PDA

View Full Version : Dangers of the internet



Aquix
April 24th, 2011, 12:21 PM
This is not news to many but I realize I need to inform.

Let say you have a wireless connection with wpa2 encryption and think your safe. Your not.

Any wireless connection today is easily crackable. And that means I can drive up your house and access your network to download amounts of childporn, to your harddrive from your network.

That is incredible intimidating

I know it's old news. but I think this is the announcements that needs to be given every once in then.

markp1989
April 24th, 2011, 12:27 PM
isn't really a danger of the internet, more a danger of wireless networking

like you said, most people will realize that there is no such thing as 100% secure wireless communication

I still find it shocking that so many people think having a password like 1234567 will help as well

mr-woof
April 24th, 2011, 12:36 PM
It's my understanding that WPA2-AES hasn't actually been cracked yet and if you have a very long, random character password you've got no chance with a standard laptop of even attempting to crack it.

http://www.dslreports.com/forum/r21270457-Is-WPAWPA2-cracked

Random_Dude
April 24th, 2011, 12:49 PM
You can always limit the access to you're router by MAC address list.

Cheers :cool:

mr-woof
April 24th, 2011, 12:56 PM
mac address lists do nothing to stop an attacker, they can easily spoof a mac address.

BigCityCat
April 24th, 2011, 01:05 PM
WPA2 has not been cracked. That is bull ****.

http://www.theregister.co.uk/2008/10/10/graphics_card_wireless_hacking/

This guys is running a bunch of crap. It still comes down to weak passwords and specific targets. The Russians aren't outside my house with a botnet of a 100 nvidia gpus to bust my network. What ever.

RiceMonster
April 24th, 2011, 01:13 PM
WEP keys can be cracked. But even that can take hours. Not the same for WPA-2. It's much more secure.


Here's the other thing about home WiFi security. The real "attacker" you're trying to stop is your neighbor or something stealing your internet connection. Not some super hacker. You just need enough to make them not bother, 99.99% of the time. Even using a hidden ESSID can be enough for that, though simply using WPA-2 is probably the best idea.

NovaAesa
April 24th, 2011, 01:15 PM
I wasn't aware that WPA2 was cracked yet... I was under the impression it was more or less bullet proof for the moment.

BigSilly
April 24th, 2011, 01:16 PM
Well I know nothing about routers, but we use WPA2-AES with a 50 digit password. I hope that's enough.

Oh and MAC filtering for extras. :)

bashologist
April 24th, 2011, 01:17 PM
About the mac address stuff. How would you know their mac address without having access to the network? If you spoofed the routers mac address would that just bypass the access list and always let you in?

Random_Dude
April 24th, 2011, 01:17 PM
mac address lists do nothing to stop an attacker, they can easily spoof a mac address.

I don't know anything about network security, but I always like to learn.
In order to do that wouldn't they need to know which mac addresses your home computers have? Is it possible to know that without physical access to the computer?

Cheers :cool:

Fedz
April 24th, 2011, 01:21 PM
This is pretty old news & has awareness featured on TV & internet news & tech sites & or programmes for a number of years!

Anything wireless isn't really secure & even lines can be tapped :)

Best defence is a long combination password of lower and upper case letters, numbers and punctuation symbols & use WPA-2 :)

My fone finds 100s of unsecured wide open networks just walking round with the dog lol

sammiev
April 24th, 2011, 01:30 PM
wep is a joke and can be cracked in a min or two. wpa can be cracked but you need the dictionary database to run your packets across which you can buy off the net. You can also send them the packets and they will crack it for you at a price. GL :)

RiceMonster
April 24th, 2011, 01:30 PM
Well I know nothing about routers, but we use WPA2-AES with a 50 digit password. I hope that's enough.

