[Chugalug] Brute force attacks on router… Maybe?

Dave Brockman dave at brockmans.com
Thu Feb 28 21:29:06 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2/28/2013 3:12 PM, Phil Sieg wrote:
> Ok gang I need some help here... Dave Brockman weigh in if you have
> time.
> 
> I have a wireless network at the office that will not behave. I
> always run my wireless routers as AP only with no DHCP. PfSense is
> doing all the heavy lifting.

For what you use them for, I'd actually suggest you give up on those
little routers and buy an actual AP (I like Engenius if Cisco makes
your wallet's ass cheeks clinch)

> I have replaced the router at the office with 4 different brands in
> the last 8 months. Currently a Cisco/linksys product. Was fine
> until yesterday then started acting up in similar ways to the last
> 3 units. Some of my connected computers just disconnect and will
> NOT maintain a connection unless I reboot the router. Add to that
> the the admin web-gui is not accessible unless I reboot.

Are your routers 2.4Ghz only?  N + DualBand (or sometimes just in
5Ghz) may perform better if 2.4Ghz density is an issue.  When you
cannot reach the web gui, are you hard-wired into the device?

> Some routers were running factory firmware, some had DDWRT.
> 
> I know the amount of information I am giving you is light, just
> wondered if anybody either had a good idea of what it might be due
> to prior's, or that I am getting brute-forced repeatedly because it
> is a target rich environment (20+ wireless networks) or is it the
> proliferation of wireless that is gimping things up?
> 
> Hello.... Bueller?    Bueller?

Make sure you are running WPA2-PSK w/ AES and NOT WPA/WPA2 TKIP.  Part
of the TKIP design forces the AP to disassociate any active
connections.  I've heard it's useful for forcing certain types of
authentication traffic for capture, replay, comparison and brute force
cracking attempts.  Not that I would know anything about such things.

Regards,

dtb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJRL8wiAAoJEMP+wtEOVbcdLYMH/2B7iKBJKyaVk/qyJyzIYB3y
Cqs1Kay1VNUYR+gwJQq0KCLVlLg2y3ISWI0w0qO6GWAWJlYwLyblGaxSfM2O0h/K
jf57/q5goMkeRdXmcU7oksPMq/FTorl9jyv2n8tZOFpXPG/YaF/VHZHDQqhDdQHX
Mdn6Ly2ny46AnviSzDAs5p3jkPPwN9NMj9TnJ3xQBUPje17zzg7L02LWHmKVWP5O
thwJlMeOptmoOLuuUomLqVXbnoiEIksl9jIWW8RF6od7qdMsEJ+Txht5dOdv5Sq9
KJ/uU7ST9IkkCyvmo+rzrFWZU3eIj7J6qv6YlDIPq5YAjAMUmRVuhlOribhAuVs=
=fFAa
-----END PGP SIGNATURE-----


More information about the Chugalug mailing list