Saturday, 30 March 2013

Safety Check - Protecting the Router

Safety Check - Protecting the Router
Test from the inside and from the outside, what you reveal about yourself and routers on your network. With the right tools you fumble and network routers from security vulnerabilities.

The access point to the Internet today is no longer the modem or ISDN card, but the finished or purchased from the ISP provided router. In order for this access point is not a gateway, it is important to undergo some checks the router. Since many of the routers without major changes to the configuration will work straight away, the devices usually run with default settings. These guarantees are not optimal, and at worst even unsafe. Test from the inside and from the outside, what you reveal about yourself and routers on your network. Some of the tools mentioned, you have to compile yourself - or use one of the specialized security distributions.

Exterior: What the router reveals

To a wireless router, you must set high standards and provide a secure configuration because you can control is difficult, whoever receives the signal of your wireless network. There is some information that you can find out about a wireless router, without being logged on to the network and without knowing the password for the wireless encryption or SSID (network name).

First Broadcast packets with Kismet capture

So that other Wi-Fi enabled devices can detect a network and use them at all, a wireless router makes itself known by a "beacon". This broadcast data packets are the heartbeat of the wireless network and inform all devices in range over the SSID, MAC address of the router channel and encryption used. To make the network supposedly safer, many users are still using an old trick: turn off the SSID from the router. This measure has, however, except for a higher configuration effort, anything.

A Mac, Linux make all WLANs in range is visible, the classic Kismet. You can find this program in the repositories of all major distributions. On Debian / Ubuntu install it using the command sudo apt-get install kismet. To invoke the command line program with sudo kismet also root privileges are required because Kismet directly accesses the network hardware.

1) start the local Kismet server, and then specify the name of the wireless interface that you identify first with the if config command / sbin /. As an additional GUI for Kismet there still the recommendable Kismon for which you will find a package for Debian and Ubuntu. Fedora installs Kismon easily with yum install kismon. Kismon 0.6: GUI for Kismet, download the source code and packages for Ubuntu and Debian (GPL, 35 KB).

2) MAC Address: Decrypt router manufacturer
Another information that tells each router in the broadcast packets, its own MAC address. The MAC address is also available in wireless networks with encryption enabled in plain text in the network packets, and is here called BSSID. This address is unique to each device and contains the first six points of the router manufacturer or network chips. You can view the MAC address of the router also with Kismet. An English-language website offers a database of manufacturers; they poll by simply specifying the MAC. What to do with the manufacturer's specification? The combination of MAC and the available Wi-Fi standards (a / b / g / n) is always an indication of the type of router. In the firmware often dormant vulnerabilities that were never fixed by manufacturer updates.

3) The WPS gap

Routers simplify Wi-Fi Protected Setup (WPS) to configure WPA2 clients. With the use of WPS, but you should be careful. The Austrian student Stefan Viehboeck is the end of 2011 found a security vulnerability with the can without registration crack the PIN of WPS by trial and error. Through the treacherous answers many routers are enough 11 000 login attempts to guess a PIN.

The tool reaver-wps router tests the WPS vulnerability is open source and can be compiled on Linux. The prerequisite is that you turn the Wi-Fi chip in the monitor mode. The router then attack, you only need to know its MAC address. Here's how:

1) Reaver-WPS Compile: Compiling the source code is not difficult: you need next to the gcc compiler and the make utility only two libraries, re-install you in Debian and Ubuntu, for example, with these two commands: apt-get libpcap-dev apt-get install libsqlite3-dev Then, you run the compiler using the supplied script:. / configure make and as root or sudo it then proceeds to install: sudo make install

2) Monitor mode enable: Before reaver-wps can take action, you have to switch the wireless network card or the Wi-Fi chip in the monitor mode. This is done most easily with the aircrack-ng tool, which you have to install any more. For Ubuntu you get here is a package ready. With sudo airmon-ng start wlan0 turn on the Wi-Fi chip in the monitor mode. Then is the wireless interface with a new identifying willing in most cases this is mon0.

3) Brute-force attack: If you now know the name of their own Wi-Fi interface and the MAC address of your router, you can use the tool reaver-wps as follows: reaver-i mon0-b [the router MAC]-vv Since this is a brute-force attack, the check can take up to several hours. If the attack succeeds, you will get the output in the terminal with the found WPA key.

No comments:

Post a Comment