Home
Monday, April 24, 2017
11:28:39 AM
Users online: 0   You are here >> Home > Networking

Forums | Networking Forums search
Forum FAQ
   
  1 | 2 Next Page 
wirelsss with no encryption: safe?
justo316 
14/8/08 12:14:21 PM
Champion

if I setup my wireless network with no encryption but turn SSID broadcasting OFF, is there any way for someone to hack me? I've changed my SSID to something other than any of the usual default names.

Just wondering because the new Netgear DG834N router I bought doesn't do WEP and WPA doesn't seem to work with any of my Vista computers :(

-----
Core 2 Quad Q6600, ASUS P5B-E Plus, Noctua NH-U12F cooler, 2GB Corsair TWIN2X DDR2, Corsair HX620W PSU, 3TB HD Space, Inno3D 8800GTS 640MB OC, X-Fi Fatality Champ Ed., Pioneer 111D, Antec P180B case.

bastard 
14/8/08 12:39:43 PM
Titan

If a signal can be found then someone can get in.

-----
You just keep on trying till you run out of cake.

justo316 
14/8/08 12:44:41 PM
Champion

how do you go about finding the signal if I dont broadcast the SSID? If I do a scan with a wireless laptop, it comes up with various neighbours wireless signals but not mine.

-----
Core 2 Quad Q6600, ASUS P5B-E Plus, Noctua NH-U12F cooler, 2GB Corsair TWIN2X DDR2, Corsair HX620W PSU, 3TB HD Space, Inno3D 8800GTS 640MB OC, X-Fi Fatality Champ Ed., Pioneer 111D, Antec P180B case.

Jeruselem 
14/8/08 1:17:31 PM
Guru

Hiding your SSID isn't exactly a guarantee either. People can get around that too.

-----
PC 1: XP Home SP2, Opty 165@1.8Ghz, GEIL 1GB PC3200, 320GB SATA Cuda ES,XFX 9600GSO 580/700x2/1450, Seasonic S12+ 550W
PC 2: XP Home SP3, XP 3000+@2.24 Ghz, 1GB PC3200, 80GB IDE,ASUS nVidia 6800 512MB, Antec PlanetWatts 380W

justo316 
14/8/08 1:28:36 PM
Champion

yeah im just wondering how you would actually go about hacking my network. If it's a bit of a chore I can't really see someone bothering around here.

It's a real pain in the arse that WPA isn't working for me otherwise I'd have it on for sure.

-----
Core 2 Quad Q6600, ASUS P5B-E Plus, Noctua NH-U12F cooler, 2GB Corsair TWIN2X DDR2, Corsair HX620W PSU, 3TB HD Space, Inno3D 8800GTS 640MB OC, X-Fi Fatality Champ Ed., Pioneer 111D, Antec P180B case.

Master_Scythe 
14/8/08 2:47:25 PM
Titan

Allow me:

Its called passive sniffing.

there is still qireless signals in the air from your PC to the wireless point. So someone can sit outside and get your routers SSID via that.

If its unencrypted, they can grab every packet and read i plain as day. However lets look at this logically.

----------------------------------------------------------------

You say you can see neighbours? This is a good thing. As a hobby wardriver, Im not gonna sit outside your house passive sniffing HOPING you have a point i cant see yet. No, im gonna go for a visible one. (this sounds harsh, all i do is connect and move on, I just enjoy messing with wireless, Im no cracker.)

Things you can do to make it 'not worth our time':

Mac address filtering.
Most routers allow this, yes its easy to spoof a mac address but why bother when your neighbours are sitting there going HI IM AN ACCESS POINT!

SSID off
Which you've done, as Ive been saying, if i cant see you but i can see others from your house, I dont care.

Limited IP address pool
If you have 5PC's, only allow 5 IP's, also make sure they're not commonly used. No 10.*.*.* or 192.168.*.*

--------------------------------------------------------------------

Now onto your VIsta machines. They do work with WPA, but its an ass. What widows has done is made it MORE configurable. Make sure you're specific about what you're setting up.

Most reliable for vista ive found is WPA=PSK TKIP.

make sure the setings match EXACTLY on the vista PC's ('add a network' dont let it auto scan) and it should work.

otherwise, just make your accesspoint a pain, and it'll be fine. Keeping in mind the packets you send ARE still unecrypted, meaning HI data you send. (credit cards, passwords etc).

