Unsecured WAPs at home

Configuration and operational information about stumbled AP's

Unsecured WAPs at home

Postby shok_wave » Mon Aug 19, 2002 11:12 am

A friend of mine didn't think I could do much more than surf from his unsecured WAP, so he let me prove him wrong.

Details are on my site here:
http://mcwresearch.com/default.asp?id=6&ACT=5&content=29&mnu=6

I have some other nit-noid papers there regarding implications of unsecured WAPs, etc. A friend and I have stumbled 1200 in the northern VA, DC-Metro area and documented locations, etc. There are maps on the site as well.

Its interesting to see how prolific the technology is and how many are installed with factory defaults!
----
My wireless networks are secure.
Are yours?
If you're in the D.C. area, I probably
already know the answer:
http://mcwresearch.com
shok_wave
Mini Stumbler
 
Posts: 19
Joined: Wed Jun 19, 2002 7:12 am

Re: Unsecured WAPs at home

Postby blackwave » Mon Aug 19, 2002 12:01 pm

Originally posted by shok_wave
A friend of mine didn't think I could do much more than surf from his unsecured WAP, so he let me prove him wrong.


Interesting write up shok_wave... though one thing, you know how in movies they try to alter the ingredients that they are talking about so that people out watching the movie don't go home and try to make a working bomb... ? just a tip ;)
-=BW=-
User avatar
blackwave
 
Posts: 4507
Joined: Mon Apr 15, 2002 3:00 am
Location: SoCal, OC

Postby shok_wave » Mon Aug 19, 2002 3:06 pm

Yeah, I did think about that and I did forego a lot of detail.

However, I included the amount of detail I did for a very specific reason and mabe I should include the reason on the site. That reason being, a good administrator needs to audit his/her network for security holes. To catch a hacker, one should at least try to think like a hacker. :)

The info I've posted there is nothing new/secret/underground.

Buuut, point well made. I'll have to post some sort of disclaimer there.

-Shok
----
My wireless networks are secure.
Are yours?
If you're in the D.C. area, I probably
already know the answer:
http://mcwresearch.com
shok_wave
Mini Stumbler
 
Posts: 19
Joined: Wed Jun 19, 2002 7:12 am

Postby The Others » Mon Aug 19, 2002 3:18 pm

I thhink it's best that you set it out so simply.

As you said, nothing new or particularily skilled was detailed here, however, it is very effective. Your page shows people how easily their network can be fudged and will hopefully urge them into action.

But it probably wont, and even if it does there's stuff you missed out, that'll all be exploited latter.
all good ends all

?u=273
User avatar
The Others
 
Posts: 2910
Joined: Mon Apr 22, 2002 7:27 am
Location: Dos Palabras, Mandoras

Postby hollowing » Mon Aug 19, 2002 3:30 pm

Its interesting to see how prolific the technology is and how many are installed with factory defaults!


Hmmm, following my poke about tonight, I'd agree with the latter part of this, but in my part of the UK the words "wireless" and "network" kinda' don't really work out too well, when said together.

Wireless is still the name that some people give to any kind of commercial radio or TV broadcast, and I can imagine conversations ending like: "network - why on earth would you bother with that, anyway I'd use a floppy disk drive if I ever wanted to move files from one computer to another".

Of course it could be that the majority of local AP's have already gone over to 802.11a, or are running very tight .11b.

(Hmm, I think we all know how likely either of these are to be true).

sigh......:(
hollowing
 
Posts: 47
Joined: Wed Jul 31, 2002 11:40 am
Location: SW UK

Postby The Others » Mon Aug 19, 2002 3:35 pm

Hmmm, following my poke about tonight, I'd agree with the latter part of this, but in my part of the UK the words "wireless" and "network" kinda' don't really work out too well, when said together.


I'd agree, however, of the rare wireless networks I find many are still on the factory defaults.

The amount of netgear APs on channel 6 with the SSID of "wireless" is stagering. Especially as I know how easy it is to gain access to the configuration software.
all good ends all

?u=273
User avatar
The Others
 
Posts: 2910
Joined: Mon Apr 22, 2002 7:27 am
Location: Dos Palabras, Mandoras

Postby hollowing » Mon Aug 19, 2002 3:57 pm

The amount of netgear APs on channel 6 with the SSID of "wireless" is stagering.

