Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login

Site Notices
Posted: 12/15/2016 10:48:18 AM EST
[Last Edit: 12/15/2016 10:48:54 AM EST by 45stops-em-quick]
I'm looking to identify some mac addresses on my home wifi that I can't seem to track down. Also wouldn't mind knowing what kind of other traffic is going on around my home.

Thanks


ETA-I'm definitely a noob with this stuff.
Link Posted: 12/15/2016 11:20:59 AM EST
Link Posted: 12/15/2016 2:50:22 PM EST
https://macvendors.com/
That is a database of MAC address vendors, you might get the maker of the product or might be just the wireless radio maker.
Link Posted: 12/15/2016 7:43:18 PM EST
[Last Edit: 12/15/2016 7:45:41 PM EST by Klee]
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By cruze5:
it would be simpler to change your WPA 2 person AES password to something different. and then if something didn't connect, you know its yours....
View Quote



Yep, WPA2 in easy to crack if you still have the default and or a weak wifi password.


Example: ATT U-verse defaults to a ten character all number wifi password.... and if a ATT tech ever logged in its more than likely your phone number.

A WIFI password consisting of ten numbers takes at most 40 hours to brute force using a AMD 7550 class gpu.

Use random letters and numbers and special characters. NOT words!!

Example: Ilovehotladieswithbigbobs seems like a good and long password with 25 characters but with some one with the right skills and programs it is really only a weak 7 word password.

Each word can be considered as one character with creative use of a program using a word list ...."I" "love" "hot' "ladies" "with" "big" "boobs".
Link Posted: 12/15/2016 9:57:55 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Klee:



Yep, WPA2 in easy to crack if you still have the default and or a weak wifi password.


Example: ATT U-verse defaults to a ten character all number wifi password.... and if a ATT tech ever logged in its more than likely your phone number.

A WIFI password consisting of ten numbers takes at most 40 hours to brute force using a AMD 7550 class gpu.

Use random letters and numbers and special characters. NOT words!!

Example: Ilovehotladieswithbigbobs seems like a good and long password with 25 characters but with some one with the right skills and programs it is really only a weak 7 word password.

Each word can be considered as one character with creative use of a program using a word list ...."I" "love" "hot' "ladies" "with" "big" "boobs".
View Quote





Link Posted: 12/16/2016 2:42:43 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Jakezor:
https://macvendors.com/
That is a database of MAC address vendors, you might get the maker of the product or might be just the wireless radio maker.
View Quote


Just search the MAC and see what it is. I would also change your WIFI password and make it something hard. I personally use a 64 character string that is random numbers and letters. WPA2 is AES-256 encryption, so to get the full use of the encryption you need to use a full key.
Link Posted: 12/17/2016 12:21:55 AM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By TLF:


Just search the MAC and see what it is. I would also change your WIFI password and make it something hard. I personally use a 64 character string that is random numbers and letters. WPA2 is AES-256 encryption, so to get the full use of the encryption you need to use a full key.
View Quote

Key derivation Algo is PBKDF2(HMAC-SHA1, passphrase, ssid, 4096, 256)

SHA1 is 160 bit, so for WPA PSK the auth key is 160 bit max. Using all the characters in standard base 64 a SHA1 hash is approx 28 chars. Using the full alphanumeric symbol key space is less, so something like 26 chars maxes the entropy that can be used.
Link Posted: 12/19/2016 11:27:14 AM EST
[Last Edit: 12/19/2016 11:28:41 AM EST by Radian]
Originally Posted By 45stops-em-quick:
I'm looking to identify some mac addresses on my home wifi that I can't seem to track down. Also wouldn't mind knowing what kind of other traffic is going on around my home.

Thanks


ETA-I'm definitely a noob with this stuff.
View Quote


First your mac addy's. you can look them up at the link, probably some device you added and forgot about. this gives the manufacturer data.

The stuff below assumes your "users" aren't trying to actively break the tools you put in.

mac maker lookup

Absolutely. This is a space in need of innovation, most of the tools available in the home price range suck, are grossly complex, or don't work. Securing networks is similar to securing your home or a facility physically. Multiple stacked things add up to a system.

First: control who gets in, when and where they go. Others have covered wpa2.

inspect traffic, this can be done with software on a pc you make into a firewall (between your modem and wireless router generally) or a device you buy. Assuming you don't want to manage or build this there are tools like this that will do a decent job. I've managed this function for large companies and it's a pain in the ass, expensive, and time consuming.

simple internet filter
Ubiquity USG

If this isn't what you are talking about a firewall that inspects traffic will give you reports on what is LEAVING / INCOMING and let you make rules, but they are a pain in the nuts, especially consumer stuff. The best software firewall is pfsense, they sell hardware as well.

Ubiquity seems to have the best home solution, the firewall and their ap's are what I use. From there you can let visitors use your internet, but not see your systems (good security), you can block sites or classes of traffic, or mac addresses from the system.

One major thing most people don't do is put guests in their own "space", especially if you have lots of people coming and going.

