Secure your Wireless Network

[Turk4n]

Not, really instead of hiding yourself, just broadcast the SSID, and encrypt(use WPA or WPA2) plus make sure the password is a "strong" password. Also if your router allows you to create a list of "verified" people to be able to see and "even" come in. Then you have at least a better protection, than just to hide the SSID and with a weak protect.

However, if your neighbors are "not" determined "air crackers" they won't be able to do anything. However if one of your fellow neighbor is a "air cracker" then hiding SSID won't help you.

Side effects with hiding SSID, some "bad" *NIX os's can't see the "router". Your router loses performance; but you gain connection time length. However as a friend and used to be "air cracker", "script kiddie" I would recommend you not to hide yourself. Just show yourself and your protection. Most gives up on people that has really good protection since it takes time to calculate password or bypass it.

[kresh7]

lol :C im secure for myself but dosent mather if you can secure your router well there are a lot of technics to spoof your router and get free internet connection sorry for my bad english

[Turk4n]

Well,you can spoof the mac address of the router. However, if you can't even get "connection" to it or being granted to send "password". You will not be possible to sniff the packets. However, if you possible could sniff the "the allowed" computer user's mac address. Then you can easily spoof it and use it against him. Better luck dude.

[kresh7]

you cant believe how easy it is to ARP Spoof a network you just have to build a Packet and Inject it into the network and make the router believe that you are one of the clients ok it might take some time to do that but when it works done

[Turk4n]

Uhm, would work if you were in the same LAN(WAN ARPing is UNCOMMON AND NOT USED)plus, ARP spoofing can't be used if you don't request for my "ip"(or router ip with it's mac configuration and you have to be in the network).(You sent out)Who is this IP? --->(If you know my ip),My IP, <--- and sending you my mac configuration. So best defense I could do is to create my own static ARP table.(And if you really like to take half your life of "tracking" and re-create my table do it )
P.S: I have been spoofing in my days, at school most time and it was fun.(I got like suspended for 2 weeks)

[kresh7]

dosnt mather if im not in your network theres a nice tool in backtrack that you can use to send out to a router to fool him the problem is you have to creat the syn packet

[Turk4n]

dosnt mather if im not in your network theres a nice tool in backtrack that you can use to send out to a router to fool him the problem is you have to creat the syn packet

You stated ARP spoofing can do the job.
However you tell now syn flooding will work?
The requirement to syn flood is to have information or get "authentication" with either router,switch,hubb or computer router(I like these things). To not get into it too much. Either way, kresh7 looks sees a wireless network;but he can't access it. It denies his "request" to authenticate himself to it. So he tries brute force.(Syn flood) As the router has only permission to allow "specific" computers. It will return null messages to him. So kresh7 tries to ARP spoof, by checking if he can try to connect to the computer directly. The computer doesn't respond due to the remote access is turned disabled(or even dismantled from the OS as I did for security purpose). So he just tries to ARP spoof; didn't work out as good he wanted. No response. Best thing to do is to re-create a "false" router. By using his own router kresh7 makes same configuration as the other guys router sending out "SSID". A conflict will happen and the target will have no time to fix it. So he jumps into kresh7 false router. Now can kresh7 do what he wants.
Good end.
That is one way to do it.(You can still try brute force, dismantle the allow list, ARP table or syn flood)
Well going to bed been fun to talk kresh7. G'Night

[kresh7]

lol good night bro wastent here so im reading it now its a great idea with creating another router with same SSID and configuration its cold an HoneyPod if im not wrong great Idea the metasploit framework has a great exploit to do this but its realy not that hard to get free Inet this days realy no hopeful we talk another time for stuff like that maybe you could teach me new

[phpforfun]

Here are a few steps to keep your AP secure.

[4] Remember that WEP is better than nothing

If you find that some of your wireless devices only support WEP encryption (this is often the case with non-PC devices like media players, PDAs, and DVRs), avoid the temptation to skip encryption entirely because in spite of it's flaws, using WEP is still far superior to having no encryption at all. If you do use WEP, don't use an encryption key that's easy to guess like a string of the same or consecutive numbers. Also, although it can be a pain, WEP users should change encryption keys often-- preferably every week.

I guess... if someone actually wanted to get in, it wouldnt be a problem, takes less than 10 minutes, and encryption type doesnt matter...

[5] Use MAC filtering for access control

Unlike IP addresses, MAC addresses are unique to specific network adapters, so by turning on MAC filtering you can limit network access to only your systems (or those you know about). In order to use MAC filtering you need to find (and enter into the router or AP) the 12-character MAC address of every system that will connect to the network, so it can be inconvenient to set up, especially if you have a lot of wireless clients or if your clients change a lot. MAC addresses can be "spoofed" (imitated) by a knowledgable person, so while it's not a guarantee of security, it does add another hurdle for potential intruders to jump.

macchanger --mac 00:11:22:33:44:55 ath0
you can also monitor a remote signal and see what mac address are connected, then spoof to there mac, and replace them on the router.

WPA and WPA2 can also be cracked, it just takes a HUGE list. Its actually easier than you think. There are no limits to how many passwords you can try before it cracks

[Zapper]

Nice guide with a lot of good points. +rep