Setup undetectable WIFI

I have Zorin OS Pro 16.3. I have an AT&T U verse router made by Pace. I don't want to be detectable by my neighbors in my apartment building. I can't get another router.
I started reading the numerous posts on configurations, firewalls, DNS's, etc. I got lost.
How can I make my router undetectable? I have installed Riseup.

How can I tell if others can see my router in their lineup of nearby wifi routers?

Also, I've noticed webpages taking a long time downloading at times. I know where to go to test the internet speed. Since my computer doesn't have much of anything on it to slow it down, and I've noticed a huge improvement since getting rid of windows, what could be causing this?

You could 'hide' your SSID but, that's not truly hiding it. Any frequency you transmit, can be received :wink: To most end-users, it will be 'hidden' though..

I would suggest strong passwords - that's really about the only way to secure your router. Change the admin password on the router itself too; you'd be surprised how many default passwords have been used to gain access! And having said that, a phrase or catch-phrase would be long and not so hard to crack. DO NOT use WPS, use WPA2 or WPA3 if your devices and router support it. WPS is very easily crackable with some free tools, and it's not very secure.

MAC randomization: you can use this, it will prevent someone from successfully carrying-out a deauth style attack. But, caveat: if you use devices for hosting shared folders / content, you're likely to have issues - as the MAC address will change when a connection is established, thus registering a new IP in DHCP to that new MAC address. I know, clear as mud lol.. But, say I got a device to host a NAS - if it registers again under a new IP, hostname might stay the same, but IP changed; likely to have some connection issues back to those devices holding content.

MAC filtering: good, definitely won't be able to access - but a PITA to setup.. Gotta take note and enter all device MAC addresses to be allowed onto the network / router. As this is such a pain to do, and if MAC randomization is enabled on your devices won't connect - very long to setup..

Static IP's: another long PITA to setup, have to know how many devices and set an IP to each device manually. Also change your router IP to use a non-default IP, like 10.x.x.x - still private IP, and not the usual 192.168.x.x, so anyone expecting the default - won't be the same. Not impenetrable though.

As long as you have a good, long password with complexity - capitols, numbers, special characters - you should be okay. If you wanna 'hide' your SSID - that's up to you, but you'll have to manually enter the SSID when you want to connect on every device that's wireless; on top of WPA2 or WPA3 encryption. And subnet - you can use a different subnet to also confuse. I use a /27 subnet, 32 addressable IP's - plenty for my network. That's a little more advanced so, wouldn't try anything with that unless you know about subnetting.. Any device you have close that can use Ethernet - definitely suggest it :+1: Roku TV's are limited to 80-90Mbps on Ethernet btw, just found that out recently lol.. Also make sure to use a non-overlapping channel for 2.4Ghz WiFi, ch1, 6, and 11 if you have others in close proximity; helps reduce interference from others..

Speedtest - I'd suggest using the CLI version, install with terminal sudo apt install speedtest-cli then run with speedtest. Doesn't use a GUI to get your speeds, much better :wink:

RiseUp - nice! I'm also a RiseUp user - good one for sure! That's just for your device though - be aware that with running VPN you'll likely have issues talking to devices via hostname, maybe IP as well. When I'm using VPN, can't reach my RPi NAS with hostname - as expected though.

I remember a few years ago before I retired an IT Technician at the school where I was based said WPA-2 had been hacked and it appears -3 also:

A better option would be to turn wifi off and use a network cable to the router. If the device does not have an ethernet port it is possible to buy one with USB adapter.

Yep, I can crack WPA2 and WPA3 passwords myself :wink: When long, complex passwords are used, it's highly unlikely to be cracked. I believe the SHA5 hash still takes a good amount of time (years), even with the best supercomputers. (SHA5 wasn't a typo)

Uhh... You could say that...
For a random hash function with an n-bit output where n=256, and depending on your angle of attack, a brute-force pre-image or second pre-image attack would require 2^n evaluations. A collision attack would require approximately 2^(n/2) evaluations. For SHA-256, this is 2^128 operations.
This means it would take only about ohh... a few trillion years to evaluate a hash every FLOP even using a Very Powerful SuperComputer.

This... is why I do not recommend Full Disk Encryption. If you lose your password, that data is Lost Forever.

SHA5 does not exist. Did you mean SHA-256? Or... MD5?

1 Like

What is SHA-512 Hash? An In-depth Guide with Examples - Sometimes shortened to SHA5 to signify SHA-512 - and yes it's very real, and exists. On an AT&T U-verse router? Highly unlikely lol Just a reference for heightened security - which would be extremely overkill for a home network.