Hmm, Netgear AP's have not yet proved too common here.

If I have found a pattern (albeit, a local pattern) then this end of the country is almost exclusively:

Agere (Lucent) - Ch11
Cisco - Ch1

...and most of these run on specific "sites", so you can see clear evidence of some central procurement malarky. The SSID's have been modded out in these AP's, so it seems odd that having gone halfway to setting them up, why then not go a bit further and set up WEP ?

I don't think I have seen one WEP enabled AP yet (other than mine of course, which doesn't count really...).

I wonder why: lack of premonition perhaps ?
hollowing
 
Posts: 47
Joined: Wed Jul 31, 2002 11:40 am
Location: SW UK

Postby mpz » Thu Aug 22, 2002 6:20 pm

After reading your "story" I started to wonder about my net "stumbling". Is it possible for a savy network admin to find out who accessed their wireless network. Is there anyway they can track you down?

Never mind, did the search thing and answered my own question.
mpz
Mini Stumbler
 
Posts: 1
Joined: Wed Aug 21, 2002 7:30 pm
Location: Maine

Thailand = LinkSys

Postby md3v » Fri Sep 06, 2002 9:01 am

Roughly 75% of AP's I've ran into in Thailand are the LinkSys WAP11 v1/v2.2 models.

Usuals...

SSID = linksys ...

If anyone meanders into Thailand (Chiang Mai or Bangkok) and wants to meet up - PM me. I'll take you out for beer+drive.
md3v
Mini Stumbler
 
Posts: 14
Joined: Sun Aug 18, 2002 5:32 pm

Postby Entropy42 » Thu Sep 12, 2002 11:51 am

Lots of default Linksyses around where I live.

Prolly about 10-20% WEP penetration around here.

I don't bother with WEP because WEP doesn't matter. It's so weak it might as well not be there. Given all the effort you put forth in your analysis of this guy's network, it would've taken you an extra 15-20 minutes more (hardly any additional effort) to get in.

The trick, of course, is to use application-layer security. Assume that the network cannot be trusted. I ALWAYS use SSH over the wireless connection. The only machines in my house that use POP are wired machines.

People can sniff my network all they want. I don't care, they won't see anything that matters. Turning WEP on would only make someone with more on their mind than free 'net access more curious as to what that one WEPed AP in a cloud of default Linksyses was hiding.
Entropy42
Mini Stumbler
 
Posts: 32
Joined: Tue Sep 03, 2002 12:05 pm

Postby mentat » Thu Sep 12, 2002 12:02 pm

Originally posted by Entropy42

I don't bother with WEP because WEP doesn't matter. It's so weak it might as well not be there. Given all the effort you put forth in your analysis of this guy's network, it would've taken you an extra 15-20 minutes more (hardly any additional effort) to get in.


Are you suggesting you can break WEP in 15-20 minutes? That is surely inexperience speaking. In a low traffic network (as his story suggests it is), breaking WEP is effectively impossible.
User avatar
mentat
Mini Stumbler
 
Posts: 476
Joined: Mon May 20, 2002 11:54 am
Location: CT

Postby shok_wave » Thu Sep 12, 2002 12:42 pm

correct, it is an extremely low-trafficed network.

However, even if it were a corporate network with loads of traffic, it still begs the question, "where are you going to park a machine long enough to gather the needed traffic to crack WEP?" And I don't believe 15-20 minutes will do it. In fact, I don't think the keys are changed that quickly and cracking WEP is (as I understand it) a matter of predicting keys, since they are reused.

I could be wrong. Its been known to happen. Just ask my roommate. ;)
----
My wireless networks are secure.
Are yours?
If you're in the D.C. area, I probably
already know the answer:
http://mcwresearch.com
shok_wave
Mini Stumbler
 
Posts: 19
Joined: Wed Jun 19, 2002 7:12 am

Postby mentat » Thu Sep 12, 2002 3:09 pm

Best case I've cracked a key on a network on which I was generating traffic in 3 days. The weird thing was that almost all the "interesting packets" came on the third day.
User avatar
mentat
Mini Stumbler
 
Posts: 476
Joined: Mon May 20, 2002 11:54 am
Location: CT


Return to AP Information

Who is online

Users browsing this forum: No registered users and 8 guests

cron