PDA

View Full Version : target on open wifi



robsonde
15-09-2009, 09:28 PM
anyone see the crap target item about open wifi?

most of the tips are just rubbish...

1. change tha admin password.
ok good

2. use WEP or WPA.
WEP is very broken, most hackers can get a wep password in less than 5 minutes.
use WPA or if you can use WPA2


3. change the SSID.
why? who cares?
I would rather have a plan SSID of "linksys" than "23 oldfunk st"

4. disable broadcasting.
again, this wont stop a hacker.




real world tips.

1. use WPA2
2. done
3. ???

nofam
15-09-2009, 09:49 PM
Yeah just saw that too.

I think their advice was aimed at stopping war driving, rather than hacking; I'd guess that if a war driver couldn't get on to your WLAN within 30 seconds, they'd move on to another one.

No-one is going to hack their way through AES-CCMP if the next house over has a bog-standard setup.

whellington
15-09-2009, 09:54 PM
Shame on you!

nofam
15-09-2009, 10:13 PM
Shame on you!

Umm what now?

Cato
15-09-2009, 10:19 PM
Why not add a mac address filter in there too?

nofam
15-09-2009, 10:30 PM
Why not add a mac address filter in there too?

A hardened access control list isn't actually that useful, as MAC addresses can be easily sniffed, and then spoofed.

But yeah, I always do that as a matter of course. :thumbs:

wainuitech
15-09-2009, 10:52 PM
open / un-secured networks are an easy target - you only have to go to some peoples places and when the laptop/PC scans for networks the amount that are un-secure is incredible.

At the end of the day, it doesn't matter how secure your wireless network is - if someone wants to get in, and has the knowledge, they will.

Might take a while but they would do it.

Agent_24
16-09-2009, 12:09 PM
The most effective method is using WPA2 with an incredibly complex key, stick a firewall between the WAP and the rest of your network and use RADIUS if you need to.

Hidden SSID, MAC filtering etc will stop most of the idiots but not the determined hackers

OR you can fix the problem completely by getting what is called a "wired" network (seems some people have forgotten about this original, cheaper, faster, more secure method)

prefect
16-09-2009, 01:41 PM
I have taken the aerial off the dlink dsl g604 as I have the computers hooked up by a cable. Laptop died a horror death.
And I am about 300 metres from road
Am I safe as a teenager with glad wrap?

dolby digital
16-09-2009, 01:43 PM
It was sensible advice. Not all wireless routers have the later encryption methods.

Gobe1
16-09-2009, 01:50 PM
Stick your wireless networks, cable forever!!

sarel
16-09-2009, 02:13 PM
I recently had to "connect" SWMBO wirelessly to our network (her new lappie), and saw there were three unsecured networks alive around my house, all with very good signal strength. The only positive is that our cluster of houses sit way back in a driveway, some 100m from the main road, but still.

sarel

Chilling_Silence
16-09-2009, 02:41 PM
Remember:
Just because you cannot get to the wireless doesn't mean others can't get to it, with directional antennas and the likes. Even if you unplug the antenna, it's still not "safe".

* MAC's can be sniffed & spoofed
* You can still "see" wireless networks with hidden SSID
* WEP is easiest to break and will only stop total amateurs. Where possible, avoid it like the plague.
* WPA / WPA2 is slightly more difficult, but still possible to break
* RADIUS isn't perfect either
* Firewalls at home / office are quite literally pointless and only get in the way - Let your router do NAT, your PC's firewall will almost never be used except to stop apps from phoning home. Connecting to somebody elses WLAN or a public hotspot may be a different story however
* Generic SSID's aren't specifically better than your address. Lets be honest most wardrivers don't know which house "JaneJohnSmithWiFi" comes from until they start testing the strength from multiple locations. That said, even if you had no SSID at all, they'd still know the wireless signal is coming from your house, not your neighbours ;)


My 2c worth :)

Erayd
16-09-2009, 02:43 PM
I have taken the aerial off the dlink dsl g604 as I have the computers hooked up by a cable. Laptop died a horror death.
And I am about 300 metres from road
Am I safe as a teenager with glad wrap?

Why don't you just turn the wireless off? Most routers have this capability, and then it doesn't matter how secure it isn't - if it's off, you can't use it, end of story.

pcuser42
16-09-2009, 02:51 PM
* You can still "see" wireless networks with hidden SSID


So true. While XP may not show them, Vista will.

I actually turned the SSID back on because XP wouldn't see it.

Metla
16-09-2009, 03:00 PM
Remember:
Just because you cannot get to the wireless doesn't mean others can't get to it, with directional antennas and the likes. Even if you unplug the antenna, it's still not "safe".


Funny enough I had my antenna unplugged, and now i cant find it, I have had to mount my router above my seat so I'm sitting directly under it for my wireless to work.