The point is - use what's available. As an example, again, I don't think that U-verse router is going to have it - but probably WPA2, maybe even WPA3 depending on how new it is. That was taken too literal than how it was meant. A rainbow table that comprises of the alphanumerical 9 character password (just 9) on a SHA-512 encryption would be almost 1TB, around 890GB.. Just the table. So yeah - kind of extremely unlikely to be attacked - or implemented.

Love when something blows out of proportion :rofl:

I do not recommend shortening it that way as that would create serious confusion.

If someone shortened SHA-256 to SHA2, it would be confused for... SHA2.

I can see that, for sure - I tend to forget about those kinds of things lol Sec jargon..

Duly noted - apologies!

1 Like

I'm sorry I have to be so basic to start out but how can I make router setting changes? I can try but where do I do this? For starters?
And just to make sure, there isn't any way to use my usb connection straight from my router to my computer and skip the WIFI bit?
That is, just to bypass all of the brain power that I'll need to achieve the aforementioned route you talk about. I'm up for the challenge as long as I have help though.

1 Like

I have a usb connection that I was using before I installed Zorin OS pro 16.3. For some reason along the way I was made to go the WIFI route during install. I do not remember what requires this in the install process. Can I just plug the usb connection back in then and not use WIFI?

Where do I turn wifi off?

My brain just turned back on and I'm good to go. I just wired it back up with ethernet connection and turned wifi off.

1 Like

I may have to look that up for your U-verse - when connected to the device, try opening a browser and entering your 'default IP', usually a 192.168.x.1 number, could be different; could be that USB port is for configuration as well. The USB connection should be fine though! I've used that off my phone before, like a tether. But yes, you should be able to be just fine with USB connection. When you do plug-in, you may have to go to Settings -> Network to see the USB network connection, if available. It sounds like you did use it like that previously, so should still work!

Was doing some digging; some of the U-verse routers are only like a charging port; no data only power.

Do you have a model number? That'll really pinpoint some things.

In terms of "Where do I turn my wifi off?" depends on make and model of router. I have TP-Link router that has this.

One thing you can try if you don't want to use an ethernet cable is lower the intensity of the Wi-Fi signal that the router emits. A potential attacker nearby you may still be able to detect your Wi-Fi signal but disregard it due to the low intensity is received, possibly tricking them into thinking it's noise coming from another neighbor further away from your location.

This is definitely not a good idea most of the time and will likely have a noticeable decrease in speed and reliability. However if you are already nearby the router, though not close enough for a cable or if a cable is not a good solution, this may be a good approach to quietly fade in with background noise.

I was also confused by this :sweat_smile: SHA-2 refers to an entire family of algorithms including SHA-256 and SHA-512, but I believe they differ mostly on the output size, 32 bit and 64 bit respectively, not in the underlying implementation.
SHA-3 is the next iteration but I haven't seen it mentioned much, probably it's because the existing algorithms are still strong enough.

For password hashing though, there are dedicated hashing algorithms specifically designed to be slow to compute and mitigate brute-force attacks. I only know of bcrypt and Argon2 which are used often in password security on the web.

Yes, SHA3 is nothing like SHA2. It operates in a whole new way. I would need to look up the details on it (I do not recall) but it completely rebuilt how the hashing is done and managed. This also resulted in it having some security weak points.
In this context, even a weak point may mean it would take a few million years to break the hash instead of a 450 Billion but... In Security... It is assumed that a weak point can be exploited in a currently unpredictable way, allowing for a real-time vulnerability that must be taken seriously.

1 Like

Well - I haven't worked alongside you guys with any security, hashing, or pentesting; soo, of course 'SHA5' is gonna sound weird ... :person_shrugging:

Arguing the point to exhaustion is rather useless - having used the terms before in the field with colleagues vs what people have heard or used before on a forum, can be different. Just like anything! When it came down to it, there was specific jargon for everything - did it sound like they were referring to something else? Yep, I said the same thing you guys did "THERE IS NO SHA5!!!".. but, I wasn't the lead security guy saying it, and he made low-mid 6figures lol I'm not arguing it - but you guys can, HASH it out! :joy: And this has been covered!


Back on point! :+1:

Well, I certainly would not resort to brute force just to crack a few bits of confusion.
If necessary, we can checksum references.

1 Like

I mentioned this as it was an idea that popped to my mind but I haven't tried it nor have I ever seen it mentioned anywhere as a viable option... is this something that could work or has any other real-life use cases?

1 Like

I've tried looking up some info on the Uverse router - looks like a mobile hotspot kinda like what Verizon and others offer. I've not used one in a long time, but do remember it was very limited on what it could handle; settings and all. Basic encryption (WPA/2), maybe 2.4/5GHz options, I think 4-5 device limit.. and like everything else, I'm sure they've gotten a lot more robust in that time..

I'll just have to wait for a model number or device ID :smirk: