Anyone hack their Linksys or other router?

[Yuri_Rage]

I'm a pretty big technodork, but I totally don't understand the thrill of driving around just to steal a (likely crappy) wireless signal from some poor schmuck. I have a cable connection with decent bandwidth available right here at home. I have no need (or desire) to go park on a side street somewhere, giggling like a schoolgirl, while I surf the web on someone else's dime.

Also, I have no problem at all with routers that are set up for wireless connectivity right out of the box. They are useful. People want convenient ways to be "connected," and wireless routers provide that. Just because the average Joe isn't savvy enough to create a bulletproof network doesn't mean that he should be chastised for setting up a simple one, nor does it mean that he should avoid it because he's "way too undereducated on the subject to be setting up a network." Most routers ship with warnings about security as well as some simple directions for creating a more secure home network. And you people who ARE savvy enough to steal from the average Joe should be helping, rather than driving around stealing (even if it's "legal," it's pretty damn immoral). Leave Joe alone.

Ok, off the soap-box.

I really like DD-WRT for Linksys routers (especially the older versions), and there are some really neat hacks for creating some very powerful network tools out of a cheap router. I haven't done much physical tinkering with the WRT series, though I did make a JTAG cable to de-brick a V1 not long ago. It worked VERY well.

 

[CodeRage]

I run DD-WRT on my work and home router. I love it, I have had no problems with either of them. Very Happy with them

 

[Kevin Dean]

And your wrong in one respect. You don't have to break the law to be convicted either. You can get hosed over by a computer illiterate judge/jury and still end up in deep crap.

Touche! The entire government monopoly on the so-called justice system is crap, and you're quite right!

so to be a post whore I found one such article

Okay, so, I take it back...

won't speak the the ethics of wardriving OR the court people's rulings

BULLS***! Complete and utter crap!

 

[Buford]

I have three Linksys WRT54GLs at home. The primary router is running Tomato, and it's way better than the stock firmware. Putting it on the router is simple. One of the other two routers is an alt network running OpenWRT with CoovaAP so visitors can connect to the internet with a simple web page login, but it keeps them off my primary network. The third one is not being used as a router, but is instead a small file server with a 4GB MMC card in it, running a customized build of OpenWRT.

Pics of the hardware mod: http://brother-buford.livejournal.com/25272.html

As a side note, I run BeerSmith off of the router, as all the computers in the house are on wireless and have a tendency to drop connection or freeze up when I least expect it. The fileserver box is wired and is always there.

 

[EdWort]

I use Tomato on my Linksys router. It works great as it allows me to shut down my son's internet access at 9:00 PM while still giving him access to the network printer 24/7.

Between Netnanny and the router software, Ive pretty much locked down what the boy has access to (as anyone with a 13 year old son will find out).

 

[Philip1993]

Huh, interesting. I'm assuming you can only scam bandwidth from the suckers who don't use WEP encryption?

WEP has huge flaws and can be broken in seconds. WPA2 is a different story....

turn off sid broadcasting
use the router to prevent other computers access by allowing the mac address's.

Unfortunately, it's not that simple. When you capture packet data (sniff) you see all the macs in use. Just pick one.

set static ip's and only allow them.

That sounds good, but you cannot deny a client based on how he got his addy. Even if you may choose not hand out addresses vis DHCP, someone only needs to spend about 3 seconds looking at your addys being used to determine which free IP I need to pick for myself.

use a hard password such as something like this
&u1G#4bW

Good practice, and I prefer a 20+ char passphrase. However, unless you are using a secure encryption like WPA2, the strength of your passphrase is irrelevant. Flaws in the encryption algo itself will allow the passphrase to be decoded.

If you wanna be secure, use employ WPA2 (not the WPA built into XP, you need a MS patch to enable WPA2) and a nice long passphrase.

Or do what I do and have a secure wireless connection and an insecure one that accesses only the internet. I don't want to fuss with configuring "guest" laptops, PSP's, etc. And truthfully, what do I care if some guy stops in front of my house and spends 3 minutes hitting google maps or sends an email... Now if you live in an apartment that may be a problem. But if your in a multi-family and using WEP, chances are you're already sharing your connection...

