Jump to content
The mkiv Supra Owners Club

Bandwidth theft

JohnA

By JohnA
in Off Topic

 Share

Recommended Posts

Lewis Newbie

Lewis

Posted
Posted

yes, but so what? having two mac addresses doesn't healp if it's spoofed to enter the network. We want the actual mac address to be able to ban it (hence the honeypot), you can gain far more information by allowing someone in than by attempting (and not always achieving) to keep them out.

 

The information you gain is the key to preventing further access by the same methods.

Link to comment
Share on other sites
GeordieSteve Newbie

GeordieSteve

Posted
Posted

I'm running a Linksys firewall/router at te mo (although I'm hard wired into it at the mo). Took it out to try and explain my poor traffic problems (I'm on 4mb BB at the mo) and I'll never do it again! VERY worth while buy!

 

I've left it supplying DHCP for now but also got it logging. Everything looks fine... no theiving neighbors by the looks of it ;)

Link to comment
Share on other sites
carl0s Newbie

carl0s

Posted
Posted
This is all very common, bluejacking, orinocco cards on the old palms and even psion organisers. It's been going on years. In actual fact, some companies set up honey-traps precisely to watch of this sort of thing.

 

There are two schools of thought on this, in my network security role we offer a number of services for combating this for personal and corporate users. The one I like best is the honeypot trap....

 

A minor restriction on the network which prevents anyone accidentally stumbling accross it, anyone that gets past that is then detirmined, then we have fake folder alias', local cached sites (such as google) which makes it look like they are achieving something. Then we log every movement, as much information as we can get (mac addresses, cookies from cookie traps to see where else they are visiting, cached usernames etc) and after 4 minutes the mac address of the node is added to the block list and all logs are emailed. It's pretty effective and fairly easy to set up with the right equipment.

 

In my experience, if you concentrate on preventing any access you a) feel TOO secure and miss easy things, and b) present more of a challenge to somebody intent on gaining access.

 

That sounds pretty neat. I don't think it would be suitable for the average non-tech homeuser, but for a corporate network or an IT boff it sounds awesome.

Link to comment
Share on other sites
Guest gzaerojon

Guest gzaerojon

Posted
Posted

i do it sometimes but only for checking emails ect no downloads, anyway my vaio battery only lasts 30 mins. deffinatly set up mac address filter not so much wep as it slows the network down.

Link to comment
Share on other sites
carl0s Newbie

carl0s

Posted
Posted

Jesus christ just accept any encryption overhead as a given!

It's not just about securing access to the network, it's also about protecting your privacy in the data you are sending out into the ether.

Admitedly, the sites you are browing should be using SSL anyway, but if not then you are sending usernames, passwords and credit-card details in plaintext through the air. You don't have the security of a point-to-point cable.

I'm no 802.11 expert but I'm sure it's possible to sniff traffic without having to associate with the AP. If this traffic is unencrypted then all this data is there in plaintext for reading.

I do have Sniffer Wireless here but haven't gotten around to using it.

Regarding the overhead, WPA2 (AES) is done in hardware isn't it?

Link to comment
Share on other sites
Lewis Newbie

Lewis

Posted
Posted
Jesus christ just accept any encryption overhead as a given!

It's not just about securing access to the network, it's also about protecting your privacy in the data you are sending out into the ether.

Admitedly, the sites you are browing should be using SSL anyway, but if not then you are sending usernames, passwords and credit-card details in plaintext through the air. You don't have the security of a point-to-point cable.

I'm no 802.11 expert but I'm sure it's possible to sniff traffic without having to associate with the AP. If this traffic is unencrypted then all this data is there in plaintext for reading.

I do have Sniffer Wireless here but haven't gotten around to using it.

Regarding the overhead, WPA2 (AES) is done in hardware isn't it?

 

 

A whole new cookie, sit in maccy D's with a coffee and a hash brown in their openzone with the ipaq and a packet sniffer check the dhcp server and spoof it's address, you can then get everyone else in the building to get their IP from you and do whatever you like as a trusted node, send them all to different sites, phish their bank details, issue SSL certs etc whatever.

 

Never trust anything techie because for everyone that knows something, ten know more and will exploit it. JMHO

Link to comment
Share on other sites
carl0s Newbie

carl0s

Posted
Posted
A whole new cookie, sit in maccy D's with a coffee and a hash brown in their openzone with the ipaq and a packet sniffer check the dhcp server and spoof it's address, you can then get everyone else in the building to get their IP from you and do whatever you like as a trusted node, send them all to different sites, phish their bank details, issue SSL certs etc whatever.

 

Never trust anything techie because for everyone that knows something, ten know more and will exploit it. JMHO

 

tee hee heee :D !

 

I have only once done anything even remotely like this, and that was just a drive to the Chinese takaway with netstumbler running on the T30 I used to have.

I must have a play with Sniffer Wireless sometime now that I have a laptop whose battery lasts more than an hour.

Link to comment
Share on other sites
Lewis Newbie

Lewis

Posted
Posted

I should add that any security related scenarios given are purely for informational purposes. Security intrusion methods are only used when the company for which I work has been instructed to attempt to gain access to systems by the companies involved and disclaimer documents have been signed.

 

This kind of thing may appear amusing but there is a genuine industry failing which we try to highlight. It does not make me 1337, it isn't big and more importantly it isn't clever!

 

--------------------------------------------------------

/end bull$hit

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. You might also be interested in our Guidelines, Privacy Policy and Terms of Use.