcasting.

Edited July 2, 2012 by flounder