What is Digg?33 Comments
- ant1441, on 10/12/2007, -0/+113 word:
Snoop MAC address, change own MAC address.
Oh, dear. - hinten, on 10/12/2007, -1/+12Come on, this post is beautiful in so many different ways.
"I can see the gun...they keep haxzoring me..."
Priceless! - Rice, on 10/12/2007, -1/+9I think that comment could have been written a million times better.
It was *painful* to read. - dustedbunny, on 10/12/2007, -1/+7"Check Spelling".
For the love of god. - halleyscomet, on 10/12/2007, -2/+6Call the police and report a kid on the roof with a gun.
Do this every time the snot nosed brats try to hack your network with the damn thing.
Oh, and turn on the encryption on your network, and use a decent password, NOT your address with random capital leters. - Funny192, on 10/12/2007, -0/+4True - but that is very easy to hack if you know what you are doing...
I only suggest MAC address filtering if you live in a town with a population of less than 10K...or there are a lot of elderly people in your town... :-) - merreborn, on 10/12/2007, -1/+5Read the article. This is about allowing users free, unencumbered wireless -- no MAC filters, no WEP, no WPA -- because, if all your APs have all that crap, your users will just bring in a WRT54G, plug it in on your secure, sensitive network, and let the world in.
Essentially the article suggests moving the security from the AP to your core routers/firewalls. It's a really good read. You should give it a go -- preferably before posting another misguided comment. - Topslakr, on 10/12/2007, -2/+5Not a bad article. As with most of these network protection pieces some of the items will be common sense and others not depending on personal experience but this article does have some good tips.
- merreborn, on 10/12/2007, -0/+3The goal is to make your users happy enough that they won't need to set up rogue WAPs, while simultaneously keeping yourself safe.
That's your job. Give users what they want/need while keeping the network secure. Disallowing WiFi entirely just puts you at odds with your users, and slows productivity -- many PDAs and other small devices are WiFi ONLY.
Your CEO's not gonna be very happy with any plan that doesn't allow his Palm Pilot any network access. - sspooner, on 10/12/2007, -2/+4Your post hurts my eyes and makes me sad to be part of the human race.
- veritech, on 10/12/2007, -0/+2my solution is ....
128bit wpa with a 63 character random/non dictionary alpha numeric password
Thanks to Steve Gibson
I don't bother with ssid hiding, or mac filtering, but most people i know swear by it, i should show them from the shadows one day. Oh, and i don't give out the password much, and i'm aware that WPA can be cracked (if your google, and have a large server farm in the US midwest) - santiago1, on 10/12/2007, -2/+3 When you are done with your Internet usage, shut down your network. You can still do things on your computer without a network. Try to utilize your network only when they are not around. After a period, I'd assume they would grow tired of waiting for the easy pickings from your system and move on to find others.
Also, If you can, a better, more secure method is to switch back to a wired Cat 5 network. - flizzoyd, on 10/12/2007, -3/+4Try not using wireless.
- lartexpert, on 10/12/2007, -0/+1Isn't it amazing how many people reading this article, and then commenting here, failed to realise it's aimed at people running a corporate network?
- psyon, on 10/12/2007, -1/+2So do they really sit there aiming the "gun" at you the whole time they are using it, or do they leave the gun up on the roof? If they sit there, then call the cops. If they leave it on the roof, sneak over and take the damn thing.
- inactive, on 10/12/2007, -0/+1What, no mention of TEMPEST?
http://en.wikipedia.org/wiki/TEMPEST
To give you an idea:
http://www.erikyyy.de/tempest/
"All electronic devices send out eletromagnetic waves.
so does your monitor. and your monitor does it all the time.
and at very high frequencies. high enough for your short wave
AM radio." - s1rk3ls, on 10/12/2007, -1/+1Sounds like this article is over his head...
My advise? Take your WiFi back to Best Buy and get your money back. If you can't secure your network better, you don't need to be using wireless. Its for your own safety too.. if the feds come knocking on your door because something they did over your connection, you are responsible. - dmoney06, on 10/12/2007, -1/+1enough with the '10 ways' or '5 ways' stories.
- Kosterfield, on 10/12/2007, -1/+1Limit the maximum number of devices allowed on the network to the number of computers in your house that use the WiFi, that way they can't overload the network. Just have all those on the network and the router will reject any extra connection attempts. They can't hack what they can't connect to.
- damonic, on 10/12/2007, -1/+1Or, just don't allow anonymous access.
- bobbytuck, on 10/12/2007, -2/+1Yeah, I got an idea. Get yourself a ***** pellet gun.
That, and spellcheck. - halleyscomet, on 10/12/2007, -1/+0A lot of this becomes moot if you don't have a corporate wireless network. At that point all you have to do is crack down on anyone who tries to set up a rogue network.
I'm too lazy to look up the URL, but there's a Linux setup that will do some interesting things to a wireless network.
For the hardware, you need a computer with two wireless cards.
The software's actual task is a simple one. The initial version monitored any wireless traffic and intercepted the data stream. It then replaced random images with the infamous goatse.cx with the ability to do this to ALL images.
Naturally, this image would be inappropriate in a business environment. What you'd want to do is replace all images with a logo stating that wireless networks were not authorized at such a and such a company.
Sadly, most encryption would defeat this measure, and even images going over SSL would be immune, but it's a good starting point.
