Chances are, if you are being attacked by someone who has the know-how to get past WPA, they will most likely spoof their MAC when they connect anyway, to avoid detection in your router's logs (by a possible failed MAC filter pass).
Kismet, in particular, excels at this with its AP "clients" view which lists, among other things, client MAC addresses.
Spoofing your MAC address (in Linux) is as simple as this:
bt ~ # ifconfig ath0 hw ether AA:BB:CC:DD:EE:FF bt ~ # ifconfig ath0 up bt ~ # ifconfig ath0 ath0 Link encap:Ethernet HWaddr AA:BB:CC:DD:EE:FF UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:26 errors:0 dropped:0 overruns:0 frame:0 TX packets:1 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1092 (1.0 KiB) TX bytes:590 (590.0 b)
You know how to break weak WPA-PSK keys. Now make sure that it doesn't happen to you by using two simple techniques.
Use long and strong passphrases!
The longer and more random the password, the better. A WPA key is a computer passphrase, and by that I mean that the computer is the one that has to remember it. All you have to do as the user is type it in once and you're ready to go.
So, generate a very long, random passphrase, write it down and put it in a not-so-obvious place. Writing down a passphrase is normally a cardinal sin for security. But in a SOHO setting, it's a reasonable tradeoff between security and convenience.
Frankly, you're much more susceptible to wireless pirates parked outside your apartment (or next door) using the tools I've just described than you are to someone socially-engineering your wife into giving out your wireless LAN key. And even then, wouldn't it be nice if the key took a half-hour for her to read over the phone, giving you a chance to step in and save the day?
So, generate a nasty, long computer passphrase, write it down on a sticky-note, enter it in your router and clients, then stick that sticky-note someplace secure (not to the top of the router!)
Change your SSID
Since the key is salted with the SSID, it makes sense to change your AP's SSID to render the precomputed hash tables useless (assuming you change it to something non-obvious). This forces the attacker to start from square one by either generating a hash table or using just a straight dictionary attack.
So, now you know how crackers can attack wireless networks that use weak WPA / WPA2 PSK keys and the simple countermeasures that you can take to ensure that it doesn't happen to you.
With a strong, long key and good security practices, a wireless LAN secured by WPA / WPA2 is definitely not an easy target.
Discuss this in the Forums
