How can i stop someone using my wifi

toejumper

Thanks everyone for the reassurance to know someone hasn't got in through the router.

C_Mababejive

If your router supports MAC user IDs you could set this up.

RussJK

toejumper wrote: »

I have named everything that's using wifi tv printer and dd netbook so will see if anything untoward happens, is it a a good idea to turn the SSID broadcasting off though, will it affect anything in the house using the wifi

The only thing that this will hide it from are neighbours who casually look through the list of wireless networks. Still, this will stop you getting entries in the way that Hammyman describes so will give you less to worry about.

Shouldn't cause any problems, and if it does just change it back.

free4440273

OP: if s/he carries on then send them this too ! :

http://www.crayonline.com/smilies/irony.gif

(with thanks to OL ) //

Norman_Castle

just by chance i had a look at the devices setting on my modem and found someone has been using my wifi 1 unknown and a Jerald TOSH, had a look at my security and all seems to be fine, security key protected and password protection, so how did they manage to get in. I have now changed all the pass words and pass key, but if they manage to get in again how do i stop them.

Other than excess usage, how can you tell someone has used your wireless signal?

toejumper

I dont know for sure if they have used it, they were in my list of devices found in my modem settings, everything was named such as tv printer etc, so i know Jerald tosh and the unknown aren't any off my devices being used.

asbokid

I wouldn't trust WPA1 (and probably not WPA2). The pre-shared key (PSK) can be cracked using brute-force in reasonable time (i.e. a few days/hours) using the parallel stream processing units in a modern GPU.

With a decent wordlist, e.g. this one.. http://www.google.com/search?client=ubuntu&channel=fs&q=9-final-wordlist.zip&ie=utf-8&oe=utf-8&gl=uk ,the password crack could take just seconds, and it can be done offline.

The security of WPA-PSK is totally dependent on the security of the passphrase and on the implementation of the protocol. Cloaking the ESSID (WLAN network name) offers minimal advantage since there are tools to 'uncloak' the network name. This is done by spoofing a disassociation message from a client to force re-authentication. The ESSID is revealed in cleartext during that handshaking.

The PSK and ESSID are needed to derive the pairwise master key (PMK), and the PMK is used to create the pairwise temporal key (PTK) or master session key.

Once the PSK passphrase has been cracked, there is no authenticity, no privacy and no integrity between users of a network protected by WPA-PSK.

So that's not good news for those who rely on the wireless DLINK routers shipped by TalkTalk (and BT?) Those routers are shipped with ESSIDs that are derived from the last 6 octets of the router's MAC address. The PSK passphrase for these routers appears very secure, ostensibly being a string of 8 randomly-chosen alphanumeric characters.

H = log2 ((26+10)^8) = 41.4 bits of entropy which in theory needs an average of 2^40 guesses to crack (i.e. 1.4 trillion attempts).

However, the default passphrase is apparently obtained from a function of the MAC address, and that can be determined from the ESSID! Nil points for implementation.

mr_fishbulb

asbokid wrote: »

I wouldn't trust WPA1 (and probably not WPA2). The pre-shared key (PSK) can be cracked using brute-force in reasonable time (i.e. a few days/hours) using the parallel stream processing units in a modern GPU.

.........

The security of WPA-PSK is totally dependent on the security of the passphrase and on the implementation of the protocol.

Yes, but if you choose a long, strong, random passphrase then WPA1 PSK still isn't broken.

debitcardmayhem

Have you got uPnP enabled on your router ? If so I would get rid of it immediately.

asbokid

mr_fishbulb wrote: »

Yes, but if you choose a long, strong, random passphrase then WPA1 PSK still isn't broken.

Maybe, but in practice very few people do that...

Whenever there is a statistical analysis of password strength, it confirms that..

• most people use the default passphrase that was shipped with the device
• a small number of people will change the default password to one that they can readily remember,
• an even smaller number will use a password that is longer than 8 characters (the minimum size of a WPA-PSK passphrase)
• and an infinitesimally small percent of us will rely on a long, strong PSK that is neither a dictionary word, nor a common noun, nor a crude derivate of either.

Our weaknesses in choosing passwords are multiple.

• If the system requires us to generate a password that has at least 8 characters, most of us go on to choose one that is exactly 8 characters in size!
• We rarely use the full symbol set (i.e. few of us use the full range of 96 characters that we can type on a standard PC keyboard).
• We tend to use just one case (upper or lower) or at best, we capitalise the first character of a password.
• When forced to "use a password that includes numbers" we like to pad out our favourite password by appending the numeric digits 1,2,3!

There is a paper from NIST that addresses our total incapability at choosing strong passwords...

http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf

The weaknesses in 802.11i (WPA-PSK) were first noted nearly a decade ago, just a few months after the protocol was released to hastily plug the holes in WEP.

Several tools have since been developed to exploit those WPA flaws.

CoWPAtty was one of the first publicly-available tools to use a pre-compiled table of PMKs. It uses common default ESSIDs and a wordlist to brute-force crack the WPA passphrase, and it works offline.

pyrit then parallelised the computationally-intensive PMK-generation algorithm. This allows the keyspace to be broken down to exploit the SIMD architecture and the many streaming processor cores found in modern GPUs.

The wireless network hacker is always going to ask himself what is the wireless traffic worth to me? Is it worth the computational cost and time needed to crack the WPA passphrase? Probably not if the passphrase belongs to the family at number 23. But what price could you put on the WPA passphrase used to secure the office WLAN of Carter-Ruck Associates, the leading libel law firm to the stars?

The developers of pyrit offer a few general figures for the costing of a WPA crack..

"On traditional x86 hardware and in a naive solution we had to compute 3 billion Pairwise Master Keys for every network on the (ESSID) list which accumulates to 90 billion guesses; this takes around 28 years to compute or (at US$800 a box) about US$1.2 million to do within 7 days.

Given a cost of US$1300 for a box with (parallelised) CUDA-capable hardware and decent storage..this solution costs less than US$3000 to succeed in 7 days. Not only are we about 660 times faster – we are still about 400 times more cost-effective."

That was written in mid-2008 when the Radeon rv790 chipset with 800 streaming processor cores was state of the art. The bleeding edge GPU of today is the Radeon HD6990 with its Cayman XT chipset.

Radeon's twin-GPU, released in March 2011, has over 3000 cores each clocked at 850MHz and costs "just" $700. It should cut down the time for WPA cracking by 75%. Fit four of the GPUs in a PC, and it can crunch 90 billion PMKs in just a few hours.

http://wifinetnews.com/archives/2003/11/weakness_in_passphrase_choice_in_wpa_interface.html
http://wirelessdefence.org/Contents/coWPAttyMain.htm
http://code.google.com/p/pyrit/
http://www.amd.com/us/products/desktop/graphics/amd-radeon-hd-6000/hd-6990/Pages/amd-radeon-hd-6990-overview.aspx#3