Wireless Security
Re: Bruce doesn't secure his wireless Jun 18 2008 11:41PM
Rob Fuller (jd mubix gmail com) (1 replies)
Blaine,

I completely agree with a number of your points, and I don't expect
everyone to go out and setup WPA2 w/ Radius servers in their home.
However, no matter who is in front of my house, I am not underestimating
them. But I would personally be more worried that since my wireless was
unsecured that I would be in the realm of "crime of convince". Even
providing WEP deters the passerby child porn surfer. So to get back on
topic:
1. Yes, the logging might not be there but in the attacker mindset, I'm
not going to take that chance. Attack surface area should be the #1
thought in the attackers mind, save denial of service attacks.
2. I again call on the "don't underestimate them" adage.
3. Why makes/models have this fail switch? I haven't run into any. As
for the malicious malware, there is code out there that simply bricks
APs. The WRT54G for example has googlable firmwares out there that will
perma brick them.
4. I slightly disagree with you on the MAC filtering analogy. If joe
blow hacker comes during the night and you are sleeping with your only
wireless device (your laptop) turned off, they are not going to guess
which MAC is 'authorized'.
5. Yes, I'm adding a point. Just to one up you... So... HA!

mubix

Blaine Fleming wrote:
> What bubble? I'm well aware of the fact that devices have security
> holes and nothing is truly that secure. But when it comes down to it,
> how many times has your local coffee shop or other public access point
> been shutdown because of someone being malicious? Yes it happens but
> not that much. Attacking the nodes on the network will provide more
> valuable information so unless the intent is to cause a Denial of
> Service then they have done nothing of value. As for the details:
>
> 1. I assumed the attacker was connected as a normal client since the
> message I was responding to says "...if I take my laptop, connect to
> his network, type in 192.168.1.1 (or do a host scan and look for a
> dhcp server)..." If they can just "type in 192.168.1.1" then they are
> attached to the network and have an IP. Since most AP's are dumb
> devices the only logging that will probably happen is showing the
> hostname that asked for the IP or somewhere else in their clients list.
>
> 2. Cheap devices has crappy security. No argument from me there.
> However, based on the skill level of the attacker assumed in #1, they
> probably won't bother with an attack other than trying the default
> password (the method of access described in the message I
> referenced). In addition, these devices have several security holes
> on the WAN side but yet they are still considered secure enough.
>
> 3. While several consumer AP's support custom firmware, even more
> don't or require physical access to the device such as a local power
> cycle to bootstrap a new firmware. Restoring from a malicious
> firmware can be difficult but still not impossible to recover from.
> Most of the devices I've played with support a power on recovery mode
> and that part of the bootloader can not be upgraded or altered by the
> firmware.
>
> 4. Yes, I'm adding a point. Even with security enabled your data may
> not be very well protected. WEP is easy to break. MAC address
> filtering is like putting a lock on a window. WPA is currently
> somewhat secure but the passwords people use are typically weak.
> Phone numbers, addresses and dictionary words make it possible to gain
> access in hours at most. I just demonstrated that to someone that
> told me that nobody could ever gain access to their WPA protected AP.
>
> Security is relative and is only "best effort". You do what is best
> for you and Bruce will do what is best for him. Personally, I'm more
> concerned with the legal issues from someone using your connection and
> doing bad things.
>
> --Blaine
> All things said in good humor. There's nothing wrong with a good
> clean debate. ;-P
>
>
> Rob Fuller wrote:
>> Blaine,
>> Not to burst your bubble a bit, but..
>>
>> 1. Because if you receive an IP that means you have been logged one
>> more place. Now, most likely it is the router that gave you that
>> IP, but it could be forwarding those logs or the DHCP server could
>> be hosted on a completely different server. The best way is to sit
>> and listen, watch the ARP traffic, after a short while you will
>> get the idea of what IP addresses are out there and the range they
>> are in. Statically assign yourself and IP and you are off to the
>> races.
>> 2. There are web app hacks that allow you to issue certain commands
>> to a WAP without having authenticated. Just yesterday there was a
>> password set hack found on the routers that Verizon FiOS uses
>> regularly that allowed one to SET the Administrator password
>> without authenticating and without typing in the "old password".
>> Linksys routers have a number of these vulnerabilities. 3. See
>> Jesse Michaels post: "Doesn't necessarily help if the attacker
>> has flashed the device with malicious firmware."
>>
>> mubix
>

[ reply ]
Re: Bruce doesn't secure his wireless Jun 19 2008 12:05AM
Blaine Fleming (groups digital-z com) (1 replies)
Re: Bruce doesn't secure his wireless Jun 19 2008 02:16AM
Peter (peter1512 gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus