Public Access WIFI Security

[Guest]

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

For those of you that don't know, Dartmouth College is the first college
to go totally wireless. I'm sure many of you have been to a coffee shop
/book store (Barns and Noble) and have seen that they offer public
access wifi hotspots. This means that you don't have to have a password
or pay anything to get connected.

Most of these places probably do not have any way of preventing
hijacking attempts. If I decided to go to my local starbucks and setup
a fake wifi, theres nothing stopping me.

But I don't even have to do that to get your passwords. All I have to
do is throw up a packet sniffer and bam I have all of your email
passwords/website passwords. POP3 is an unencrypted protocol. WIFI
access points act as hubs. Unless everything is running SSL all of your
passwords are being sent out to everyone connected to that WIFI access
point.

I'm telling you this to inform those of yall who don't already know, and
to ask a question to those of you who are in the profession and know
everything there is to know about wifi.

What is stopping me from going to Barns and Noble, firing up Ethereal,
and getting everyones passwords for email/websites? Is there a way to
disconnect a computer that shows signs of running a packet sniffer? Is
there even a way to tell that a computer is running a packet sniffer?

This is something you might expect to see at Defcon or Blackhat but
probably not in your local Starbucks. Next time you are there, think
about the security risks and don't check your email or visit a site that
requires you to have a password unless you send it via SSL (Gmail,
banking sites, etc).

I am cross-posting to get as many opinions/answers as possible.

Thank you for your time
--
Meph

 

[imhotep]

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

teh Mephisto wrote:

> For those of you that don't know, Dartmouth College is the first college
> to go totally wireless. I'm sure many of you have been to a coffee shop
> /book store (Barns and Noble) and have seen that they offer public
> access wifi hotspots. This means that you don't have to have a password
> or pay anything to get connected.
>
> Most of these places probably do not have any way of preventing
> hijacking attempts. If I decided to go to my local starbucks and setup
> a fake wifi, theres nothing stopping me.
>
> But I don't even have to do that to get your passwords. All I have to
> do is throw up a packet sniffer and bam I have all of your email
> passwords/website passwords. POP3 is an unencrypted protocol. WIFI
> access points act as hubs. Unless everything is running SSL all of your
> passwords are being sent out to everyone connected to that WIFI access
> point.
>
> I'm telling you this to inform those of yall who don't already know, and
> to ask a question to those of you who are in the profession and know
> everything there is to know about wifi.
>
> What is stopping me from going to Barns and Noble, firing up Ethereal,
> and getting everyones passwords for email/websites? Is there a way to
> disconnect a computer that shows signs of running a packet sniffer? Is
> there even a way to tell that a computer is running a packet sniffer?
>
> This is something you might expect to see at Defcon or Blackhat but
> probably not in your local Starbucks. Next time you are there, think
> about the security risks and don't check your email or visit a site that
> requires you to have a password unless you send it via SSL (Gmail,
> banking sites, etc).
>
> I am cross-posting to get as many opinions/answers as possible.
>
> Thank you for your time

Pretty much common knowledge (at least in this news group)....

Im

 

[Guest]

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

Imhotep wrote:
>
>
> Pretty much common knowledge (at least in this news group)....
>
> Im
To those of you that know all about it yes, but for those casual
internet goers that sometimes frequent at least the
alt.internet.wireless news group they probably won't even think about it.

So is there anyway to combat it on the access point side or just
vigilance and knowledge by the users?

--
Meph

 

[Guest]

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

teh Mephisto wrote:

> For those of you that don't know, Dartmouth College is the first college
> to go totally wireless. I'm sure many of you have been to a coffee shop
> /book store (Barns and Noble) and have seen that they offer public
> access wifi hotspots. This means that you don't have to have a password
> or pay anything to get connected.
<SNIP>

Gee,
I run such a hotspot here at home (different subnet and attached to a
hardware firewall).

all my other machines are hard wired to a primary switch. the only reason
for the hotspot, in case any of my neighbors want on (I have 3 wireless).

once in a while, I start up a linux box and take a sniff at things....


oh yeah, one last thing, I use the firewall hooked to the wireless box to
limit BW to 10K/sec both ways per IP on wireless. it is amazing how well
that shuts down filesharing.

TMH

--
I will not be pushed, filed, stamped, indexed, briefed, debriefed, or
numbered!
My life is my own - No. 6

 

[Guest]

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

On Thu, 29 Sep 2005 01:06:19 GMT, teh Mephisto <dont.worry@bout.it>
wrote:

>Unless everything is running SSL all of your
>passwords are being sent out to everyone connected to that WIFI access
>point.

Most sane users do not poll for email with pop3. They use a VPN
tunnel provided by their ISP, a VPN tunnel provided by the hot spot
service company (i.e. Boingo), TLS (transport layer security), or web
mail using SSL encryption.

