Chances are, if you are being attacked by someone who has the know-how to get past WPA, they will most likely spoof their MAC when they connect anyway, to avoid detection in your router's logs (by a possible failed MAC filter pass).
Kismet, in particular, excels at this with its AP "clients" view which lists, among other things, client MAC addresses.
Spoofing your MAC address (in Linux) is as simple as this:
bt ~ # ifconfig ath0 hw ether AA:BB:CC:DD:EE:FF bt ~ # ifconfig ath0 up bt ~ # ifconfig ath0 ath0 Link encap:Ethernet HWaddr AA:BB:CC:DD:EE:FF UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:26 errors:0 dropped:0 overruns:0 frame:0 TX packets:1 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1092 (1.0 KiB) TX bytes:590 (590.0 b)
You know how to break weak WPA-PSK keys. Now make sure that it doesn't happen to you by using two simple techniques.
Use long and strong passphrases!
The longer and more random the password, the better. A WPA key is a computer passphrase, and by that I mean that the computer is the one that has to remember it. All you have to do as the user is type it in once and you're ready to go.
So, generate a very long, random passphrase, write it down and put it in a not-so-obvious place. Writing down a passphrase is normally a cardinal sin for security. But in a SOHO setting, it's a reasonable tradeoff between security and convenience.
Frankly, you're much more susceptible to wireless pirates parked outside your apartment (or next door) using the tools I've just described than you are to someone socially-engineering your wife into giving out your wireless LAN key. And even then, wouldn't it be nice if the key took a half-hour for her to read over the phone, giving you a chance to step in and save the day?
So, generate a nasty, long computer passphrase, write it down on a sticky-note, enter it in your router and clients, then stick that sticky-note someplace secure (not to the top of the router!)
Change your SSID
Since the key is salted with the SSID, it makes sense to change your AP's SSID to render the precomputed hash tables useless (assuming you change it to something non-obvious). This forces the attacker to start from square one by either generating a hash table or using just a straight dictionary attack.
So, now you know how crackers can attack wireless networks that use weak WPA / WPA2 PSK keys and the simple countermeasures that you can take to ensure that it doesn't happen to you.
With a strong, long key and good security practices, a wireless LAN secured by WPA / WPA2 is definitely not an easy target.
Discuss this in the Forums
声明:本网页内容旨在传播知识,若有侵权等问题请及时与本网联系,我们将在第一时间删除处理。TEL:177 7030 7066 E-MAIL:11247931@qq.com
Copyright © 2019-2024 51dongshi.com 版权所有
违法及侵权请联系:TEL:177 7030 7066 E-MAIL:11247931@qq.com 本站由北京市万商天勤律师事务所王兴未律师提供法律服务