I have an open network, but im on acerage.
To be honest, id risk it being open with the other tips i left above.

-----
4200+X2 939, ASUS A8N-SLI-D, Ati HD3850, 1gb,1tb total HDD, 109 DVD, LG DVD-rom.
Quote by Girvo
I've got a wicked tiny one that is ridiculously sensitive.



justo316 
14/8/08 6:02:19 PM
Champion

Well look at that....I had another look inside vista's network configs (why does it seem all the network stuff is all over the place).

Instead of going to View Wireless Networks and trying to connect automatically then entering my passcode when it asks, I went to Manage Wireless Networks and manually added it in and hey hey it works :P

Cheers Master Scythe!

-----
Core 2 Quad Q6600, ASUS P5B-E Plus, Noctua NH-U12F cooler, 2GB Corsair TWIN2X DDR2, Corsair HX620W PSU, 3TB HD Space, Inno3D 8800GTS 640MB OC, X-Fi Fatality Champ Ed., Pioneer 111D, Antec P180B case.

_sentinel 
14/8/08 9:07:57 PM
Champion

Try a firmware upgrade as well, my Billion didn't like Vista till I updated the firmware. Also do everything Scythe said.

-----
C2D 6400 | GA-965P-DS4 | 4GB Team Xtreme | Gainward 8800GT GS 512MB | Razer AC-1 | Logitech G15 & G9 | Antec 182SE | Corsair HX620w | Thermalright Ultra120 eXtreme | Nexus Fans
Easy chewy, those buttons are your friends

Placenta Boy 
15/8/08 1:15:13 PM
Master

arggghhh. That's just crazy. You have to sort out your WPA issue, you can't just hide your SSID. That is silly. That does next to fuck all. It only stops legit people from seeing your SSID. Any non legit person is going to see it clearly, and access it. And they can do more harm than just racking up your internet bill. Better safe than sorry. It's the equivalent of leaving your car unlocked but parking it AT THE BACK of your house. Chances are no one will see it on the street but anyone looking to steal it will find it, and once they have it, they can do more than just waste your petrol.

Try download the drivers/software package for the NIC you are using to connect. Don't use window networking for wireless. It's always shit. For example, i have Windows Wireless Configuration turned off and use my my Intel Pro WIreless software to manage my wireless connections.

-----

Master_Scythe 
16/8/08 3:59:04 PM
Titan

Quote by justo316
I went to Manage Wireless Networks and manually added it in and hey hey it works :P

Cheers Master Scythe!



He id people, all is good :D lol

though I agree encryption is always smart. Even if its only WEP and a hidden access point. as ong as you're tougher than your enighbours, you're not the target.

-----
4200+X2 939, ASUS A8N-SLI-D, Ati HD3850, 1gb,1tb total HDD, 109 DVD, LG DVD-rom.
Quote by Girvo
I've got a wicked tiny one that is ridiculously sensitive.



bnew 
18/8/08 2:08:06 PM
Guru

Sounds like you need to have a read of this:

http://blogs.zdnet.com/Ou/index.php?p=43

-----
Hardware: the parts of a computer that can be kicked. ~Jeff Pesis

Meeko 
18/8/08 10:32:37 PM
Titan

Wow, lots of neat information in here. This will help me too. Cheers. :-)

-----

Linux_Inside V2 
19/8/08 10:47:03 PM
Immortal

Quote by Master_Scythe
Mac address filtering.
Most routers allow this, yes its easy to spoof a mac address but why bother when your neighbours are sitting there going HI IM AN ACCESS POINT!

SSID off
Which you've done, as Ive been saying, if i cant see you but i can see others from your house, I dont care.



If you were a Wardriver you'd be using something like Kismet, in which case you'd see his and his neighbors plain as day, with a list of mac addresses and IP addresses to steal.

There's no such thing as security through obscurity when it comes to WiFi - the only thing you should be worrying about is a strong WPA Key that can't be dictionary guessed.

-----

bnew 
20/8/08 9:26:35 AM
Guru

Quote by Linux_Inside V2
Quote by Master_Scythe
Mac address filtering.
Most routers allow this, yes its easy to spoof a mac address but why bother when your neighbours are sitting there going HI IM AN ACCESS POINT!

SSID off
Which you've done, as Ive been saying, if i cant see you but i can see others from your house, I dont care.



If you were a Wardriver you'd be using something like Kismet, in which case you'd see his and his neighbors plain as day, with a list of mac addresses and IP addresses to steal.

