top | item 47169527

(no title)

I had organized neighbors who broke WPA3 using tools, i disabled downgrade to WPA2 and they still broke it. I had one that setup an evil twin to catch my Linux login They stole the IP of one of boxes so they could get my login, and joined my network to setup the credential stealer. I caught this when my password didn't work at the ssh login. That was an apartment and they knew when I caught them.

The problem is not wardrivers. The problem is your neighbors running 24x7 cyber operations. It happens everywhere. When I moved to a house there was a persistent attacker, and finally I setup my own key and authentication infrastructure.

They broke everything.

Finally I had to go EAP TLS and rotate certificates every three months.

Evil twin attack that keeps switching sides... The first of its kind, soon to be automated into a single button if it isn't already.

Does the temporal key mechanisms prevent them from taking a key they denial of serviced their way to while I was work -- do the temporal mechanisms prevent them from sniffing all my packets when I get home. They will not use it to get data during the denial of service.... But if they can get that radius key and use it five hours later during some backups or something...

That is the question.

discuss

kyboren|3 days ago

Where the fuck do you live?

Both an apartment you lived in and a house you moved to had neighbors who cracked your WPA3 network and compromised your infrastructure?

Also: You use EAP TLS on your home network but not SSH keys?

economistbob|2 days ago

Yes. In my view, the negative payoff from getting locked out of a machine due to a key file mishap is more severe than the payoff of typing passwords all the time. I also use machines of various distributions and eras, and so the configurations would all differ and create hindrances.

I realize the security relevance of that, but I do not have daily images to restore from if something happens. I got locked of a key only box one time with an error after a reboot, and never want it to happen again. It felt like being robbed.

StilesCrisis|3 days ago

Is it possible that you have undiagnosed schizophrenia?

unknown|2 days ago

[deleted]

mechanicalpulse|2 days ago

It's possible that he's taking "hope for the best, prepare for the worst" to its logical if unhealthy extreme by interpreting every ambiguous 802.11 frame as one with ill intent. However, just because he's paranoid doesn't mean there aren't misaligned people, devices, and applications out there probing networks.

It's probably a good idea for anyone to check themselves every now and then by playing Angel's Advocate just as much as they might play Devil's Advocate, but I don't think rejecting his premises out of hand with a drive-by diagnosis is all that helpful.