Calguns.net  

Home My iTrader Join the NRA Donate to CGSSA Sponsors CGN Google Search
CA Semiauto Ban(AW)ID Flowchart CA Handgun Ban ID Flowchart CA Shotgun Ban ID Flowchart
Go Back   Calguns.net > GENERAL DISCUSSION > Technology and Internet
Register FAQ Members List Calendar Mark Forums Read

Technology and Internet Emerging and current tech related issues. Internet, DRM, IP, and other technology related discussions.

Reply
 
Thread Tools Display Modes
  #41  
Old 05-21-2019, 3:18 PM
jimmykan's Avatar
jimmykan jimmykan is offline
Senior Member
 
Join Date: Jan 2008
Location: Los Angeles, CA
Posts: 2,187
iTrader: 100 / 100%
Default

Quote:
Originally Posted by ocabj View Post
You can enable WPA2 Enterprise, run a RADIUS server on your network (e.g. FreeRADIUS), and have unique username/passwords for every person or even every device, or better yet just do certificate based authentication and issue individual certificates for each device. Cert based auth will pretty much eliminate any unauthorized user.

Sample ref: https://wiki.alpinelinux.org/wiki/Fr..._configuration

FreeRADIUS is pretty simple to setup and maintain. Although, I personally never setup cert based auth. I've maintained FreeRADIUS with an LDAP backend for several years, though.
Reply With Quote
  #42  
Old 05-21-2019, 7:50 PM
vega vega is offline
Veteran Member
 
Join Date: Oct 2005
Location: Ventura County
Posts: 3,014
iTrader: 57 / 100%
Default

Quote:
Originally Posted by MrBlazito View Post
And you don't have a Mac mini? Does this device reappear instantly after you change the password and reboot the router?
I do have a minimac but itís wired and yes it reappear instantly after I changed the password and reboot. It stop reappearing after I bocked and deleted it and disabled Ssid.
Reply With Quote
  #43  
Old 05-21-2019, 7:53 PM
NYT's Avatar
NYT NYT is offline
CGN/CGSSA Contributor
CGN Contributor
 
Join Date: Apr 2011
Location: Auburn, CA
Posts: 3,725
iTrader: 31 / 100%
Default

Quote:
Originally Posted by MrFancyPants View Post
Yes the technical standards remain the same industry-wide, but the implementation does not. The fact that consumer routers are more or less wide open out of the box is only part of it. They simply lack security features available in enterprise-class devices, and even most open source software firewalls. My home lab network is behind a Cisco ASA 5540 which I paid less for than a new mid-range consumer WiFi router combo. The only reason it's not my Internet gateway is I have gigabit fiber and the 5540 limits firewall traffic to something like 650 Mbps, even less when running through the IPS port, but I'll either get a 5550 or build a VM firewall for that. Anyway I can do far more for security with the ASA and downstream Cisco switches than any consumer router I've ever used.

I realize this is far and away beyond what most consumers are capable of or willing to do, but I am a network engineer/systems administrator and manage whole datacenter infrastructures, so I have the knowledge to be able to do it no sweat. Ideally, for the best security, your wireless and wired networks should connect behind different firewall ports with more strict traffic filtering and ACLs in place on the wireless side, particularly inbound to the outside interface.

Anyway this discussion could go on and on....
the ASA 5540 went end of life in 2013 and end of support in 2018. its not being patched or updated. your 5540 is actually less secure than a new consumer grade linksys router properly configured.

if you were indeed in netops or infosec you would know this already though.
Reply With Quote
  #44  
Old 05-21-2019, 7:53 PM
vega vega is offline
Veteran Member
 
Join Date: Oct 2005
Location: Ventura County
Posts: 3,014
iTrader: 57 / 100%
Default

Quote:
Originally Posted by NYT View Post
vega, did you create a screenshot of the device and MAK prior to deletion?

my guess off the cuff would be that one of your devices has two NICs thus two MAK addresses.
.
I donít have a screen shot but I wrote down the mac. I have been asking around about one unit having 2 addresses but no one can give me an answer. The first 6 digits are similar to my wired macmini.
Reply With Quote
  #45  
Old 05-21-2019, 8:08 PM
MrFancyPants's Avatar
MrFancyPants MrFancyPants is offline
Member
 
Join Date: Jun 2017
Location: Salt Lake City
Posts: 438
iTrader: 3 / 100%
Default

Quote:
Originally Posted by NYT View Post
the ASA 5540 went end of life in 2013 and end of support in 2018. its not being patched or updated. your 5540 is actually less secure than a new consumer grade linksys router properly configured.



if you were indeed in netops or infosec you would know this already though.
I'm very well aware it's EOL, which is why I got it so cheap. However that doesn't change its feature set and capabilities as of the latest supported ASA software which still far surpasses current consumer offerings. Your statement that it's less secure than a Linksys consumer router is just plain false and proves you really don't know much about enterprise network equipment and capabilities. I have many layers of security and segmentation in my home network and it has never been compromised.

