Bit of Bother - "macbook" network piggybacked onto my network

paulby · ‎26-07-2007

@stordoff
Yes they're easy to spoof but if there are two routers running WEP (for example) one with and one without MAC address whitelisting enabled which one would you hack into?
Like I said - one more hurdle to jump over. Just depends on how determined a hacker is.
Personally, I've got everything enabled (call me paranoid) - WPA2 with a strong password, MAC whitelisting and an unbroadcast SSID (which can also be sniffed out quite easily, I know).
My point is, really, why make it any easier for them?

stordoff · ‎03-05-2008

I appriciate what you are saying, but an attacker is unlikely to know prior to breaking the key that MAC filtering is enabled. Once they have the key, they may as well spoof the address and not bother with the second AP.
(I am also paranoid - WPA2 with 63char password, MAC filtering, unbroadcast SSID, captive portal, seperate subnet for wifi, subnet limited to 6 hosts)

Mad_Moggies · ‎01-08-2007

Me too; on Netgear with Macs, WPA2-PSK, non-broadcast SSID, 'trusted wireless station' access control (MAC filtering), address reservation (specific IP addresses for different computers, using both MAC addresses and the computers' names). Plus, if we're going to be out more than a couple of hours, we switch the router off.

Plusnet user since November 2003
Full Fibre since September 2023
Mac OS14 and Firefox user with latest versions of both

OldCrone · ‎09-01-2008

A lot of food for thought here.
I have to admit to being naive, and initially not quite believing that someone would do that because we live in a small group of houses and I really didn't think that we would have any sort of problem. Obviously I was very wrong.
So far "Macbook" has disappeared and I shall use the password advice. As far as accidentally joining the network, I don't think so....the simple wep key I used was broken. Also, when I looked at the network set up, it was "Macbook" and something like "this pc is used to connect pcs to the internet".
From now on paranoia rules!

Mad_Moggies · ‎01-08-2007

Yes, you can set Macs to share their internet connection with other computers, wirelessly and/or physically connected. I used to have ours set up that way before we got a wireless router.
Don't know where I'd find info like that on anything connected to our network, apart from the MAC address, computer name and IP address - that's all the info the Netgear router gives you.

Plusnet user since November 2003
Full Fibre since September 2023
Mac OS14 and Firefox user with latest versions of both

MickKi · ‎30-09-2007

Guys, not broadcasting the SSID is irrelevant for a committed cracker. Although the connection with the AP is encrypted, the SSID is broadcast in cleartext every time a client sends packets to the AP. Passive sniffing of the traffic by the said individual will in seconds obtain the SSID of both the AP and the associated client(s), the channel and the transmition power level.
Within a few minutes the WEP connection will be cracked. If it's a script-kiddie he may try guessing all the simple and easy passwords that people use (like "password", "netgear", "ManUnited", etc) just for fun, in which case it may take longer than a few minutes.
Cracking WPA keys is more difficult of course and takes longer. WPA2 may be impossible (for now). Weak passwords remain the best hope for cracking an authentication scheme, even when the encryption algorithm is strong.

OldCrone · ‎09-01-2008

What you say makes absolute sense! My wep key was stupidly simple....part of the SSID and that took about 6-8 hours before I noticed him back on to the system. The WPA is so far not random, but is a random word. (We have various laptops that connect..long story but that is how our household is).
However, for the past 2 days he has not got back on.
The only thing I can do for the immediate future is be extremely vigilant and as I happen to be training some police tomorrow.............

MickKi · ‎30-09-2007

Quote from: Old
The WPA is so far not random, but is a random word.

WPA cracking involves brute force dictionary attacks. We're talking about crackers' dictionaries here, which also include pet names, celebrity names, and variations with numbers as characters; e.g. D4v1d_B3ck4m
What I'm saying is: there are no single random words, unless you make up your own new words, they're all in the crackers' dictionaries. Either you should use a long string of random alphanumeric characters, or use unrelated words as a passphrase in a random password generator to produce a hash.
Hope this helps . . .
PS. Just in case, has anyone in your household an applemac or iphone?!

stordoff · ‎03-05-2008

Quote from: MickKi
Guys, not broadcasting the SSID is irrelevant for a committed cracker.

