From owner-freebsd-questions@FreeBSD.ORG Mon Apr 22 18:25:51 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 5927C2C3 for ; Mon, 22 Apr 2013 18:25:51 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) by mx1.freebsd.org (Postfix) with ESMTP id 1965E1C18 for ; Mon, 22 Apr 2013 18:25:50 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1UULQs-0003er-5D for freebsd-questions@freebsd.org; Mon, 22 Apr 2013 20:25:42 +0200 Received: from pool-173-79-84-117.washdc.fios.verizon.net ([173.79.84.117]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 22 Apr 2013 20:25:42 +0200 Received: from nightrecon by pool-173-79-84-117.washdc.fios.verizon.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 22 Apr 2013 20:25:42 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Michael Powell Subject: Re: Home WiFi Router with pfSense or m0n0wall? Date: Mon, 22 Apr 2013 14:25:30 -0400 Lines: 58 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7Bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: pool-173-79-84-117.washdc.fios.verizon.net X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: nightrecon@hotmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Apr 2013 18:25:51 -0000 Alejandro Imass wrote: > On Sun, Apr 21, 2013 at 9:52 AM, Michael Powell > wrote: >> Alejandro Imass wrote: >> >>> Hi, >>> >>> I'm looking to replace the piece of crap 2wire WiFi router that gets >>> crakced every other day for something with pfSense or m0n0wall >> >> Not sure what you mean by 'cracked' here. If you are meaning that someone >> is using aircrack-ng to break your Wifi authentication key a firewall >> won't do much to stop this. >> > > I use mac address authentication plus wpa2 psk and yet they are still > able to connect so it seems that 2Wire's routers are an insecure piece > of crap and they are full of holes and back-doors. Just google 2wire > vulnerabilities or take a look at this video > http://www.youtube.com/watch?v=yTtQGPdSIfM With Kismet able to place a wifi unit into monitor mode you can quickly get a list of everything in the vicinity, including all the MAC addresses of devices connecting the various access points. You can then clone your unit's MAC address to match one in the list. Even though I do use it, MAC access lists are very easy to get around and will only stop those who do not know how to do this. Even in passive mode, without using active attack to speed things up I can crack a WEP key in 45 minutes easily. Doing this passively doesn't expose you. The time it takes depends on how busy the access point is. An active attack can break WEP in 2-3 minutes, or less. I've seen it done between a minute and a minute and a half. Most consider the answer to use WPA2, which I do use too. Many think it is 'virtually' unbreakable, but this really is not true; it just takes longer. I've done WPA2 keys in as little as 2-3 hours before. > Look at how many ISPs world-wide use 2wire. Makes you wonder if ISPs > use these crappy routers on purpose to get some more revenue from cap > overruns. > Really these WEP/WPA2 protocols are not providing the level of protection that is truly necessary in this modern day. You can keep out script kiddies and people who don't have skill, but people who know what they are doing are only slowed down. The ISPs are seemingly more interested and concerned with protecting Big Media Content's DRM schemes. They have a monetary stake as they move in the direction of deals with 'Big Media', less so the incentive to do more for their retail Internet-access customer. And don't even me started on the advertising industry run-amok. :-) -Mike