1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Support Arkadia's Staffs, Please Help Me Here...!

Discussion in 'Wishlist' started by raynopssgold, Oct 14, 2012.

Thread Status:
Not open for further replies.
  1. Svarog

    Svarog Member

    Messages:
    149
    Likes Received:
    8
    Trophy Points:
    18
    Hmm... Since when is MAC address visible outside of the local network? No one but your ISP can see the MAC address of your PC or router.

    Unless the client itself gathers and sends information about the hardware... But in this case this data is unreliable - for instance, some ISPs charge additional fees for every PC in the household and if you want to save money you can just clone one MAC over all PCs in the house, so for ISP (and for EU client, if it really gathers information) they'll all look the same. Of course only one of those can be online at the same time, but if you're ok with that or really need to save that badly, that's the way to go. It would probably break ISP's rules but surely not MA's.
     
  2. Chris | Arkadia

    Chris | Arkadia Arkadia Tech PAF Administrator Planet Arkadia Official

    Messages:
    418
    Likes Received:
    68
    Trophy Points:
    28
    To add to Quarks post.

    If your router has an option called PSK disable it, is the worst function ever added to routers. Another case of convenience vs security. Even though you might have a 63 character password and use WPA2 encryption most routers can be hacked (technically cracked) in a few hours simply by brute forcing PSK. Now what happens when a hacker breaks PSK? Simple the router actually sends the password unencrypted back to the hacker.

    Disable SSID broadcasts, this makes it a bit harder to hack a wireless network because 1. Script kiddies tend to have no idea how to unmask and 2. SSID is required in order to break WPA2 encryption. However this will require that you enter the SSID manually to setup a connection because it does not show up on the wireless network list in windows.

    Like already said choose a unique SSID for your wireless connection is a good idea but there is actually another technical reason for this and it has to do with hash tables. Hash tables is a precomputed list of a dictionary encrypted using a specific SSID. Kind of a time/space tradeoff. This allows the hacker to break encryption way faster given he had the key in his dictionary when it was converted to a hash table. This hash table however can only be used against networks with the same SSID as it was computed for due to the SSID being a part of the WPA2 encryption. There is quite a few decent/huge hash tables precomputed for common SSIDs available for free download on the internet. Coming up with a unique SSID ensures that there is no precomputed hash table out there.

    Now all this only helps you given you actually have a decent wireless key consisting of a mix between upper and lower case alpha mixed with numeric and special characters, for example "D*1wL(!Ug*%^b%E125@*1@@dY8(64Ii*" is very unlikely to be in any dictionary and brute forcing it will take billions of years. To give an example of the huge time required to break even a 20 digit password using the example above. If you have 1Mill computers that can each come up with 100Mill passwords a sec it will take only1421046919622581800 years to make every possible combination :)
     
    • Like Like x 1
  3. Fallen

    Fallen Member

    Messages:
    146
    Likes Received:
    24
    Trophy Points:
    18
    really good and informative post, i would only question why the average user would even need the web interface to the router enabled.
     
  4. Lee DeLioncourt

    Lee DeLioncourt Arkadian Outrider Platinum Member

    Messages:
    1,493
    Likes Received:
    122
    Trophy Points:
    63
    Fascinating thread here. Hope it all gets sorted out for the OP. From our coder and engineer friends here I've learned that maybe my recent advice to a friend to simply rename his router to 'FBI Surveillance Truck' wasn't really enough :D
     
  5. rick_janson

    rick_janson Well-Known Member Pro Users

    Messages:
    1,167
    Likes Received:
    87
    Trophy Points:
    48
    Not on its own, certainly.. :p It'd be a good start, though. :D


    Oh Chris, to add.. My router password is similar, just not as long... :p

    It's pretty easy. Just do a search for Password Meter and create a password minimum of 8 characters (mine is 12) and make sure you get all the bonuses.

    http://www.passwordmeter.com/
     
  6. RexDameon

    RexDameon Active Member Pro Users

    Messages:
    685
    Likes Received:
    97
    Trophy Points:
    28
    did this ever get resolved?
     