There's no such thing as security through obscurity when it comes to WiFi - the only thing you should be worrying about is a strong WPA Key that can't be dictionary guessed.



Agreed. As per the article I linked things like MAC filtering and SSID hiding are useless as security features.

-----
Hardware: the parts of a computer that can be kicked. ~Jeff Pesis

Linux_Inside V2 
20/8/08 5:22:16 PM
Immortal

Quote by bnew
Agreed. As per the article I linked things like MAC filtering and SSID hiding are useless as security features.



I know :)

There's a reason I use EAP-TLS at home :P

-----

CptnChrysler 
22/8/08 1:22:46 PM
Master

Nothing less than WPA is safe, Period!

128bit WEP can be cracked in under 5 minutes evan with no clients connected to your access point to generate traffic to sniff.

There's a podcast discussing the technique on hacker public radio
http://www.hackerpublicradio.org/eps/hpr0161.mp3 if you're interested.

It's very simple.

Use WPA with strong passwords people.

Nothing else will keep people out.

-----
Everyone is entitled to my opinion - I've got the T-Shirt to prove it!

Meeko 
22/8/08 6:38:24 PM
Titan

I have a question related to the topic.

I have my wireless network set up with SSID broadcasting off and only to allow the MAC address of my computers to connect.

What happens if I get a new computer and want to add it to the network? After adding the new MAC address to the filter, do I have to turn off SSID broadcasting when it connects the first time or is there a way to get it to spot the network?

-----

segger 
22/8/08 7:15:39 PM
Guru

You manually configure the SSID in the PC's wireless config tool.

-----
Random spam line #7:
Give her womb a good massage with your newly augmented pole

SquallStrife 
23/8/08 1:41:58 AM
Titan

"If you have 5PC's, only allow 5 IP's, also make sure they're not commonly used. No 10.*.*.* or 192.168.*.*"

I have to disagree here.

Straying from the assigned LAN subnets is asking for weird problems further down the track.

Technically speaking your LAN IPs MUST be in one of the following ranges:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
169.254.0.0 - 169.254.255.255 (IP Auto-configuration)

Any IP outside of these ranges is a valid Internet IP, and using it can cause weird problems later on.

http://www.iana.org/abuse/faq.html

Although the first part of your suggestion is perfectly valid, and not too difficult to set up...

IP range: 192.168.222.[209 - 214]
Subnet mask: 255.255.255.248

-----
Q6600 @ 3.6GHz | 8800GTS | XP x64 | Vista HP x64 | OSX 10.5.4

Quote by TinBane
The ONLY fuel saving benefit of this product, is that the car expends less energy to accelerate, because your wallet is lighter.

Master_Scythe 
23/8/08 8:20:08 PM
Titan

Quote by SquallStrife
"If you have 5PC's, only allow 5 IP's, also make sure they're not commonly used. No 10.*.*.* or 192.168.*.*"

Straying from the assigned LAN subnets is asking for weird problems further down the track.

Technically speaking your LAN IPs MUST be in one of the following ranges:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
169.254.0.0 - 169.254.255.255 (IP Auto-configuration)

Any IP outside of these ranges is a valid Internet IP, and using it can cause weird problems later on.

http://www.iana.org/abuse/faq.html

Although the first part of your suggestion is perfectly valid, and not too difficult to set up...

IP range: 192.168.222.[209 - 214]
Subnet mask: 255.255.255.248



I must disagree there. Not with the details, you're correct, but with it causing possible problems

By default, the Motorolla Surfboard optus Cable Modem has its DHCP enabled with a subnet mask of 255.255.240.0

which is out of the 'lan ip specs' you mention.

clearly if every optus user is working outside of it, im sure its OK.

Also, ive worked on uncommon subnets for a long time with no issues.

If there is a risk, I do some pretty wacky and far out internet based stuff. using multiple protocols others usually wont etc. and ive never hit an issue.



EDIT: I re read your post, and sorry, you're right. However I do work outside the predefined ip ranges, and i havent had issues. lucky maybe?



Edited by Master_Scythe: 23/8/2008 08:24:26 PM

-----
4200+X2 939, ASUS A8N-SLI-D, Ati HD3850, 1gb,1tb total HDD, 109 DVD, LG DVD-rom.
Quote by Girvo
I've got a wicked tiny one that is ridiculously sensitive.



  1 | 2  | Next Page 
Forums | Networking