Slashdot Mirror
Exploiting and Protecting 802.11b Networks
iforgotmyfirstlogon writes: "A couple of guys from Extreme Tech drove around New York, New Jersey, Boston, and Silicon Valley with a high gain antenna to see how many (secure and) unsecure wireless networks they could tap into. They used NetStumbler and Linux AirSnort to help them search. Results? They came across over 800 networks and less than 40% had any sort of security."
They later went on to add that, "Out of the 40% of computers in which access was gained, just over 20% were serving some really great porn. Hey, why do you think we did this survey in the first place?"
Peter Shipley did that in San Fransisco and found smaling like 2500 access points. The only way this will ever be fixed is if companies realize that you cannot depend on protocol level security. WEP is not the answer. Tunneled SSL, or some sort of VPN end to end security is the only way to protect your connect.
Jeff Knox
Does anyone know of any good Documentation on how to secure wireless communications ?? I know we have 2 wireless connections between 3 building using SMC's Wireless routers, and the only security that was built in other than the 64 and 128 bit encryption (which is apparently crackable), and only allowing certain MAC addresses to communicate (which is also easy to crack).
So instead of writing articles on how bad wireless tech is to crack, (4th article I've read in a week) why not write a how-to on how to implement security on your wireless LANs.
WEP is not the answer. Tunneled SL, or some sort of VPN end to end security is the only way to protect your connect.
Hear hear.
So the thing to do is to put the wireless LAN port on the logical OUTSIDE of your firewall and let the laptops all tunnel in through it. Your firewall can also filter connections between the WLAN and your net feed.
For the open net your users can also encrypted-tunnel to the tunnel server and go out from there, to avoid eavesdroppers. With this configuration there's no reason to bother with WEP.
Go ahead and route packets between the net and the wireless port if you're feeling altruistic, or restrict WLAN connections to the tunnel server(s) if you're not.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
It comes down to speed vs. privacy. You can ignore WEP and use IPsec or a VPN. You'll take a speed hit, but you'll have reasonable privacy.
If you don't mind exchanging some privacy for additional speed, 128 bit WEP isn't a bad choice. It hasn't lived up to it's "Wired Equivalent" name but sniffing and decrypting is a non-trivial operation.
For more speed with minimal privacy, 80 bit WEP doesn't cost much bandwidth (2%) and you're still only going to be sniffed and decrypted by folks with a clue.
In some situations, speed is most important and privacy is meaningless. Suppose you're downloading Debian ISO's over a wireless link. There are times (one might argue the majority of internet traffic) when privacy just doesn't matter. If you can use reliable encrypted protocols for the exceptions then open mode 802.11b is fine. What are you trying to hide?
As long as we're able to encrypt those transactions that require privacy none of the WEP "stuff" matters. How secure is your wired network internet traffic after it gets to your ISP?
When you have 1000's of people driving around trying to h4x0r 802.11b networks, it won't be the same thing anymore.
How do you know you don't ALREADY have thousands of people driving around sniffing 802.11b nets?
And how is a person supposed to distinguish nets left open deliberately, as a public service, from those left open accidentally?
The existence of public 802.11b ports gives plausabile deniability of criminal intent to anyone making parasitic but non-malicious use of an accidentally-open WLAN.
(IANAL of course. But I'd hate to be a prosecutor trying to bring a case against someone who "trespassed" on a WLAN port.)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
There seems to be a recent outbreak in these "drive by hackings." Thank the gods my friend registered www.drivebyhacking.com a couple months ago. Now we just have to figure out what to put up there.
----- Mike Sklens Staff Writer, Planet GameCube.com
Why of course, under the logic similar to that found in the DMCA, all wireless networks are perfectly secure!
There, don't you feel better now? Our fine Brother Sam passed a law saying that something is so it must be true and has always been true.
double plus good i say!
1984 here we come.
We know wep is insecure. There is little point in even putting anything on these nets. as a matter of fact I can find reasons not to. Let's say for example that you run a facility that has large numbers of people from outside coming in. WOuld it make sense to enforce 128 bit encryption? Sheesh, all the people with bronze (no encryption) and silver (40/64 bit encryption) can't use it.
As someone pointed out above, put it outside the firewall, requirte ssh/vpn to get inside a firewall. tell people it's an insecure net, and recommend personal firewalls (zone alarm. blackice, ipchains, etc).
The major benefit of wireless is access anywhere. Security directly conflicts with access. For example, managing MAC level security (restricting by MAC) is a pain in the keister. WEP is worthless. So assume all your traffic is insecure and use something to encrypt it. If you really need to prevent people from getting on and using your net, _don't use wireless_.
-- Who is the bigger fool? The fool or the fool who follows him? --
I can just imagine some poor network admin trying to figure out who the heck is using their network to surf for pr0n (and imagine the PHB trying to figure out who they need to fire).
But seriously, with wireless it seems like it would be incredibly difficult to trace the unauthorized user. Land based hacks are usually done over the internet rather than by physically connecting to their network. As a result, there's usually logs to help track down the person(s) using the network.
But this seems incredibly tough... if the cracker didn't go anywhere on the network that would give themselves away (such as logging into hotmail to check their mail), I would guess that it would damn near impossible to find out who was sneaking into the network... even if/when they were actually connected. I would guess that the wireless network might get the MAC address of the card being used to get into the network, but even that likely wouldn't get you anywhere.
Is that true, or am I missing something here?
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
We tried this stunt from an office window in the centre of New Zealand's largest city, Auckland. Even with only the laptop's wireless card, we were able to tap into 13 networks, and gain external internet access through 10 of these. The main security risk this poses, is that most highspeed business connections here are MB capped, and therefore, any kid with a laptop and wireless LAN card can use any local retailer's high-speed connection to download his warez, or even worse, to carry out even more highly illegal activity and it is traced back to.. the kid? No. The retailer. And this was only with a 5 inch steel aerial! Imagine what we could tap into with the kind of reciever power used in that article. Ironically, one of the internal networks we were able to enter completely anonymously, was that of a major NZ bank. Cash anyone?