| Pages:
1
2
3
4 |
gnukid
Ultra Nomad
Posts: 4411
Registered: 7-2-2006
Member Is Offline
|
|
| Quote: | Originally posted by Russ
| Quote: | Originally posted by MrBillM
We're talking about the same thing.
MediaAccessControl
12-Digit Hexadecimal ID for Wireless Devices.
Reading up just now on the MAC spoofing, it is relatively simple, however, it appears that to spoof onto a restricted network, you'd need to know one
of the allowed MACs. Not something that those cruisers would have access to.
[Edited on 4-8-2011 by MrBillM] |
When the jacked me they went into my wireless and disabled the security so MAC was not an issue for them. |
Routers come shipped with a default ip address and often a default admin password. This is well known to even a kindergartener.
Most Netgear devices default to
http://192.168.1.1
user = admin
password = password
Using the defaults, anyone can disable the mac restrictions or add their own or spoof one of the listed mac addresses. There are other methods as
well.
For those who use secure networks, you are sending your user id and password when you logon, these packets are being sent in the public realm. How is
this private if you shout your id and password to the world is that private property?
Knowing this publicly available information about something that is public, occurring outside of the walls of your home, and using this information,
while not depriving you of your property (not bandwidth) is not a crime in any jurisdiction.
This is the same policy that every company in the world runs by today, when you decide to participate in the cyber world (especially) using default
settings you are not private nor do you own the data as your own. Just the opposite you are public, like garbage outside your house, it's free for the
taking.
If any of you are concerned and would like to reduce exposure to your data or bandwidth, you need to become more involved in securing your network (or
do not use one), you need to pay attention and do your research and implement a plan that protects you.
gatito is in no position to complain to anyone but himself. No crime was committed. gatito is responsible or not for himself.
Furthermore, he has not lost or been deprived of use of any of his personal property. The bandwidth is not his personal property.
Keep in mind that nearly every company you interact with, by your consent, is actually taking your personal data, and selling it to third parties,
today this is occurring in real time in order to sell ads to be delivered to you in real time based on your data, even the data you type in to a web
based (gmail/facebook email) before you click send. You can see ads change around your screen based on what you type-your data is being sold in a real
time marketplace, apparently many of you like this system and you pay to participate in it.
[Edited on 4-9-2011 by gnukid]
|
|
|
MitchMan
Super Nomad
Posts: 1856
Registered: 3-9-2009
Member Is Offline
|
|
gnukid,
Many thanks for the info.
If you change the default user name and password for the router, then set up MAC restriction, you should be pretty secure, right? I mean, that way
someone trying to get into your router would not be able to get in by their using the defaults. Since they can't get in, then they cannot disable the
MAC restriction, right? I guess they would have to 'crack' your custom user name and password. I have heard that it is possible to do such
'cracking', though, I don't know how that is done or how anyone can protect against that.
You mentioned that when you, as a client, logon to the wireless network via your wirreless client PC, that such logon packets become publicly
accessible as they are put out into the public air. Are those packets subject to being intercepted and opened up in order to see said client PC user
name and password? Is this done with 'sniffing' software? If so, I am not seeing any fool proof way of securing anything, anywhere.
Man, I might stop using the internet for banking, or purchasing, or anything else that has to do with identity theft potential.
[Edited on 4-9-2011 by MitchMan]
|
|
|
MitchMan
Super Nomad
Posts: 1856
Registered: 3-9-2009
Member Is Offline
|
|
Also, I guess what you are saying, gnukid, is that a person who knows the router's user name and password can get into the router even though that
invading user is not on the MAC list in a router using MAC restriction. right?
This is getting scary.
[Edited on 4-9-2011 by MitchMan]
|
|
|
bent-rim
Nomad
Posts: 294
Registered: 7-31-2007
Location: Marin County
Member Is Offline
Mood: Living la vida mota
|
|
Baja sure is changing. When I got home from from my first dirt bike trip there about 15 years ago, my wife read me the riot act for not calling her
enough while I was down there. I told her there are hardly any phones down there and that I called her when I could. I think a 3 minute call from a
phone booth in San Felipe set me back about $75.00 when the bill came. She didn't believe me until some co-workers came back from a trip to Baja and
told her they couldn't find any phones. I like being unconnected when I'm there, but I only visit. It is slimey to tap into someone else's gear, if
you can't afford it, don't do it.
|
|
|
rob
Senior Nomad
Posts: 509
Registered: 10-19-2004
Location: Pacific Coast, BCS
Member Is Offline
|
|
Bancomer has an interesting system to counteract that "public" logon vulnerability that Mitchman mentioned.
