Secure comms over wifi

Prepper & Survivalism Forum

Help Support Doomsday Prepper Forums:

Myrrph

Member
Joined
Dec 18, 2013
Messages
334
Reaction score
149
Location
Singapore
dunno about you but don't think there'll be power when the SHTF. I'm using Motorola Walkies for commz and using Solar Chargers to charge the rechargeables.
 

Gazrok

A True Doomsday Prepper
Member
Joined
Aug 15, 2013
Messages
7,477
Reaction score
9,119
Location
Florida
Same. At least for communicating around the property. We'd just have codenames for most things though, so shouldn't be a real need to scramble, etc.
 

David Cavanaugh

New Member
Jr Member
Joined
Mar 1, 2014
Messages
6
Reaction score
1
Location
Avon, CT US
A few comments about Wifi security:
1. Always use WPA, never WEP. WEP is easily hacked by software you can get for free.
2. To be effective, WPA passwords must be random characters -- NEVER words or common names.
3. At best, WPA security can resist ordinary eavesdroppers -- not government agencies
4. If privacy matters, use encryption beyond Wifi.

The router of choice is the Linksys WRT54GL The "L" stands for Linux, meaning it can be re-flashed with custom firmware like DD-WRT

It is possible to use the WRT54GL as a bridge to another identical unit, then attach other routers via wired ethernet to serve as Wifi access points. Directional antennas can extend the range of these boxes up to a few miles in some cases, especially if you use custom firmware that lets you crank up the transmit power.

Most wireless routers (Linksys in particular) are vulnerable to thermal failure due to insufficient cooling. Consider modifying the case to include a cooling fan, or possibly heat sinks on the components that get hot. This is critical if you choose to increase the transmit power of the router. In a disaster scenario, you never know how long you need these units to last.
 

David Cavanaugh

New Member
Jr Member
Joined
Mar 1, 2014
Messages
6
Reaction score
1
Location
Avon, CT US
Although I would agree that the NSA can hack anything, there is a big difference between situations where the NSA can hack with their basic kit of software tools and situations that require them to spend some quality time. If you are a high-profile target and they dedicate a team of cryptographers to your individual case, then yes, NSA can decrypt anything. But you don't have to make it easy. Layers of encryption are tedious to decrypt, especially when the inner layers are of an unknown protocol.

As for password security, it really DOES make a difference with WPA. Nothing can help WEP. I know because I did a security study in a laboratory environment, comparing the success or failure of readily available hacking tools against current wireless encryption protocols.

There are three common types of decryption attacks:
1. Mathematical shortcuts -- flaws in the encryption algorithm can shorten the decryption time dramatically
2. Dictionary attacks -- exactly as it sounds, a vast number of words are read from a file and tried in various combinations
3. Brute-force attacks -- every conceivable combination of characters (even unprintable ones) will be tried until something works

Method 1 is many orders of magnitude faster than method 2, which is many orders of magnitude faster than method 3. Depending on how long the password is, you might not live long enough for a brute-force attack to finish.

Attacking a wireless network starts with monitoring encrypted packets. There are some tools that deliberately inject malformed packets to force the wireless network to generate error packets in response and produce raw encrypted data to speed up the attack. But if you monitor any network long enough, you will eventually get enough data to attack it.

WEP is vulnerable to mathematical shortcuts. No matter what password you choose, it won't help. If you capture enough encrypted data, you can get a WEP password cracked in no time. My personal best in the lab is 2 seconds.

I am not aware of any WPA vulnerabilities to mathematical shortcuts. My research was done a few years ago, and I did not find any published exploitable attack vectors at that time. For this reason, conventional hacker tools for WPA networks rely on dictionary attacks. If you are dumb enough to use names or words that match the dictionary file, the attack will finish in a reasonable amount of time. If you use random characters, the only attack that will work is brute-force. This will hardly ever finish in a reasonable amount of time.

As I said in my original post: "At best, WPA security can resist ordinary eavesdroppers -- not government agencies." I would never bet against the NSA, as they would probably obstruct the deployment of any encryption algorithm that they can't decrypt at will. But it is definitely possible to "raise the bar" so that even the NSA would have to dedicate some resources to attacking your network.

