• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

How much damage can someone do if they get into your wifi AP?

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
Steve Gibson has a fantastic random key generator for WPA passwords:

https://www.grc.com/passwords.htm

It creates a UNIQUE string in either 64 random hexadecimal characters (0-9 and A-F) or using ASCII charachters. I use it for my WPA PSK. No one will ever crack my password :) Good as a Wired LAN IMO...

Beyond that - isolating your WiFi from your LAN is also a great idea (as already mentioned). Also, using your PC's software firewall can help prevent WiFi intrusion, and also prevents other infected PC's on the network from getting ahold of your PC easily...

:cool:
 
Randyman... said:
Steve Gibson has a fantastic random key generator for WPA passwords:

https://www.grc.com/passwords.htm

It creates a UNIQUE string in either 64 random hexadecimal characters (0-9 and A-F) or using ASCII charachters. I use it for my WPA PSK. No one will ever crack my password :) Good as a Wired LAN IMO...

Beyond that - isolating your WiFi from your LAN is also a great idea (as already mentioned). Also, using your PC's software firewall can help prevent WiFi intrusion, and also prevents other infected PC's on the network from getting ahold of your PC easily...

:cool:
Click to expand...

about the key couldn't you just type a bunch of stuff like

ga9ga0-g!!ggst9opsfgklajnbo]\\iybnlambD85aga'atp05i3gg=068=46gssg5h5hah/**gaagavbmnbma

wouldn't that work similar to using a key gen?
 
The random key gens are even more random, but your pw wouldn't be terribly easy to guess.

Some people uses phrases, which are very easy to guess. You want random mixtures of capital and lowercase letters and numbers as well as other ascii characters in the permitted range (I forget exactly what that is).

I don't really trust the keygens, how do I know they aren't logging the keys? You can use keygens and cut and paste pieces of the keys together to make a key if you want, or pieces from different keygens, or permute them, or do something like that. Also, how do you know that the key isn't being intercepted in transmission?

Yeah, I suppose I'm paranoid...
 
What about DNS Poisioning? If someone got into your AP, they could change your DNS servers and really cause some damage. Accessing your file would be the least of your worries.
 
CreePinG_DeatH said:
What about DNS Poisioning? If someone got into your AP, they could change your DNS servers and really cause some damage. Accessing your file would be the least of your worries.
Click to expand...

Stop it your scaring us. To steal a line from Dilbert:
"Spooked, the herd stampedes"
:bday:

Anyone remember the OS that makes a computer into a firewall (im drawing a blank)? How would that play into it.
 
BigFoofieMan said:
Stop it your scaring us. To steal a line from Dilbert:
"Spooked, the herd stampedes"
:bday:

Anyone remember the OS that makes a computer into a firewall (im drawing a blank)? How would that play into it.
Click to expand...

Smoothwall? I don't know if it would make a difference or not. If someone gained access to your AP, they don't have to do anything (and thus not even raise your suspicions) and just see what exactly is running on the networks' computers.
 
CreePinG_DeatH said:
Smoothwall? I don't know if it would make a difference or not. If someone gained access to your AP, they don't have to do anything (and thus not even raise your suspicions) and just see what exactly is running on the networks' computers.
Click to expand...

Actually it would make a difference. But for it to you would have to configure it correctly. You would have to either have the wireless AP on either the orange network or the blue (with modification). Therefor even if a hacker broke into your AP they wouldn't be able to hack into your PC's on your green network since the orange and blue networks can not connect to the green network. They could however still like it has been said download illegal files which would be traced back to you but you can at least prevent hacking of your hardwired PC's
 
TalRW said:
They could however still like it has been said download illegal files which would be traced back to you but you can at least prevent hacking of your hardwired PC's
Click to expand...

If they can download anything they want, then couldn't they just download a malicious script/program/worm etc. in order to create a hole for them to access? I don't know what you mean by the green, blue, orange etc., but I would assume it has something to do with access permissions. If the compromised computer can have any type of access, either configured that way or maliciously set-up by others, then wouldn't the hardwired computers just be a matter of time before they are accessed?
 
Smoothwall separates computers into networks called green (LAN) orange (DMZ) and blue (Wireless). The blue and orange networks can't communicate with the green network unless a green computer initiates it so even if something on the blue network is infected it won't carry over to the green network. So basically if a hardwired computer is on the green network it is protected against something malicious on the other ones.
 
MRD said:
I don't really trust the keygens, how do I know they aren't logging the keys? You can use keygens and cut and paste pieces of the keys together to make a key if you want, or pieces from different keygens, or permute them, or do something like that. Also, how do you know that the key isn't being intercepted in transmission?

Yeah, I suppose I'm paranoid...
Click to expand...

That GRC link uses SSL encryption for the password page :eek: And I, for one, trust Steve Gibson not to be logging these for his own personal hacking uses ;) . Combining 2 or 3 of those PW's into one is not a bad idea, but you'd end up with a PW that is just as random either way :D

:cool:
 
Ill tell you, if you have encryption the least thing somone is going to do is sit for an hour breaking in when all they have to do it move 4 feet up the street to get an open WEP connection. I have about 2 non encrypted networks on my street.