I am well aware of this (I use NetStumbler alot), but only have disabled to prevent casual users attempting to connect (fills my log files up). Also, the list of SSIDs is quite long, as my coverage is made up of a number of routers

Mad_Moggies · ‎01-08-2007

Quote from: stordoff
..... but only have disabled to prevent casual users attempting to connect ......

Exactly. Someone looking for a connection is more likely to 'try' a network they can see as that's more likely to belong to someone who has less idea about security.
Round here there are a dozen or so networks visible from time to time (not all at once - usually a max of 5 or 6 but sometimes more), including a recently appeared BT Openzone, which I think might have replaced one of the BT Home Hubs. Naturally, out of curiosity, I've tested them from my Macs to see if they're open or not (very easy to do from the Airport drop-down menu at the top of the screen). Some that used to be open now have passwords and some of the WEP one have been changed to WPA, but with all those visible to tempt people, I feel safer hiding our SSID.

Plusnet user since November 2003
Full Fibre since September 2023
Mac OS14 and Firefox user with latest versions of both

stribs · ‎22-09-2007

Hi Guys,
I use a 24 random generated PW using upper and lower case and numbers, its a pain to key in if a friend comes around and wants to use the wifi connection but it seems to work. I don't transmit the SSID and switch off the modem/router when I am not on the PC or laptop, it saves electricity as well.

stordoff · ‎03-05-2008

Re: Typing Key
Why not save it in a text file (on a usb device) and copy/paste it as required?

OldCrone · ‎09-01-2008

Quote
Why not save it in a text file (on a usb device) and copy/paste it as required?

Good advice!
I had heard of dictionary attacks and should have realised that no word is random really.
The "Macbook" is nowhere to be found now, and no one has an applemac or iphone in the household.
I have been looking around and saw "dinisnet" as a nearby network. That one has puzzled me.
You people are great helping the idiot's of us that get into bother it is appreciated. Ironically the cause of my bother was because I used a password for the router & forgot it, so I reset it and then forgot to re-secure the wireless network. The word "forgot" seems to pop up a lot.
Thanks for all your help, it is greatly appreciated. I obviously need to drink more red wine to stop the forgetfulness!

Oldjim · ‎15-06-2007

Quote from: Old
I obviously need to drink more red wine to stop the forgetfulness!

From experience it doesn't seem too effective - if i remember correctly

OldCrone · ‎09-01-2008

Hi,
As a matter of interest there have been no nearby networks lately.
However when unencrypted I saved a network stumbler file. 5 nearby networks, including one called "Free Internet" and 2 "macbook" plus hpsetup were all "peer", whereas mine was AP - (Access Point I presume).
What does this mean?

Bit of Bother - "macbook" network piggybacked onto my network

Re: Bit of Bother - "macbook" network piggybacked onto my network

Re: Bit of Bother - "macbook" network piggybacked onto my network

Re: Bit of Bother - "macbook" network piggybacked onto my network

Re: Bit of Bother - "macbook" network piggybacked onto my network

Re: Bit of Bother - "macbook" network piggybacked onto my network

Re: Bit of Bother - "macbook" network piggybacked onto my network

Re: Bit of Bother - "macbook" network piggybacked onto my network

Re: Bit of Bother - "macbook" network piggybacked onto my network

Re: Bit of Bother - "macbook" network piggybacked onto my network

Re: Bit of Bother - "macbook" network piggybacked onto my network

Re: Bit of Bother - "macbook" network piggybacked onto my network

Re: Bit of Bother - "macbook" network piggybacked onto my network

Re: Bit of Bother - "macbook" network piggybacked onto my network

Re: Bit of Bother - "macbook" network piggybacked onto my network

Re: Bit of Bother - "macbook" network piggybacked onto my network