Intrusion possible?

Archived from groups: (More info?)

I have d-link wireless router DI614+. Its always on. Is it possible that
somebody with a wireless enabled PC uses my internet connection even when
my PC is switched off? I use 64 bit WEP encryption on the router. Tardus
16 answers Last reply
More about intrusion possible
  1. Archived from groups: (More info?)

    On Wed, 28 Sep 2005 21:59:13 +0200, "Tardus_merula"
    <tardus_merula@yahoo.com> wrote:

    >I have d-link wireless router DI614+. Its always on. Is it possible that
    >somebody with a wireless enabled PC uses my internet connection even when
    >my PC is switched off?

    Yes. The PC probably is not necessary to connect the DI-614+ to the
    internet. There are some SBC PPPoE clients that a controlled by the
    PC which do require that the PC first login, but those are few.

    > I use 64 bit WEP encryption on the router. Tardus

    Useless. WEP64 can be cracked in about 15 minutes of sniffing.


    --
    # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
    # 831.336.2558 voice Skype: JeffLiebermann
    # http://www.LearnByDestroying.com AE6KS
    # http://802.11junk.com
    # jeffl@comix.santa-cruz.ca.us
    # jeffl@cruzio.com
  2. Archived from groups: (More info?)

    On Wed, 28 Sep 2005 21:59:13 +0200, Tardus_merula wrote:

    > I have d-link wireless router DI614+. Its always on. Is it possible that
    > somebody with a wireless enabled PC uses my internet connection even when
    > my PC is switched off? I use 64 bit WEP encryption on the router. Tardus

    Yes - if your cable modem or dsl modem is turned on it is possible for
    someone to use your internet connection even with WEP.
  3. Archived from groups: (More info?)

    Tardus_merula wrote:
    > I have d-link wireless router DI614+. Its always on. Is it possible that
    > somebody with a wireless enabled PC uses my internet connection even when
    > my PC is switched off? I use 64 bit WEP encryption on the router. Tardus
    >
    >

    First off - Linksys is the way to go - its cisco's version of products
    for the home. I havn't used D-Link with wireless however I know with
    the Linksys routers you can setup a list to restrict which MAC addresses
    can access your Wireless Internet. I have it setup to accept 3 MAC
    addresses, two are used and the other is sitting next to my linux box.
    There are 3 people who are trying to connect but can't because of that.

    If you can do that in D-Link, provided its fesable, which unless your
    running it as a wireless access point it is (and i doubt sence you care
    who is connecting.) definatly do it. It will keep everyone out except
    those who you want in.

    --
    Meph
  4. Archived from groups: (More info?)

    On Thu, 29 Sep 2005 01:19:45 GMT, teh Mephisto <dont.worry@bout.it>
    wrote:

    >First off - Linksys is the way to go - its cisco's version of products
    >for the home. I havn't used D-Link with wireless however I know with
    >the Linksys routers you can setup a list to restrict which MAC addresses
    >can access your Wireless Internet. I have it setup to accept 3 MAC
    >addresses, two are used and the other is sitting next to my linux box.
    >There are 3 people who are trying to connect but can't because of that.
    >
    >If you can do that in D-Link, provided its fesable, which unless your
    >running it as a wireless access point it is (and i doubt sence you care
    >who is connecting.) definatly do it. It will keep everyone out except
    >those who you want in.

    Meph, I can hardly believe you wrote this stuff after your post
    "Public Access WIFI Security". And with an email like
    "dont.worry@bout.it" you have got to be joking. Unfortunately the OP
    might take you seriously and we don't want that, do we?

    Tardus_merula, MAC filtering is not a security measure.

    Think of it like this. There are baggage locks that shy away the
    occasional temptation and there are kryptonite locks that resist New
    York mobsters. WEP is so fragile today that it hardly offers
    resistance against tampering. It is very easy to find tools that crack
    WEP, they are publicly available on the internet. All that is needed
    to break in is the will.

    MAC filtering is even less than WEP. Even if you never turned on your
    computer (which transmits your MAC) it is easy to silently try all the
    possibilities until a match is found.

    Don't listen to Meph. And from this point on, neither will I.
  5. Archived from groups: (More info?)

    On Thu, 29 Sep 2005 01:19:45 GMT, teh Mephisto <dont.worry@bout.it>
    wrote:

    >First off - Linksys is the way to go - its cisco's version of products
    >for the home.

    I can see where you got that impression but reality is quite
    different. Cisco has adopted an "hands off" policy toward running
    Linksys since they bought it in Mar 2003. Most of the original
    Linksys management are still in place. Absolutely none of Cisco's IOS
    operating system has appeared in Linksys products. Most are just
    commodity products, made in China, and similar to other major players
    in the market (Netgear and DLink). Cisco may be on the front panel,
    but not inside.

    >I havn't used D-Link with wireless however I know with
    >the Linksys routers you can setup a list to restrict which MAC addresses
    >can access your Wireless Internet. I have it setup to accept 3 MAC
    >addresses, two are used and the other is sitting next to my linux box.
    >There are 3 people who are trying to connect but can't because of that.

    MAC address filtering is nice but offers little in the way of
    security. It's incredibly easy to sniff of an authorized MAC address,
    and then change your clients MAC address to the same as theirs. See:
    http://www.klcconsulting.net/smac/

    >If you can do that in D-Link, provided its fesable, which unless your
    >running it as a wireless access point it is (and i doubt sence you care
    >who is connecting.) definatly do it. It will keep everyone out except
    >those who you want in.

    It won't keep anyone out that knows how MAC addresses operate.
    However, it might slow them down until they figure it out.


    --
    # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
    # 831.336.2558 voice Skype: JeffLiebermann
    # http://www.LearnByDestroying.com AE6KS
    # http://802.11junk.com
    # jeffl@comix.santa-cruz.ca.us
    # jeffl@cruzio.com
  6. Archived from groups: (More info?)

    speeder wrote:
    > Meph, I can hardly believe you wrote this stuff after your post
    > "Public Access WIFI Security". And with an email like
    > "dont.worry@bout.it" you have got to be joking. Unfortunately the OP
    > might take you seriously and we don't want that, do we?
    >
    > Tardus_merula, MAC filtering is not a security measure.
    >
    > Think of it like this. There are baggage locks that shy away the
    > occasional temptation and there are kryptonite locks that resist New
    > York mobsters. WEP is so fragile today that it hardly offers
    > resistance against tampering. It is very easy to find tools that crack
    > WEP, they are publicly available on the internet. All that is needed
    > to break in is the will.
    >
    > MAC filtering is even less than WEP. Even if you never turned on your
    > computer (which transmits your MAC) it is easy to silently try all the
    > possibilities until a match is found.
    >
    > Don't listen to Meph. And from this point on, neither will I.

    There is no way anything can be totally secure, the only thing security
    mesaures do is prolong the time until you have been compromised. If you
    have more than one security measure (ex. WPA2 and MAC address filtering)
    it will take longer to crack than if you only had one of them.

    BTW i'm still new at wireless security, and even the entire security
    field in general, so you will have to cut me a little slack.
    --
    Meph
  7. Archived from groups: (More info?)

    Jeff Liebermann wrote:
    ....
    >>I use 64 bit WEP encryption on the router. Tardus
    >
    >
    > Useless. WEP64 can be cracked in about 15 minutes of sniffing.
    >
    >
    And 128-bit wep? How secure's that?

    --
    Please use the corrected version of the address below for replies.
    Replies to the header address will be junked, as will mail from
    various domains listed at www.scottsonline.org.uk
    Mike Scott Harlow Essex England.(unet -a-t- scottsonline.org.uk)
  8. Archived from groups: (More info?)

    > There is no way anything can be totally secure, the only thing security
    > mesaures do is prolong the time until you have been compromised. If you
    > have more than one security measure (ex. WPA2 and MAC address filtering)
    > it will take longer to crack than if you only had one of them.

    True but MAC address filtering will add all of about 3 seconds. Not
    worth the hassle IMO.
    The only useful purpose of a MAC access control list is to log MAC
    adresses that are not allowed and to warn an administrator that
    unauthorized acces has been attempted. You might find the attacker
    before he/she succeeds in breaking tho other security measures. Not a
    likely scenario for a home network.

    Sander
  9. Archived from groups: (More info?)

    Jeff Liebermann wrote:

    > Useless. WEP64 can be cracked in about 15 minutes of sniffing.

    Before you can sniff traffic there has to _be_ traffic.
    Beacon frames are not very useful.
    If a network is not in active use you'll have to wait until a client
    associates before you can actively attack that network. If you can
    capture the date of a client associating you have the tools to do the
    rest quickly and no other traffic is neccesary. You can generate it
    yourself. But you do need that traffic first so you can replay it.

    Sander
  10. Archived from groups: (More info?)

    On Thu, 29 Sep 2005 09:17:47 +0200, Sander <Big_Scary_Man@hotmail.com>
    wrote:

    >Jeff Liebermann wrote:
    >
    >> Useless. WEP64 can be cracked in about 15 minutes of sniffing.
    >
    >Before you can sniff traffic there has to _be_ traffic.

    Agreed.

    >If a network is not in active use you'll have to wait until a client
    >associates before you can actively attack that network.

    Yep. I leave my laptop running in my vehicle sniffing away merrily. I
    was more interested in traffic and use patterns than in cracking WEP
    keys, but the methodology is the same. 8 hours later, I usually have
    enough traffic captured to crack many networks. My client is setup
    like a radio scanner. It listens on a channel for traffic. When the
    traffic stops, it move on to the next channel.

    My all time record was about 2 years ago. My car was facing a large
    office building, where I captured about 4 gigabytes of traffic during
    the workday. I was able to later crack about 30 WEP keys out of about
    40 encrypted SSID's heard. A few were trivial. Just crunching the
    mess after doing the capture took most of the next day. I had to
    crunch it several times because there was one system that had 4 SSID's
    associated with a single MAC address. Drove me nuts until I figured
    out what was happening.

    WPA had just been released in early 2003, so none of the networks I
    sniffed were using WPA. However, I'm not sure as the RC4 encrypted
    payloads for WEP and WPA are identical. Only the key exchange is
    different.

    The traffic patterns showed serious problems. About 25% of all
    packets heard were retransmissions implying lots of reflections and
    interference. A full 50% of the packets heard were "malformed" which
    is a nice term for a collision. I discarded these. A few systems
    were operating at 1 and 2 mbits/sec which also indicates substantial
    co-channel interference. One system had about 1/3 of their traffic
    wasted as ARP requests, DNS lookups, and repetitive broadcasts, which
    indicates a screwed up network. I found zero indication of any VPN's
    in use, but may have missed them some under the packets I couldn't
    sniff or decrypt. There was a considerable amount of UDP traffic
    which implies streaming content. That could be VoIP, but is more
    likely to be watching movies or listening to music at work. There was
    some worm that had just been released and there was plenty of ICMP
    probes flying around.

    I should do this again to see how things have changed.

    >If you can
    >capture the date of a client associating you have the tools to do the
    >rest quickly and no other traffic is neccesary. You can generate it
    >yourself. But you do need that traffic first so you can replay it.

    Agreed.

    --
    Jeff Liebermann jeffl@comix.santa-cruz.ca.us
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 http://802.11junk.com
    Skype: JeffLiebermann AE6KS 831-336-2558
  11. Archived from groups: (More info?)

    > > Useless. WEP64 can be cracked in about 15 minutes of sniffing.
    > >
    > >
    > And 128-bit wep? How secure's that?

    40 bit WEP requires about 150,000 packets, 104 bit WEP requires about
    500,000. It doesn't take that much longer, a few minutes to get the
    extra ones and given that wepcrack can be run against the data as it's
    being collected, you can keep trying and might get lucky earlier.

    David.
  12. Archived from groups: (More info?)

    On Thu, 29 Sep 2005 09:10:51 +0200, Sander <Big_Scary_Man@hotmail.com>
    wrote:

    >
    >> There is no way anything can be totally secure, the only thing security
    >> mesaures do is prolong the time until you have been compromised. If you
    >> have more than one security measure (ex. WPA2 and MAC address filtering)
    >> it will take longer to crack than if you only had one of them.
    >
    >True but MAC address filtering will add all of about 3 seconds. Not
    >worth the hassle IMO.
    >The only useful purpose of a MAC access control list is to log MAC
    >adresses that are not allowed and to warn an administrator that
    >unauthorized acces has been attempted. You might find the attacker
    >before he/she succeeds in breaking tho other security measures. Not a
    >likely scenario for a home network.

    Well, there are other uses for MAC filters. I run an open
    (unencrypted) neighborhood WLAN with about 15 machines connected via
    wireless. New machines come and go as people bring their laptops and
    PDA's into range. No problem. However, we have a few teenagers with
    no clue about misusing or hogging the system. So, when the traffic
    goes tilt, and I see it's mostly porno, I block the MAC address and
    await the inevitable "is the network down" phone call. Not the best
    means of blocking abuse, but it gets their attention.

    Some of the local public hot spots go a step furthur. They run some
    IDS (intrusion detection system) such as Snort to detect abuse. If it
    detects anything obviously disgusting, it blocks the MAC address for a
    few minutes. That's caught 3 different spammers at one hot spot. (Why
    3 different spammers would select the same hot spot to do their
    spamming is an open question).

    Another dumb use of MAC filtering is where there's a system of
    multiple access points, all with the same SSID and no easy way to
    select a specific access point. This became a problem in a large
    concrete (refridgerated) produce warehouse. The reflections off the
    walls would sometimes cause workstation to select the wrong access
    point. So, I added MAC address filters into the non-desired access
    points leaving the clients to connect to the others. Keeping track of
    these setting has been no fun, but it did the job.

    Another use it to mitigate a form of abuse. One hot spot operate was
    plagued by a nearby home user who decided that the hot spot would
    become his private broadband connection. Unfortunately, he was not
    very considerate with his usage patterns. At first, I blocked his MAC
    address, but he quickly figured out how to change that (probably from
    one of my postings). So, the hot spot had to go to an authentication
    system where the users get tokens at the cash register which entitles
    them to use the system. The owner keeps juggling systems and schemes,
    but one of them simply registered the MAC address in the access points
    MAC address filter.

    --
    Jeff Liebermann jeffl@comix.santa-cruz.ca.us
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 http://802.11junk.com
    Skype: JeffLiebermann AE6KS 831-336-2558
  13. Archived from groups: (More info?)

    Mike Scott wrote:

    >> Useless. WEP64 can be cracked in about 15 minutes of sniffing.
    >>
    >>
    > And 128-bit wep? How secure's that?

    There's not too much difference between them because the weaknesses in
    WEP are not in the actual encryption algorithm itself (RC4) but in the
    way it is implemented in WEP. It might take a little bit longer to find
    a longer key.

    Sander
  14. Archived from groups: (More info?)

    Thanks all for a thorough discussion of the security problem.
    So, what can one do to make WLAN reasonably secure (home network conditions
    apply).
    Tardus


    "Tardus_merula" <tardus_merula@yahoo.com> wrote in message
    news:vCC_e.452$h6.145504@news.siol.net...
    >I have d-link wireless router DI614+. Its always on. Is it possible that
    >somebody with a wireless enabled PC uses my internet connection even when
    >my PC is switched off? I use 64 bit WEP encryption on the router. Tardus
    >
  15. Archived from groups: (More info?)

    On 9/29/2005 3:59 PM, Tardus_merula wrote:
    > Thanks all for a thorough discussion of the security problem.
    > So, what can one do to make WLAN reasonably secure (home network conditions
    > apply).
    > Tardus
    >
    >
    > "Tardus_merula" <tardus_merula@yahoo.com> wrote in message
    > news:vCC_e.452$h6.145504@news.siol.net...
    >> I have d-link wireless router DI614+. Its always on. Is it possible that
    >> somebody with a wireless enabled PC uses my internet connection even when
    >> my PC is switched off? I use 64 bit WEP encryption on the router. Tardus
    >>
    >
    >

    Use WPA if you can, else use 128 WEP. Hide SSID. MAC Filter.
  16. Archived from groups: (More info?)

    > Use WPA if you can, else use 128 WEP. Hide SSID. MAC Filter.

    At the end of that discussion, it should be clear that "reasonably
    secure" only excludes people accidentally falling onto the network and
    WEP alone would prevent those accidental incursions.

    Hiding SSID does nothing whatsoever from a security point of view, MAC
    filtering is next to useless as even if the WEP key is unknown, the
    allowed MAC addresses are sniffable anyway, finding the WEP key can take
    as little as around 10 minutes.

    So, if some script kiddie is sitting next door with a copy of one of the
    live hacking CD's, they won't take long before they're on your network
    with those 3 "features".

    WPA it is then.

    David.
Ask a new question

Read More

Configuration Wireless Router Internet Connection Wireless Networking