Wifi Antennas

How do you propose to avoid MAC spoofing then?

 

How do you intend to ensure the network is entirely secure, given that you
don't know for sure the firmware of everything attached to the network is
entirely secure?

 

Hmmm. This is out of my depth. But I guess you cant sniff a network you
are not connected to. So if you dont know the WPA password etc
and the WAP wont speak to you. Can you still sniff packets on the
network?

Regards.

 

On Thu, 15 Aug 2013 15:55:16 +0100

Absolutely - the packets are winging their way through the ether to
anyone who has an antenna, just because your wireless card usually only
talks/listens to your WAP doesn't mean it can't listen to everything
else, "connected" or not. So you listen to someone authenticating to
their WAP, and having captured that dialogue you set about cracking the
encryption. That's still a brute-force attack. with no easy shortcuts -
use a strong passphrase and change the default SSID to something odd to
make this a long tedious job for the would-be hacker. Or use a
dictionary word for the passphrase, and a common SSID, to make it
relatively trivial to crack with a rainbow table, if you want to play at
honeypots.

 

You can sniff a network, get enough packets to crack the password and away
you go. And the MAC address will be easily available too, letting anyone
connect.

 

Ok, yes. The *whole* strength of WPA does depend on good passwords.
However your should very rarely have to type the pasword so
"makeitlongandmemorable". This is the style of WPA password I have used
for years, before SG 'discovered' it. Very simple, memorable. The only
current way to attack WPA encription is brute force and dictionary.

However I was wondering if my MAC address is WPA encripted or not?

 

On Fri, 16 Aug 2013 08:49:57 +0100

Nope - the source and destination MACs are included in plain text in
every packet.

 

Hmmm, so in summary. A hidden SSID and or locking down the list of
MAC address the WAP will talk to offers zero protection against
anybody with half a wit! Everything depend on the quality of your
WPA pasword and who knows it.

 

On Sat, 17 Aug 2013 09:05:54 +0100

Well, switching off SSID broadcast will make the WAP invisible unless
it's talking to someone, which adds a little "security by obscurity".
But once an Association Request dialogue has occurred, between a
legitimate wireless node and the WAP, a sniffer has the SSID and MAC.

 

the ultimate WiFi security fix is no wireless - use Ethernet cables.

a compromise that sometimes helps is using powerline networking.

 

... and shield them! (you did say "ultimate")

http://en.wikipedia.org/wiki/Tempest_(codename)

Which -- given the way that any such suggestion usually provokes howls
of outrage from the ham radio community -- is probably much more
amenable to eavesdropping! (you were quite right to say "compromise")

Cheers,
Daniel.