  7. Quark

    Quark Member

    Messages:
    13
    Likes Received:
    2
    Trophy Points:
    8
    Exactly Chris, I am glad you added this in before I had a chance to put it in. Either way you are correct about that too!

    What needs to be done is only available in government / military grade equipment is to have dynamic hash tables that dump and clear the cache each time they come up with a passkey or equivalent phase when you key one in. There are some other problems too that I didn't address and I bet most people in the trade don't know about these.

    The preamble length for signalling from base station (your access point or wireless access router) and your client (your computer) should be set to (short) instead of long or auto, that will help lock out the older lower speed wireless clients. The reason why this should be done is there is something called the (greenzone) that allows non encrypted users onto your network at the 11 Mbps speed. By also
    limiting the lower speed to 54 Mbps that also will cut out the (greenzone). Setting up your wireless access point or wireless router to only accept your MAC address of your wireless client, whether it be internal to your PC, a card or a USB stick, they all have MAC addresses you can find out and put that in your router, that makes extra hard for hackers to get into your network wirelessly that is.

    And now to address the point about, only your ISP can see your MAC address, actually, this isn't entirely true, granted, it's true in most cases. If you know what you are doing you can get around you and your ISP's NAT and NAT+ stateful packet inspection (they say it's a firewall but it's not really a firewall, more of a filter based on rules that are a bit too generic for my tastes). Also, if they cannot get through there, a person can actually trick you to go to a site where you can run Java or Javascript, or even Flash with ActionScript 2 or 3 and get that MAC address, there are a lot of way to get that and other information if they're desperate enough.

    I have a site for people to look at, it's about browser and identity security, it's something to look at, even if you choose not to use the plug-ins but just being aware of it and how people can get your information even without your consent.

    http://www.donttrack.us

    In addition to this information, on some routers you can actual set a HOSTS file and block the bad sites from being loaded on any computer wired or wireless on your network. You can still set individual HOSTS files on each computer you use or on a server and have
    it update the client every time you log into the network. Lots of options for many different users.
     
  8. Quark

    Quark Member

    Messages:
    13
    Likes Received:
    2
    Trophy Points:
    8
    That's very true, Fallen but by default that's turned on, most people don't know how to turn it off in the first place. The problem is when you turn it off and when you shut off the SSID broadcast you don't neccessarily know if the router is malfunctioning per se or not. Often
    times on the newer routers is they shut down the ability to ping the router when you turn off the management terminal through the browser (dumb I know), I can see it from outside the network and subnet, that would make sense.
     
  9. Quark

    Quark Member

    Messages:
    13
    Likes Received:
    2
    Trophy Points:
    8
    Actually, there is another way to see someone's client MAC address, if you are in "media sharing mode" that means your computer is then discoverable, not only in your wireless network but anyone else that is able to guess your internal subnet from beating on your other equipment wirelessly, they don't necessarily have to go after your computer first. Some of the wireless music devices aren't that good for security and give off way more information about your network than they should. Which is why I don't operate in that mode and make sure everything is on a wire or rather optical cable.

    The other way to see someone's MAC address is on some services it's required for the main PC's MAC address to be cloned by the router to allow access to the Internet. Since many routers are currently using Linux or BSD or UNIX like commands in BusyBox, if you know what you are doing you can get into that from the outside, in other words use fake credentials to get into the router and modems to get more information. It can tell you the actual MAC address of each item that is networked, it's socket (IP address and ports) in case someone is using port forwarding, the filtering options (that stateful packet inspection), etc.
     
  10. raynopssgold

    raynopssgold Active Member

    Messages:
    392
    Likes Received:
    38
    Trophy Points:
    28
    Ok, after almost 4 months of locked down, I finally got my account unlocked today :cool: Thank you very much for all the awesome supports here, especially to A Team (Dave, Cyrus, Chris and others) and also Carl, the awesome yet sincere Arkadia's customer support (A+ for you buddy!)

    This thread can be closed now. Thanks again!
     
  11. Snape

    Snape Master of the BanHammer Staff Member PAF Administrator

    Messages:
    4,235
    Likes Received:
    373
    Trophy Points:
    83
    Closed as requested but I'd be interested to hear what the final outcome was.

    *Thread Closed*
     
Thread Status:
Not open for further replies.