I saw this topic the other day, and so, I took my lapotop with me when my mother went out for groceries. I poped open my WiFi mannager and just refrshed the connections as we went along. For every 10 connections there were maybe 3 encrypted ones, and maybe 1 if that, that was properly encrypted.

Hell someone on my streed has a network with a dlink router that just poped open the box and hooked it up. The wifi settings are default with dlink as the pass and dlink as the name. Pretty sad if you ask me.

Mainly all im trying to say, if you use WPA, mac adress filtering, set up your network for static IPs (dont use dynamic DNS) and change the IP ranges and subnets you will be fine, as less than a block away there are unsuspecting people ready to have their internet stolen.

And on the note of what PR Racing said, yes it is illegal to use somones wifi connection without permission. Just as it is illegal to "borrow" your neighbours car without permission. Its just hard to monitor and detect who is stealing who's internet. So all in all its up to the user to make it secure.

I used to think wireless was crappy and insecure, and still do. All my network is wired except for my laptop, and I have done all I can to secure it. And like I said, I dont worry cause there are people just down my streed with wide open networks.
 
Ill tell you, if you have encryption the least thing somone is going to do is sit for an hour breaking in when all they have to do it move 4 feet up the street to get an open WEP connection. I have about 2 non encrypted networks on my street.
Click to expand...

Mostly true. There are cases where it's not.
1) if there aren't other networks in range, and you're the only decent signal strength close enough to where someone wants to mooch from, they might bother to crack your wep.
2) if they want to steal info from you particularly, or harm you particularly in some way, they might bother to crack your wep.
3) if you are are a particularly good/interesting target for some reason (average home user normally is not a particularly special target, but say you were Bill Clinton, you better secure your wireless network...)

Personally, I just err on the side of paranoid, partly because I like learning the technology and locking everything down. I fully realize there is no particular reason anyone would have to hack my network beyond free bandwidth. If they got on my PC they probably couldn't even steal my files because they wouldn't know how to use linux... and even if they did, all they'd get is a bunch of school papers and maybe a few pdf's of technical manuals. Not too exciting. Lol they'd probably think there was something juicy just from the security I have, and be very disappointed.

Because of where I live anyways, there's probably at most 1 other house in range, and that would be crappy signal anyways. We have a good amount of land and so do our neighbors.
 
@Skeith: I've seen that too actually, When the whole Verizon FiOS was new in this area, the installers were using DLink router/access points, and setting up the wireless completely open, and leaving it that way.

Anywhere i go i can hit at least 1 open Dlink access point... its very sad :/ I've tried to warn folks at the shop if they mention they have FiOS... and suggest logging into the router and locking it down.. but thats only a few people/week who shop for wireless goodies.


~ Gos
 
Goshawk said:
@Skeith: I've seen that too actually, When the whole Verizon FiOS was new in this area, the installers were using DLink router/access points, and setting up the wireless completely open, and leaving it that way.

Anywhere i go i can hit at least 1 open Dlink access point... its very sad :/ I've tried to warn folks at the shop if they mention they have FiOS... and suggest logging into the router and locking it down.. but thats only a few people/week who shop for wireless goodies.


~ Gos
Click to expand...

The wireless AP Verizon put at my parents house was left wide open as well. I went there this past xmas when they just had it installed. Jeebus, that whole unit is ginormous that they put in. Even though my parents live in the woods, I still locked it down for them and turned off SSID broadcasting.
 
cradivonyk said:
The wireless AP Verizon put at my parents house was left wide open as well. I went there this past xmas when they just had it installed. Jeebus, that whole unit is ginormous that they put in. Even though my parents live in the woods, I still locked it down for them and turned off SSID broadcasting.
Click to expand...
Yeah without SSID broadcasting its hard to even tell its there without a profile.
 
Yeah without SSID broadcasting its hard to even tell its there without a profile.
Click to expand...

I broadcast my SSID, because a few of the laptops won't work as soon as I shut it off, and it really doesn't matter. I don't care if people know about it, it's protected enough that they can't get in. Anyone who would stand any chance of getting by the security I have in place isn't going to be stopped by lack of an SSID broadcast.
 
You must log in or register to reply here.

Similar threads

F
Pihole Build Thread - A Complete Walkthrough
Replies
2
Views
645
freakdiablo
F
habbajabba
Mullvad VPN
Replies
2
Views
1K
EarthDog
EarthDog
don256us
T32 EOC WIR 19Feb21: Not how much... but *if*.
Replies
3
Views
653
bmwbaxter
bmwbaxter
gregmacknass
MSI GE72 2QD 120hz panel upgrade
Replies
0
Views
669
gregmacknass
gregmacknass
don256us
T32 EOC WIR 18Jun21: 2 Billion! WOOT!
Replies
2
Views
857
dfonda
dfonda
Back