Pen25, here's a good read on how not to do wireless security: http://blogs.zdnet.com/Ou/?p=43

Philip

 

[zoebisch01]

Speaking of security, go here :

www.grc.com

 

[olllllo]

 

[98EXL]

I will say (when I started this thread) that the version 2 over version 5 that I hacked, v2 is a little bit faster according to speed tests done over the past few days.

I still wanna check out tomato and openwrt...have at least one more virgin router to hack

 

[pen25]

Oh no, we can scam it from WEP'ers to. WPA2 is a different story....



Utter waste of time. When I sniff, I know all your macs. I just need to pick one.



Again, uUtter waste of . 1st, You cannot deny a client based on how he got his addy (and you don't know how anyway). 2nd, you may choose not hand out DHCP addresses, but that just means I have to spend about 3 seconds looking at your addys to determitimene which free IP I need to pick for myself.



Good practice, and I prefer a 20+ char passphrase. However, unless you are using a secure encryption like WPA2, your passphrase is irrelevant. Flaws in the encryption algo will allow it to be reversed in minutes.

If you wanna be secure, use employ WPA2 (not the WPA built into XP, you need a MS patch for WPA2) and a nice long passphrase.

Or do what I do and have a secure wireless connection and an insecure one that accesses only the internet. I don't want to fuss with configuring "guest" laptops, PSP's, etc. And truthfully, what do I care if some guy stops in front of my house and spends 3 minutes hitting google maps or sends an email*... Now if you live in an apartment that may be a problem. But if your in a multi-family and using WEP, chances are you're already sharing your connection...

Pen25, here's a good read: http://blogs.zdnet.com/Ou/?p=43

Philip

* - Yes, I know he could send a death threat to the president and it would be traced back to my address. But statistically, the odds of that happening are pretty slim and the odds of proving it was me that sent it are even slimmer.

oh no the password i was talking about was the router itself not the passphrase. if you want to really be secure or at least allot more secure use rsa authentication. ;-) not to hard to implement in a server environment. as far as mac authentication/limits turning off dhcp changing the default #'s of clients or max clients authentication portals. all those tings are ment to keep the average person out of the network. doesnt mean it cant be broke. just like a house alarm. most will pass up your house if you have a sign up. because who wants to mess with an alarm?

if you have ssid broadcast turned off just means it would detect an unknown access point. if you change the ip base and range it makes it harder to find the right addresses to use. for me i can use this example. i have 10 clients at the house. 6 wired 4 wireless. i have used the linksys to only allow those 10 clients. they are all static. any others can access but all routes to 127.0.0.1 so you would have to kick one of the other computers off line to gain its ip or go through all the ip's to see if any others can access. the router had a 10 character password that is randomly generated including all characters/symbols on the keyboard. from there i have a server that uses rsa authentication to the network. again someone can still break in but it would be something that the average person would skip over and move on to another location.

 

[Philip1993]

as far as mac authentication/limits turning off dhcp changing the default #'s of clients or max clients authentication portals. all those tings are ment to keep the average person out of the network. doesnt mean it cant be broke. just like a house alarm. most will pass up your house if you have a sign up. because who wants to mess with an alarm?

Actually, that was the point of my original message. It's a false sense of security. Anyone who knows how to configure wireless clients knows how to defeat it. In today's world, that means you're not even keeping out most average users. And since the person outside your house is wardriving, you can bet they know how to configure a client.

WiFi can be secured, but please don't give yourself a false sense of security by employing methods that don't increase your security. Just switch to WPA2-PSK and use a nice long, difficult hard passphrase. Problem solved (for now...)

if you have ssid broadcast turned off just means it would detect an unknown access point.

