Awful Wi-Fi signal whilst pentesting - Why?

[0phoi5]

Hi all,

So my latest endeavour, in preparation for doing the CEH course in the near future, and because I'm a curious nerd, was to pen test my own Wi-Fi. However, I'm having major issues with how difficult it is to pick my Wi-Fi up from any reasonable distance.

Initially, my goal was to drive to a couple of nearby locations and see how easy it was to locate my Wi-Fi from 50m, 100m, 150m, etc. I haven't even got as far as pen testing it, just wanted to test viable locations for doing so and to give myself a good idea of the distance at which someone could connect.

I am using an RPi3, an Alfa AWUS036H, and I tried both a Yagi and a 7dBi Alfa Panel Antenna.

My issue is with picking up the Wi-Fi from even a small distance. I currently have a couple of Wi-Fi hubs in my home, and I chose to pen test a BT Hub 6, which has very good signal strength itself. One of the best, apparently. However, I was only able to pick up a signal from 50m. 100m and I couldn't even find my Wi-Fi!

As a prime example, there is a road lay-by 150m from my home, so I thought this would be a perfect spot to pull over and test the signal strength. I assumed I would defiantly get a signal from 150m away using the above hardware, but I didn't. Not even a sign of it!

The path to the house from here is not line-of-sight. It is blocked by around 2 houses and a bunch of shrubbery/small gardens. I understand the implications of this on signal strength, but to be honest, I was not expecting a complete signal loss at only 150m, blocked or not!

I'm shocked that this hardware can't manage to pick up a Wi-Fi hub at more than 100m! Any ideas? Thoughts?

[Decoy]

Have you tried using any type of directional antennas? Typically you get more gain with those if you know the direction of the network you're trying to connect to. You can see it obviously if you're parked in your driveway right?

[0phoi5]

Both of those antennas are directional. I used a compass to make sure I was facing them exactly towards my house.

I am able to pick up the Wi-Fi with no problems from within the house, less than 50m from the house. After this, the signal drops out very sharply, with 100m more from the house being impossible to pick up. Which is odd, because a Yagi should surely pick Wi-Fi up from 1km+ when pointed correctly?

[Decoy]

Are your Access Points behind any mind of concrete, fireplaces, etc? Definitely odd. Is it just your house? What if you point it at another house, same thing?

[0phoi5]

Sitting 150m from my house, with around 2 houses and a garden in line-of-sight between me and my own access point, I did not pick up my access point at all. Nothing.

I did pick up 2 access points, with a PWR signal strength of -68 to 70. Considering those houses were around 50m from me, that's pretty poor reception!

I was expecting to be able to pick up my Wi-Fi, but with a low signal strength, rather than not being able to pick it up at all through just a couple of houses.

*Edit* These are modern houses by the way. We're talking thin walls, not old buildings, no fireplaces or elevators or anything like that. And the 2.4ghz band.

Edited November 10, 2016 by haze1434

[0phoi5]

I do wonder about the power output of the Alfa card. Would connecting the card to an RPi and running the RPi from a 12v cigarette socket provide enough power for an Alfa card to run at full efficiency?

[Decoy]

Yeah, it's definitely odd. My Alfa works great, I usually don't have too many problems, and I only power mine through USB on my laptop.

[0phoi5]

Thank you, I will see if I get the opportunity to try the intervals of 10m over this weekend, as well as the fact that I've found a spot with some houses 800m away with a clear line-of-sight across a field, so I will see if I can pick up their Wi-Fi over that clear distance. If so, I'll be able to confirm something is blocking the signal.

[0phoi5]

Thanks kdodge, I'll take a look at my equipment and see if I can't get another, better model.

It turns out that, after some testing this weekend, it's mainly to do with lack of line-of-sight. I managed to use both the Yagi and an Omni-directional 7dBi antenna to get a signal for a house at 800m, across an empty field with no objects in-between.

To be honest, I wasn't expecting this, so I've learnt something new. Turns out that Wi-Fi can connect at amazing distances through line-of-sight, no blockage, but at short distances even a small amount of material between the antenna and the source can make a big difference, it seems.

*edit* This actually leads me to another question - Is there any particular type of antenna that is better at penetrating through materials at short distance? So, rather than having a long-distance Wi-Fi connection over line-of-sight, could one 'punch-through' materials at close range with a particular type of aerial?

