Re: [slim] WPA WEP etc...

[ASS-Ware]

Peter;183360 Wrote: 
 ASS-Ware wrote:
  jonheal;182579 Wrote: 

  Being pretty much an idiot when it comes to networking stuff,
 please
  clarify something for me:
 
  As I understand it, encrypting your wireless broadcasts (hopefully)
  prevents an eavesdropper from reading the packets you send out into
 the
  atmosphere. Protecting the integrity of your network, and the
 machines
  on it, is another matter entirely. Am I wrong in that assumption?
 And
  if all your broadcasting is music packets, is it that big of a deal
 to
  protect them?
  
 
  The thing is, once somebody hacks your wifi, that person is in your
  network and can try to access all computers in your network, and
 even
  worse, use your internet connection for attacks to other networks on
  the web and you are the one to blame if it's discovered as they use
  your connection.
  And what about somebody hacking your wifi and thus being part of
 your
  network and then download child pornography ?
  If discovered, they come to your door !!!
  That happened not far from my village.

 
 They may come to your door, but they won't prosecute you unless they 
 find more evidence. Of course, the hacker may leave some evidence on 
 your disk, but that would be a personal attack against you, which is 
 possible if you have enemies. It sounds unlikely to me that child porn
 
 enthousiasts would possess such technical knowledge and go through all
 
 that physical work. If you're that good, you'd better set up a botnet
 to 
 do your dirty work and control them over TOR from the comfort of your 
 own home.
 
 Regards,
 Peter

Well, it happened close to my town.


-- 
ASS-Ware

ASS-Ware's Profile: http://forums.slimdevices.com/member.php?userid=4280
View this thread: http://forums.slimdevices.com/showthread.php?t=32888

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[Peter]

snarlydwarf wrote:
 Mark Lanctot;183284 Wrote: 
   
 Looks like a pretty esoteric black hat crack to me.  Although I don't
 fully understand the tool, it looks like made-up SSIDs and long,
 complex passphrases will still help.
 

 It's really a matter of timeshifting.  Note that only advantage between
 the first test (straight dictionary attack) and the second (precomputed
 dictionary attack) is that the data set can be recycled for a given
 SSID.

 If you change your SSID to not be stock, then the dictionary will need
 to be recomputed.

 If you change your passphrase to not be one of the ones in the
 dictionary, it will still not succeed.

 Which brings it back down to don't choose lame-ass passwords, which
 is already known.  This attack only makes using lame-ass passwords with
 stock SSID's weaker.

   

AFAICS these are all dictionary attacks. That's why you don't choose or 
invent a password but you generate a random one of 64 characters. There 
are sites on the web to help you (note that they will know your 
password). Luckily most of the time you will copy  paste your key 
(unless you're dealing with an SB) so it won't be too much work.

Regards,
Peter


___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[Peter]

ASS-Ware wrote:
 Peter;183283 Wrote: 
   
 ASS-Ware wrote:
 
 Mark Lanctot;181815 Wrote: 
   
   
 The SB3 also supports WPA2/AES.

 Now WPA/TKIP hasn't been broken yet so it's probably overkill, but
 
 as
 
 they say, go big or go home...WPA2/AES works just fine for me and
 
 was
 
 as easy as WPA/TKIP to implement.
 
 
 I am sorry to say you are wrong, but WPA hacks are available and so
   
 are
 
 WPA2 hacks.
   
   
 Link?

 Regards,
 Peter
 

 Google.
 Read magazines.
 Search security forums.
 Go to security lectures.
 I have see a man hack into a WPA2 protected wifi network withing 5
 minutes.
   

How many characters was the key? Was it random generated? AFAIK people 
choosing crackable passwords is the main weakness.

Show me a crack of a random 64 character password...

Regards,
Peter


___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[Peter]

ASS-Ware wrote:
 jonheal;182579 Wrote: 
   
 Being pretty much an idiot when it comes to networking stuff, please
 clarify something for me:

 As I understand it, encrypting your wireless broadcasts (hopefully)
 prevents an eavesdropper from reading the packets you send out into the
 atmosphere. Protecting the integrity of your network, and the machines
 on it, is another matter entirely. Am I wrong in that assumption? And
 if all your broadcasting is music packets, is it that big of a deal to
 protect them?
 

 The thing is, once somebody hacks your wifi, that person is in your
 network and can try to access all computers in your network, and even
 worse, use your internet connection for attacks to other networks on
 the web and you are the one to blame if it's discovered as they use
 your connection.
 And what about somebody hacking your wifi and thus being part of your
 network and then download child pornography ?
 If discovered, they come to your door !!!
 That happened not far from my village.
   

They may come to your door, but they won't prosecute you unless they 
find more evidence. Of course, the hacker may leave some evidence on 
your disk, but that would be a personal attack against you, which is 
possible if you have enemies. It sounds unlikely to me that child porn 
enthousiasts would possess such technical knowledge and go through all 
that physical work. If you're that good, you'd better set up a botnet to 
do your dirty work and control them over TOR from the comfort of your 
own home.

Regards,
Peter

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[ASS-Ware]

Mark Lanctot;181815 Wrote: 
 The SB3 also supports WPA2/AES.
 
 Now WPA/TKIP hasn't been broken yet so it's probably overkill, but as
 they say, go big or go home...WPA2/AES works just fine for me and was
 as easy as WPA/TKIP to implement.

I am sorry to say you are wrong, but WPA hacks are available and so are
WPA2 hacks.


-- 
ASS-Ware

ASS-Ware's Profile: http://forums.slimdevices.com/member.php?userid=4280
View this thread: http://forums.slimdevices.com/showthread.php?t=32888

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[Mark Lanctot]

ASS-Ware;183235 Wrote: 
 I am sorry to say you are wrong, but WPA hacks are available and so are
 WPA2 hacks.

OK, come crack me.


-- 
Mark Lanctot

It's like, you know, a New Age religion, but with better treble
response. - Jon Heal

Mark Lanctot's Profile: http://forums.slimdevices.com/member.php?userid=2071
View this thread: http://forums.slimdevices.com/showthread.php?t=32888

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[Paul_B]

If a professional decides to hack you then they can crak WEP, WPA, WPA2.
But we would they bother on a residential estate? Script kiddies can
probabaly crack WEP but easier to go after no security.

So what is the answer? Well to make it as hard as possible by using
WPA2 with short timeouts between key changes. Use a complex password
with as many characters as possible and a decent length. Maybe, if you
are paranoid, look at digital certificates. But if you are really
paranoid don't connect to the internet


-- 
Paul_B

Paul

~
Slimserver 6.5.1 on EPIA VIA EN15000 Mini-ITX running Windows 2003 R2.

Remote storage QNAP(2.0.0)~(300GB WD)
SB3 (x1)
RIP - dBpowerAMP R12 to FLAC
ID3 Tags - MP3Tag v2.37d
~

Paul_B's Profile: http://forums.slimdevices.com/member.php?userid=3039
View this thread: http://forums.slimdevices.com/showthread.php?t=32888

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[ASS-Ware]

Paul_B;183246 Wrote: 
 If a professional decides to hack you then they can crak WEP, WPA, WPA2.
 But we would they bother on a residential estate? Script kiddies can
 probabaly crack WEP but easier to go after no security.
 
 So what is the answer? Well to make it as hard as possible by using
 WPA2 with short timeouts between key changes. Use a complex password
 with as many characters as possible and a decent length. Maybe, if you
 are paranoid, look at digital certificates. But if you are really
 paranoid don't connect to the internet

It's got nothing to do with an internet connection, it's the wifi
connection to your personal network, which can be hacked and then they
can access your computer(s).
Internet or no internet is not important.


-- 
ASS-Ware

ASS-Ware's Profile: http://forums.slimdevices.com/member.php?userid=4280
View this thread: http://forums.slimdevices.com/showthread.php?t=32888

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[Peter]

ASS-Ware wrote:
 Mark Lanctot;181815 Wrote: 
   
 The SB3 also supports WPA2/AES.

 Now WPA/TKIP hasn't been broken yet so it's probably overkill, but as
 they say, go big or go home...WPA2/AES works just fine for me and was
 as easy as WPA/TKIP to implement.
 

 I am sorry to say you are wrong, but WPA hacks are available and so are
 WPA2 hacks.
   

Link?

Regards,
Peter

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[Mark Lanctot]

Peter;183283 Wrote: 
 Link?

This got me curious too, some Googling got me to:

http://www.churchofwifi.org/default.asp?PageLink=Project_Display.asp?PID=95

and

http://www.wirelessdefence.org/Contents/coWPAttyMain.htm

Looks like a pretty esoteric black hat crack to me.


