|
-
February 22nd, 2005, 06:40 PM
#1
Senior Member
how secure is just static IPs
At my work we have about 3 wireless routers (linksys) all have default SSID,no WEP, and no MAC filtering. But the only way to get on the network is through a preassigned static IP. I was wondering (since im a noob at this) how secure is their network?
-
February 22nd, 2005, 06:58 PM
#2
Senior Member
at my place of employment we use alot of linksys routers. they are very secure, we havent had any security problems. however i dont know what our sysadmin did to them. i dont know if this is possible, but you might want to get them to turn on DHCP, because i understand that that assigns different IP's every time. i could be wrong though.
I know your type, you think "I'll just get me a costume, rip off the neighborhood kids". Next thing you know, you've got a jet shaped like a skull with lasers on the front!
-The Monarch.
-
February 22nd, 2005, 07:05 PM
#3
All this means is that they disabled the DHCP service. This is not a secure setup. Someone with the slightest bit of networking knowledge could be on your WAP in less than a minute.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
February 22nd, 2005, 07:09 PM
#4
Re: how secure is just static IPs
Originally posted here by Simo
At my work we have about 3 wireless routers (linksys) all have default SSID,no WEP, and no MAC filtering. But the only way to get on the network is through a preassigned static IP. I was wondering (since im a noob at this) how secure is their network?
Completely insecure. Wide open. You will be cracked, sooner or later. Even if those static IP's are not in the standard 'private ip ranges' reserved for home use or private networks, it's still easy to sniff the traffic and then set your IP to one of the 'allowed' ones.
Now all that being said...this analysis is made on this rediculously small amount of info you've shared. If you take my response to your IT director and present it as holy fact, you're probably gonna get smacked down. There very well could be a LOT of security layers in place that you haven't seen or been advised of since, as you put it, you're a 'noob'.
But if you're describing the totality of the situation accurately, then that network will be owned, if it hasn't already.
/* Edit: added this for ironic value */
"If you spend more on coffee than on information security, then you will be hacked. What's more, you deserve to be hacked."
-- Richard Clarke, retired. Former Counter-Terrorism Security Advisor to the President of the United States of America
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
February 22nd, 2005, 09:47 PM
#5
Senior Member
ive brought up this security issue to people but i get the "i dont care" response and the people who setup the routers belive that static IPs are more than enough for security.
What other information do you need, zencoder ?
-
February 22nd, 2005, 09:51 PM
#6
Short and to the point, from the 'common sense' point of view:
Pretend you're an individual whom a hit man is hunting. If you sleep in the same spot twice, he'll find you and boom, you're dead.
Using static IP addressing is like sleeping in the same place twice.
Even a broken watch is correct twice a day.
Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!
-
February 22nd, 2005, 10:04 PM
#7
What you need is a proof of concept demonstration.
Sit there with a sniffer of your choice (Ethereal is my personal favorite) and watch the wireless traffic. Then IP your host with an address on the subnet you see allowed traffic flowing to, THEN show them that you can connect to the WAP. At this point, a nice SPAM engine would be an interesting thing to kick off. Let em see that and I think the attitude may change.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
February 22nd, 2005, 10:40 PM
#8
many (most?) admins don't like proof of concepts, so before you mess arround have a nice talk with them and make sure they all understand your gonne mess arround before you actually do it... they tend to get pissy if they're outsmarted by non-admins and somtimes it has no use to proof anything if they really just don't care, because it'll only piss them off
...at least that's from my experience
-
February 22nd, 2005, 10:49 PM
#9
You might be getting the "I don't care" attitude for the same reason you would get it from me....
See I have a nice little Linksys WAP on my network. On the bright side I broadcast the SSID, am WEP encrypted, DHCP IP's and MAC filter the NICS...... Have fun breaking in..... It's bulletproof as far as accessing my network is concerned. It's outside the firewall and the Linksys _only_ allows port 1723 to egress... Why 1723? PPTP to my firewall.... All you can do from the WAP is try to create a VPN tunnel to my firewall.... fail to successfully authenticate and your wireless access just became a doorstop.... Crack the WAP.... Go for it.... have fun.... My external IDS emails me the moment there is any outbound traffic, (except port 1723 to my firewall), from the WAP... So I'll know... and you'll be closed down... That's a **** load of time to waste to find you have nothing.... 
Maybe they have the same system.... but I doubt it... 
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
February 22nd, 2005, 11:40 PM
#10
Originally posted here by Tiger Shark
That's a **** load of time to waste to find you have nothing....
War drivers have too much time to waste if they are out war driving in the first place...
While you're at it... use fakeap and broadcast a couple dozen fake APs to confuse them further?
APs with the names of
GO
AHEAD
TRY
AND
HACK
ME
IM
WATCHING
YOU
FBI FIELD OFFICE
stuff like that. could be fun. 
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