Oh and MAC filtering for extras. :)

That's more than enough. The reason I don't go that far is because I have friends come over with laptops and/or smart phones, and I want to let them on my WiFi. I don't want to have to get their mac address, and then read them out a 50 digit password. I just use WPA-2, with a good password, which is enough to keep unwanted people off my network.

lisati
April 24th, 2011, 01:33 PM
For various reasons, a couple of which have been touched on here (but not all), you are unlikely to break into my wireless network and download lots of nasty stuff without me noticing. (/me thinks of a couple of tweaks to investigate.....)

walt.smith1960
April 24th, 2011, 02:28 PM
wep is a joke and can be cracked in a min or two. wpa can be cracked but you need the dictionary database to run your packets across which you can buy off the net. You can also send them the packets and they will crack it for you at a price. GL :)

That is my understanding, that the password has to be in a dictionary database. So use a password generator or this: http://www.techyard.net/password-card-generate-strong-password-and-remember-them-easily/ I imagine any network can be cracked if enough resources are applied. Some are easier than others.

aktiwers
April 24th, 2011, 02:55 PM
http://g0tmi1k.blogspot.com/2010/09/scriptvideo-wiffy-v01.html

aguafina
April 24th, 2011, 02:58 PM
Never was keen on wireless that's why all my hardware is wired with the router having the default user/password.

dmn_clown
April 24th, 2011, 03:05 PM
Any wireless connection today is easily crackable. And that means I can drive up your house and access your network to download amounts of childporn, to your harddrive from your network.

You can try, but you'll have to be quicker than it takes me to grab my 12 gauge, load it, walk out the door, take out your car's engine with a well placed shot, and hold you at gun point until the police arrive.

In such circumstances WEP is entirely uncrackable.

BigCityCat
April 24th, 2011, 03:08 PM
http://g0tmi1k.blogspot.com/2010/09/scriptvideo-wiffy-v01.html

From your article.


WPA

You can ONLY crack WPA/WPA2 when:
The ESSID is known
The WiFi key is in the word-list
There is a connected client

Dustin2128
April 24th, 2011, 06:03 PM
WEP keys can be cracked. But even that can take hours. Not the same for WPA-2. It's much more secure.


Here's the other thing about home WiFi security. The real "attacker" you're trying to stop is your neighbor or something stealing your internet connection. Not some super hacker. You just need enough to make them not bother, 99.99% of the time. Even using a hidden ESSID can be enough for that, though simply using WPA-2 is probably the best idea.
This.
Of course, the point is moot for me and my wired network.
"Hey, are you splicing into my ethernet cable?!" "Uh... no."

Drenriza
April 24th, 2011, 06:22 PM
You can always limit the access to you're router by MAC address list.

Cheers :cool:

Im studying CCNA / CCNP and part of this is wireless security / network. And trust me the mac address filter is worth Nothing! its more annoying then anything else. What you do is (as the attacker) you flood the router with mac addresses, when the router get maxed in capacity of mac addresses, it resets the table (clearing the table) and then anyone can access the router again. Fantastic ,) and you cannot prevent the router from learning new mac addresses either.

Also another way to attack a router. Is to flood it with random mumbo jumbo. When it crashes it automatically reboots. Under the boot process you can attack it (before it gets it security up and running) and their by get access to it or the network.

Thewhistlingwind
April 24th, 2011, 06:29 PM
Any wireless connection today is easily crackable. And that means I can drive up your house and access your network to download amounts of childporn, to your harddrive from your network.

That is incredible intimidating

I know it's old news. but I think this is the announcements that needs to be given every once in then.

WPA2 is actually unbreakable, iirc. Also, say what now? Network access!=Computer access You can mess my router, and totally download GB of the stuff OVER my network, but not directly to my hard drive. That'd require like, open SSH or something. Unless I'm missing something vitally important. (Which I assume responders will instantly point out.)

Also, the post above mentioning the router DDOS, that's brilliant, truly.

Antarctica32
April 24th, 2011, 06:36 PM
mac address lists do nothing to stop an attacker, they can easily spoof a mac address.

agreed

uRock
April 24th, 2011, 06:38 PM
And that means I can drive up your house and access your network to download amounts of childporn, to your harddrive from your network.

No you can't. First you'd have to figure out my SSID, as broadcasting is turned off, then you'd have to find a mac address to one of my machines, as mac filtering is enabled. Then you'd have to figure out what IP address is assigned to the mac address, as IP reservations have been set and DHCP has been turned off. Then there is the password for my WPA2.

The physical problem. Me and my neighbors will see you sitting in your car, because my German Shepard barks at people until they drive away or go into a house. Wanna use my network while I am not home to see you in front of my house? Try it. I turn my router off when not in use.