Edited November 14, 2016 by haze1434

[0phoi5]

On ‎11‎/‎11‎/‎2016 at 11:26 PM, kdodge said:

also, the link you gave for a yagi antenna looks like its just a standard dipole (monopole) antenna, which is more omni directional. A yagi antenna looks more like a comb and is more direction dependent.

Ah, I linked it wrong, sorry. This is what I meant to link.

[barry99705]

4 hours ago, haze1434 said:

Thanks kdodge, I'll take a look at my equipment and see if I can't get another, better model.

It turns out that, after some testing this weekend, it's mainly to do with lack of line-of-sight. I managed to use both the Yagi and an Omni-directional 7dBi antenna to get a signal for a house at 800m, across an empty field with no objects in-between.

To be honest, I wasn't expecting this, so I've learnt something new. Turns out that Wi-Fi can connect at amazing distances through line-of-sight, no blockage, but at short distances even a small amount of material between the antenna and the source can make a big difference, it seems.

*edit* This actually leads me to another question - Is there any particular type of antenna that is better at penetrating through materials at short distance? So, rather than having a long-distance Wi-Fi connection over line-of-sight, could one 'punch-through' materials at close range with a particular type of aerial?

You can't change physics.

The only way to go through stuff with wifi is to up the transmit power.  Even then the other side might not be able to transmit back.  Anything that gets hot in a microwave will block wifi.  Trees, anything with water in it, so concrete, brick, wood paneling, and stucco siding will attenuate it.  Metal, obviously will block it.  Had a client raise holy hell because he couldn't get wifi in his office.  The access point was on the other side of a wall he says.  I go out to the side to look, and sure enough, it's on the other side of a standard wood framed sheetrock wall.  What he failed to mention was the huge ass salt water aquarium on that wall.  Mirrors will also screw with wifi signals, found that out in an office lobby.  Mirrored wall blocked almost all of the wifi from the access point that was supposed to hand out the public wifi, they didn't want to put the access point in the lobby when the wiring closet was in the hall on the other side of the wall.

[0phoi5]

Thanks barry :) Line-of-sight it is, then!

I guess the only other option would be something like an RPi, communicating with it on a lower frequency such as 900mhz, and placing it within line-of-sight of source. That seems a bit too much hassle for pen testing my own Wi-Fi though, so I don't think I'll bother  Guess it's an interesting thought, though.

[barry99705]

11 hours ago, haze1434 said:

Thanks barry :) Line-of-sight it is, then!

I guess the only other option would be something like an RPi, communicating with it on a lower frequency such as 900mhz, and placing it within line-of-sight of source. That seems a bit too much hassle for pen testing my own Wi-Fi though, so I don't think I'll bother  Guess it's an interesting thought, though.

Man, I miss my old 900mhz cordless phone!  I could take that thing almost anywhere around my block and still get a signal!  Of course this was back when cell phones were the size of a small briefcase.

[OPS32]

 

Besides the line of vision also usually affects the noise level in the 2400 mhz band, it is much more difficult in the city with thousands of other networks and devices, than in a rural setup.

[barry99705]

2 hours ago, OPS32 said:

 

Besides the line of vision also usually affects the noise level in the 2400 mhz band, it is much more difficult in the city with thousands of other networks and devices, than in a rural setup.

That, and there's always that guy with the 20 year old microwave that cooks things sitting on top of it just as well as stuff inside it.  I had a microwave once that leaked so bad the wifi would drop every time I'd heat up a burrito.

[0phoi5]

Has anyone ever experimented with wireless 'around-a-corner', using a mirror or a highly radio-wave reflective surface (aluminium?) to bounce the signal around 90 degrees?

That'd be an interesting weekend challenge

I guess with a well-aligned Yagi, this could work quite well to avoid at least one building.

 

Edited November 15, 2016 by haze1434

[barry99705]

The higher the frequency the more bandwidth you get, but gets decreased range at the same power level, and more shit will block it.

[0phoi5]

Is there a cut-off / graph curve as to the lowest level of MHz one can go before the distance / penetration of a signal starts getting worse again?

For example, 900MHz travels better than 2.4GHz, but cannot hold as much data. Would 433MHz be better still than 900MHz, or is there a point where it's no longer worth it? Would 433MHz truly be better than 900MHz for distance / penetration, or would it not hold up very well due to lack of data transmission etc.?

[barry99705]

Not that I've ever seen.  I know at 900mhz you're looking at really low end dsl/dial up speeds.

[Anyago]

is it possible for you to take measurements of signal strength at 40m, 50m, 60m, 70m, 80m, 90m, and 100m? make a table, it might give you a more visual idea of whats going on.