Not long ago a customer offered me a slightly used Linksys BEFW11S4 ver. 4 wireless router for free. He had replaced it with an 802.11g router (this is only a b) shortly after purchase and said if I knew anyone that wanted it I could have it. Well, it’s hard for me to let tech pass through my hands without taking a look at it and testing it a bit. So, one of the first things I did was test out how well the wireless signal was received from a basement. (Concrete block walls, dirt, etc. blocking..) I was surprised at how well the signal did through concrete, dirt and a couple hundred feet of air.
Category: Networking
-
Network Security – Arp spoofing series
I think I’ve wrapped up the series on arp spoofing and it’s implications for network security. I know there’s nothing earth shattering here, most network security types are well aware of the problems (and perhaps aware of more sophisticated solutions?). For some though, this series is likely an eye opener as there are myths that switches cannot be sniffed, that ONLY wireless data packets can be sniffed, etc. etc.
-
Network Security – how should an open wireless access point be run beside a safe network?
So, let’s say we want to have an open wireless access point for some reason. (Maybe offering it to guests if you’re a business?) There are certainly a lot of BAD ways to give open wireless access. As we’ve seen in this series so far, it could be quite easy to hijack all connections in a network using arp spoofing. If you run business machines on a network you do NOT by any means want an open access point on the same subnet. Here are some possibilities though…..
-
Network security – what does arp spoofing mean for wireless?
So, if you haven’t already had enough cause to tighten your wireless security…. we’ve been talking about arp poisoning (spoofing) and the basic conclusion is that IF an attacking machine is on the same subnet as your machine (same IP address range), they can “own” all traffic from you machine to the gateway. It doesn’t matter if you’re using wireless or wired for your machine. As a demonstration I connected my laptop to my wireless access point…..
-
Network Security – Defenses against arp spoofing
So, we’ve spent a couple articles talking about arp spoofing. It sounds really bad, it’s a frighteningly easy way to do a “mitm” or man in the middle attack and anyone using arp spoofing could capture ALL network traffic including passwords. There’s got to be an easy fix right? Um…. well. This is not something you’re going to want to read, but there aren’t a lot of good options. It’s possible to setup a static arp table. With a static arp table, a machine ( switch/router ) has a list of known good MAC addresses and which IP addresses they should match.
-
Network Security – so https and ssh are immune to arp spoofing right?
When a machine has been arp spoofed, ALL network traffic from it is likely passing through a “hostile” machine. So, NO, https and ssh traffic is not immune, it is travelling through a hostile machine. However, it should be encrypted. There are a few exceptions though. SSH version 1 is a broken encryption scheme and should be avoided like the plague. As far as I know SSH 2 should be safe. Pay attention to complaints about the host identification not being able to be verified….
-
Network Security – Arp spoofing
So…. what is arp spoofing (poisoning)…. and what are it’s implications? ARP spoofing involves tricking a machine into thinking that you’re machine is, yet another. Let’s put this in IP address terms. Let’s say that 192.168.0.1 is the default gatway on the network and 192.168.0.150 is our target. We are given another network address – say 192.168.0.250…. Arp spoofing would tell 192.168.0.150 that OUR network adapter is the place to send information destined for 192.168.0.1, (and we could also tell 192.168.0.1 that WE are the rightful recipient of data sent to 192.168.0.150). These is done by offering up our MAC address as the legitimate desitination to each machine through a crafted ARP response.
-
Network Security – Hub or Switch?
So, for those that have a little bit of knowledge about network hardware, you’ve probably heard this. “You can’t sniff switched networks”…. wrong…. let’s see what this is about. Older networking hardware was dominated by what’s called a hub. This was basically a “dumb” device that when it received data, it would retransmit the data to every machine connected with the expectation that the correct recipient would answer and all others would ignore that data. Of course, this stream of data is possible to watch and easily available software could log all network traffic fairly easily.
-
Network security – how safe is your network? Looking at ARP
A while back I did a network security series and one of the points that I mentioned was that it’s important to know what is normal for your network. In other words, what machines are NORMALLY connected, what services are normally running, etc. Well, I’m about to start a serious look at something that makes this knowledge essential and that may have some rethinking whether or not it’s wise to run an open wireless access point on the same network as their traditional LAN.
-
Bellsouth mail.lig.bellsouth.net server phasing out?
I haven’t had much time to look into this, but one of the mailservers I administer is typically configured to relay through mail.lig.bellsouth.net, with mail.averyjparker.com as a fallback. Sometime overnight, mail.averyjparker.com started getting heavy use and on checking this morning was getting all of the outbound traffic. So, I did a bit of investigation mail.lig.bellsouth.net is no longer found and I’ve switched the configuration to mail.bellsouth.net and all is churning along well.