I’m not that knowledgeable on networking, but I do remember that if a device is connected to a wired network, it can end up receiving packets not meant for it because switches will flood all the ports for packets they don’t know how to route. But I also heard that Wi-Fi is supposedly smarter than that and a device connected to it should never receive a packet not meant for it.
Is this true? And in practice, does this mean it’s preferable should keep computers with invasive operating systems (which might decide to record foreign packets sent to it in its telemetry) on Wi-Fi instead of on the wired network?
Also, how exactly does Wi-Fi prevent devices from receiving the wrong packets when it’s a radio based system and any suitable antenna can receive any Wi-Fi signal? Does each device get assigned a unique encryption key and so is only capable of decrypting packets meant for it? How secure is it actually?
You’re thinking of hubs, not switches. Back in the 90’s everything was on hubs and every packet was broadcast to everything on the hub. Switches only send packets where they are going downstream. Also everything and its mom is TLS encrypted these days.
Switches will flood a network when they don’t know the location of a MAC address but this should only happen for the very first packet which is more likely to be DHCP or some boring background thing like that. As soon as the correct devices get the packet and replies then each switch along the way will update its MAC address table and they’ll know exactly which port to use until it expires (which depends on the switch, I don’t have a ballpark idea).
You’re thinking of hubs
Just the word hub, makes me cringe. People would just willie-nilly put a hub anywhere. There is like a limit to how many hubs you can have in succession. I think it’s 5 or 6.
There’s a limit? I would have imagined it only limited by the frequency of collisions you’re willing to tolerate.
Pretty sure it was even fewer… was it not 4?
Dude, that has been many decades ago for me. LOL I just remember it being a royal pita.
No. For the purposes you’re talking about wired is fine.
How your network is managed and set up makes it possible to get more security from WiFi using a bunch of new technologies added to recent WiFi protocols but you’d have to be actually have set all that up and have compatible networking stacks on the computers.
Also, and I say this as no great lover of Microsoft or its products, windows isn’t snooping network traffic not meant for it and bundling it up in its telemetry uploads.
Worth highlighting WiFi blasts all your data in all directions, and unless you’re using enterprise/WPA3 encryption with a strong password, someone determined enough can break in.
If someone wanted to they could park near your house and run aircrack (or whatever the modern suite is called) without you ever knowing. FWIW this is why it’s good to set up a way of getting notified about new devices on your network (most modern non-ISP routers support a way of doing this)
Conversely, I believe most ethernet NICs discard any packet not intended for it at hardware level, they’re super optimised for speed, it would be much slower to leave that for software. I’m not 100% if that’s universal however, so I’d try and double check that
If someone wanted to they could park near your house and run aircrack
Aircrack-ng can only try to guess the simple shared password (pre-shared key). So when you run your airodump-ng, it’s got to show the network as having type PSK, or you’re pissing up a rope. With WEP, you could collect IVs, however, with WPA/WPA2, there are no IVs to collect. So you have to guess the password one by one. The only clue you get is when a device performs a handshake with the Wi-Fi. You need to capture that handshake to even start guessing. WPA/WPA2 passwords can be/should be quite long, like up to 63 letters, numbers, or symbols. If the password is a simple word like “cat” or “password,” aircrack-ng might guess it if it’s in the dictionary.
So it behooves the Wi-Fi owner to create a very long, complicated, password with all the bells and whistles. If you are using WEP, you might as well be holding up a sheet of single ply, no brand toilet paper. Also, turn off WPS and UPnP ffs.
I vaguely remember getting into a WPA network (that I owned!) using kismet about 15 years ago with relative ease, but I’m struggling to remember details about that process.
I also remember reading that WPA2 non-enterprise was broken a while ago, however I just looked into it and both of the main exploits I can find were patchable (and have been patched) at client OS level (They were the KRACK and FragAttacks). Seems like there has already been something found wrong with WPA3 too that’s also been addressed.
So yeah as you say back to brute forcing for the most part. Forcing reconnects was a pretty easy way to get more handshakes to record back when I last tried, so I assume that still has decent levels of success, given the prevalence of mesh networks. Looking further it seems people use a tool called hashcat today to get pretty rapid results doing the actual brute forcing using a modern GPU.
But yes very good advice all in all, long passwords and the highest WPA version you can get away with are going to make an attackers job harder.