-- 
Mark Lanctot

It's like, you know, a New Age religion, but with better treble
response. - Jon Heal

Mark Lanctot's Profile: http://forums.slimdevices.com/member.php?userid=2071
View this thread: http://forums.slimdevices.com/showthread.php?t=32888

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[snarlydwarf]

Mark Lanctot;183284 Wrote: 
 
 Looks like a pretty esoteric black hat crack to me.  Although I don't
 fully understand the tool, it looks like made-up SSIDs and long,
 complex passphrases will still help.

It's really a matter of timeshifting.  Note that only advantage between
the first test (straight dictionary attack) and the second (precomputed
dictionary attack) is that the data set can be recycled for a given
SSID.

If you change your SSID to not be stock, then the dictionary will need
to be recomputed.

If you change your passphrase to not be one of the ones in the
dictionary, it will still not succeed.

Which brings it back down to don't choose lame-ass passwords, which
is already known.  This attack only makes using lame-ass passwords with
stock SSID's weaker.


-- 
snarlydwarf

snarlydwarf's Profile: http://forums.slimdevices.com/member.php?userid=1179
View this thread: http://forums.slimdevices.com/showthread.php?t=32888

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[ASS-Ware]

Peter;183283 Wrote: 
 ASS-Ware wrote:
  Mark Lanctot;181815 Wrote: 

  The SB3 also supports WPA2/AES.
 
  Now WPA/TKIP hasn't been broken yet so it's probably overkill, but
 as
  they say, go big or go home...WPA2/AES works just fine for me and
 was
  as easy as WPA/TKIP to implement.
  
 
  I am sorry to say you are wrong, but WPA hacks are available and so
 are
  WPA2 hacks.

 
 Link?
 
 Regards,
 Peter

Google.
Read magazines.
Search security forums.
Go to security lectures.
I have see a man hack into a WPA2 protected wifi network withing 5
minutes.


-- 
ASS-Ware

ASS-Ware's Profile: http://forums.slimdevices.com/member.php?userid=4280
View this thread: http://forums.slimdevices.com/showthread.php?t=32888

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[ASS-Ware]

jonheal;182579 Wrote: 
 Being pretty much an idiot when it comes to networking stuff, please
 clarify something for me:
 
 As I understand it, encrypting your wireless broadcasts (hopefully)
 prevents an eavesdropper from reading the packets you send out into the
 atmosphere. Protecting the integrity of your network, and the machines
 on it, is another matter entirely. Am I wrong in that assumption? And
 if all your broadcasting is music packets, is it that big of a deal to
 protect them?

The thing is, once somebody hacks your wifi, that person is in your
network and can try to access all computers in your network, and even
worse, use your internet connection for attacks to other networks on
the web and you are the one to blame if it's discovered as they use
your connection.
And what about somebody hacking your wifi and thus being part of your
network and then download child pornography ?
If discovered, they come to your door !!!
That happened not far from my village.


-- 
ASS-Ware

ASS-Ware's Profile: http://forums.slimdevices.com/member.php?userid=4280
View this thread: http://forums.slimdevices.com/showthread.php?t=32888

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[ASS-Ware]

Paul_B;183246 Wrote: 
 If a professional decides to hack you then they can crak WEP, WPA, WPA2.
 But we would they bother on a residential estate?

They sit in cars, they hack wifi networks and download illegal stuff
like child pornography.
And it's downloaded from your internet connection, so you are the one
they come to once it's discovered.
It happened near my town.


-- 
ASS-Ware

ASS-Ware's Profile: http://forums.slimdevices.com/member.php?userid=4280
View this thread: http://forums.slimdevices.com/showthread.php?t=32888

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[Mitch Harding]

Yeah, but why would they bother targeting someone with WPA or WPA2 when
there are still plenty of people using WEP or no security at all?  My goal
in using WPA2 is to make it as inconvenient as possible.  Given that right
now I can see two of my neighbors unsecured networks, and given that some of
the others are probably only using WEP...  well, I'm not losing much sleep.

On 2/24/07, ASS-Ware [EMAIL PROTECTED]
wrote:



Paul_B;183246 Wrote:
 If a professional decides to hack you then they can crak WEP, WPA, WPA2.
 But we would they bother on a residential estate?

They sit in cars, they hack wifi networks and download illegal stuff
like child pornography.
And it's downloaded from your internet connection, so you are the one
they come to once it's discovered.
It happened near my town.