>... those of you who are in the profession and know
>everything there is to know about wifi.

Anyone in the profession that claims to know everything, doesn't.

>What is stopping me from going to Barns and Noble, firing up Ethereal,
>and getting everyones passwords for email/websites?

Not much. It's a well know problem. Just about any web site the
mumbles about wireless security mentions that polling for email via an
unencrypted wireless link is asking for trouble.

>Is there a way to
>disconnect a computer that shows signs of running a packet sniffer? Is
>there even a way to tell that a computer is running a packet sniffer?

Users can be blocked by MAC address or IP address at the wireless
router. There are IDS (intrusion detection systems) that look for
abuse and automagically isolate the offenders. For example:
http://snort-wireless.org

It is fairly easy to detect if a user is sniffing. I have a trick
that detects if a wireless device is in promiscuous mode (required for
sniffing), but it's marginally reliable and does not work with every
client. Search Google for "detect promiscuous mode" for how others
are doing the same thing. For example, a free and commercial
promiscuous mode scanner:
http://www.securityfriday.com/products/promiscan.html
I've used the free version to detect wireless sniffers.



--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831.336.2558 voice Skype: JeffLiebermann
# http://www.LearnByDestroying.com AE6KS
# http://802.11junk.com
# jeffl@comix.santa-cruz.ca.us
# jeffl@cruzio.com

 

[danr]

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

teh Mephisto wrote:
> Imhotep wrote:
>>
>>
>> Pretty much common knowledge (at least in this news group)....
>>
>> Im
> To those of you that know all about it yes, but for those casual
> internet goers that sometimes frequent at least the
> alt.internet.wireless news group they probably won't even think about it.
>
> So is there anyway to combat it on the access point side or just
> vigilance and knowledge by the users?

Banking sites are secure sites. Use secure SSL webmail and not your pop3/SMTP
program.

 

[Guest]

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

Jeff Liebermann wrote:
> Most sane users do not poll for email with pop3. They use a VPN
> tunnel provided by their ISP, a VPN tunnel provided by the hot spot
> service company (i.e. Boingo), TLS (transport layer security), or web
> mail using SSL encryption.

I think you give people too much credit. From what I have seen, most
people see "Wireless hotspot here" and go woopee i can get my email and
surf the web. I will guarentee you that you can go into any starbucks,
ask how many people know what VPN or SSL are and probably about 1/4 of
them would be able to tell you, if that. Then they probably don't even
realize that everyone can see what they are doing on a wireless network.

--
Meph

 

[Guest]

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

Hi

could you please provide some reference material (websites or groups
messages) describing HOW to set up a secure wireless connection and
more secure ways of using public hotspots.

Thank you

 

[Guest]

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

On Thu, 29 Sep 2005 03:06:54 GMT, teh Mephisto <dont.worry@bout.it>
wrote:

>I think you give people too much credit.

Hey this is a security group, we tend to think.

>From what I have seen, most people see "Wireless hotspot here"
>and go woopee i can get my email and surf the web.

Surfing the web is fine, webmail is fine, providing its on SSL

>I will guarentee you that you can go into any starbucks,

We don't all live in the evil empire.

--
Jim Watt
http://www.gibnet.com

 

[Guest]

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

"teh Mephisto" <dont.worry@bout.it> wrote in message
news:iTI_e.11399$ua.515214@twister.southeast.rr.com...
> Jeff Liebermann wrote:
> > Most sane users do not poll for email with pop3. They use a VPN
> > tunnel provided by their ISP, a VPN tunnel provided by the hot spot
> > service company (i.e. Boingo), TLS (transport layer security), or web
> > mail using SSL encryption.
>
> I think you give people too much credit. From what I have seen, most
> people see "Wireless hotspot here" and go woopee i can get my email and
> surf the web. I will guarentee you that you can go into any starbucks,
> ask how many people know what VPN or SSL are and probably about 1/4 of
> them would be able to tell you, if that. Then they probably don't even
> realize that everyone can see what they are doing on a wireless network.

Um.

In what way is this different that using any other publicly shared service?

Incidentally, and in case you hadn't noticed, the Internet itself is.. um..
a shared public service. Any privacy you happen to gain from someone else's
routing table is pretty much a side-benefit.

Coming up next.. blutooth it am teh sc4ry!!!1!!!

;o)

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

 

[Guest]

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

teh Mephisto wrote:
> For those of you that don't know, Dartmouth College is the first college
> to go totally wireless.

Wossat mean? Every single computer in every lab connected with wifi (
are they stupid? ) or just total wifi coverage?