Another option is to walk around with one of those key chain devices designed to detect wireless networks. They have ones that will detect encrypted networks as well. When you find one, confiscate the hardware.
Alternately, you could secretly hack any rogue networks you find and do things like disable all network connections for the computers that connect to it, or turn on the strongest encryption the WAP supports and change the access password. Better yet, change the DNS server so all domains resolve to ESPN.com or dice.com. - nightwing2000, on 10/12/2007, -1/+0Weren't #2 and #4 directly contradictory?
Put all access for wireless in a partitioned border LAN. Anyone who needs corporate access, they can use VPN from there. Then, filter out your partitioned border LAN WAP to disallow encrypted protocols like VPN.
Huh?
Some basic human engineering probably wouldn't hurt - change the password every month, hand it out, make a list of who you hand it out to, log wireless access use... the best follow-up security is human oversight of activity to spot interesting oddities. - hrana, on 10/12/2007, -1/+0It's a good refresher but who is he writing this article for? The problem with articles like this is that most corporations that can afford to buy legal licenses for multi-homed ISA 2004 Enterprise server boxes, Enterprise-grade access points, VPN endpoints, Certificate Authority servers, etc. already know about this stuff because of the immense investment that goes into such infrastructure.
I will say that most any Digg user today can replicated almost all of what he talked about with 2 Linksys WRT54G routers running HyperWRT-Thibor firmware, one licensed copy of Microsoft SBS 2003 and computer to put it on, one Linux box, and a few ethernet switches but most won't go to the trouble other than for bragging rights. Maybe he is targeting small business owners but how many employees does it take before there is a dedicated IT guy?
Regardless, the information presented is the type that I would consider "good to know." I've tossed some links to basically the only places on the web that are necessary to set up everything the author talked about. Happy tweaking and installing.
Links:
http://www.msexchange.org/
http://www.isaserver.org/
http://www.petri.co.il/
http://www.computerperformance.co.uk/
http://www.informit.com/guides/content.asp?g=security&seqNum=72
http://www.onecomputerguy.com/networking/w3k_vpn_server.htm
http://www.sjdjweis.com/linux/bridging/
http://www.thibor.co.uk/
... a trial version of Microsoft SBS 2003 is available here:
http://www.microsoft.com/technet/downloads/trials/default.mspx
A trial version of Microsoft ISA 2006 Beta is here:
http://www.microsoft.com/isaserver/2006/beta.mspx - Lyianis, on 10/12/2007, -2/+1You're an idiot and a troll...
that is all. - rodan32, on 10/12/2007, -3/+2What weapons are legal in your community? I'm sure I could nail their stupid WiFi sniper with my .22. . . Seriously, though, log the attacks, filter by mac address (not foolproof, but hey, it helps) and I guess if it keeps up take some pics and show the logs to the cops (who always care about this sort of thing - cops rock!). Otherwise, not too much you can do.
Oh, maybe check into 802.11a. Less common (like a mac) and less likely to be hacked (also like a mac). Any other ideas, or ideas I messed up on? - inactive, on 10/12/2007, -3/+1I'd say limit the number of connections, use Mac Address Filtering, and assign static IP's to all your local computers and turn off the DHCP IP assignment if you can.
- inactive, on 10/12/2007, -4/+0They sit their with the gun and laptop to haxzor the wifi network of my hourse and then they take the credit card numbres and the other personal infor that we have use for like itunes and the amazon!!1
I am trying the ideas thankyou to all of the persons who gave the tips, unfortunately for me i cant just go and steal the gun cause they fguard it. Im to afraid too call the cops cause they might hurt me???!!
Why do they want tosteal only from me? it doesn't make any sense unless all of the neighbours who live near me get haxzored too... why cant they just leave me in peeace?
I hate the gun - dcrumpton, on 10/12/2007, -5/+0Another three words. MAC address spoofer. ;-)
edit: nevermind, ant1441 beat me to it. - shadgenki, on 10/12/2007, -7/+2Three words. MAC address filter. All you need is a wireless router and turn on the MAC address filter in the settings. Put in your computer's MAC address and any other devices you need to connect to the wireless network. Any devices that don't match the MAC addresses get blocked.
- inactive, on 10/12/2007, -11/+2Sorry guyz I just am in a rush cuz the internet always goes down when they snipe it, any ideas guys??? I don't know what to do
- CharlesDarwin, on 10/12/2007, -14/+3Beautiful. Another top 10 list... 8-|
- inactive, on 10/12/2007, -22/+4The problem with this is that their are too guys in my neighbourhood with one of those long range wifi sniper rifles and they keep targetting my network and haxzoring it and theres nthing I can do about it. I can see the gun they shoot it from like 200 feet away I see the gun sometimes cause it's so cool but they still shoot it anyways. What to do? Any ideas????!1!! No security can stopp the lazers wirfi it seems, i just wish their was some shield I could use or something to stop them. They keep haxzoring it, im lucky I'm on the internt rite now actlly
I want to take the sniper from them
the top ten lsit did'nt have any of the shields tha t I need to stop them from haxzoring it the internet when i need them to stop to do school and other things like email or msn. I wish their was a way ot play the games but i can't cause they keep snipe haxzoring my netwrok wifi
Digg is coming to a city (and computer) near you! Check out all the details on our 
© Digg Inc. 2009
— Content created and posted by Digg users is