--
ASS-Ware

ASS-Ware's Profile: http://forums.slimdevices.com/member.php?userid=4280
View this thread: http://forums.slimdevices.com/showthread.php?t=32888

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[ASS-Ware]

Mitch Harding;183308 Wrote: 
 Yeah, but why would they bother targeting someone with WPA or WPA2 when
 there are still plenty of people using WEP or no security at all?

Maybe because people that know what they are doing, setting wpa2 for
example, have faster internet access ?
Dunno.


-- 
ASS-Ware

ASS-Ware's Profile: http://forums.slimdevices.com/member.php?userid=4280
View this thread: http://forums.slimdevices.com/showthread.php?t=32888

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[Mitch Harding]

If you can convince my cable company to supply me faster access, please do!
I sent them my college transcript and some glowing references from my
coworkers, but so far no luck...

On 2/24/07, ASS-Ware [EMAIL PROTECTED]
wrote:



Mitch Harding;183308 Wrote:
 Yeah, but why would they bother targeting someone with WPA or WPA2 when
 there are still plenty of people using WEP or no security at all?

Maybe because people that know what they are doing, setting wpa2 for
example, have faster internet access ?
Dunno.


--
ASS-Ware

ASS-Ware's Profile: http://forums.slimdevices.com/member.php?userid=4280
View this thread: http://forums.slimdevices.com/showthread.php?t=32888

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[jonheal]

ASS-Ware;183300 Wrote: 
 The thing is, once somebody hacks your wifi, that person is in your
 network and can try to access all computers in your network, and even
 worse, use your internet connection for attacks to other networks on
 the web and you are the one to blame if it's discovered as they use
 your connection.
 And what about somebody hacking your wifi and thus being part of your
 network and then download child pornography ?
 If discovered, they come to your door !!!
 That happened not far from my village.

Just because they're on my network doesn't mean they can access my
machines. They'd need a LAN ID to map a drive. Heck, I can't even map
drives on some of the machines!

As for downloading porn using me as a proxy, you can do the same thing
at Starbucks. Do you think the Department of Justice is going after
Starbucks and all of the tens of thousands of other wi-fi hotspots and
tens of thousands of private unsecured networks?


-- 
jonheal

Jon Heal says:
Have a nice day!
http://www.theheals.org/
~~~
SB3 (wired - 6.3.1) | Home-brew PC running XP Pro | DENON DRA-395 | PSB
Stratus Bronze (2) | Outlaw Audio LFM-2 (1) | DIY Speaker Cables |
Dayton Audio Interconnects

jonheal's Profile: http://forums.slimdevices.com/member.php?userid=2133
View this thread: http://forums.slimdevices.com/showthread.php?t=32888

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[ASS-Ware]

Mitch Harding;183310 Wrote: 
 If you can convince my cable company to supply me faster access, please
 do!

Get another ISP then ;-)


-- 
ASS-Ware

ASS-Ware's Profile: http://forums.slimdevices.com/member.php?userid=4280
View this thread: http://forums.slimdevices.com/showthread.php?t=32888

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[Mark Lanctot]

Well yes, password size matters, but I was referring to AES's more
advanced encryption than TKIP.

Since TKIP hasn't been broken yet, AES is overkill - but still, it
costs nothing in terms of time and money to implement, so I did it.


-- 
Mark Lanctot

It's like, you know, a New Age religion, but with better treble
response. - Jon Heal

Mark Lanctot's Profile: http://forums.slimdevices.com/member.php?userid=2071
View this thread: http://forums.slimdevices.com/showthread.php?t=32888

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[Peter]

Mark Lanctot wrote:
 Well yes, password size matters, but I was referring to AES's more
 advanced encryption than TKIP.

 Since TKIP hasn't been broken yet, AES is overkill - but still, it
 costs nothing in terms of time and money to implement, so I did it.
   

The main risk at the moment is using brute force to crack the keys.
Using a short password or one from a dictionary is just as big a problem 
with AES as with TKIP.

That's also the attack against WEP, except that in this case some 
stupidities in the protocol implementation make it a lot easier.
But it's not very difficult to make an insecure implementation of AES 
encryption.

Regards,
Peter

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[jonheal]

Being pretty much an idiot when it comes to networking stuff, please
clarify something for me:

As I understand it, encrypting your wireless broadcasts (hopefully)
prevents an eavesdropper from reading the packets you send out into the
atmosphere. Protecting the integrity of your network, and the machines
on it, is another matter entirely. Am I wrong in that assumption? And
if all your broadcasting is music packets, is it that big of a deal to
protect them?


-- 
jonheal

Jon Heal says:
Have a nice day!
http://www.theheals.org/
~~~
SB3 (wired - 6.3.1) | Home-brew PC running XP Pro | DENON DRA-395 | PSB
Stratus Bronze (2) | Outlaw Audio LFM-2 (1) | DIY Speaker Cables |
Dayton Audio Interconnects