Not actually. The SSID is prsent in a number of the data packets. Disabling SSID just prevents the intentional advertisment packetS and does NOTHING to the others (and hence prevent SSID detection). I'm not sure why that option was even added. Try it yourself. Disable SSID and see how long it takes you to pickup the SSID.

if you change the ip base and range it makes it harder to find the right addresses to use. for me i can use this example. i have 10 clients at the house. 6 wired 4 wireless. i have used the linksys to only allow those 10 clients. they are all static. any others can access but all routes to 127.0.0.1 so you would have to kick one of the other computers off line to gain its ip or go through all the ip's to see if any others can access.

Changing the base/range: Technically, it does make it harder. But only if you consider 5-10 extra seconds "harder" Seriously, I would find it MORE trouble to drive to the next house than to sniff/log your IP's. Think about how TCP/IP conversations work. You see every machines IP and that of all it's conversational partner(s) every time it sends or receives a message (a few hundred times a second). You CANNOT hide those IP's from anyone and remain on the net. And I don't need your range/mask (see below), just a single addy.

And I don't even need to kick you off. When I take your IP address it creates a conflict. If I set my client to ignore that conflict and then out talk you, YOU LOSE. NOTHING you can do to prevent that. It's a design feature/flaw in IP. No special skills required.

the router had a 10 character password that is randomly generated including all characters/symbols on the keyboard. from there i have a server that uses rsa authentication to the network. again someone can still break in but it would be something that the average person would skip over and move on to another location.

That is true. But the topic was stealing access, not breaching your network/servers. That's a whole different discussion that requires a very different skill set.

EDIT: I just changed a bit of this post and the first because I sounded pretty much like an a**hole. My apologies to Pen25, et.al. That wasn't my goal. I was just trying to emphasize strongly that these methods are commonly passed along as valid, and they look good on the surface, but the reality is that they just don't enhance security. In fact, they may in fact *decrease* security by creating a false sense of security and causing people to overlook other viable options.

 

[98EXL]

my buddy just got a Dell half rack...we are trying to figure out what to put into it now

 

[pen25]

Actually, that was the point of my original message. It's a false sense of security. Anyone who knows how to configure wireless clients knows how to defeat it. In today's world, that means you're not even keeping out most average users. And since the person outside your house is wardriving, you can bet they know how to configure a client.

WiFi can be secured, but please don't give yourself a false sense of security by employing methods that don't increase your security. Just switch to WPA2-PSK and use a nice long, difficult hard passphrase. Problem solved (for now...)




Not actually. The SSID is prsent in a number of the data packets. Disabling SSID just prevents the intentional advertisment packetS and does NOTHING to the others (and hence prevent SSID detection). I'm not sure why that option was even added. Try it yourself. Disable SSID and see how long it takes you to pickup the SSID.




Changing the base/range: Technically, it does make it harder. But only if you consider 5-10 extra seconds "harder" Seriously, I would find it MORE trouble to drive to the next house than to sniff/log your IP's. Think about how TCP/IP conversations work. You see every machines IP and that of all it's conversational partner(s) every time it sends or receives a message (a few hundred times a second). You CANNOT hide those IP's from anyone and remain on the net. And I don't need your range/mask (see below), just a single addy.

And I don't even need to kick you off. When I take your IP address it creates a conflict. If I set my client to ignore that conflict and then out talk you, YOU LOSE. NOTHING you can do to prevent that. It's a design feature/flaw in IP. No special skills required.



That is true. But the topic was stealing access, not breaching your network/servers. That's a whole different discussion that requires a very different skill set.

EDIT: I just changed a bit of this post and the first because I sounded pretty much like an a**hole. My apologies to Pen25, et.al. That wasn't my goal. I was just trying to emphasize strongly that these methods are commonly passed along as valid, and they look good on the surface, but the reality is that they just don't enhance security. In fact, they may in fact *decrease* security by creating a false sense of security and causing people to overlook other viable options.

its all good. to be honest you are right. but as you said most wont even turn security on. wpa2 is the way to go IMHO and i just configured a friends network for her in an apt. and i did use wpa2. i just have to spend the time one day in changing over to wpa2 at the house. ;-)

 

[pen25]

my buddy just got a Dell half rack...we are trying to figure out what to put into it now

a couple 2620 routers a 2900xl switch and a couple home brew rack mount servers running what ever flavor you want like sme or clarkconnect ;-)

 

[BigNick73]

Since ya'll on on the security topic be sure and password or deactivate all user accounts. Main one that comes to mind is Administrator on XP Home. It's active with no password by default, I've run across this several times when "borrowing" some bandwith. Usually leave a note on the desktop for em but it leaves EVERYTHING on their computer open if I'm on the network.