Still not getting a great signal, In fact I have picked up 2 other networks and I'm receiving them stronger.

Agent_24
16-09-2009, 03:16 PM
I have taken the aerial off the dlink dsl g604 as I have the computers hooked up by a cable. Laptop died a horror death.
And I am about 300 metres from road
Am I safe as a teenager with glad wrap?

I would go into the router config page and disable the wireless completely if you want to be sure


So true. While XP may not show them, Vista will.

So will Aircrack, Netstumbler, Kismet and countless others...

pcuser42
16-09-2009, 03:17 PM
I would go into the router config page and disable the wireless completely if you want to be sure

Or unplug it from the power and use a hub :D

Erayd
16-09-2009, 03:26 PM
Or unplug it from the power and use a hub :DA hub or switch is not a router, so this probably isn't an option unless they also have an additional router to use for NAT.

sroby
16-09-2009, 03:28 PM
http://revision3.com/tekzilla/icicle

Heres a scary thought , employees setting up there own wifi access point inside a corporate network

"DIY WiFi + The Corporate Network = Bad Idea

Jason's looking to drop a spare PCI WiFi card into his office PC... it'll work as a Wireless Access Point and extend the WiFI coverage in his office. You could use Internet Connection Sharing to do this, it's built into Windows... and you'll probably be setting yourself up to get fired...."

wainuitech
16-09-2009, 04:29 PM
A funny story about SSID - I was setting up a customers wireless a few months back - when doing a scan- it found next doors at full strength - it was listed as F**K OFF

:lol: Okkkayyyyyyy :rolleyes:

pcuser42
16-09-2009, 05:19 PM
A funny story about SSID - I was setting up a customers wireless a few months back - when doing a scan- it found next doors at full strength - it was listed as F**K OFF

:lol: Okkkayyyyyyy :rolleyes:

I also saw once someone set their SSD to "Please email [someone] for access" - but how are you supposed to email them? :stare:

Metla
16-09-2009, 05:28 PM
A funny story about SSID - I was setting up a customers wireless a few months back - when doing a scan- it found next doors at full strength - it was listed as F**K OFF

:lol: Okkkayyyyyyy :rolleyes:

That's what mine is called as well :xmouth:

Agent_24
16-09-2009, 05:31 PM
I'd rather setup an open WAP with an SSID of "Free Internet"

Then when they connect, you can do all sorts of things to their PC, as well as dumping all their traffic to disk...

gary67
16-09-2009, 05:47 PM
No wifi here cable to every room even the garage

pcuser42
16-09-2009, 05:53 PM
I'd rather setup an open WAP with an SSID of "Free Internet"

Then when they connect, you can do all sorts of things to their PC, as well as dumping all their traffic to disk...

Flipping websites, inverting colours - or even better, redirect them to http://www.smouch.net/lol. :xmouth:

wainuitech
16-09-2009, 06:09 PM
Flipping websites, inverting colours - or even better, redirect them to http://www.smouch.net/lol. :xmouth: :banana :banana I just had to click the link :lol:

pcuser42
16-09-2009, 06:40 PM
:banana :banana I just had to click the link :lol:
Disable Javascript before clicking. ;)

beeswax34
16-09-2009, 07:02 PM
Flipping websites, inverting colours - or even better, redirect them to http://www.smouch.net/lol. :xmouth:

I hate you so much lol

sarel
17-09-2009, 08:15 AM
Damn, if I should suggest to SWMBO that I need to switch off the wireless to make it more secure, you will probably read about it in the papers the next day :"Poor man died of fright/heart attack/whatever after the most horrible tongue lashing in the history of man"

:rolleyes:

sarel

prefect
17-09-2009, 10:23 AM
I would go into the router config page and disable the wireless completely if you want to be sure



So will Aircrack, Netstumbler, Kismet and countless others...

Let me loose doing setting changes on the router will only end in heartbreak and me going up to DSE and buying another one.

whellington
17-09-2009, 10:48 AM
Just get a wireless router with like 10m connectivity range

Agent_24
17-09-2009, 10:59 AM
Let me loose doing setting changes on the router will only end in heartbreak and me going up to DSE and buying another one.

:lol: you can't break it that way, at worst you could lock yourself out and have to use the reset button... (I've had to do that a couple of times)

There's probably an option called "Wireless Radio" (or similar) with an option to either "Enable" or "Disable"

Chilling_Silence
17-09-2009, 11:57 AM
Flipping websites, inverting colours - or even better, redirect them to http://www.smouch.net/lol. :xmouth:

http://bash.org/?202477


Just get a wireless router with like 10m connectivity range

No, that's not right. See my previous post. If somebody has a directional antenna, they can *still* reach yours, even if yours has a range of 10m, theirs may have a range of 1KM ... It's still not safe. Ever.