Thread: wifi strangeness
View Single Post
  #17   Report Post  
Posted to uk.d-i-y
Tim Lamb[_2_] Tim Lamb[_2_] is offline
external usenet poster
  
Posts: 6,938
Default wifi strangeness
In message , No Name
writes
On 07/12/2020 23:03, Fredxx wrote:
On 07/12/2020 20:54:25, Tim Lamb wrote:
Tested by Tim, wifi signal adequate throughout kitchen/dining area.

Internet radio works OK although there have been a few outages which
seemed to coincide with Openreach installing some additional cabling
nearby.

Ancient i phone will not connect saying the Wi-Fi password key is
incorrect. Router 12 months or so from installation, not running hot
or any other symptoms. Hardwired connection to desktop OK.
A while ago I was looking into the security of Wifi networks and
methods to obtain the password.
There are a number of techniques that take over the SSID and trick
the user into entering the network Wifi Password. It's one reason why
many corporate Wifi networks use a bespoke interface where the user
has no access to this password.
This type of attack comes under "social engineering".
The idea of entering a password known to be correct a number of
times should ring alarm bells.
Most likely it's a iPhone feature!


There are a number of things you can do to help mitigate against this:

If your Wifi gear supports it, you can hide the SSID to make it harder
for others to recreate an evil twin Acces point.

You can build yourself a openVPN server on a raspberry pi and install
on on your home network, Then install openVPN on all mobile devices and
set it to always only connect over VPN to wifi. Use a different
password for the VPN to the WiFi password.

(This is also doable out on the 4g network if you port forward port
1194 in the router to your VPN server so you can also deal with dodgy
public wifi access points)

Create a Captive Portal on your home network for user authentication.

Some WifI AP's support Rogue AP detection, mine does and I get emails
if it detects a rogue AP popping up.

On my Wifi I have a MAC address white list so only the MAC addresses
that are in the White list are allowed to connect, every othetr MACX
address is rejected.

I am relieved to say power cycling has fixed the problem. Your kind
suggestions are mostly way beyond my comprehension:-(

This is a fairly isolated location and no other domestic wifi within
20m.

--
Tim Lamb
Reply With QuoteReply With Quote