deano87
Member
Registered: 21st Oct 06
Location: Bedfordshire Drives: Ford Fiesta
User status: Offline
|
Finally got broadband sorted in the new house. Opted for Plusnets standard Unlimited 17mbps service.
We live on a busy main road where there are quite a few WiFi hotspots. Quite easy for someone to park up outside and try and hack.
Should we think about changing the wireless name and/or password to something completely unique, as opposed to that which Plusnet provides?
|
Aaron
Member
Registered: 9th Aug 04
Location: Cottingham, East Riding
User status: Offline
|
Yes.
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
As long as its WPA it doesn't really matter what the ssid and key are, unless they send them all out with the same one, which I doubt.
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
as John says, they wont be the same, the ssid and password will be generated at Plusnet based on some variables I imagine. Dont worry.
|
Steve
Premium Member
Registered: 30th Mar 02
Location: Worcestershire Drives: Defender
User status: Offline
|
No offence but who the fuck is going to want to sit outside your house in their underpants trying to hack into your wireless
|
Brett
Premium Member
Registered: 16th Dec 02
Location: Manchester
User status: Offline
|
|
Rob_Quads
Member
Registered: 29th Mar 01
Location: southampton
User status: Offline
|
If you are that worried about someone getting onto your wifi I hope you have all your hard drives and documents with full encryption.
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
quote:
Originally posted by John
As long as its WPA it doesn't really matter what the ssid and key are, unless they send them all out with the same one, which I doubt.
WPA can still be cracked (bruteforce attack anyway) and most ISPs supply them with short passwords (my VM account used a 5 character password that could easily be broken within half a day), hence why you're better off changing the password to something that is reasonably long (15+ characters etc) - time taken for a bruteforce attack against a password https://www.grc.com/haystack.htm.
quote:
Originally posted by Rob_Quads
If you are that worried about someone getting onto your wifi I hope you have all your hard drives and documents with full encryption.
To suggest someone should use disk encryption for changing a password makes you look a bit of a tool Rob 
For something that takes 10 seconds to change, it's a bit of a no-brainer if it makes your AP vastly more secure.
[Edited on 18-07-2014 by Dom]
|
ed
Member
Registered: 10th Sep 03
User status: Offline
|
I've just have SSID broadcast disabled on mine. Don't really need it enabled once you're connected 
But TBH, who's going to actually try and hack into your WiFi? If you're that worried about security you wouldn't be using it.
|
Rob_Quads
Member
Registered: 29th Mar 01
Location: southampton
User status: Offline
|
quote:
Originally posted by Dom
quote:
Originally posted by Rob_Quads
If you are that worried about someone getting onto your wifi I hope you have all your hard drives and documents with full encryption.
To suggest someone should use disk encryption for changing a password makes you look a bit of a tool Rob
For something that takes 10 seconds to change, it's a bit of a no-brainer if it makes your AP vastly more secure.
[Edited on 18-07-2014 by Dom]
So what is changing the AP name really going to achieve? Instead of it being Sky3856837 its now going to be called MyAP
Even if you hide the SSID it still doesn't really do anything. If your AP is locked down with a password then thats enough to discourage any casual person trying to hack your wifi. If they are not the casual person they will be running a scanner anyway which will still pick up the hidden SSID.
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
quote:
Originally posted by Rob_Quads
So what is changing the AP name really going to achieve? Instead of it being Sky3856837 its now going to be called MyAP.....
I mentioned changing the WPA password (specifically, lengthening it to reduce bruteforce attacks) not the SSID, Rob.
|
ed
Member
Registered: 10th Sep 03
User status: Offline
|
One other point to remember - CHANGE YOUR ROUTER ADMIN PASSWORD! The Sky routers all used to have the password of 'netgear1' (or something) and TalkTalk have the really creative 'password' securing them. It's quite easy to have shenanigans if you get onto someone's network 
|
Rob_Quads
Member
Registered: 29th Mar 01
Location: southampton
User status: Offline
|
quote:
Originally posted by Dom
quote:
Originally posted by Rob_Quads
So what is changing the AP name really going to achieve? Instead of it being Sky3856837 its now going to be called MyAP.....
