Flutterby™! : Wireless Mayhem

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

Wireless Mayhem

2002-07-23 00:31:23+00 by meuon 10 comments

We are at a public place, about to become a hotbed of activity, and the 'client' just bought a Linksys 802.11b wireless access point, and really neat little USB/ethernet/802.11b to feed his registration and point of sale systems that they expect to handle 30-60 THOUSAND credit card transactions next week. The POS systems talk to a 'PC Charge' server, over wireless, and then the PC Charge server communicates via the 'net to their CC gateway. No sweat. The PC Charge server is encrypted to the 'net, but the local Linksys (Channel 6, SSID 'Linksys') AP and SU's are not... 10 minutes later, my laptop was dumping sniffed packets from the air.... Truth.. not just comics.

We did actually not make it work, But Eric has the right idea for being a high tech nomad.

[ related topics: Wireless Coyote Grits Work, productivity and environment Chattanooga Comics Cryptography ]

comments in ascending chronological order (reverse):

#Comment made: 2002-07-23 00:42:21+00 by: TC

Yeah I like the linksys 802.11 stuff as well but definately encrypt 128bit and definatley use tunneling ssh underneath since WEP is not very hack resitant anymore.

#Comment made: 2002-07-23 01:42:31+00 by: Dan Lyke

Warchalking for net access, rather than for geographical resource access, seems far more prevalent than I'd expected. I haven't been too concerned about my link, given that it kinda fades by the far side of the house, but I need to clamp it down a bit. I've left my bike in my driveway unlocked for a day or two, butsomehow people's ethics seem to get a little shakey when things become virtual.

(Not that *cough* I ever saw the ethics of computer access in a different light than the ethics of physical access... Well, at least not since I could be tried as an adult...)

#Comment made: 2002-07-23 02:27:48+00 by: meuon

We are installing a 100' Rohn 45 tower for the new Canopy gear. 5._ ghz.. and not as easy to break onto. Although, I am sure Motorola sells a box to the spooks that can, or that they can without their help. :)

#Comment made: 2002-07-23 03:26:09+00 by: TheSHAD0W

The solution is to run a firewall box, with a separate port for the WAP, make it unrouteable, then have the remote clients log into the firewall machine via VPN.

#Comment made: 2002-07-23 05:43:10+00 by: Shawn [edit history]

Shadow; what do you mean by "make it unrouteable"?

I'm planning to add a wireless PCMCIA card to my Linux server (which is not my main gateway/router) in order to untether my laptop at home. This Linux box provides any public servers I wish to make available (ssh, ftp, http, etc.) - by NATing ports through my D-Link gateway box. The Linux server is also running iptables and I intend to restrict wireless access with that. But I'd like to hear about anything else I could do to help make everything more secure.

meuon; Didn't the client learn anything from Best Buy?

#Comment made: 2002-07-23 06:04:44+00 by: TheSHAD0W

Shawn: When you have two network adapters in a computer, and routing is turned off or not enabled (depending on whether your running *nix or Winblows), no communications are gated in between the networks -- at least, not by the operating system. All that can be accessed from the "internal" network, the "intranet", aside from talking with other isolated systems on that network, is server software on that dual-ported PC.

One can exploit this property to create a firewall, by which communications are controlled by software. Communications can be filtered or throttled or manipulated in various ways.

Or, one could shut off all server access to that port, excepting for a VPN login. VPN, or virtual private network, allows you to run an encrypted IP connection across an untrusted network. The VPN server software would act as a proxy for computers that were logged into it, with the appropriate password, or could even route full IP access. Computers not logged in via the VPN would be unable to access anything. Packet sniffing would be futile since VPN sessions can use high-grade crypto, and no unencrypted communications would be present on that network.

#Comment made: 2002-07-23 12:12:09+00 by: meuon

And you are throwing in lots of complex steps to make up a flaw in normal 802.11. The hardened Cisco stuff (and other brands) also have proprietary modes that do not interoperate with other brands, break 'standard' and make it hard to sniff/decrypt or login to the network.

#Comment made: 2002-07-23 13:57:37+00 by: Dan Lyke

Shawn, since my Linksys just routes on 24 bit network, when I finally get around to hardening (which I'm not all that concerned about, given that I barely get coverage at the other side of the house), I was going to do it by telling my Un*x server to use a 192.168.[0-3].0/22 network, admin it as an exposed host, leaving the NAT box at 192.168.1.0/24, putting the wireless on 192.168.2.0/24, and requiring the laptop to use SSH tunnelling through proxies to get to the outside. Thus you'd have to get on to the wireless, then into the Un*x server, to be able to see the outside line.

#Comment made: 2002-07-24 13:21:46+00 by: ebradway

Or, you could put a transparent proxy on port 80 with Squid and let your neighbors find the good pr0n for you...

#Comment made: 2002-07-25 12:23:48+00 by: meuon

Funny, and true. A recently created accidental warez/porn server (NT Box with FTP left open) go the response from the otherwise competent sysadmin: 'I've been making copies of the good stuff..I'll turn it off in the AM'. LOL!