Re: [Fwd: Re: Office Max $19 Microsoft adaptors]

On Thursday 01 July 2004 04:56 pm, Mac Mason wrote:
> Comments are inline, as usual; who wrote what is a big muddled, so I'm
> just going to respond to the whole thing, regardless... :-)
>
> On Thu, Jul 01, 2004 at 03:32:05PM -0800, jsw@wadell.org wrote:
> > I consider MAC a pretty good security fix, but I am happy to be blasted
> > by the group (Arthur?). I REALLY would like to do a Friday on this, but I
> > am drowning in Houston.
>
> I'll do the blasting here. MAC is a pretty weak fix; it's easy, almost
> trivial, to spoof MAC addresses. While _finding_ a MAC address that
> works isn't terribly easy, I imagine some packet sniffing could do it,
> and a really dedicated attacker could find out your MAC in all sorts of
> other interesting ways.

MAC is found via monitor mode; trivial.

> > learn about setting up security for wireless devices ASAP :) In
> > particular WEP and SSID. I imagine it's easy enough to change the
> > options on the basestation, but it's setting it up on the card in Linux
> > that i'm not so sure about.
>
> WEP is about as effective as plaintext; arguably worse, as it might make
> you think you're more secure. The exception here is the fancy Cisco WEP
> gadget that rotates your WEP key every few seconds; this is a
> proprietary gizmo, and I don't know if the client-side is done in
> software or hardware, or (if the former) if there are linux drivers
> available.

256 wep is good. APs and cards that filter weak IVs are good. 128 is okay as long as the
gear filters the weak IVs. Sometimes a 128 can be cracked in a few thousand "interesting (airsnort)"
packets, sometimes it takes a million or more; depends on gear. Collecting capture
files day after day, trip after trip, combined into one, is the method of patience. It doesn't take
long to crack weak gear.

> > > Anyway, all seems to be working good now, except the fact I don't
> > > really
> >
> > have any security set up.

If you live in a populated area, I suggest you use your curious heart and start a fiddling. What's too
loose? what's to gain; easy answer. I have faith in ya :)

> > I'm afraid to touch any of the options on the
> > access point for fear of it all the sudden not working. Right now my
> > only security consists of my limiting access by MAC address and leaving
> > it turned off when I'm not using it.
>
> Leaving it turned off _is_ a pretty effective solution.

lol, true. hehe

> The only way to really do this right is to set up a machine between the
> network where the access point is and the AP itself, like so:
>
>
> -------- ------------------ ------------- --------
>
> | net- | ---- | middleman machine | --- | wireless AP | *** | client |
> | work | ------------------ ------------- --------
>
> --------
>
> (where a --- is a wire, and *** is a wireless connection)
>
> and have the middleman allow VPN connections through to the network, and
> drop everything else. Then, teach every laptop you want to allow how to
> hook into the VPN (best to do this with a user / group setup on the
> middleman, so that you can log in as 'me' instead of 'this computer')
>
> Then everything that gets transmitted wirelessly is already encrypted by
> a encryption protocol that Doesn't Suck (tm) and your wired network is
> pretty well-defended.
>
> The other solution (and the one I use at school, where there's a
> pervasive wireless network, such that we have no access control at all)
> is to do exactly two things wirelessly: web surfing (because if people
> snoop a web site, that's fine; they could get there on their own) and
> ssh-based things (because that's already encrypted).
>
> Note that working https is safe, too.
>
>
> So, there's your dissertation on network security for the day.
>
> --Mac

Here's what I got. I play with monitor mode (promisc on crack lol) very often, many times I've
picked up clear text USER and PASS packets from an unprotected, slap it together home/work network.
I consider this person cracked when I see this. For everyones info, I DON'T
TAKE ADVANTAGE OF THIS INFO. This info WAS found when doing pen-testing on home networks
for friends or myself and WAS caught as "background noise". I simply ignore it and share it WITH NO ONE!
> /DEV/NULL.

I suggest, use gear that filters weak IVs, use 256 wep, wisdom: read security mailing lists if ya
wanna keep up on the exploits (the latest one is the dlink 614+ AP/router; serious! bugtraq@securityfocus.com
 SUBJECT:DLINK 614+ - SOHO routers, system DOS) use ssh,https and for the love of god, stay away from
clear text!

So, my home wireless network is this: wep 128/256 (depends if I'm playing or not), static ips, mac filtering (does
machanger work on wireless yet?) good gear that filters weak IVs, silent SSID, no clear text pass|user at all! Log inspections,
tight filters and isolation from my wired network and maybe a few things I can't think of.....beer :)

It's trivial for a baddie to cruz or park with a card in monitor mode, gathering packets from spot
to spot to inspect at a later time. What's scary, sometimes gps is used, so a map is made; a return visit
after a scan can be done to continue a airsnort (128wep crack) session from a prior saved file. Check this, promisc
mode nics under certain conditions (non 3c59x) can be detected on a wire, but a card in monitor mode, as far
as I've studied, cannot be detected in any way known; decoy packets can be used, but this is after the fact kinda.
The baddies are invisible! hehe , there, no there, no up there...:)

Think about this, dsniff now works in monitor mode! That's scary, every kiddie on the planet can whack a unprotected
network; that's if they can install the modules and pcmcia_cs (lol, what a pain...). Using our AP to touch the internet is mild, what's
scary is the clear text info and monitor mode, OR cracking weak gear, associating and sniffing in common promisc AND using
the AP to touch the internet.

Also, DOS in wireless world kinda seems trivial too, I haven't worked this yet, but when a fellow can get his laptop
to become a AP, the DOS world opens right up. There's a tool called radiate, this seems ruthless.

I hope that helps. From what I've read about ACS's new program, it looks safe. But really, I'm a noob...The
technology you cats are using is just down right incredible! More secure than the others, who use no encryption and have
USERS STILL USING CLEAR TEXT, IN THE AIR AROUND ANCHORAGE: CRAZY! CRAZY! IDENTITY THEFT CAN EVER SO
EASILY START FROM THE MAIL BOX! UGRH!

yup, just handed out a little info, hope I don't pay for that...Oh hell, my heart is clean and Belgium beer galore...burp, lol
did I just actually press send....
eddie

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Jul 1 21:20:38 2004