Wifi handshake - hacking issues

Have you seen the password lists that are online?
I bet 80% of all wifi routers are hacked within minutes with dictionary attack.

Half of my neighbors has the manufacturers original SSID name for their device, so if they didn’t even change the SSID…

1 Like

Anyway if they are hackers an allow list won't work since it's too easy to bypass that... if the user wants to really secure his wifi in no practical way to hack it (again IMHO it's stupid since probably the problem is somewhere else...)

radius server and login with certificate... have fun hacking that... but it's a PITA also for the user.

sure and at the same time the router probably crash if it's vulnerable to that kind of attack... nowdays wifi password are generated from random stuff anyway... the thing of using ssid to generate the password is long gone.

It ain’t me that talked about allow list. They are useless if you ask me.
Mostly used for internal organization work.

The only thing I have mentioned is a 32char random password with numbers, letters ansd special char.

it's one of the correct way but IMHO his neighbor just have access to his device and steal the password....

luci have clear table of associated devices...

That doesn't make any sense. Password-authentication is literally how WiFi works, if the router has been set up to use passwords for authentication; it's not a vulnerability. Would also be a pretty useless router, if it crashed from someone using a wrong password.

the case i'm talking about is old router with very low spec... also it's not a normal case dossing the router with wifi auth....
Doesn't apply anymore but in the old days with a wps attack you had to add sleep values or you would crash the router...

If we talk about wifi and not the actual ISP internet connection the problem is not farther away than 10-15m, so I doubt any meaningful router will crash if a family plus neighbors inside a 15m radius bubble because of password authentication.

It would be possible to make a handshake DoS attack, but the problem source is still within 15m.

This whole tread I have assumed that there is in the wifi log printed failed wifi connection attempts that is interpreted as handshake hacking attempts.

so the user notice some strange log and assumed the neighbor were trying to hack his wifi?

that is only possible with wpa2, he should use wpa3 if this is true.
wpa3 is vulnerable to other attack, but that can only crash the router for memory usage, sae need more memory.

I have no idea what you mean

Occam's Razer would suggest that either neighbors are connecting because the password is easy/known, or that legit devices are being seen as unrecognized by the OP for any number of reasons.

It was me who mentioned it. And I also said the following:

I know that MAC allow listing is not particularly effective, but it does provide a small additional barrier for nuisance 'hacks' as well as some log visibility into what devices are attempting to connect.

The best practical protection is a new SSID and a very strong passphrase (WPA3 preferable, but not always possible with legacy client devices).

IMO, there are many reasonable explanations for seeing unrecognized devices on a network (or attempting to join), and I think that the chances of a concerted, persistent attack are extremely slim unless the OP is a very high value target.

With that in mind, I also was the one who mentioned WPA2-enterprise + RADIUS. And, yes, seriously overkill. But given that the OP has started several threads related to this general topic and it appears that they are absolutely convinced that they are being continuously hacked by persistent and capable entities, tools like RADIUS may be only thing that will give them the comfort that they have fully secured their network.


Driver-updates are one possible reason, like e.g. my husband's laptop's MAC-address has seemingly changed after a driver-update. One wouldn't expect that to happen, since MAC-addresses are supposed to not just randomly change all of a sudden for no good reason, but...

Exactly. And now many OS's randomize their MAC addresses to make tracking more difficult. And of course, there are "forgotten" devices people have around their homes (STBs, IoT devices, old computers, and so on) that may show up on the network... and there are still plenty of additional reasons, too.

MAC scrambling is standard operating procedure on mobile devices since many years, at least if you own a apple.

But my Samsung Android doesn’t have WPA3 yet…

Yes, but not in this case. I wouldn't have bothered mentioning it, if randomized MAC-addresses were in use.

Both my husband's and mine Android-phones do that by default as well. Personally, I always disable that stuff. Seems kind of a pointless feature anyway, since there are a billion other ways of tracking people and their devices, but oh well.

In my case, connection attempts where so fast that other wifi connections would stall.

Thank you so much everybody for responding :slightly_smiling_face:

The new WPA security includes all required options

I really hope you mean wpa2 or 3?

Sorry - WPA3 it is :slightly_smiling_face:

1 Like