film Posted November 8, 2006 Share Posted November 8, 2006 Hi, well i was wondering are MAC Addresse's 100% uncrackable or just VERY VERY secure. Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted November 8, 2006 Share Posted November 8, 2006 MAC addresses are just hardware addresses for network devices and can easily be changed. I'm not sure what you mean by crackable, but they are not secure. Quote Link to comment Share on other sites More sharing options...
film Posted November 8, 2006 Author Share Posted November 8, 2006 No i know what they are just i was talking to this guy and he said that he just put a MAC ADDRESS !!!! on his router anyways i was like ok... but he said now im unhackable and i was thinking no way there must be a way to get past them and i was wondering if he was right or wrong about saying NO ONE could get on this router ? Quote Link to comment Share on other sites More sharing options...
VaKo Posted November 8, 2006 Share Posted November 8, 2006 I'm guessing he just setup a MAC address white list for his wifi... which isn't as secure as you'd think. Quote Link to comment Share on other sites More sharing options...
Jester Posted November 8, 2006 Share Posted November 8, 2006 If it can be built it can be unbuilt. There is nothing that is unhackable. It may be difficult and it may not have a current solution but if someone trys hard enough there is a way to do it I am sure. If Vako is correct and he setup a MAC whitelist then all you have to do it spoof a good mac address and boom your on. :) 8) Quote Link to comment Share on other sites More sharing options...
burn Posted November 9, 2006 Share Posted November 9, 2006 If he programmed his router to only allow certain MAC address to connect to it, then all it takes is to watch what MAC addresses are connected using a program like airodump (part of the aircrack suite). After that you could try disconnecting them from the router using a deauth attack, reprogramming your MAC address to match theirs, and then connect to the AP. You'll want to add your real MAC address to their whitelist and disconnect yourself. If you do it quick enough maybe the victim won't realize why he was disconnected and won't think to check the router's config for a new entry. Quote Link to comment Share on other sites More sharing options...
VaKo Posted November 9, 2006 Share Posted November 9, 2006 Don't forget to lock them out of there admin controls. Quote Link to comment Share on other sites More sharing options...
l0gic Posted November 9, 2006 Share Posted November 9, 2006 Implementing a MAC-based ACL on a wireless AP is akin to locking your car with the windows rolled down. Quote Link to comment Share on other sites More sharing options...
burn Posted November 9, 2006 Share Posted November 9, 2006 Implementing a MAC-based ACL on a wireless AP is akin to locking your car with the windows rolled down. Or running WEP. :) It keeps the newbies out, but that's about it. Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted November 9, 2006 Share Posted November 9, 2006 Wireless is NOT secure at all... anyone who tells you it is, is either stupid or lying. If security is important turn off wireless and use a cable, because someone will always find a way to 1337 H4X0R you. Quote Link to comment Share on other sites More sharing options...
film Posted November 9, 2006 Author Share Posted November 9, 2006 Thanks Guys :D Quote Link to comment Share on other sites More sharing options...
Spartain X Posted November 9, 2006 Share Posted November 9, 2006 all i can say is kismet kismet is a passive wifi scanner and it can show all associated wifi NICs, couple minutes of that and you are sure as hell gonna get his mac address, then either start airodump to dump wifi traffic and aircrack his wep or dump wpa traffic and brute or dictionary attack his psk. when you have that it's simple to just nmap his lan with nmap with the spoof mac address and you know what's inside. in linux you can change mac address easily and windows i guess it's not hard, then it's as simple as running a nessus scan and fire up metasploit or have a look at security forest's extensive exploit range or a look at security focus and compile/ executed the exploit and soon his box is completely and utiley PWNED. if you are going to run a wifi lan the only security technology that is is not defeated yet is wpa2 with radius and still that is still possible prone to brute force or dictionary attack for the psk. in general all i can say is "the only safe computer is one that is turned off" and even then i have my doubts just tell you friend that their is no definitive way to protect a network Quote Link to comment Share on other sites More sharing options...
VaKo Posted November 9, 2006 Share Posted November 9, 2006 A cheap way of sercuring wifi is to us wireless A, not b/g. Most consumer grade stuff doesn't pick up band a, and its crap at going threw walls anyway. Quote Link to comment Share on other sites More sharing options...
Guest Posted November 9, 2006 Share Posted November 9, 2006 Wireless is NOT secure at all... anyone who tells you it is, is either stupid or lying. If security is important turn off wireless and use a cable, because someone will always find a way to 1337 H4X0R you. That is why we have encryption, wireless can be secure if you know what you are doing and how to set it up correctly. Quote Link to comment Share on other sites More sharing options...
boristsr Posted November 9, 2006 Share Posted November 9, 2006 it's secure to an extent if you set it up properly. but sorry guys, nothing beats cable (except of course, no network connection). Also, when choosing how to set up your network, it's important to understand what sort of information people will be able to access, and who exactly will want to access it. If you are using WPA with mac address filtering, it's secure enough for 99.999999999999999999999% of people. For someone to actually bother trying to gain access to your network is highly improbable unless they are after you specifically. i would say for a lot of people also that WEP with mac address filtering is secure enough. sure it CAN be cracked, but the amount of completely unsecured networks around here, it's still too annoying to bother with. it's also likely that the unsecured wifi's have less knowledgeable people behind them, so it's even more unlikely to get caught. Quote Link to comment Share on other sites More sharing options...