jonheal's Profile: http://forums.slimdevices.com/member.php?userid=2133
View this thread: http://forums.slimdevices.com/showthread.php?t=32888

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[Mark Lanctot]

jonheal;182579 Wrote: 
 Being pretty much an idiot when it comes to networking stuff, please
 clarify something for me:
 
 As I understand it, encrypting your wireless broadcasts (hopefully)
 prevents an eavesdropper from reading the packets you send out into the
 atmosphere. Protecting the integrity of your network, and the machines
 on it, is another matter entirely. Am I wrong in that assumption? And
 if all your broadcasting is music packets, is it that big of a deal to
 protect them?

I'm no more than a novice at this myself, but yes, this is something
outside a normal LAN.  If your machines are infected with various
backdoors, it doesn't matter how secure your WPA2 passphrase
is...although interestingly an attacker could still not find it out
unless he was running a keylogger as you typed it in.

But in regards to just broadcasting music packets and packets destined
for an SB, you need to protect them even more because:

- there will always be traffic an attacker could monitor

- when broadcasting music, a steady stream of packets will be present
to analyze

As I understand it, these attacks work better when you have lots of
packets to analyze.  Once an attacker derives a passphrase, he can (at
the very least) use your IP address for whatever purpose he wants. 
This includes child porn - there have been several high-profile busts
recently where police are tracking offenders based on IP addresses, and
you would have to prove your wireless network was compromised in
court...meanwhile your name would be published in the local media.

Once an attacker is on your LAN, he's also one step closer to accessing
your hard drive contents.  Your router won't stop him, it'll be up to
software firewalls if he gets that far.  Blocking by MAC address is
useless here - he'll be able to see the MAC addresses of all the
devices on your network and can clone one.


-- 
Mark Lanctot

It's like, you know, a New Age religion, but with better treble
response. - Jon Heal

Mark Lanctot's Profile: http://forums.slimdevices.com/member.php?userid=2071
View this thread: http://forums.slimdevices.com/showthread.php?t=32888

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[Peter]

Mark Lanctot wrote:
 jonheal;182579 Wrote: 
   
 Being pretty much an idiot when it comes to networking stuff, please
 clarify something for me:

 As I understand it, encrypting your wireless broadcasts (hopefully)
 prevents an eavesdropper from reading the packets you send out into the
 atmosphere. Protecting the integrity of your network, and the machines
 on it, is another matter entirely. Am I wrong in that assumption? And
 if all your broadcasting is music packets, is it that big of a deal to
 protect them?
 

 I'm no more than a novice at this myself, but yes, this is something
 outside a normal LAN.  If your machines are infected with various
 backdoors, it doesn't matter how secure your WPA2 passphrase
 is...although interestingly an attacker could still not find it out
 unless he was running a keylogger as you typed it in.

 But in regards to just broadcasting music packets and packets destined
 for an SB, you need to protect them even more because:

 - there will always be traffic an attacker could monitor

 - when broadcasting music, a steady stream of packets will be present
 to analyze

 As I understand it, these attacks work better when you have lots of
 packets to analyze.  Once an attacker derives a passphrase, he can (at
 the very least) use your IP address for whatever purpose he wants. 
 This includes child porn - there have been several high-profile busts
 recently where police are tracking offenders based on IP addresses, and
 you would have to prove your wireless network was compromised in
 court...meanwhile your name would be published in the local media.
   

Possibly, but the chances are rather small. I read an article on the 
exact way of cracking a WEP protected network recently and the 'bad 
guys' have devised a little trick to get lots of packets. They just grab 
one of your encrypted packets and (re)send it to one of your hosts. The 
host will receive the packet and reply to it, another packet to 
analyze... The method used in the article required two PC's, a special 
Linux boot CD and two wireless cards with a specific chipset. Quite a 
hassle still..
 Once an attacker is on your LAN, he's also one step closer to accessing
 your hard drive contents.  Your router won't stop him, it'll be up to
 software firewalls if he gets that far.  Blocking by MAC address is
 useless here - he'll be able to see the MAC addresses of all the
 devices on your network and can clone one.
   