USG report...

Link Posted: 12/21/2016 12:13:03 AM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Radian:


First your mac addy's. you can look them up at the link, probably some device you added and forgot about. this gives the manufacturer data.

The stuff below assumes your "users" aren't trying to actively break the tools you put in.

mac maker lookup

Absolutely. This is a space in need of innovation, most of the tools available in the home price range suck, are grossly complex, or don't work. Securing networks is similar to securing your home or a facility physically. Multiple stacked things add up to a system.

First: control who gets in, when and where they go. Others have covered wpa2.

inspect traffic, this can be done with software on a pc you make into a firewall (between your modem and wireless router generally) or a device you buy. Assuming you don't want to manage or build this there are tools like this that will do a decent job. I've managed this function for large companies and it's a pain in the ass, expensive, and time consuming.

simple internet filter
Ubiquity USG

If this isn't what you are talking about a firewall that inspects traffic will give you reports on what is LEAVING / INCOMING and let you make rules, but they are a pain in the nuts, especially consumer stuff. The best software firewall is pfsense, they sell hardware as well.

Ubiquity seems to have the best home solution, the firewall and their ap's are what I use. From there you can let visitors use your internet, but not see your systems (good security), you can block sites or classes of traffic, or mac addresses from the system.

One major thing most people don't do is put guests in their own "space", especially if you have lots of people coming and going.

USG report...

https://i.ytimg.com/vi/PoQPC6hfrkk/maxresdefault.jpg
View Quote



nice post. got a pfSense router a couple of months ago, & have been trying to learn my way through it. it really is a lot to take in, for someone coming over form a ASUS consumer router. glad to know i made a good choice w/ pfSense.
Link Posted: 12/21/2016 12:52:07 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By generalissimo:



nice post. got a pfSense router a couple of months ago, & have been trying to learn my way through it. it really is a lot to take in, for someone coming over form a ASUS consumer router. glad to know i made a good choice w/ pfSense.
View Quote


PFSense is fantastic. I've been running it for years. I am migrating away from it but that's strictly because I am going all Cisco. If it were not for a project that I am working on there I would gladly stay with PFSense.
Link Posted: 12/21/2016 4:50:05 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By generalissimo:
nice post. got a pfSense router a couple of months ago, & have been trying to learn my way through it. it really is a lot to take in, for someone coming over form a ASUS consumer router. glad to know i made a good choice w/ pfSense.
View Quote


the first thing you should do is block everything (and i mean everything, inbound and out) from/to at least two dozen countries.
at the very least this will keep your IoT's from corresponding with their masters.

here's 10 days of recent data:
http://ziva.losdos.dyndns.org/public/misc/iptables_ipset_stats.html

ar-jedi


root@:/usr/local/bin# grep ";1" countries-block.txt | wc -l
39

root@:/usr/local/bin# grep ";1" countries-block.txt
ALGERIA;DZ;1
ARGENTINA;AR;1
BELARUS;BY;1
BOLIVIA, PLURINATIONAL STATE OF;BO;1
BRAZIL;BR;1
CHILE;CL;1
CHINA;CN;1
COLOMBIA;CO;1
CZECH REPUBLIC;CZ;1
EGYPT;EG;1
HONDURAS;HN;1
HONG KONG;HK;1
INDIA;IN;1
IRAN, ISLAMIC REPUBLIC OF;IR;1
IRAQ;IQ;1
KAZAKHSTAN;KZ;1
KOREA, REPUBLIC OF;KR;1
KYRGYZSTAN;KG;1
LATVIA;LV;1
LIBYA;LY;1
MALAYSIA;MY;1
MEXICO;MX;1
MOLDOVA, REPUBLIC OF;MD;1
PAKISTAN;PK;1
PARAGUAY;PY;1
PHILIPPINES;PH;1
ROMANIA;RO;1
RUSSIAN FEDERATION;RU;1
SINGAPORE;SG;1
TAIWAN, PROVINCE OF CHINA;TW;1
THAILAND;TH;1
TUNISIA;TN;1
TURKEY;TR;1
UKRAINE;UA;1
UZBEKISTAN;UZ;1
VIET NAM;VN;1
YEMEN;YE;1
ZAMBIA;ZM;1
ZIMBABWE;ZW;1
Link Posted: 12/21/2016 5:07:21 PM EST
Do the basics first.

Reset the administration password (and username if you can.)

Change the IP address of the network from the default, to a different one.  If it's 192.168.1.# make it 192.168.87.#.  (This is an example, it will vary, change the second to last number.)  This avoids lots of the "I will root your router by giving you a bogus link" attacks.

Reset the WiFI password to something long and hard.  If it's too hard, post it on your fridge. If you are worried about neighbors seeing and using that, post it backwards on your fridge.

If you don't gotta use DHCP, don't.

If you don't gotta use the WiFi, don't.

That's the basics.  You can go to extremes and do all sorts of stuff but chances are if you do the basic stuff you will shake off any intruders.
Top Top