Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: How to Prevent Brute-Force Cracking?

  1. #1

    Question How to Prevent Brute-Force Cracking?

    What is the best way to prevent brute-force attacks on WPA/WPA2? (In home and centralized systems)

    Can routers be programmed to detect multiple failed login attempts and block the user? (Say after 5 failed login attempts, the MAC address can be blocked for 1 hour?) Can an alert be sent to the owner of the Access Point or system administrator that a brute-force attack is in progress?

    I suppose it would vary greatly depending on the firmware capabilities of the Access Point, and/or the system. Anyway, it's just a general question, any feedback is apreciated. Thanks..
    The link budget is not a problem, we intend on splitting the bill...

  2. #2
    Member M1ck3y's Avatar
    Join Date
    Jul 2008
    Location
    Lost in the darkness
    Posts
    72

    Default

    Brute force (in fact, it's more likely "dictionary attacks") against a WPA key is done offline. The principle is not to attempt many connexions with differents passphrases until you find the right one, but to capure a handshake and run a dictionary attack against it, locally. The handshake can be captured without sending any data in the air, just listening passively to your wifi network.

    The best thing you can do to protect yourself against this kind of attack is to set up a strong passphrase, and that's all.
    --~ Internet is in the air we are breathing, so it should be free for everyone. We'll get there, just wait and see... ~--

  3. #3
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by M1ck3y View Post
    Brute force (in fact, it's more likely "dictionary attacks") against a WPA key is done offline. The principle is not to attempt many connexions with differents passphrases until you find the right one, but to capure a handshake and run a dictionary attack against it, locally. The handshake can be captured without sending any data in the air, just listening passively to your wifi network.

    The best thing you can do to protect yourself against this kind of attack is to set up a strong passphrase, and that's all.
    Changing it often helps a lot as well.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  4. #4
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by radioraiders View Post
    What is the best way to prevent brute-force attacks on WPA/WPA2? (In home and centralized systems)
    Use a strong passphrase. Brute force attacks on WPA/WPA2 are dictionary attacks.

    Quote Originally Posted by radioraiders View Post
    Can routers be programmed to detect multiple failed login attempts and block the user? (Say after 5 failed login attempts, the MAC address can be blocked for 1 hour?) Can an alert be sent to the owner of the Access Point or system administrator that a brute-force attack is in progress?
    Most SOHO routers do not have that capability. However, you can turn off any remote capability. That way an attack can't come from the Internet side.

    If an attack is coming from the WLAN side, you've already had your encryption compromised, or a regular user is abusing the system and needs to be dealt with quickly.

    You can set up a Snort box to look for attacks.
    Thorn
    Stop the TSA now! Boycott the airlines.

  5. #5
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Thorn View Post

    You can set up a Snort box to look for attacks.
    A properly setup Snortbox can look for attacks on both sides of the network, just to clarify, not that you didn't know that Thorn, but others might not have.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  6. #6

    Default

    Quote Originally Posted by M1ck3y View Post
    Brute force (in fact, it's more likely "dictionary attacks") against a WPA key is done offline.
    Thanks for the info, I didn't realize brute-force attacks were done off-line
    Quote Originally Posted by Thorn View Post
    Use a strong passphrase. Brute force attacks on WPA/WPA2 are dictionary attacks..
    Since brute-force are "dictionary" attacks, then a string of random characters would be the strongest password? (ie: f1TjH&mC9) How could someone bruteforce a password like that? I guess there are some random-character generators that can just keep trying different series of characters and hope by luck it hits something?

    ...and adding a VPN on top of that would make any transmissions extremely hard to crack then?
    The link budget is not a problem, we intend on splitting the bill...

  7. #7
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by radioraiders View Post
    Since brute-force are "dictionary" attacks, then a string of random characters would be the strongest password? (ie: f1TjH&mC9)
    Yes, in essence.

    Quote Originally Posted by radioraiders View Post
    Since brute-force are "dictionary" attacks, then a string of random characters would be the strongest password? (ie: f1TjH&mC9) How could someone bruteforce a password like that?
    It can still be done. There are password lists that contains random characters. If you use anything below 12 characters, you're being foolish. Password lists containing from one to eight random characters are easy to find.

    WPA allows for up to 63 characters.

    Quote Originally Posted by radioraiders View Post
    I guess there are some random-character generators that can just keep trying different series of characters and hope by luck it hits something?
    There are password generators that use random characters.

    Quote Originally Posted by radioraiders View Post
    ...and adding a VPN on top of that would make any transmissions extremely hard to crack then?
    Yes.
    Thorn
    Stop the TSA now! Boycott the airlines.

  8. #8

    Default

    Thanks for the replies Thorn!
    One last question: approximately how long does a "password cracking program" take to run through say the english dictionary (using a modern computer, ie: 2Ghz CPU or similar)? ...and what is the most popular program used?
    The link budget is not a problem, we intend on splitting the bill...

  9. #9
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by radioraiders View Post
    Thanks for the replies Thorn!
    One last question: approximately how long does a "password cracking program" take to run through say the english dictionary (using a modern computer, ie: 2Ghz CPU or similar)? ...and what is the most popular program used?
    Look up cowpatty, and aircrack.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  10. #10
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by radioraiders View Post
    Thanks for the replies Thorn!
    One last question: approximately how long does a "password cracking program" take to run through say the english dictionary (using a modern computer, ie: 2Ghz CPU or similar)? ...and what is the most popular program used?
    That is highly dependent on the program, the password file*, the manner in which it works, the computer, and the RAM.

    CoWPAtty can take several hours to run in the real-time mode. It will run on the order of 40-50 passphrases/second.

    On the other hand, if you are using coWPAtty with pre-hashed WPA keys with a known SSID, it will run up to about 64,000 words per second. I've personally seen it break a WPA plain English passphrase in less than 10 seconds. That is NOT counting the time it takes you to prehash the keys and SSID.

    Theprez98 ran a time trade-off test detailed in this thread, which I'd suggest reading.

    In it, he ran coWPAtty in the standard mode, and it took over over and hour for a 172,000 word list.

    He then pre-computed the hashes using genpmk, which took about 30 minutes, and then ran coWPAtty with the hashes. It took about 2.5 seconds to run through all 172,000 passphases.

    *You seem confused about what constitutes a dictionary file, since you mention using "the english (sic) dictionary". You don't use a standard dictionary like Merriam's or Webster's. Rather in means that the words can be looked up in a dictionary; ie, the are real words, as opposed to random letters. So-called dictionary files are composed of real words, that are commonly used as passwords.
    Thorn
    Stop the TSA now! Boycott the airlines.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •