Confused with WPA

Hiya everyone, i have with great intrest been reading up in this forums and i keep hitting a stumbling block.

Thanks to the great video tutorials of exploitz i have been learning a shedload about both linux and wireless.

My aim was to see how secure i could make my network so with that in mind i wanted to see if i could piggyback onto my wireless.

I have 2 routers a D-Link Series and an edimax Router.

The edimax "bridges" them so i have a greater range and thats why i wanted it to be more secure.

So i was able to trounce WEP 64 bit and 128bit with great ease [ well actually it took a day and a half of forum reading - but to go from never used linux to destroying my network in 36 hours i thought made it too easy and vunerable]

So i attempted to give the WPA a test run. Now i was relatively happy with the SSID i have chosen [ and like exploitz mentions i dont broadcast it ] and i have set a large alphanumeric password.

The thing that puzzles me is that in all the videos i have seen the WPA is ripped apart in a matter of mins by cowpatty - which worrys me a little :-s

Now i dont want to create fort knox here but i just wondered if you guys created your own wordlists or if there was a specific one out there [ so i could alter the passphrase to something thats not in it ]. would it be safe to assume for example that a passphrase like:

<<--=m1_n3Tw0RK=-->>

would not be on a generic list? what advise would you give?

Thanks in advance

I beleive they are using pre-compiled, pre-salted wordlists that have the salts of the most popular essid's already "pre-compiled" with the normal words thus speeding up the cracking.

I beleive these pre-salted wordlists were available on churchofwifi.org, however that site has been down whenver I try.

I think it is about 7GB...


When I was researchig this myself, I noticed some people offering to burn DVDs (presume dual layer), if not, then I guess the wordlists have been split up (which is still handy).

anyway, I would be willing to pay to cover "labour" & postage for such a worldlist DVD.

I would prefer to download but i'd rather shoot myself in the face than download anything > 50MB on public torrent.

Please correct me if am mistaken in my information ;)

Your sort of correct. The lists on church of the wifi and now you can link off the cowpatty site are 33 gigs and the are precomputed rainbow tables of the 100 most common essids. Also if you are refering to the backtrack3 teaser video he is also using a pico chip which I am currently reasearching. It speeds up your algorithm proccess by a whopping 6X. I am currently looking in to buying one but the support is slim right now. I am awaiting a reply from the main developer at the company with a list of supported open source software. It also costs about 800 bucks.

Well - if their is a predetermined list then i reckon i will be hard pressed to find a "uncrackable" pass-phrase - guess i just have to make it longer and harder for em - hopefully they will give up on mine and go to an "easier" target.

Another problem i have come across whilst defeating my network is that i have a dual router configuration and as such i always have an AP and a client. As far as i have read this means that its a piece of urine to get a hand-shake from my network :(

Is there a way of making the second routers mac addy dissapear of the face of the planet? [apart from turning it off i mean]

If i set it to clone the mac of the first AP giving the illusion of one AP would that work? I think i may have to accept that my network is vunerable but i want to make it as hard as possible for any oiks trying to break in. i mean i thought mac filtering was secure but again i have seen its possible to spoof a Mac addy.

Also what about the possibility of disabling DHCP and setting the main network on a weird ip range instead of the old 192.168.x.xxx - would that make it more robust or is that no problem to overcome?

[I cant go to WPA2 due to hardware limitations, which is a bugger]

the cowpatty site has a link to churchofwifi, but going to churchofwifi (for me) returns a 403.6 error

Code:

---

HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.
Internet Information Services (IIS)

---

:(

The tables are hosted as a torrent somewhere due to bandwidth issues. I'm not sure where. some one else may know.The tables were being hosted here but i cant seem to find the 40 gig one from church of wifi

Quote:

---

Is there a way of making the second routers mac addy dissapear of the face of the planet? [apart from turning it off i mean]

If i set it to clone the mac of the first AP giving the illusion of one AP would that work? I think i may have to accept that my network is vunerable but i want to make it as hard as possible for any oiks trying to break in. i mean i thought mac filtering was secure but again i have seen its possible to spoof a Mac addy.

Also what about the possibility of disabling DHCP and setting the main network on a weird ip range instead of the old 192.168.x.xxx - would that make it more robust or is that no problem to overcome?

[I cant go to WPA2 due to hardware limitations, which is a bugger]

---

Is there anyway of making the above more secure? Or am i barking up the wrong tree?

Choose "63 printable ASCII characters"

Quote:

---

http://umbra.shmoo.com:6969/torrents...98B735058B30D7

---

Thats the torrent you want. ;)

Thanks for the torrent to the wordlist Xpolitz.

Can i ask what your opinion is on the problem of me "always having a client" on my network due to the dual router setup - is there a way to hide it?
The least i can try to do is make it more difficult to obtain the handshake, as i have the password covered - its massive now and full of random shapes and squiggles [ watch me balls that up then lol ]

And can i just say thanks to everyone who has posted - its been very insightful - especially the church of wifi link - it made intresting reading