As part of the online banking package we were given a device that produces (I say "produces" rather than "generates" because have no idea whether the
numbers are stored or generated) a number which you have to enter AFTER logging in.
I presume this number is then either matched or vetted by the server before you are allowed to continue.
|
|
|
wessongroup
Platinum Nomad
Posts: 21152
Registered: 8-9-2009
Location: Mission Viejo
Member Is Offline
Mood: Suicide Hot line ... please hold
|
|
Talk about security lapses .... how about that 15 minutes that China "took" from the entire internet here a few months back... think it was just about
three months later, we found out that China had produced the world "fastest supercomputer"...
Now what do you think happened within 15 minutes, with the worlds fastest supercomputer... accessing all data... available..
Seems the CIA and NSA and a few others thought it might be something of concern.... but, hey.... it's "Global" ... is that something like "Organic"...
|
|
|
Russ
Elite Nomad
Posts: 6742
Registered: 7-4-2004
Location: Punta Chivato
Member Is Offline
|
|
| Quote: | Originally posted by MitchMan
Russ,
How in the heck does anyone get into your router if you use MAC restriction? |
The router has it's own password and after you get access to it you can enable or disable the security. Once into the router security you add the
individual MAC ID's for each computer you want to have access through your wireless system. That's how mine works anyway. I can change the router
password and do every so often if there is a problem.
Bahia Concepcion where life starts...given a chance!
|
|
|
gnukid
Ultra Nomad
Posts: 4411
Registered: 7-2-2006
Member Is Offline
|
|
| Quote: | Originally posted by MitchMan
gnukid,
Many thanks for the info.
If you change the default user name and password for the router, then set up MAC restriction, you should be pretty secure, right? I mean, that way
someone trying to get into your router would not be able to get in by their using the defaults. Since they can't get in, then they cannot disable the
MAC restriction, right? I guess they would have to 'crack' your custom user name and password. I have heard that it is possible to do such
'cracking', though, I don't know how that is done or how anyone can protect against that.
You mentioned that when you, as a client, logon to the wireless network via your wirrless client PC, that such logon packets become publicly
accessible as they are put out into the public air. Are those packets subject to being intercepted and opened up in order to see said client PC user
name and password? Is this done with 'sniffing' software? If so, I am not seeing any fool proof way of securing anything, anywhere.
Man, I might stop using the internet for banking, or purchasing, or anything else that has to do with identity theft potential.
[Edited on 4-9-2011 by MitchMan] |
I am not an expert, so take this as general info. Many people including well known companies, they use tools like kismac and macspoof which are free
tools for wireless stumbling, they log the packets of open or closed networks, a common technique could be to force a logoff or turnoff the power,
that requires a logon, the packets are logged over time, then those packets may be injected to the secure router, regardless if you can read them or
not, you are sending the logon info and you would be logged on.
Passwords are encrypted, meaning they appear as a bunch of characters, but it is still the password, you can copy and use that.
When you setup your router, you should change the default ip address, change the default admin password to something that is long and has mixed
characters and case. Write it down but do not store it on the computer, write all your passwords on a sticky and paste it to the monitor-hahaha.
Another consideration is to use specific ip addresses for your machines, and disable dhcp or dynamic ip allocation, this may or may not accomplishe
two things, specific ip addresses for your machines makes your connections slightly more reliable, lower overhead better streaming of audio/video, and
you can setup firewalls for each ip address to allow only the data you want to pass. Disallowing dhcp means no one else can get an ip address
dynamically from your network.
You can also use mac address restriction, but it may be possible to determine the mac address of the machines and spoof them.
By the way our favorite company, Google has been demonstrated to be using patented techniques to take data packets to use and resell the them. http://www.wired.com/threatlevel/2010/06/google-wifi-sniffin... Companies also uses the microphone and the video camera on your pc to record sound
and video images of you periodically, they use speech recognition to know if you have a dog, or kids, what are talking about, what ads should they
send. These ads are sold in a real time auction marketplace, within milliseconds, to send an ad to you. This is what you want isn't it?
Again, I am not an expert, my mom is our system administrator.
|
|
|
jenny.navarrette
Banned
Posts: 275
Registered: 3-3-2011
Member Is Offline
|
|
Aren't you people being a little too cerebal about all this? Every wireless internet router is also a wired router. They usually have four ethernet
connections in the back. If you are so worried about security, you can turn off the wireless part of the router -- e.g. stop it from broadacasting RF
signals -- and then just use the wired connection. That is 100% secure.