But you go ahead and enjoy your consumer equipment if it helps you feel safe.

Sent from my SM-N960U using Tapatalk
Reply With Quote
  #46  
Old 05-21-2019, 8:19 PM
spoof145's Avatar
spoof145 spoof145 is offline
Member
 
Join Date: Dec 2013
Location: Copper
Posts: 337
iTrader: 2 / 100%
Default

Quote:
Originally Posted by vega View Post
I do have a minimac but it’s wired and yes it reappear instantly after I changed the password and reboot. It stop reappearing after I bocked and deleted it and disabled Ssid.
All this and you had a minimac all along. It's just the minimac trying to autoconnect wirelessly. " the intruder doesn’t have an IP address. " that's because it didn't connect.
__________________
Only two defining forces have ever offered to die for you. Jesus Christ and the American Soldier. One died for your soul, the other for your freedom.
-Lt. Col. Grant L. Rosensteel, Jr.

Last edited by spoof145; 05-21-2019 at 8:22 PM..
Reply With Quote
  #47  
Old 05-21-2019, 8:21 PM
vega vega is offline
Veteran Member
 
Join Date: Oct 2005
Location: Ventura County
Posts: 3,014
iTrader: 57 / 100%
Default

Quote:
Originally Posted by krypto99 View Post
Vega,

I am your neighbor, the one with the boat. If you ever want to go fishing again you will reconnect me to your wifi. I get very angry without pornhub.
Ií really thinking itís him.😊
Reply With Quote
  #48  
Old 05-21-2019, 8:25 PM
vega vega is offline
Veteran Member
 
Join Date: Oct 2005
Location: Ventura County
Posts: 3,014
iTrader: 57 / 100%
Default

Quote:
Originally Posted by spoof145 View Post
All this and you had a minimac all along. It's just the minimac trying to autoconnect wirelessly.
I guess thatís it. Now how do I allow the minimac to connect after I deleted and block it? For 2 nights I have little sleep worrying about this.

Hey at least everyone is having a lively conversation.
Reply With Quote
  #49  
Old 05-22-2019, 6:42 AM
NYT's Avatar
NYT NYT is offline
CGN/CGSSA Contributor
CGN Contributor
 
Join Date: Apr 2011
Location: Auburn, CA
Posts: 3,725
iTrader: 31 / 100%
Default

Quote:
Originally Posted by MrFancyPants View Post
I'm very well aware it's EOL, which is why I got it so cheap. However that doesn't change its feature set and capabilities as of the latest supported ASA software which still far surpasses current consumer offerings. Your statement that it's less secure than a Linksys consumer router is just plain false and proves you really don't know much about enterprise network equipment and capabilities. I have many layers of security and segmentation in my home network and it has never been compromised.

But you go ahead and enjoy your consumer equipment if it helps you feel safe.

Sent from my SM-N960U using Tapatalk
you got it cheap because its obsolete. no professional would field it, let alone rely on it.

spreading FUD and straight up LYING about your qualifications is sad AF.
Reply With Quote
  #50  
Old 05-22-2019, 6:54 AM
Fizz's Avatar
Fizz Fizz is offline
Senior Member
 
Join Date: Feb 2012
Location: San Diego
Posts: 1,162
iTrader: 17 / 100%
Default

OP, how were you determining that there was an intruder and how did you figure they were connected wirelessly?
Reply With Quote
  #51  
Old 05-22-2019, 6:56 AM
MrFancyPants's Avatar
MrFancyPants MrFancyPants is offline
Member
 
Join Date: Jun 2017
Location: Salt Lake City
Posts: 438
iTrader: 3 / 100%
Default

Quote:
Originally Posted by NYT View Post
vega, did you create a screenshot of the device and MAK prior to deletion?

my guess off the cuff would be that one of your devices has two NICs thus two MAK addresses.
Quote:
Originally Posted by NYT View Post
you got it cheap because its obsolete. no professional would field it, let alone rely on it.

spreading FUD and straight up LYING about your qualifications is sad AF.
Are you trying to be retarded or does it just come naturally? It's not in the field, it's in my home as I plainly stated, and again EOL just means it doesn't receive officially supported new versions of ASA software and ASDM. It still has all the advanced security features which your consumer router doesn't. Otherwise there would be no need for companies to spend thousands of dollars for an enterprise ASA when they could just go to Best Buy like you and spend $120 on a crap basic device. Why do you think companies don't buy those?