You may be able to crack a "normal" user's network, but if I set it up, then it is not normal and you will have your work cut out for you.

uRock
April 24th, 2011, 06:43 PM
Im studying CCNA / CCNP and part of this is wireless security / network. And trust me the mac address filter is worth Nothing! its more annoying then anything else. What you do is (as the attacker) you flood the router with mac addresses, when the router get maxed in capacity of mac addresses, it resets the table (clearing the table) and then anyone can access the router again. Fantastic ,) and you cannot prevent the router from learning new mac addresses either.

Also another way to attack a router. Is to flood it with random mumbo jumbo. When it crashes it automatically reboots. Under the boot process you can attack it (before it gets it security up and running) and their by get access to it or the network.

You are talking about high end Cisco routers. The only way to reload most household routers is to kill the power, which will make it happily reload your startup config.

dmn_clown
April 24th, 2011, 10:30 PM
You are talking about high end Cisco routers. The only way to reload most household routers is to kill the power, which will make it happily reload your startup config.

There are other ways of taking advantage of home routers, remember unlike desktop operating systems, most routers don't update automatically.

uRock
April 24th, 2011, 10:41 PM
There are other ways of taking advantage of home routers, remember unlike desktop operating systems, most routers don't update automatically.

Which makes them more secure. There isn't much code to patch in the IOS as there is on a PC. You can't connect to my router to make changes without connecting via RJ45(all wireless administration has been disabled). IPTables will not allow a connection from the ISP side unless, so there isn't much that can be done. for the it originated from my network. I have my router locked down and change my passwords and such regularly as well as checking the router's logs often to make sure everything is kosher.

sdowney717
April 25th, 2011, 12:04 AM
here is what can happen to you if your wifi is not secure.

http://www.huffingtonpost.com/2011/04/24/unsecured-wifi-child-pornography-innocent_n_852996.html


BUFFALO, N.Y. -- Lying on his family room floor with assault weapons trained on him, shouts of "pedophile!" and "pornographer!" stinging like his fresh cuts and bruises, the Buffalo homeowner didn't need long to figure out the reason for the early morning wake-up call from a swarm of federal agents.

That new wireless router. He'd gotten fed up trying to set a password. Someone must have used his Internet connection, he thought.

"We know who you are! You downloaded thousands of images at 11:30 last night," the man's lawyer, Barry Covert, recounted the agents saying. They referred to a screen name, "Doldrum."

Fedz
April 25th, 2011, 12:29 AM
Nearly everyone I know with wifi setup I've had to secure it for them as they use none at all or WEP at best - I'm astounded people do it but, it's fruitless task informing some people cos they just don't bother & that's evident from the masses of unsecured networks I pass every day!

Wifi manufactures should really factory set routers with WPA-2 & a decent password as default with the key on disk & users have to manually turn it off & or something similar :)

@sdowney717 - Good learning lesson for peeps :)

dmn_clown
April 25th, 2011, 12:55 AM
Which makes them more secure.

Ok, so you are saying that not having an update mechanism for firmware is more secure. Alrighty then, welcome to the twilight zone.


There isn't much code to patch in the IOS as there is on a PC. You can't connect to my router to make changes without connecting via RJ45(all wireless administration has been disabled). IPTables will not allow a connection from the ISP side unless, so there isn't much that can be done. for the it originated from my network. I have my router locked down and change my passwords and such regularly as well as checking the router's logs often to make sure everything is kosher.

Which is all well and good until there is a remotely executable flaw within your routers software: http://www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/

That particular vulnerability penetrates your "impenetrable" router security.

uRock
April 25th, 2011, 06:19 AM
Ok, so you are saying that not having an update mechanism for firmware is more secure. Alrighty then, welcome to the twilight zone.



Which is all well and good until there is a remotely executable flaw within your routers software: http://www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/

That particular vulnerability penetrates your "impenetrable" router security.

What is the deal with upgrade mechanisms? There isn't enough code there to need regular patching. If there was, then Cisco would offer frequent firmware updates.

Reread your link. DD-WRT is an after market IOS. I have not installed that after market IOS.
The remote root vulnerability affects the most recent version of DD-WRT, a piece of firmware many router users install to give their device capabilities not available by default.