I mentioned changing the WPA password (specifically, lengthening it to reduce bruteforce attacks) not the SSID, Rob.
The original poster was talking about changing the SSID thus my comment saying its not needed
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
quote:
Originally posted by Rob_Quads
.... thus my comment saying its not needed
Can you point me/us to this comment? Because the only one i see is your sarky response of using disk encryption to someone simply wanting to improve the security of their AP 
Ed - Definitely! Especially if your modem/router has flaws like the VM Superhub where it (did; they might have fixed it) drops the WiFi security during bootup and where it's reasonably straight forward to force a remote reboot
|
Rob_Quads
Member
Registered: 29th Mar 01
Location: southampton
User status: Offline
|
quote:
Originally posted by deano87
Should we think about changing the wireless name
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
Not what i asked; where's your comment 'saying its not needed'?
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
quote:
Originally posted by Dom
WPA can still be cracked (bruteforce attack anyway) and most ISPs supply them with short passwords (my VM account used a 5 character password that could easily be broken within half a day), hence why you're better off changing the password to something that is reasonably long (15+ characters etc) - time taken for a bruteforce attack against a password https://www.grc.com/haystack.htm.
Unless something has changed since I last read about it, you won't be doing 1000 guesses per second brute forcing a WPA password.
Only had a couple of minutes but just checked the status of rainbow tables for WPA. Because the hash is generated based on SSID and SSID length, they don't exist for every single possible SSID. If your SSId is plusnet178765689 it won't be there.
I think he's pretty safe.
[Edited on 18-07-2014 by John]
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
quote:
Originally posted by John
I think he's pretty safe.
If the SSID is indeed random (and not the default from manufacturer, in which case there's likely to be an 'off the shelf' rainbow table) then yes, the SSID salted password makes a rainbow attack incredibly difficult. But considering majority of GPU's can easily achieve ~80-100K PMK/s, brute forcing it is still a possibility.
Either way my point was, for ten seconds work to change the password it's a bit of a no-brainer if you can make your AP vastly more difficult to crack.
Similarly, WPS should also be disabled as that can be circumvented fairly easily - usually can be broken within a few hours (certainly within a day) using Reaver.
[Edited on 19-07-2014 by Dom]
|
_Allan_
Member
Registered: 24th Mar 04
User status: Offline
|
quote:
Originally posted by Dom
https://www.grc.com/haystack.htm.
Cheers Dom 
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 7.66 hundred million trillion centuries
I hope he has brought plenty of clean pants.
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
Unrelated to the thread but related to grc.
I had read for years about how good spinrite was but never had to use it in anger.
Tried it once on a drive that I ended up taking to a proper data recovery place, he wasn't happy with me, said it had only made it worse.
|
deano87
Member
Registered: 21st Oct 06
Location: Bedfordshire Drives: Ford Fiesta
User status: Offline
|
|
deano87
Member
Registered: 21st Oct 06
Location: Bedfordshire Drives: Ford Fiesta
User status: Offline
|
For clarification I asked if I should change the router named and/or password
And not particularly worried about it being hacked, just didn't know if the standard stuff is easier to crack than something I could come up with.
So in short there is nothing to worry about?
Oh and the router username is admin but the password looks like it is random generated i.e. not password!
|
deano87
Member
Registered: 21st Oct 06
Location: Bedfordshire Drives: Ford Fiesta
User status: Offline
|
Actually, turns out the router password is the Serial Number, so changed it to something different.
|
Wrighty
Member
Registered: 28th Feb 04
Location: Howden
User status: Offline
|
If you were worried about security why opt for a provider supplied router/modem in the first place
|
Rob_Quads
Member
Registered: 29th Mar 01
Location: southampton
User status: Offline
|
Sorry if I was a bit abrupt - Not a great weekend so was rather short with a few other people too
Changing a password is always a wise move (just don't loose it otherwise it could cost you like it did us at work the other day lol - £5.5K to unlock a Solaris machine!)
|