How many datacenters have you managed? How many technical certifications do you hold? I'm Cisco CCNA, VMware VCP-DCV and Microsoft MCSA certified. At my current company we use Palo Alto and Cisco firewalls, not Linksys, because security is important in the corporate world.

Besides, why would I care what some numbnut who doesn't even know what a "MAC" address is. See quote above. MAK address?? WTH is that? Do you even know what MAC stands for? (quick, Google it!) GTFO of here and go back to your Geek Squad job.

Sent from my SM-N960U using Tapatalk
Reply With Quote
  #52  
Old 05-22-2019, 7:00 AM
keepitlow's Avatar
keepitlow keepitlow is offline
Junior Member
 
Join Date: Oct 2010
Location: Born in L.A.-NYC is 2nd home-Rustbelt is home base
Posts: 51
iTrader: 0 / 0%
Default

Quote:
Originally Posted by sholling View Post
Do people really use wifi passwords that short? I recommend at least 48+ thoroughly hashed characters. I also recommend that people use a guest network for guests, lock it out of the intranet, and that they turn off their guest network when guests leave.
How do they break passwords even if just 8?
Reply With Quote
  #53  
Old 05-22-2019, 7:28 AM
sholling's Avatar
sholling sholling is offline
CGN/CGSSA Contributor
CGN Contributor
 
Join Date: Sep 2007
Posts: 10,343
iTrader: 5 / 100%
Default

Quote:
Originally Posted by keepitlow View Post
How do they break passwords even if just 8?
First I'm referring to the wifi key not the admin password. I'm not a hacker, just a long retired network/network security guy but a quick google search will turn up a ton of wifi hacking tools and tutorials. In the old days hackers would kick off a program to throw the dictionary at the wifi key, followed by throwing every possible combination of numbers, letters (upper and lower), and special characters at the problem. Unlike passwords, incorrect wifi keys do not require a delay before retrying. Obviously they'll land on a correct 8 character key a lot faster than a 48, 64 or 128 character key. There are other/newer more exotic methods that are way over my head. Remember, all that a pervert needs is your wifi key to start downloading kiddy porn and leave you holding the bag for it.

Once they have a device on your network they can social engineer (dog's name, kid's name, kid's birthday etc, the word "password"), they can capture unencrypted passwords, or they can throw a dictionary program at the problem. Sure there will be delays after every third incorrect passwords but given time they can get in. I use a password manager to generate a unique thoroughly hashed maximum possible size password for each site so cracking Amazon's passwords won't get someone into my bank accounts or my router.

__________________
"Government is the great fiction, through which everybody endeavors to live at the expense of everybody else." --FREDERIC BASTIAT--

Proud Life Member: National Rifle Association and the Second Amendment Foundation.

Life Member: California Rifle & Pistol Association

Last edited by sholling; 05-22-2019 at 7:32 AM..
Reply With Quote
  #54  
Old 05-22-2019, 7:28 AM
Fizz's Avatar
Fizz Fizz is offline
Senior Member
 
Join Date: Feb 2012
Location: San Diego
Posts: 1,162
iTrader: 17 / 100%
Default

Quote:
Originally Posted by keepitlow View Post
How do they break passwords even if just 8?
Generally, brute Force (guessing) or dictionary (list of passwords). For WPA(2) PSK you deauthenticate (kick off) a client and observe the handshake, you can then attack the handshake offline.

The handshake is 'scrambled' and one simply tries passwords to generate the same scramble as the captured handshake. The scramble cannot reveal the password, but the correct password can reveal the scramble.

You can also attack WPS, social engineer, etc. Passwords as well.
Reply With Quote
  #55  
Old 05-22-2019, 10:18 AM
the86d's Avatar
the86d the86d is offline
Calguns Addict
 
Join Date: Jul 2011
Location: Pinko-Commiefornia
Posts: 7,303
iTrader: 3 / 100%
Default

One attack for is to disassociate a client, it would then handshake again, and with enough handshakes one could puts 2&2 together....
__________________
Those who know Linux and use it daily generally find iPhruity Apple products useless...