It's a funny thing wireless security. If you leave your PC/network open 
to the internet you *will* be targeted by thousands or tens of thousands 
of (professional) automated hacking attempts. If you leave your wireless 
network open you will be open to attack by a dozen neighbours. The 
chances of your neighbours wanting to target you and having the skill to 
do are possibly not so great. One of my neighbours has his network open, 
I even used it briefly once or twice, but I've never  gone so far as 
snooping around on it. The chances of anyone around me wanting to go 
through the hassle of cracking a WEP key would be fairly slim.
 
Then again I read an interesting attack recently in which the bad guys 
would drive thru the city with a PC that automatically looked for open 
networks with no encryption. The PC would be loaded with knowledge of 
popular routers and their configs and default passwords and would 
contact any routers it could find and change the DNS settings so it 
would use a DNS server controlled by the attacker. By manipulating DNS 
responses they would be able to get between the victim and there banking 
websites.

I'd take the trouble to set up WPA encryption if I were my neighbour. I 
don't know which one it is, perhaps I should snoop around a little ;)

Regards,
Peter

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[jonheal]

Peter;182606 Wrote: 
 Mark Lanctot wrote:
  jonheal;182579 Wrote: 

  Being pretty much an idiot when it comes to networking stuff,
 please
  clarify something for me:
 
  As I understand it, encrypting your wireless broadcasts (hopefully)
  prevents an eavesdropper from reading the packets you send out into
 the
  atmosphere. Protecting the integrity of your network, and the
 machines
  on it, is another matter entirely. Am I wrong in that assumption?
 And
  if all your broadcasting is music packets, is it that big of a deal
 to
  protect them?
  
 
  I'm no more than a novice at this myself, but yes, this is something
  outside a normal LAN.  If your machines are infected with various
  backdoors, it doesn't matter how secure your WPA2 passphrase
  is...although interestingly an attacker could still not find it out
  unless he was running a keylogger as you typed it in.
 
  But in regards to just broadcasting music packets and packets
 destined
  for an SB, you need to protect them even more because:
 
  - there will always be traffic an attacker could monitor
 
  - when broadcasting music, a steady stream of packets will be
 present
  to analyze
 
  As I understand it, these attacks work better when you have lots of
  packets to analyze.  Once an attacker derives a passphrase, he can
 (at
  the very least) use your IP address for whatever purpose he wants. 
  This includes child porn - there have been several high-profile
 busts
  recently where police are tracking offenders based on IP addresses,
 and
  you would have to prove your wireless network was compromised in
  court...meanwhile your name would be published in the local media.

 
 Possibly, but the chances are rather small. I read an article on the 
 exact way of cracking a WEP protected network recently and the 'bad 
 guys' have devised a little trick to get lots of packets. They just
 grab 
 one of your encrypted packets and (re)send it to one of your hosts. The
 
 host will receive the packet and reply to it, another packet to 
 analyze... The method used in the article required two PC's, a special
 
 Linux boot CD and two wireless cards with a specific chipset. Quite a 
 hassle still..
  Once an attacker is on your LAN, he's also one step closer to
 accessing
  your hard drive contents.  Your router won't stop him, it'll be up
 to
  software firewalls if he gets that far.  Blocking by MAC address is
  useless here - he'll be able to see the MAC addresses of all the
  devices on your network and can clone one.

 
 It's a funny thing wireless security. If you leave your PC/network open
 
 to the internet you *will* be targeted by thousands or tens of
 thousands 
 of (professional) automated hacking attempts. If you leave your
 wireless 
 network open you will be open to attack by a dozen neighbours. The 
 chances of your neighbours wanting to target you and having the skill
 to 
 do are possibly not so great. One of my neighbours has his network
 open, 
 I even used it briefly once or twice, but I've never  gone so far as 
 snooping around on it. The chances of anyone around me wanting to go 
 through the hassle of cracking a WEP key would be fairly slim.
 
 Then again I read an interesting attack recently in which the bad guys
 
 would drive thru the city with a PC that automatically looked for open
 
 networks with no encryption. The PC would be loaded with knowledge of 
 popular routers and their configs and default passwords and would 
 contact any routers it could find and change the DNS settings so it 
 would use a DNS server controlled by the attacker. By manipulating DNS
 
 responses they would be able to get between the victim and there
 banking 
 websites.
 