End of problem.
|
|
|
gnukid
Ultra Nomad
Posts: 4411
Registered: 7-2-2006
Member Is Offline
|
|
| Quote: | Originally posted by MitchMan
Also, I guess what you are saying, gnukid, is that a person who knows the router's user name and password can get into the router even though that
invading user is not on the MAC list in a router using MAC restriction. right?
This is getting scary.
[Edited on 4-9-2011 by MitchMan] |
Yes that is correct, to be clear about myself, I am not a hacker, I was, when I was about 3-6 years old, then I got busted for starting a machine in a
factory.
Later I starred in made for tv shows, like Unsolved Mysteries about kids who hack about people like Kevin Mitnick.
Once I was accused of hacking the DOD, I was actually working for the DOD and someone else accidentally had the same ip address on the network and was
also working for the DOD. Two machines with the same ip but different address caused a flag and I was placed under hold. You can see that faking
someone's identity is quite easy and is not a good way to identify someone, you probably share logons and computers too? Of course someone will fake
someone's identity in cyber-crime, the chances of the person committing fraud on the internet actually being the person they identify themselves to be
is about zero percent. So whenever you hear, the intruder was identified by their ip address as..., you know the accused is not the intruder-any such
report is worth nothing as evidence.
By the way, there are many other tools and techniques, almost every OS has multiple backdoors from the start plus viral backdoors arrive later,
meaning there are access points to every machine regardless of what we've discussed so far. Also, there are other standards of networks, some run over
basic electrical cables. There are many companies who specialize in these backdoor tools, the names of these companies are well known to you.
Backdoors are also referred to as interoperability, these may trigger messages or actions when certain actions occur on your computer or across
multiple networks. For example, your bank or other secure network may send you a note if repeated failed logins occur (or the opposite) or send a note
to the IRS if a deposit over $10,000 occurs, unless your account has the tax id of a corporate board member who are exempt from reporting?
Backdoors may be used for risk management. Backdoor tools are communicating between networks all the time, checking to see if problems are occurring,
then steps are taken, windows update is an example.
A backdoor is most often hidden, but there are examples of backdoors that are not hidden, like a modem running on a machine inside a network, that is
called a tunnel. Someone sitting in an arroyo in Baja could tap into gatito's network and then use another machine to call via dial-up modem to modem
into let's say, NASA. That arroyo camper would now be on the internal NASA network. They could be browsing the network for extra terrestial flight engineer emails, it's hard to say this is illegal. Nothing was harmed, no one was deprived of their property, nothing was
taken and resold. No network was hacked. Many examples of this occur and there are few laws in place to extradite someone in a foreign country from
browsing a network in another country where no harm nor breaking and entering occurred.
Another example, is let's say algorithm trading machines start to slide fast up or down, or say detect insider trading, then actions could be taken.
This backdoor code is simply a set of instructions based on a set of circumstances (scenario) on your computer to trigger steps based on actions that
occur and are detected.
Risk management details scenarios, the scenarios may be treated as realworld or an exercise, the triggered result may be set to hide the exercise or take action.
A lesser known but significant interoperability (backdoor) company was at one time called Ptech also MITRE and PROMIS, they apparently have been sucked into the DOD.
You see, using these tools, it's very easy to see a trend, predict a trend with accuracy, or fake a trend, etc...
You see how this works? Who is hacking who?
[Edited on 4-9-2011 by gnukid]
|
|
|
wessongroup
Platinum Nomad
Posts: 21152
Registered: 8-9-2009
Location: Mission Viejo
Member Is Offline
Mood: Suicide Hot line ... please hold
|
|
Not sure there exists a totally secure computer and/or network....
However, the recommendations given are about the best one can use... have a very restrictive network, using the MAC address... and making login and
passwords as difficult as possible... new someone that used the square root of ramondomly generated numbers... and changed it daily...
Not sure one can opt-out at this stage of the game... as the Banks must use computers to handle the required data, which are then linked to the Fed's,
along with just about everyone else...
Must say, they have been able to do a pretty good job.. had someone trying to buy a Python up in Garden Grove with one of my cards.... (it was the
snake not the pistol)...
Called to ask, if I was buying a snake... 
It sure in hell ain't perfect... but, what else do we have in the way of a choice ??
|
|
|
MitchMan
Super Nomad
Posts: 1856
Registered: 3-9-2009
Member Is Offline
|
|
Thanks Russ and gnukid, this is golden stuff.