Last edited by the86d; 05-22-2019 at 10:21 AM..
Reply With Quote
  #56  
Old 05-22-2019, 10:18 AM
vega vega is offline
Veteran Member
 
Join Date: Oct 2005
Location: Ventura County
Posts: 3,014
iTrader: 57 / 100%
Default

Quote:
Originally Posted by Fizz View Post
OP, how were you determining that there was an intruder and how did you figure they were connected wirelessly?
All the other macs are identified by name except that one. Also my router specifies how a mac is connected, either wireless or wired. Itís telling me that itís connected but no IP and no name but at one point it told me itís a macmini and I didnít know at that time that MY WIRED macmini was also trying to auto connect wirelessly.
Reply With Quote
  #57  
Old 05-22-2019, 11:56 AM
Fizz's Avatar
Fizz Fizz is offline
Senior Member
 
Join Date: Feb 2012
Location: San Diego
Posts: 1,162
iTrader: 17 / 100%
Default

Quote:
Originally Posted by vega View Post
All the other macs are identified by name except that one. Also my router specifies how a mac is connected, either wireless or wired. Itís telling me that itís connected but no IP and no name but at one point it told me itís a macmini and I didnít know at that time that MY WIRED macmini was also trying to auto connect wirelessly.
You likely have icloud keychain sync enabled. As soon as you connected with one Mac that has the same icloud account all the other devices got the wifi password.

I don't work with enough Apple devices, but I believe they will 'test' association with preferred access point in range even when wired. Also, if the router reports MAC IDs you'll see a matching identifier for the devices WiFi interface.

A device will have a separate network ID for wired and wireless interfaces, but can also have more IDs than there are interfaces as well. Virtualization (Parallels), multihoming (one ID more than 1 IP), etc. Can all skew how routers report connected devices. Basically, the router isn't all that accurate.
Reply With Quote
  #58  
Old 05-22-2019, 12:43 PM
pepsi2451 pepsi2451 is offline
Senior Member
 
Join Date: Feb 2006
Location: Del Norte County
Posts: 1,594
iTrader: 1 / 100%
Default

Quote:
Originally Posted by Fizz View Post
You likely have icloud keychain sync enabled. As soon as you connected with one Mac that has the same icloud account all the other devices got the wifi password.

I don't work with enough Apple devices, but I believe they will 'test' association with preferred access point in range even when wired. Also, if the router reports MAC IDs you'll see a matching identifier for the devices WiFi interface.

A device will have a separate network ID for wired and wireless interfaces, but can also have more IDs than there are interfaces as well. Virtualization (Parallels), multihoming (one ID more than 1 IP), etc. Can all skew how routers report connected devices. Basically, the router isn't all that accurate.
This makes sense to me. OP should check the wireless MAC address on his mini to confirm.
Reply With Quote
  #59  
Old 05-22-2019, 1:14 PM
pepsi2451 pepsi2451 is offline
Senior Member
 
Join Date: Feb 2006
Location: Del Norte County
Posts: 1,594
iTrader: 1 / 100%
Default

I just want to add to what others were saying about secure passwords: DON"T ASSUME THE DEFAULT PASSWORD IS SECURE.

"Blackrosebud408" might look secure enough and its handy its printed on the bottom of the router. The problem is many home APs have a small keyspace for default passwords. For example around here most people are on spectrum and they use netgear routers. So when you see an ssid like "MySpectrumWiFiXX-2g" you know the default password was an adjective + a noun + 3 digits. With the adjective and noun lists I use that works out to a little under 11 billion possible passwords. My GTX1060 can handle about 200,000 hashes per second and would take about 15 hours to check every password, meaning on average it should take around 7.5 hours to get a password. That's with an older mid range card. If an attacker really wanted your password they could also pay hourly for a cloud solution that would work much faster.

Here is a list of default keyspaces in case anyone wants to calculate how long it would take someone to crack their default password. It would probably be easier just to change it though.

https://hashcat.net/forum/thread-6170.html
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -8. The time now is 3:39 AM.




Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Proudly hosted by GeoVario the Premier 2A host.
Calguns.net, the 'Calguns' name and all associated variants and logos are ® Trademark and © Copyright 2002-2018, Calguns.net an Incorporated Company All Rights Reserved.
Calguns.net and The Calguns Foundation have no affiliation and are in no way related to each other.
All opinions, statements and remarks made by Calguns.net on this web site and elsewhere are solely attributable to Calguns.net.