IMHO, the gold standard of Wifi encryption is 802.1x. Several users are typically logged on to the network at any given time, and their username/password is part of the encryption. This means a typical network has several devices connected, each with different encryption keys for different streams of data. There is no single password that unlocks everything, so it's not easy to figure out which packets belong to which stream. For a number of technical reasons, I don't see 802.1x as a viable option for home preppers. But in a commercial environment, that's the way to go.

In a WPA environment, strong passwords mean the difference a brute-force attack and a dictionary attack. Not many people will wait for a brute-force attack to finish. But a teenager can download free programs from the Internet and run a dictionary attack in much less time. It is surprisingly easy to get free, pre-packaged, ready-to-use hacker tools on a bootable DVD. My network cannot be easily attacked with such tools. How about yours?
 
Joined
Jan 21, 2014
Messages
139
Reaction score
64
Location
Coudersport, Pennsylvania
ordinary eavesdroppers are not interested in what you are doing on the internet.

Mesh net - is only line of sight, even leaves on trees will block your signal.

It isn't like being connected to Broadband DSL or the Phone line, Comcast etc...
 
Joined
Jan 21, 2014
Messages
139
Reaction score
64
Location
Coudersport, Pennsylvania
Everything that you are talking about is taught in the most basic Information Science Technology class in any college... It's probably even taught now in the high schools at the 10th grade level...
How many hackers went on to become computer experts - from my generation - lord only knows...

The part that saddens me the most is that people are using their modified routers to go up on hill-tops and listen to other routers down in the valley..
What you think is encrypted -- is actually being used to spy on other people.
 

David Cavanaugh

New Member
Jr Member
Joined
Mar 1, 2014
Messages
6
Reaction score
1
Location
Avon, CT US
ordinary eavesdroppers are not interested in what you are doing on the internet.

Mesh net - is only line of sight, even leaves on trees will block your signal.

It isn't like being connected to Broadband DSL or the Phone line, Comcast etc...
Mesh net is only as directional as your antenna. And it's only for connecting one wireless access point to another. The individual connection from a network client is still the weak link from a security point of view.
 

David Cavanaugh

New Member
Jr Member
Joined
Mar 1, 2014
Messages
6
Reaction score
1
Location
Avon, CT US
Everything that you are talking about is taught in the most basic Information Science Technology class in any college... It's probably even taught now in the high schools at the 10th grade level...
How many hackers went on to become computer experts - from my generation - lord only knows...

The part that saddens me the most is that people are using their modified routers to go up on hill-tops and listen to other routers down in the valley..
What you think is encrypted -- is actually being used to spy on other people.
Indeed, nothing I mentioned is rocket science. It wasn't all that difficult to set up some equipment in a lab and explore the relative merits of mesh networks, 802.1x, WPA, and WEP, weak passwords vs. strong passwords. It's all in a book somewhere, but people still debate the facts until someone plugs in a bunch of comm gear and proves the point. You can see from the comments posted here that someone needed to bring the information to light.

As for people who use modified routers to go eavesdropping, you don't even need a modified router. You can get USB Wifi with an external antenna, about $20 on Amazon. All you need is a stripped-down laptop and a Backtrack Linux bootable DVD or USB stick.
 
Joined
Jan 21, 2014
Messages
139
Reaction score
64
Location
Coudersport, Pennsylvania
Yes, but people don't like it when you ride around their neighborhood or park on their street with your lap top computer - looking for internet connections to hack.

There is even people that maps out the open connections in a neighborhood and groups that collects that information on the web.
 

David Cavanaugh

New Member
Jr Member
Joined
Mar 1, 2014
Messages
6
Reaction score
1
Location
Avon, CT US
Yes, but people don't like it when you ride around their neighborhood or park on their street with your lap top computer - looking for internet connections to hack.

There is even people that maps out the open connections in a neighborhood and groups that collects that information on the web.
Indeed, there are people who drive around and map open Wifi networks. Even worse, they can monitor what is ON those networks. In some cases, they can literally read your email. For security against Wifi hackers and nosy neighbors, a WEP encrypted network is essentially the same thing as an open network. WPA with a weak password is like the lock on a bathroom door. WPA with a secure password is like a consumer-grade deadbolt on your front door.

Current threats against my home network are minimal, but I assume the threat level will increase in a catastrophe situation.
 

Latest posts

Top