Many thanks for the great advice, gnukid, to change the default IP address, password and user name to the router and to disable DHCP using assigned
client IPs together with MAC restriction. If I learn nothing else about anything else for the rest of the week, this has been the best week of the
year.
Muchas gracias por todo! Nomads rock.
|
|
|
wiltonh
Nomad
Posts: 306
Registered: 2-2-2007
Member Is Offline
|
|
Mac Address Filter is my security choice but it has its down sides also. All data that passes between the wireless router and the computer is sent
without any encryption. What this means is all data can be easily sniffed using many different software packages.
WEP does encryption but it can be broken easily. If your wireless router supports WAP then use it as it is harder to break. All systems connected to
the network must support WAP to make this work.
If I am in a area where other people are using the same wireless network, I do no banking. If someone sees my email than so what. If some one gets
my bank user name and password, bad things could happen. I connect my computer by a cable to do the banking.
When in Baja, I use a service called Mint. I set this up using a cable while in the states. I give Mint read access to all my banks and financial
institutions. If I need to check a balance or some other financial site, I log into Mint. If someone got my user name and password they could see
all my accounts but they could not change any of them.
Mint never requests write access to any of my accounts. Some trust is needed so do some research on Mint and you will see that they have covered
their bases well.
They also have provided me with some very much needed information. Someone in Baja gave me a video file and when I tried to play it, my computer did
not have the correct Codec. I did a search on the internet and found one for a dollar. I downloaded it and never gave it a second thought. About a
month later Mint sent me an email. It said that an unauthorized transaction had happened in my Visa account. My first thought was that someone had
gotten my user name and password. After some research, I found that the company that I had purchased the Codec from was charging me $14.99 per month
for the rest of my life. Mint notified me and I contacted the company and cancelled all future charges. In this case, Firefox knew about the scam
and would not allow me to go to the companies web site. I ended up getting the contact information from my Visa bill and got it cancelled.
WiFi security is never as good as a cable. The new area of attack will be smart phones. The amount of banking that is being done on them is going up
very fast and I would hope that the security is better or we are in for trouble.
|
|
|
gnukid
Ultra Nomad
Posts: 4411
Registered: 7-2-2006
Member Is Offline
|
|
| Quote: | Originally posted by MitchMan
Thanks Russ and gnukid, this is golden stuff.
Many thanks for the great advice, gnukid, to change the default IP address, password and user name to the router and to disable DHCP using assigned
client IPs together with MAC restriction. If I learn nothing else about anything else for the rest of the week, this has been the best week of the
year.
Muchas gracias por todo! Nomads rock. |
Please do not take my suggestions as expert advice, it was just a novice suggestion. I could be wrong about everything. I used to use no networking to
avoid these issues and simply carry my data on flash drives with me, but recently I opened up and have open network devices. I also share my wifi.
|
|
|
MitchMan
Super Nomad
Posts: 1856
Registered: 3-9-2009
Member Is Offline
|
|
OK, gnukid, thanks for the headsup caveat.
The info is still good stuff as it better grounds me in my further research and confirmation efforts. Also, this is helping to integrate my
fragmented knowledge on the subject.
This thread has on point info that is helping to illuminate the issues of incryptions (wep vs wap vs wap-2), MAC restriction, wifi risks, eliminate
use of DHCP and assign specific IPs to client PCs, packet sniffing, 'back doors' into a network/PC and coded precipitation of an action plus modem
tunnels, using random number generator to change passwords, MAC restriction sends unencrypted easily sniffed data to and from the router, et al. I've
learned more significant useful stuff this morning than in the entire networking class I took.
Jenny-navarrette, you make a good point, but, the issue is security versus convenience of wireless internet access. The convenience is becoming
(always has been) a super strong consideration. With internet information and communication usefulness exploding, its integration into our lives
individually and in the aggregate is absolutely unavoidable. When I am in Baja, I take my laptop with me every time I go out the door (except when
going fishing).
People are using their phones and the very portable notebooks more and more. You can't really make a website without taking into consideration all
the non-desktop types of devices accessing the website if you want to make sure your website has competitive exposure and use. Even the sale of point
and shoot digital cameras has dropped over the last three years as more and more people are opting to use their cell phones more than those little
cameras.
More and more people are working from home because of the PC; and extension of that is being able to take the laptop and leave the house. Most free
internet sources on the street don't usually have hard wire connection availability.
Nope, it is the wave of the future and the future is now.
|
|
|
| Pages:
1
2
3
4 |
|
![[*]](images/xmbforum/default_icon.gif){kind=icon}
