Home WiFi Router with pfSense or m0n0wall?
Michael Powell
nightrecon at hotmail.com
Mon Apr 22 18:25:51 UTC 2013
Alejandro Imass wrote:
> On Sun, Apr 21, 2013 at 9:52 AM, Michael Powell <nightrecon at hotmail.com>
> wrote:
>> Alejandro Imass wrote:
>>
>>> Hi,
>>>
>>> I'm looking to replace the piece of crap 2wire WiFi router that gets
>>> crakced every other day for something with pfSense or m0n0wall
>>
>> Not sure what you mean by 'cracked' here. If you are meaning that someone
>> is using aircrack-ng to break your Wifi authentication key a firewall
>> won't do much to stop this.
>>
>
> I use mac address authentication plus wpa2 psk and yet they are still
> able to connect so it seems that 2Wire's routers are an insecure piece
> of crap and they are full of holes and back-doors. Just google 2wire
> vulnerabilities or take a look at this video
> http://www.youtube.com/watch?v=yTtQGPdSIfM
With Kismet able to place a wifi unit into monitor mode you can quickly get
a list of everything in the vicinity, including all the MAC addresses of
devices connecting the various access points. You can then clone your
unit's MAC address to match one in the list. Even though I do use it, MAC
access lists are very easy to get around and will only stop those who do not
know how to do this.
Even in passive mode, without using active attack to speed things up I can
crack a WEP key in 45 minutes easily. Doing this passively doesn't expose
you. The time it takes depends on how busy the access point is. An active
attack can break WEP in 2-3 minutes, or less. I've seen it done between a
minute and a minute and a half.
Most consider the answer to use WPA2, which I do use too. Many think it is
'virtually' unbreakable, but this really is not true; it just takes longer.
I've done WPA2 keys in as little as 2-3 hours before.
> Look at how many ISPs world-wide use 2wire. Makes you wonder if ISPs
> use these crappy routers on purpose to get some more revenue from cap
> overruns.
>
Really these WEP/WPA2 protocols are not providing the level of protection
that is truly necessary in this modern day. You can keep out script kiddies
and people who don't have skill, but people who know what they are doing are
only slowed down.
The ISPs are seemingly more interested and concerned with protecting Big
Media Content's DRM schemes. They have a monetary stake as they move in the
direction of deals with 'Big Media', less so the incentive to do more for
their retail Internet-access customer. And don't even me started on the
advertising industry run-amok. :-)
-Mike
More information about the freebsd-questions
mailing list