how secure is just static IPs
Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: how secure is just static IPs

  1. #1
    Senior Member
    Join Date
    May 2003
    Location
    Rochester, New York
    Posts
    128

    how secure is just static IPs

    At my work we have about 3 wireless routers (linksys) all have default SSID,no WEP, and no MAC filtering. But the only way to get on the network is through a preassigned static IP. I was wondering (since im a noob at this) how secure is their network?
    -Simo

  2. #2
    Senior Member Kite's Avatar
    Join Date
    Jan 2005
    Location
    Underground Bunker, somewhere in Antarctica
    Posts
    109
    at my place of employment we use alot of linksys routers. they are very secure, we havent had any security problems. however i dont know what our sysadmin did to them. i dont know if this is possible, but you might want to get them to turn on DHCP, because i understand that that assigns different IP's every time. i could be wrong though.
    I know your type, you think "I'll just get me a costume, rip off the neighborhood kids". Next thing you know, you've got a jet shaped like a skull with lasers on the front!
    -The Monarch.

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    All this means is that they disabled the DHCP service. This is not a secure setup. Someone with the slightest bit of networking knowledge could be on your WAP in less than a minute.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177

    Re: how secure is just static IPs

    Originally posted here by Simo
    At my work we have about 3 wireless routers (linksys) all have default SSID,no WEP, and no MAC filtering. But the only way to get on the network is through a preassigned static IP. I was wondering (since im a noob at this) how secure is their network?
    Completely insecure. Wide open. You will be cracked, sooner or later. Even if those static IP's are not in the standard 'private ip ranges' reserved for home use or private networks, it's still easy to sniff the traffic and then set your IP to one of the 'allowed' ones.

    Now all that being said...this analysis is made on this rediculously small amount of info you've shared. If you take my response to your IT director and present it as holy fact, you're probably gonna get smacked down. There very well could be a LOT of security layers in place that you haven't seen or been advised of since, as you put it, you're a 'noob'.

    But if you're describing the totality of the situation accurately, then that network will be owned, if it hasn't already.

    /* Edit: added this for ironic value */

    "If you spend more on coffee than on information security, then you will be hacked. What's more, you deserve to be hacked."
    -- Richard Clarke, retired. Former Counter-Terrorism Security Advisor to the President of the United States of America
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  5. #5
    Senior Member
    Join Date
    May 2003
    Location
    Rochester, New York
    Posts
    128
    ive brought up this security issue to people but i get the "i dont care" response and the people who setup the routers belive that static IPs are more than enough for security.

    What other information do you need, zencoder ?
    -Simo

  6. #6
    ********** |ceWriterguy
    Join Date
    Aug 2004
    Posts
    1,608
    Short and to the point, from the 'common sense' point of view:

    Pretend you're an individual whom a hit man is hunting. If you sleep in the same spot twice, he'll find you and boom, you're dead.

    Using static IP addressing is like sleeping in the same place twice.
    Even a broken watch is correct twice a day.

    Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!

  7. #7
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    What you need is a proof of concept demonstration.

    Sit there with a sniffer of your choice (Ethereal is my personal favorite) and watch the wireless traffic. Then IP your host with an address on the subnet you see allowed traffic flowing to, THEN show them that you can connect to the WAP. At this point, a nice SPAM engine would be an interesting thing to kick off. Let em see that and I think the attitude may change.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  8. #8
    Kwiep
    Join Date
    Aug 2001
    Posts
    924
    many (most?) admins don't like proof of concepts, so before you mess arround have a nice talk with them and make sure they all understand your gonne mess arround before you actually do it... they tend to get pissy if they're outsmarted by non-admins and somtimes it has no use to proof anything if they really just don't care, because it'll only piss them off
    ...at least that's from my experience
    Double Dutch

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    You might be getting the "I don't care" attitude for the same reason you would get it from me....

    See I have a nice little Linksys WAP on my network. On the bright side I broadcast the SSID, am WEP encrypted, DHCP IP's and MAC filter the NICS...... Have fun breaking in..... It's bulletproof as far as accessing my network is concerned. It's outside the firewall and the Linksys _only_ allows port 1723 to egress... Why 1723? PPTP to my firewall.... All you can do from the WAP is try to create a VPN tunnel to my firewall.... fail to successfully authenticate and your wireless access just became a doorstop.... Crack the WAP.... Go for it.... have fun.... My external IDS emails me the moment there is any outbound traffic, (except port 1723 to my firewall), from the WAP... So I'll know... and you'll be closed down... That's a **** load of time to waste to find you have nothing....

    Maybe they have the same system.... but I doubt it...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #10
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Originally posted here by Tiger Shark
    That's a **** load of time to waste to find you have nothing....
    War drivers have too much time to waste if they are out war driving in the first place...

    While you're at it... use fakeap and broadcast a couple dozen fake APs to confuse them further?

    APs with the names of

    GO
    AHEAD
    TRY
    AND
    HACK
    ME
    IM
    WATCHING
    YOU
    FBI FIELD OFFICE

    stuff like that. could be fun.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •