I'm on somebody's unsecured Wi-Fi

[RichUK]

Originally posted by: MercenaryForHire
:sigh;

You know what? Forget it. WEP is perfectly secure. It's unhackable. No one will ever steal your internets.

/resumes leeching bandwidth from the greatest free ISP ever, "LINKSYS"

- M4H

QFT

 

[tfinch2]

http://www.tomsnetworking.com/2005/05/10/how_to_crack_wep_/

 

[JulesMaximus]

Originally posted by: InlineFour
and printed "you're being watched" on their printer. are there any other neat things you can do remotely?

WEP/WPA, mac filter, etc. are all disabled. i'm surprised they changed the router's default password though. imagine all the things i can do if i had access to their router. :evil:

the funny thing is that i'm using my WRT54G with DD-WRT firmware that's placed next to a door. so if they were suspicious enough, they could look outside and see a tin foil wrapped router.

Hehehe, I've done that before. There are a couple unsecured wireless connections near me, I've even logged into their router because they were too stupid to change the default password. :laugh: I didn't change any of their settings though.

 

[MercenaryForHire]

Originally posted by: MangoTBG
But how do you figure what MAC address to spoof?

Sniff the traffic, grab a MAC address out of the air.

Originally posted by: Maximus96
then what to do for the most security possible?

Most security possible, or most security "practical"?

Use WPA-PSK, get a good random passphrase/password (Assortment of your favourite foods/people/places, interspliced with upper & lowercase, numbers, and special characters) and that's all you need for the time being.

Eg: "SecretPassword" is a bad passphrase. "M4Hist3huB@rl33t$@u$3&PwNzn00bZl1k3RichUK!" is a good one.

If you want to get a little more hardcore, you can enable WPA with a RADIUS server (assuming your router supports it.)

- M4H

 

[InlineFive]

Originally posted by: JulesMaximus

Originally posted by: InlineFour
and printed "you're being watched" on their printer. are there any other neat things you can do remotely?

WEP/WPA, mac filter, etc. are all disabled. i'm surprised they changed the router's default password though. imagine all the things i can do if i had access to their router. :evil:

the funny thing is that i'm using my WRT54G with DD-WRT firmware that's placed next to a door. so if they were suspicious enough, they could look outside and see a tin foil wrapped router.

Hehehe, I've done that before. There are a couple unsecured wireless connections near me, I've even logged into their router because they were too stupid to change the default password. :laugh: I didn't change any of their settings though.

I would have set a key on their connection, and then printed out something on their printer telling them why I did it and how they could configure their computer to match the key.

 

[tfinch2]

Originally posted by: MercenaryForHire

Originally posted by: MangoTBG
But how do you figure what MAC address to spoof?

Sniff the traffic, grab a MAC address out of the air.

Originally posted by: Maximus96
then what to do for the most security possible?

Most security possible, or most security "practical"?

Use WPA-PSK, get a good random passphrase/password (Assortment of your favourite foods/people/places, interspliced with upper & lowercase, numbers, and special characters) and that's all you need for the time being.

Eg: "SecretPassword" is a bad passphrase. "M4Hist3huB@rl33t$@u$3&PwNzn00bZl1k3RichUK!" is a good one.

If you want to get a little more hardcore, you can enable WPA with a RADIUS server (assuming your router supports it.)

- M4H

Also, one often overlooked item is disable broadcasting your SSID

 

[RichUK]

Originally posted by: MercenaryForHire

Originally posted by: MangoTBG
But how do you figure what MAC address to spoof?

Sniff the traffic, grab a MAC address out of the air.

Originally posted by: Maximus96
then what to do for the most security possible?

Most security possible, or most security "practical"?

Use WPA-PSK, get a good random passphrase/password (Assortment of your favourite foods/people/places, interspliced with upper & lowercase, numbers, and special characters) and that's all you need for the time being.

Eg: "SecretPassword" is a bad passphrase. "M4Hist3huB@rl33t$@u$3&PwNzn00bZl1k3RichUK!" is a good one.

If you want to get a little more hardcore, you can enable WPA with a RADIUS server (assuming your router supports it.)

- M4H

ROFL :laugh:

I take it by PSK you mean the algorithm that is used, mine only has TKIP and AES. Ohh well.

Im getting scared i think M4H might Hax0R my router

 

[InlineFour]

Originally posted by: tfinch2

Originally posted by: MercenaryForHire

Originally posted by: MangoTBG
But how do you figure what MAC address to spoof?

Sniff the traffic, grab a MAC address out of the air.

Originally posted by: Maximus96
then what to do for the most security possible?

Most security possible, or most security "practical"?

Use WPA-PSK, get a good random passphrase/password (Assortment of your favourite foods/people/places, interspliced with upper & lowercase, numbers, and special characters) and that's all you need for the time being.

Eg: "SecretPassword" is a bad passphrase. "M4Hist3huB@rl33t$@u$3&PwNzn00bZl1k3RichUK!" is a good one.

If you want to get a little more hardcore, you can enable WPA with a RADIUS server (assuming your router supports it.)

- M4H

Also, one often overlooked item is disable broadcasting your SSID

disabling broadcasting of SSID will still be detectable under most war driving programs.

enabling WPA will be the safest without having to deal with more complicated security measures like a RADIUS server.

i suggest one of these randomly generated passphrases.

https://www.grc.com/passwords.htm

 

[Pacemaker]

if you think MAC address filtering or WEP is safe read this.

Text

 

[Lazy8s]

You realize you're admitting to comitting a felony right...

http://www.mostlycreativeworkshop.com/Article312.html

http://money.cnn.com/2005/08/08/technology/personaltech/internet_piracy/

 

[tfinch2]

Originally posted by: InlineFour

Originally posted by: tfinch2

Originally posted by: MercenaryForHire

Originally posted by: MangoTBG
But how do you figure what MAC address to spoof?

Sniff the traffic, grab a MAC address out of the air.

Originally posted by: Maximus96
then what to do for the most security possible?

Most security possible, or most security "practical"?

Use WPA-PSK, get a good random passphrase/password (Assortment of your favourite foods/people/places, interspliced with upper & lowercase, numbers, and special characters) and that's all you need for the time being.

Eg: "SecretPassword" is a bad passphrase. "M4Hist3huB@rl33t$@u$3&PwNzn00bZl1k3RichUK!" is a good one.

If you want to get a little more hardcore, you can enable WPA with a RADIUS server (assuming your router supports it.)

- M4H

Also, one often overlooked item is disable broadcasting your SSID

disabling broadcasting of SSID will still be detectable under most war driving programs.

enabling WPA will be the safest without having to deal with more complicated security measures like a RADIUS server.

i suggest one of these randomly generated passphrases.

https://www.grc.com/passwords.htm">https://www.grc.com/passwords.htm</a>

MAC filtering + disabled SSID + WPA + good passphrase is pretty damn good protection though if you ask me. It's all about layers.

 

[engineereeyore]

Yeah, it's always fun to check the dhcp tables and see what their mac addresses are and then filter them out of their own router. I do that, but then I usually walk over to their house or print them a message through their printer. Something to let them know they need to makes some changes. I don't really think it's fair to pick on people who haven't had years of computer experience and are just trying to do their best, so I always feel guilty.

 

[MercenaryForHire]

Originally posted by: tfinch2
MAC filtering + disabled SSID + WPA + good passphrase is pretty damn good protection though if you ask me. It's all about layers.

Yep. It's called "Onion Security" because it makes everyone who tries to use it cry.

MAC filtering + SSID broadcast disable are much more of an inconvenience, especially if you have new hardware coming in and out all the time. With either a strong WPA passphrase, or a RADIUS server, it's really not necessary.

- M4H

 

[MercenaryForHire]

Originally posted by: RichUK
ROFL :laugh:

I take it by PSK you mean the algorithm that is used, mine only has TKIP and AES. Ohh well.

Im getting scared i think M4H might Hax0R my router

PSK = "Pre Shared Key" ... also called "WPA Personal" or on many home routers it's just called "WPA" and left at that. You have a WRT54, so you should have options for both WPA-PSK and WPA+RADIUS.

- M4H

 

[GiLtY]

Originally posted by: RichUK

Originally posted by: DannyLove
i'm curious, i have a wireless router in my house and I sometimes wonder if its 'secure.' What deems it unsecure? I have a 15-key or so encryption on it, so you'll need the exact network key to get on it........... Is that secure enough?

yes, unsecured would be someone running a WI-Fi network without WEP enabled. So you're fine.

Welllll.... even if you have WEP enabled it is still susceptible to attack due to flaws in the WEP algorithm. I think there are two prominent WEP programs that can crack the password in ~20 minutes? WPA would be better if the choice is available. If not I would just change the password every 1~2 week.

--GiLtY

 

[InlineFour]

Originally posted by: Pacemaker
if you want to be a total ass

Text

it doesn't work. i get an 'access denied' message. does the shutdown command only work under domain networks?

 

[roguerower]

I did this once over a network at college. Dunno what the guys response was.

 

[Sust]

The flaws section is interesting

In August 2001, Scott Fluhrer, Itzik Mantin, and Adi Shamir. published a cryptanalysis of WEP that exploits the way the RC4 cipher and IV is used in WEP, resulting in a passive attack that can recover the RC4 key after eavesdropping on the network (depending on the network traffic (the number of packets you can inspect) the length could be from 10 minutes to indefinitely (if there is no data being sent at all)). There are also ways to force the traffic onto the network which is rejected, but packets are sent and thus can also be inspected to find the key. The attack was soon implemented, and automated tools have since been released. It is possible to perform the attack with a personal computer, off-the-shelf hardware and freely-available software.

I wonder how far theyve gotten 5 years later.
I personally just run the MAC filter because im an awesomely naive student who trusts the world not to spy on his AT postings and lame bank account.
If you think about it: if the person knows enough about linux and wireless, they could not only beat my MAC filter by spoofing, but they could probably break through my WEP key after crunching in front of my house for an hour or so too.
Oh, this strange and paranoid world we live in.

 

[yosuke188]

I run an unsecure wireless network at home. I think I'm safe considering that I have no neighbors.

 

[sdifox]

Originally posted by: yosuke188
I run an unsecure wireless network at home. I think I'm safe considering that I have no neighbors.

You on a ranch or something?

 

[Fritzo]

We used to drive around and print pics of our asses on unsecured company networks

That being said, a lot of peope don't secure their networks because they want to share them. If it's a residence, don't be a jerk.

If it's a company though--- have at it

 

[secretanchitman]

Originally posted by: Lazy8s
You realize you're admitting to comitting a felony right...

http://www.mostlycreativeworkshop.com/Article312.html

http://money.cnn.com/2005/08/08/technology/personaltech/internet_piracy/

way to spoil the fun...but i do agree with you though.

 

[aloser]

I don't have to worry about my neighbors breaking in, considering I'm the only computer owner in the neighborhood.

My biggest peeve is the disabled WPA everytime the router is reset. Can the firmware be hacked to include a password automatically? (In other words, is there a way to automatically set the router PW everytime it gets reset since the adapters are already set with the password?)

 

[JM Aggie08]

Originally posted by: EKKC
i actually think its <blank> username and password is 'admin'

i think its 'admin' and 'admin', atleast it was for me.

 

[DaVortex]

Whenever my home connection goes out I use my centrino laptop which I am able to connect to someones router since I live in a condo and there are numerous unsecured connections.

One of the connections is named "keisha" I was able to get into her cisco router by using admin/admin. There isnt really that much there that I want to mess around with.

Is there a way to see what kind of files she has (maybe nude pictures of herself)