Thanks for the reply, you got me to go back down an interesting rabbit hole I’ve not looked at in a while
I vaguely remember getting into a WPA network (that I owned!) using kismet about 15 years ago with relative ease, but I’m struggling to remember details about that process.
The 4-way handshake crack was the only key recovery attack until 2018 when the PMKID-based attack was discovered (here: https://hashcat.net/forum/thread-7717.html). The PMKID crack attack still required brute-forcing the key, but it didn’t require the 4-way handshake so you didn’t have to depend on a de-authentication attack to get started.
At that time there was another WPA vulnerability, if you were using WPA-TKIP, but it only allowed sending a few small packets every 10-12 minutes so it wouldn’t allow you to gain access to the network.
Later there were a few WPS-based attacks but they were slow (4 hours to recover the WPS PIN) and/or limited to specific manufacturers (weak hardware random number generation).
but I’m struggling to remember details about that process.
At 71, I struggle sometimes remembering what I had for breakfast. LOL It is a very interesting rabbit hole for me as well. Wasn’t trying to correct you, I’m an expert at nothing. Your comment just spurred a memory of a long forgotten era of my life as a wannabe haxor.
Also, how exactly does Wi-Fi prevent devices from receiving the wrong packets when it’s a radio based system and any suitable antenna can receive any Wi-Fi signal?
Your device, say an iphone, has a MAC address. It sends a request to the Wi-Fi access point. The Wi-Fi router also has a MAC address and responds with a packet that contains the destination MAC address (your iphone). All devices listen to all Wi-Fi signals but only processes packets where the destination MAC matches its own. If the MAC doesn’t match, it ignores the packet. This happens at the data link level or commonly referred to as Layer 2 of the OSI model.
When discussing data transferring between devices like this, I’d treat WiFi as another “invisible” port on the switch.
The flooding a network thing really isn’t an issue, they’ll only flood for the first packet just to find the way and then it stops. Fire up Wireshark on a different machine and transfer a file between two other machines, you won’t see anything. I don’t know too much about WiFi but it probably does the same, it’s just a bridge to the same network.
Wired is probably better because machines can estimate your location from the SSID and they can leak the password giving access to the network.
Fire up Wireshark on a different machine and transfer a file between two other machines, you won’t see anything.
This is true, but only because we’ve replaced Ethernet hubs with switches.
An Ethernet hub was a dumber, cheaper device that imitated a switch, but with a fundamental difference: all connected devices were in the same collision domain.
I don’t know too much about WiFi but it probably does the same, it’s just a bridge to the same network.
Wireless communication has the same problem as Ethernet hubs, with no real solution like a switch though. Any wireless transmission involves an antenna, and transmitting is similar to standing in your yard with a bull horn to talk to your buddy two houses down. Anyone with an antenna can receive the wireless signal you send out. Period.
So some really smart people found ways to keep the stuff you send private, but anyone can sit nearby and capture data going through the air, it’s just not anything you can use because of the encryption.
If you use some WFP manager you can block all incoming connections and also block all OS connections… I basically only let my browser communicating with the internet, the rest has no business online.
Yes that’s true, sort of. There are many layers to it, but generally unmanaged wired switches are less strict. Most modern wifi systems enable client isolation by default.
it can end up receiving packets not meant for it because switches will flood all the ports for packets they don’t know how to route
This is only applicable to IPv4 networking and is very much “the old way” of doing things. If you have properly designed and set up your own home network, you shouldn’t be having broadcast traffic happen at all, because all your switches should have a MAC table that includes all the devices you have physically connected. Especially if you have bothered to take the time to hand out static addresses tied to the MAC address. A broadcast should generally only be happening if there is an unknown destination on the LAN, and an unknown destination only happens when there is a new device added at an unknown location. Once a broadcast packet has been sent and replied to, the switch fills it’s MAC table with the information on the new device, now knowing it’s location.
Wi-Fi’s packets can be intercepted by anyone, it’s technically sending all packets on blast as radio waves at all times. Sure, modern Wi-Fi can be encrypted, but that encryption can also often be broken.
Finally, IPv6 doesn’t use broadcast packets at all, instead using multicasting, which is similar to a broadcast but doesn’t flood every port in the wired network and is a bit more tightly directed.
