Posted on 10/18/2004 4:38:28 PM PDT by gitmo
snip
Fictional scenario
At this year's Black Hat Briefing in Las Vegas, the annual Hacker court involved a scenario where a houseboat sailing up and down the Potomac River was able to use various unsecured wireless networks to access troop deployment plans from the Naval Academy at Annapolis. Presented in the form of a mock court case--including a real live federal court judge--the prosecution laid out how it identified various Web addresses used to launch the intrusion on the Naval Academy. However, when federal agents arrived at the homes matching the Internet addresses, they found the computer hard drives to be lacking any evidence of the crime. All of the homes, however, had 802.11 networks that were not secure, and all bordered the Potomac. Through some silly testimony that I won't explain here, prosecutors ultimately revealed that a houseboat sailing on the river had the ability to receive wireless signals from shore; the occupants of the boat had used the onshore wireless networks to commit their crimes. The prosecution provided forensic evidence of the houseboat's laptop, which contained the incriminating data.
Think that scenario is pretty far-fetched? Not so. snip
(Excerpt) Read more at reviews-zdnet.com.com ...
"Can a MAC address be spoofed?"
Yes. Most Wireless Routers do this. The cable or dsl company only wants one computer per link. The router spoofs the MAC address of your compute so that all packets look like they come from one MAC address.
You have to know the MAC address to begin with to spoof it.
So what are you going to set it to?
With 6 Hex digits, you have a lot of combinations to try
before you hit on one that I have in my allowed Mac list.
Like I say, this is neither easy, quick, or simple. You have to guess a mac that is alredy in my list, but not currently in use.
"I'll take my chances. Can't beat sitting on the couch, watching Fox, and FReeping on a laptop..."
You lookin' in my window? Freepin on a laptop watchin' O'Reilly while I write this post.
Upon reading your post it looked (to me) as though you were speaking in generalities.
You have now pointed to the specifics. I stand corrected.
(However, I still stand by the original intent of my post. That being that laws and regulations have never stopped the dedicated criminal mind.)
cloned.
I'm running linux on my cb, breaker breaker.
Damn. You're really getting too modern for me.
(I'm still using CP/M on mine.)
I've yet to see someone physically access a hardwired network without making a hardwired connection.
No matter what's done with wireless some hacker will find a way to break through. Why do you think fiber's so popular on secure communications?
Not if you use NetBeui on your LAN.
:O)
P
It really matters very little whether you're using a wired or wireless network. Most networks have some vulnerability and there is someone out there who knows how to get in. Even on systems I've worked on that I thought were very secure and not prone to exploitation, hackers have gotten into.
It is not a problem inherent to wireless technology. It's a problem inherent to software design flaws and the endless and creative ways people find to exploit vulnerabilities.
All it would take is to bring along another AP. It would link up with yours, giving any computer free access through this rogue AP. And, as a bonus, it would provide all your MAC addys and the SSID of your network in its routing table.
Oh, and it could care less if you are running WEP or WPA. APs don't authenticate each other.
If you truly want to secure your APs you must use RADIUS.
I'm not disputing the superiority of the more "industrial strength" solutions such as RADIUS which you suggest, though.
Not vulnerable to network outages, impervious to electronic interference, and capable of moving along well-established travel routes.
What's your take on this No-Hardware (Web-Based) Radius Server for a small home-based wireless network?
The price seems reasonable, at least.
Security is a combination of measures.
My "access point" is actually a WiFi card in my Linux firewall box. The firewall rules deny access to any MACs which aren't in the approved list, even if the key is right. The firewall also logs all intrusion attempts.
A couple of years ago I logged many attempts to get into my network, and I presumed it was a neighbor up the block or somebody cruising hotspots in a car. They finally gave up after a few months. I subsequently toured the neighborhood myself, using NetStumbler, and found three wide-open APs. I guess the intruders just moved on to easier targets...
I can go one further ... instead of the internet ... how about a system of strings and tin cans
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.