I'm sure many of you have been to a coffee shop
> /book store (Barns and Noble) and have seen that they offer public
> access wifi hotspots. This means that you don't have to have a password
> or pay anything to get connected.
[snip]
> But I don't even have to do that to get your passwords. All I have to
> do is throw up a packet sniffer and bam I have all of your email
[snip]

VPN. VPN is how you do wireless security.

 

[Guest]

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

Leo Fellmann wrote:
> teh Mephisto wrote:
>
>> For those of you that don't know, Dartmouth College is the first
>> college to go totally wireless.
>
>
> Wossat mean? Every single computer in every lab connected with wifi (
> are they stupid? ) or just total wifi coverage?

I don't know about every single computer in every lab but I do know they
are completely wireless.

--
Meph

 

[Guest]

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

Hairy One Kenobi wrote:
> "teh Mephisto" <dont.worry@bout.it> wrote in message
> news:iTI_e.11399$ua.515214@twister.southeast.rr.com...
>
>>Jeff Liebermann wrote:
>>
>>>Most sane users do not poll for email with pop3. They use a VPN
>>>tunnel provided by their ISP, a VPN tunnel provided by the hot spot
>>>service company (i.e. Boingo), TLS (transport layer security), or web
>>>mail using SSL encryption.
>>
>>I think you give people too much credit. From what I have seen, most
>>people see "Wireless hotspot here" and go woopee i can get my email and
>>surf the web. I will guarentee you that you can go into any starbucks,
>>ask how many people know what VPN or SSL are and probably about 1/4 of
>>them would be able to tell you, if that. Then they probably don't even
>>realize that everyone can see what they are doing on a wireless network.
>
>
> Um.
>
> In what way is this different that using any other publicly shared service?
>
> Incidentally, and in case you hadn't noticed, the Internet itself is.. um..
> a shared public service. Any privacy you happen to gain from someone else's
> routing table is pretty much a side-benefit.
>
> Coming up next.. blutooth it am teh sc4ry!!!1!!!
>
> ;o)
>

Now that everyone uses switches, its a lot better than it used to be.
WIFI is still ran just like a hub, where everyone connected can see
everything you are doing.

Sure there are still some hubs around but noones stupid enough to put
them up where it really matters.

--
Meph

 

[Guest]

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

On Thu, 29 Sep 2005 15:42:35 GMT, teh Mephisto <dont.worry@bout.it>
wrote:

>Now that everyone uses switches, its a lot better than it used to be.
>WIFI is still ran just like a hub, where everyone connected can see
>everything you are doing.

Not exactly. Wireless 802.11 is bridging. A bridge is a 2 port
switch. It only lets traffic across the bridge that has a destination
MAC address that's known to be on the other side of the bridge. Also,
broadcasts go everywhere. With a hub, access to one port gave me
access to all the traffic since the hub was just a repeater. With a
switch, sniffing one port only gives access to that ports traffic.
It's the same with wireless except that wireless shares a common
medium (air space) and allows all the bridged/switched connections to
be simultaneously sniffed. I guess one could say this is like
something like a hub, but it's still bridging.

>Sure there are still some hubs around but noones stupid enough to put
>them up where it really matters.

You'll be suprised what I find floating around some networks. The old
hubs just don't seem to completely disappear and are often more
conenvenient to use than to purchase a proper switch. I use hubs for
sniffing ethernet, but that's not a common application.

--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

 

[Guest]

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

bobrics wrote:

> Hi
>
> could you please provide some reference material (websites or groups
> messages) describing HOW to set up a secure wireless connection and
> more secure ways of using public hotspots.
>
> Thank you
thats a mighty tall order man.....

you might try this search term in google:
wireless+hotspot+securing+encryption+vpn

and see what you come up with.

--
I will not be pushed, filed, stamped, indexed, briefed, debriefed, or
numbered!
My life is my own - No. 6

 

[Guest]

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

teh Mephisto <dont.worry@bout.it> wrote in news:iUT_e.76499$Jp.2279820
@twister.southeast.rr.com:

> I don't know about every single computer in every lab but I do know they
> are completely wireless.

Even the monitors?

SCNR 🙂


Doc.

 

[Guest]

Archived from groups: comp.sys.ibm.pc.hardware.chips (More info?)

Doc. wrote:
> teh Mephisto <dont.worry@bout.it> wrote in news:iUT_e.76499$Jp.2279820
> @twister.southeast.rr.com:
>
>
>>I don't know about every single computer in every lab but I do know they
>>are completely wireless.
>
>
> Even the monitors?
>
> SCNR 🙂
>
>
> Doc.
Shrugs, wireless using something like http://www.cranite.com seems to be
a relatively secure solution. Tends to defeat intruders and listeners
fairly effectively. When coupled with wireless IDS to detect attack
attempts you can secure the network about as well as you can on a wired
connection.

Winged