Printable View
At my work we have about 3 wireless routers (linksys) all have default SSID,no WEP, and no MAC filtering. But the only way to get on the network is through a preassigned static IP. I was wondering (since im a noob at this) how secure is their network?
at my place of employment we use alot of linksys routers. they are very secure, we havent had any security problems. however i dont know what our sysadmin did to them. i dont know if this is possible, but you might want to get them to turn on DHCP, because i understand that that assigns different IP's every time. i could be wrong though.
All this means is that they disabled the DHCP service. This is not a secure setup. Someone with the slightest bit of networking knowledge could be on your WAP in less than a minute.
Completely insecure. Wide open. You will be cracked, sooner or later. Even if those static IP's are not in the standard 'private ip ranges' reserved for home use or private networks, it's still easy to sniff the traffic and then set your IP to one of the 'allowed' ones.Quote:
Originally posted here by Simo
At my work we have about 3 wireless routers (linksys) all have default SSID,no WEP, and no MAC filtering. But the only way to get on the network is through a preassigned static IP. I was wondering (since im a noob at this) how secure is their network?
Now all that being said...this analysis is made on this rediculously small amount of info you've shared. If you take my response to your IT director and present it as holy fact, you're probably gonna get smacked down. There very well could be a LOT of security layers in place that you haven't seen or been advised of since, as you put it, you're a 'noob'.
But if you're describing the totality of the situation accurately, then that network will be owned, if it hasn't already.
/* Edit: added this for ironic value */
"If you spend more on coffee than on information security, then you will be hacked. What's more, you deserve to be hacked."
-- Richard Clarke, retired. Former Counter-Terrorism Security Advisor to the President of the United States of America
ive brought up this security issue to people but i get the "i dont care" response and the people who setup the routers belive that static IPs are more than enough for security.
What other information do you need, zencoder ?
Short and to the point, from the 'common sense' point of view:
Pretend you're an individual whom a hit man is hunting. If you sleep in the same spot twice, he'll find you and boom, you're dead.
Using static IP addressing is like sleeping in the same place twice.
What you need is a proof of concept demonstration.
Sit there with a sniffer of your choice (Ethereal is my personal favorite) and watch the wireless traffic. Then IP your host with an address on the subnet you see allowed traffic flowing to, THEN show them that you can connect to the WAP. At this point, a nice SPAM engine would be an interesting thing to kick off. Let em see that and I think the attitude may change.
many (most?) admins don't like proof of concepts, so before you mess arround have a nice talk with them and make sure they all understand your gonne mess arround before you actually do it... they tend to get pissy if they're outsmarted by non-admins and somtimes it has no use to proof anything if they really just don't care, because it'll only piss them off
...at least that's from my experience
You might be getting the "I don't care" attitude for the same reason you would get it from me....
See I have a nice little Linksys WAP on my network. On the bright side I broadcast the SSID, am WEP encrypted, DHCP IP's and MAC filter the NICS...... Have fun breaking in..... It's bulletproof as far as accessing my network is concerned. It's outside the firewall and the Linksys _only_ allows port 1723 to egress... Why 1723? PPTP to my firewall.... All you can do from the WAP is try to create a VPN tunnel to my firewall.... fail to successfully authenticate and your wireless access just became a doorstop.... Crack the WAP.... Go for it.... have fun.... My external IDS emails me the moment there is any outbound traffic, (except port 1723 to my firewall), from the WAP... So I'll know... and you'll be closed down... That's a **** load of time to waste to find you have nothing.... :D
Maybe they have the same system.... but I doubt it... ;)
War drivers have too much time to waste if they are out war driving in the first place...Quote:
Originally posted here by Tiger Shark
That's a **** load of time to waste to find you have nothing.... :D
While you're at it... use fakeap and broadcast a couple dozen fake APs to confuse them further?
APs with the names of
GO
AHEAD
TRY
AND
HACK
ME
IM
WATCHING
YOU
FBI FIELD OFFICE
stuff like that. could be fun. :)