|
|
Wireless Security
Bruce doesn't secure his wireless Jun 17 2008 09:54PM Robin Wood (dninja gmail com) (2 replies) Re: Bruce doesn't secure his wireless Jun 18 2008 02:40AM The Dark Sniper (thedarksniper gmail com) (2 replies) Re: Bruce doesn't secure his wireless Jun 18 2008 06:57PM Blaine Fleming (groups digital-z com) (1 replies) Re: Bruce doesn't secure his wireless Jun 18 2008 02:21PM Dave Hull (dphull trustedsignal com) (1 replies) Re: Bruce doesn't secure his wireless Jun 18 2008 07:01PM jesse michael (jesse michael comcast net) (2 replies) RE: Bruce doesn't secure his wireless Jun 18 2008 09:48PM Jag Mohan Singh Kalkal (jag kalkal gmail com) Re: Bruce doesn't secure his wireless Jun 18 2008 09:08PM Zacheusz Siedlecki (zacheuszs gmail com) (1 replies) Re: Bruce doesn't secure his wireless Jun 19 2008 12:29AM jesse michael (jesse michael comcast net) (2 replies) Re: Bruce doesn't secure his wireless Jun 19 2008 03:28PM Zacheusz Siedlecki (zacheuszs gmail com) (1 replies) |
|
Privacy Statement |
Not to burst your bubble a bit, but..
1. Because if you receive an IP that means you have been logged one
more place. Now, most likely it is the router that gave you that
IP, but it could be forwarding those logs or the DHCP server could
be hosted on a completely different server. The best way is to sit
and listen, watch the ARP traffic, after a short while you will
get the idea of what IP addresses are out there and the range they
are in. Statically assign yourself and IP and you are off to the
races.
2. There are web app hacks that allow you to issue certain commands
to a WAP without having authenticated. Just yesterday there was a
password set hack found on the routers that Verizon FiOS uses
regularly that allowed one to SET the Administrator password
without authenticating and without typing in the "old password".
Linksys routers have a number of these vulnerabilities.
3. See Jesse Michaels post: "Doesn't necessarily help if the attacker
has flashed the device with malicious firmware."
mubix
Blaine Fleming wrote:
> The Dark Sniper wrote:
>> And what do you suppose might happen if I take my laptop, connect to
>> his network, type in 192.168.1.1 (or do a host scan and look for a
>> dhcp server) login useing the default router password ( a quick
>> google search), enable WPA TKIP, add a password and enable MAC
>> address filtering so only my laptop could use it? What happens then
>
> 1. Why do you need to run a host scan to find the DHCP server? If
> you receive an IP then your computer already knows the server that
> handed it out. Actively searching for it is too much work.
> 2. Just because there is no authentication on the wireless doesn't
> mean that the router itself doesn't have a password or is set to the
> default password.
> 3. If you do manage to login and change something then all he has to
> do is push a button to reset it as he has control of the physical
> hardware and you don't.
>
> I run several wireless networks for several public hotspots and not
> once has anyone compromised the security of the devices. Of course,
> users are on their own when it comes to securing their devices. The
> systems that I have attached to the open wireless have had several
> attempts to gain access but nobody has had success.
>
> The moral of this story folks is that open doesn't mean insecure.
>
> --Blaine
>
[ reply ]