nico Posted November 9, 2006 Share Posted November 9, 2006 it's secure to an extent if you set it up properly. but sorry guys, nothing beats cable (except of course, no network connection).Also, when choosing how to set up your network, it's important to understand what sort of information people will be able to access, and who exactly will want to access it. If you are using WPA with mac address filtering, it's secure enough for 99.999999999999999999999% of people. For someone to actually bother trying to gain access to your network is highly improbable unless they are after you specifically. i would say for a lot of people also that WEP with mac address filtering is secure enough. sure it CAN be cracked, but the amount of completely unsecured networks around here, it's still too annoying to bother with. it's also likely that the unsecured wifi's have less knowledgeable people behind them, so it's even more unlikely to get caught. I'm a bit disagreed with you. it's difficult to say how a wireless network is secured. It mainly depends of...the people living in your area. You could get no trouble at all during 10 years as you could be hacked after two weeks. The facts are : WEP is crackable, WPA is crackable. The way WEP is cracked (I actually didn't see how WPA works but it seems aircrack can beat it too), you get the client(s) MAC-ADRESS so the mac-address access list is useless. If a guy decided to crack your WEP key, changing his MAC-adress by yours is nothing. With linux, it takes one command. Because of this, I don't use wi-fi at home even if it could help me out. I prefer to have a 10 meters cable. it's not handy, but it's a lot more secured than wireless network. At least, I don't have to fear against potential threats in my neighbourhood. The guy who tries to get access to your network is not obligatory a guy who wants to harm your network. He may just want to have an internet connection for free (or maybe he's just an internet addict, he just moved and can't wait for his internet connection). My advice, if you use the WI-FI anyway, it's at least to use WPA, change your key regulary and monitor your network too..and don't use P2P. There's a chance the guy can't make injection of packets but p2p will help him a lot. In less than one day, he will get enough packets. Quote Link to comment Share on other sites More sharing options...
VaKo Posted November 9, 2006 Share Posted November 9, 2006 How's a 63 char random pass phrase on a weekly rotation, mixed in with 255.255.255.254 netmasks and seperated VLANS sound? Quote Link to comment Share on other sites More sharing options...
nico Posted November 9, 2006 Share Posted November 9, 2006 How's a 63 char random pass phrase on a weekly rotation, mixed in with 255.255.255.254 netmasks and seperated VLANS sound? It sounds better :D . Actually, with the linksys router named WPC-54G (If I remember well the name), you can use linux firmwares. I tried dd-wrt once and I was amazed how good it was compared with the original linksys firmware. It manages vlans and it pertmits to easily check who's connected in via the MAC-ADRESS. Quote Link to comment Share on other sites More sharing options...
boristsr Posted November 9, 2006 Share Posted November 9, 2006 The guy who tries to get access to your network is not obligatory a guy who wants to harm your network. He may just want to have an internet connection for free (or maybe he's just an internet addict, he just moved and can't wait for his internet connection).that's exactly my point. i'm not sure about your area, but around my area there is atleast a 1:1 ratio of unsecured wireless networks to secured wireless network (possibly even approaching 2:1). now, if he has no specific purpose to get access to MY network, then why would he even bother? he can drive an extra 200m and he can connect with no trouble.My advice, if you use the WI-FI anyway, it's at least to use WPA, change your key regulary and monitor your network too..and don't use P2P. There's a chance the guy can't make injection of packets but p2p will help him a lot. In less than one day, he will get enough packets.solid advice. my point before when stating that WEP with mac address filtering is enough for most people is highlighting the fact that security issues are probably quite overstated due to paranoia. and that it's much easier to just find an unsecured network than it is to bother breaking even the simplest of security measures. it's also less risky for the attacker as there is less chance of the admin/owner having a clue and monitoring the network.Another very good thing to do is change the broadcast strength of the wireless AP to as low as you can have it while still serving your needs, while it can still be accessed with the use of a dish or cantenna, it's less likely to be seen in the first place. i'm lucky in this case because my neighbors have no clue and i live in a battleaxe (i'm not sure if this is an aussie term or not, but it's essentially a house behind a house, with a long driveway which goes to 2 houses, resembling a battleaxe from the air) so it's even weaker to access from the road. Quote Link to comment Share on other sites More sharing options...
nico Posted November 9, 2006 Share Posted November 9, 2006 that's exactly my point. i'm not sure about your area, but around my area there is atleast a 1:1 ratio of unsecured wireless networks to secured wireless network (possibly even approaching 2:1). now, if he has no specific purpose to get access to MY network, then why would he even bother? he can drive an extra 200m and he can connect with no trouble. I live in an appartement. I only recieve 4 wireless signals and sometimes another one. The last one is Open :? but stays few minutes and it's quite rare. There is only one wireless network with WPA encryption. The rest uses WEP encryption. In this exemple, i guess the guy with WPA encryption is the one with less risks. if I had to hack one of them, I'll just waith for the first who makes a sufficient number of packets to get cracked. It is actually just a question of time and patience as I can't inject packets. Another very good thing to do is change the broadcast strength of the wireless AP to as low as you can have it while still serving your needs, while it can still be accessed with the use of a dish or cantenna, it's less likely to be seen in the first place. That's a very important advice. There's another important advice. Change your admin password of your access-point/router ! I noticed a lot of people don't do it. In the cas of a wireless attack, the bad guy just have the complete control of your network. He can do whatever he wants. In the case of the ACLs, he could add a mac-address for himself or simply remove the acls. If your access point is the router, he could even open ports for his own needs. Quote Link to comment Share on other sites More sharing options...
burn Posted November 9, 2006 Share Posted November 9, 2006 If I lived in an apartment with 4 available signals, I would go after the WPA one just for the challenge. :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.