Main > Everything Else

Wi-Fi penetration made pant-soilingly easy

<< < (3/6) > >>

patrickl:

--- Quote from: ChadTower on February 09, 2007, 09:01:18 am ---
The bigger issue most of the public seems to be missing is that these devices can make direct peer connections.  You don't need to worry about only your WAP, you need to worry about every wireless device individually too.  Can't tell you how many places I've been that has the WAPs reasonably secured but then has dozens of unsecured devices talking to it.

--- End quote ---
That does sound plausible, but you make it sound much worse than it is.

Either the WLAN is setup securely and unsecured clients cannot connect or it is not setup securely and unsecure clients can connect. You cannot have it both ways.

It's also not like everything with a WiFi card can be connected too. You need to specifically set it up to allow incoming connections.

What I did see happen is that people in office thought it would be nice to have wireles access so they could roam the building and they simply connected an access point to their network cable since the pesky sysadmin wouldn't do it for them. Or that indeed people do set their notebook WLAN card to AdHoc mode (for instance to use it to share their network connection to their PDA). They can then not use that WLAN card to connect to the AP though. Besides if there is an AP available it's a lot easier to just use that than setting up an AdHoc connection.

So sure, you can have unsecure devices in your secured environment, but they won't be talking to your secure accesspoints.

Even a simple PDA will figure these people out right away too. When I go into a clients office and my PDA tries to set up a WiFi connection I see possible open entry points right away (nothing special btw, it just looks for a connection and alerts about new ones).

Actually the only thing that I can see new here is that they sell it as a ready hacking package. You can do the same thing with a notebook, some readily available software (for instance a special linux distro that will hack a WEP key in 2 minutes) and to invest some time to set it all up.

PDA's can do quite a lot of WLAN hacking already. Although so far the software for them has been a little less powerful. Mostly it's just impractical to use a PDA to hack a network.

Actually this Silica is very easily detected by a properly secured network. From what i get out of that article, it's an active port scanner. These things stick out like a sore thumb. A properly secured network will have software running to detect port scanners and actively block them and warn a sysadmin. A passive scanner takes longer to break in, but it's undetectable.

ChadTower:

--- Quote from: fredster on February 09, 2007, 04:55:22 pm ---Chad, is there a good tutorial on the net you would recommend for setting up a wireless network?

--- End quote ---

I'm the wrong person to ask.  I do not have a wireless network, I wired my house with cat6 so that I wouldn't have to have one.  I know networking itself but the wireless specific concepts, except where I can extrapolate from my general networking knowledge, are not nearly as strong.

Patrick, while you'r'e right about a lot of that, what it doesn't address is that most of the most common places to sit and scan for openings are free wifi spots.  Starbucks, restaurants, hell the local McDonald's has wifi now.  Who that works at McDonald's is going to manage security and explain it to your average McDonald's customer when they bring in their ancient laptop and can't get on the net?  The only logistic way to handle that without hiring an expensive admin/support person is to keep it wide open.  That makes it the perfect place for someone with bad intentions... guaranteed wide open access point and anyone there is probably also wide open.

That person sits in the parking lot, scans all those open devices, runs a couple exploits, installs malware on all of them.  Later those devices connect to more secure networks, perhaps (like at their job), and now the malware connects home via http (almost all employers have http going out in their proxies) and boom control inside a secured location.

I have always been of the impression that a wireless device can run with multiple predefined configs, allowing it to connect to a secured network (if it has the config) as well as any unsecured network (for which it would not need a config).  Is this incorrect?

Strokemouth:

--- Quote from: ChadTower on February 10, 2007, 09:57:17 am ---I have always been of the impression that a wireless device can run with multiple predefined configs, allowing it to connect to a secured network (if it has the config) as well as any unsecured network (for which it would not need a config).  Is this incorrect?

--- End quote ---

No, that's right.

And I'd like to play with that Silica. I've looked at CANVAS before, but I seem to remember it being very expensive for what seemed to be a collection of exploits with a decent ARP poisoner. That was a while ago, though.

ChadTower:

A constantly updated collection of exploits.  The service is where the cost lies.

patrickl:

--- Quote from: Strokemouth on February 10, 2007, 01:00:37 pm ---
--- Quote from: ChadTower on February 10, 2007, 09:57:17 am ---I have always been of the impression that a wireless device can run with multiple predefined configs, allowing it to connect to a secured network (if it has the config) as well as any unsecured network (for which it would not need a config).  Is this incorrect?

--- End quote ---

No, that's right.

--- End quote ---
Well only in part. If you set up a notebook be used in an AdHoc peer to peer connection it will not be using that WLAN card to connect to another Access Point.

It still does not connect in an insecure way to your protected access point. Of course it gives you a wide open leak, but my point was that someone made that leak.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version