 I'd take the trouble to set up WPA encryption if I were my neighbour. I
 
 don't know which one it is, perhaps I should snoop around a little ;)
 
 Regards,
 Peter

Fortunately, I live on a cul-de-sac. I know all of the close neighbors.
Should I see someone parked in the cul-de-sac with a laptop, I reckon
I'll break out the Louisville Slugger, and said perp can figure on a
wood shampoo.


-- 
jonheal

Jon Heal says:
Have a nice day!
http://www.theheals.org/
~~~
SB3 (wired - 6.3.1) | Home-brew PC running XP Pro | DENON DRA-395 | PSB
Stratus Bronze (2) | Outlaw Audio LFM-2 (1) | DIY Speaker Cables |
Dayton Audio Interconnects

jonheal's Profile: http://forums.slimdevices.com/member.php?userid=2133
View this thread: http://forums.slimdevices.com/showthread.php?t=32888

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[Peter]

Mark Lanctot wrote:
 The SB3 also supports WPA2/AES.

 Now WPA/TKIP hasn't been broken yet so it's probably overkill, but as
 they say, go big or go home...WPA2/AES works just fine for me and was
 as easy as WPA/TKIP to implement.
   

It's more a matter of password size IIRC. (size matters)

Regards,
Peter
___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[Paul_B]

Password size and complexity I would guess. Try to use nouns and use
uppercase, lowercase, numbers and non-alphanumeric characters like
commas, dashes, etc.


-- 
Paul_B

Paul

~
Slimserver 6.5.1 on EPIA VIA EN15000 Mini-ITX running Windows 2003 R2.

Remote storage QNAP(2.0.0)~(300GB WD)
SB3 (x1)
RIP - dBpowerAMP R12 to FLAC
ID3 Tags - MP3Tag v2.37d
~

Paul_B's Profile: http://forums.slimdevices.com/member.php?userid=3039
View this thread: http://forums.slimdevices.com/showthread.php?t=32888

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[Peter]

Paul_B wrote:
 Password size and complexity I would guess. Try to use nouns and use
 uppercase, lowercase, numbers and non-alphanumeric characters like
 commas, dashes, etc.
   
Obviously. A long string of 's wouldn't be very secure. Entropy is 
what you're after.

Regards,
Peter

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[2pods]

pkfox;181653 Wrote: 
 Hi All, what wireless security can be used on a SB3 ? I currently use
 WEP which I've heard is next to useless

I use WPA/PSK for my SB3 with no problems.


-- 
2pods

2pods's Profile: http://forums.slimdevices.com/member.php?userid=7951
View this thread: http://forums.slimdevices.com/showthread.php?t=32888

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[pkfox]

2pods;181654 Wrote: 
 I use WPA/PSK for my SB3 with no problems.
thanks , I was a bit confused as the SB's setup only offers WEP, then I
saw in another post that you need to setup the router's security first,
which then changes the SB's option, thanks again


-- 
pkfox

When the going gets weird - the weird turn pro. Hunter S Thompson

pkfox's Profile: http://forums.slimdevices.com/member.php?userid=5346
View this thread: http://forums.slimdevices.com/showthread.php?t=32888

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[Kevin O. Lepard]

pkfox;181653 Wrote:
  Hi All, what wireless security can be used on a SB3 ? I currently use
  WEP which I've heard is next to useless

I use WPA/PSK for my SB3 with no problems.

Same here.  And you are correct, WEP is functionally useless against 
any kind of mildly interested attacker.

Kevin
-- 
Kevin O. Lepard

Happiness is being 100% Microsoft free.
___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss

Re: [slim] WPA WEP etc...

[Mark Lanctot]

The SB3 also supports WPA2/AES.

Now WPA/TKIP hasn't been broken yet so it's probably overkill, but as
they say, go big or go home...WPA2/AES works just fine for me and was
as easy as WPA/TKIP to implement.


-- 
Mark Lanctot

It's like, you know, a New Age religion, but with better treble
response. - Jon Heal

Mark Lanctot's Profile: http://forums.slimdevices.com/member.php?userid=2071
View this thread: http://forums.slimdevices.com/showthread.php?t=32888

___
discuss mailing list
discuss@lists.slimdevices.com
http://lists.slimdevices.com/lists/listinfo/discuss