Date: Mon, 22 Apr 2013 14:25:30 -0400 From: Michael Powell <nightrecon@hotmail.com> To: freebsd-questions@freebsd.org Subject: Re: Home WiFi Router with pfSense or m0n0wall? Message-ID: <kl3vao$hbt$1@ger.gmane.org> References: <CAHieY7S9b9F1jndpkR2Drw=GCoBxmEWRs6Ot8MRjjQFH=xmHQQ@mail.gmail.com> <kl0qu9$ovo$1@ger.gmane.org> <CAHieY7SSbO%2Bwt68PeFLYDzAtqMnR0kJ3UakOjvLkSMzVA31LbA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Alejandro Imass wrote: > On Sun, Apr 21, 2013 at 9:52 AM, Michael Powell <nightrecon@hotmail.com> > wrote: >> Alejandro Imass wrote: >> >>> Hi, >>> >>> I'm looking to replace the piece of crap 2wire WiFi router that gets >>> crakced every other day for something with pfSense or m0n0wall >> >> Not sure what you mean by 'cracked' here. If you are meaning that someone >> is using aircrack-ng to break your Wifi authentication key a firewall >> won't do much to stop this. >> > > I use mac address authentication plus wpa2 psk and yet they are still > able to connect so it seems that 2Wire's routers are an insecure piece > of crap and they are full of holes and back-doors. Just google 2wire > vulnerabilities or take a look at this video > http://www.youtube.com/watch?v=yTtQGPdSIfM With Kismet able to place a wifi unit into monitor mode you can quickly get a list of everything in the vicinity, including all the MAC addresses of devices connecting the various access points. You can then clone your unit's MAC address to match one in the list. Even though I do use it, MAC access lists are very easy to get around and will only stop those who do not know how to do this. Even in passive mode, without using active attack to speed things up I can crack a WEP key in 45 minutes easily. Doing this passively doesn't expose you. The time it takes depends on how busy the access point is. An active attack can break WEP in 2-3 minutes, or less. I've seen it done between a minute and a minute and a half. Most consider the answer to use WPA2, which I do use too. Many think it is 'virtually' unbreakable, but this really is not true; it just takes longer. I've done WPA2 keys in as little as 2-3 hours before. > Look at how many ISPs world-wide use 2wire. Makes you wonder if ISPs > use these crappy routers on purpose to get some more revenue from cap > overruns. > Really these WEP/WPA2 protocols are not providing the level of protection that is truly necessary in this modern day. You can keep out script kiddies and people who don't have skill, but people who know what they are doing are only slowed down. The ISPs are seemingly more interested and concerned with protecting Big Media Content's DRM schemes. They have a monetary stake as they move in the direction of deals with 'Big Media', less so the incentive to do more for their retail Internet-access customer. And don't even me started on the advertising industry run-amok. :-) -Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?kl3vao$hbt$1>