 

[98EXL]

a couple 2620 routers a 2900xl switch and a couple home brew rack mount servers running what ever flavor you want like sme or clarkconnect ;-)

That's kinda what we are thinking actually

 

[jameswardpeterson]

Oh yea.
DD-WRT FTW please.
I had it on my old linksys and it made everything so much easier, havnt gotten around to putting it on my new one.
I was trying to set up my laptop for wardriving with Kismet and AirCrack but it turned out my wireless card had all of its settings hardwired, no way for me to observe all the traffic.

 

[98EXL]

I was trying to set up my laptop for wardriving with Kismet and AirCrack but it turned out my wireless card had all of its settings hardwired, no way for me to observe all the traffic.

your card pwn3d yo0!!!!!111111shiftoneshift1

ROFL, sorry had to do it

 

[Kauai_Kahuna]

Thank you all - This is why I have a job.
In my workspace all wireless is banned for life, no transmitters at all, no flash drives etc. Same at home for me.
By the time they come out with a standard that uses encryption light enough for wireless, others have already come up with ways to crack it.
If you use wireless, use SSH2 and tunnel through it, and only allow your IP through, then monitor it. Any usage that is not you, "You've been hacked".
On a side note, with the big hole in DNS now, ensure any site you go to that has your personal info via certificates.
Man in the middle and misdirection are going to come back in a big way.
Take care all.

 

[Nova5]

Huh, interesting. I'm assuming you can only scam bandwidth from the suckers who don't use WEP encryption?

WEP is about as easy to break as wet toilet paper.

 

[Nova5]

Thank you all - This is why I have a job.
In my workspace all wireless is banned for life, no transmitters at all, no flash drives etc. Same at home for me.
By the time they come out with a standard that uses encryption light enough for wireless, others have already come up with ways to crack it.
If you use wireless, use SSH2 and tunnel through it, and only allow your IP through, then monitor it. Any usage that is not you, "You've been hacked".
On a side note, with the big hole in DNS now, ensure any site you go to that has your personal info via certificates.
Man in the middle and misdirection are going to come back in a big way.
Take care all.

WPA is pretty much impenetrable for the most part. If use use a totally random jibberish password of the kind heKDT.XZZAJ*^$(85T56KNfd#LOHG%6U8iUY6R^75

Your connection won't be broken into without extremely long brute force attacks. Long enough you'd notice the gimp parked outside for weeks.


Anyhow, Secure your WPA system with RADIUS and they are going to have an even harder time getting in. I use a RADIUS system with certificate based security authentication. By the time they crack it, a few years at best, I'll have gone through a few more certificates. WPA is right now a very stout encryption method when backed with non-dictionary passwords or a RADIUS server.

WPA's first stage is in open unenrypted signal, but a temp key is used to secure it and sends the new encryption key in the encrypted channel. With certificates, no key is sent in the clear. a encrypted certificate is sent over the open channel. This when accepted encrypts the channel and begins rotating the security key every hour or whenever the user set it to.

Yea... good luck to anyone wanting access.

 

[Nova5]

okay... Similar threads function sucks when it pulls up such old things!

 

[RonRock]

I loaded DD-WRT on a Linksys use it as a Bridge or Repeater (don't remember which right now) for my BCS 460 soon to be installed into my brewery.

Want to learn more about how to make a landing page for a hotspot for another project. Studied Chiliespot a bit, but it looks a little over my head. Any suggestions? I see Coova mentioned here. Is this something I can set up and admin easily?