Public Access WIFI Security

Pretty much common knowledge (at least in this news group)....

Im

Reply to
Imhotep
Loading thread data ...

For those of you that don't know, Dartmouth College is the first college to go totally wireless. I'm sure many of you have been to a coffee shop /book store (Barns and Noble) and have seen that they offer public access wifi hotspots. This means that you don't have to have a password or pay anything to get connected.

Most of these places probably do not have any way of preventing hijacking attempts. If I decided to go to my local starbucks and setup a fake wifi, theres nothing stopping me.

But I don't even have to do that to get your passwords. All I have to do is throw up a packet sniffer and bam I have all of your email passwords/website passwords. POP3 is an unencrypted protocol. WIFI access points act as hubs. Unless everything is running SSL all of your passwords are being sent out to everyone connected to that WIFI access point.

I'm telling you this to inform those of yall who don't already know, and to ask a question to those of you who are in the profession and know everything there is to know about wifi.

What is stopping me from going to Barns and Noble, firing up Ethereal, and getting everyones passwords for email/websites? Is there a way to disconnect a computer that shows signs of running a packet sniffer? Is there even a way to tell that a computer is running a packet sniffer?

This is something you might expect to see at Defcon or Blackhat but probably not in your local Starbucks. Next time you are there, think about the security risks and don't check your email or visit a site that requires you to have a password unless you send it via SSL (Gmail, banking sites, etc).

I am cross-posting to get as many opinions/answers as possible.

Thank you for your time

Reply to
teh Mephisto

To those of you that know all about it yes, but for those casual internet goers that sometimes frequent at least the alt.internet.wireless news group they probably won't even think about it.

So is there anyway to combat it on the access point side or just vigilance and knowledge by the users?

Reply to
teh Mephisto

Gee, I run such a hotspot here at home (different subnet and attached to a hardware firewall).

all my other machines are hard wired to a primary switch. the only reason for the hotspot, in case any of my neighbors want on (I have 3 wireless).

once in a while, I start up a linux box and take a sniff at things....

oh yeah, one last thing, I use the firewall hooked to the wireless box to limit BW to 10K/sec both ways per IP on wireless. it is amazing how well that shuts down filesharing. :)

TMH

Reply to
Technomage Hawke

Most sane users do not poll for email with pop3. They use a VPN tunnel provided by their ISP, a VPN tunnel provided by the hot spot service company (i.e. Boingo), TLS (transport layer security), or web mail using SSL encryption.

Anyone in the profession that claims to know everything, doesn't.

Not much. It's a well know problem. Just about any web site the mumbles about wireless security mentions that polling for email via an unencrypted wireless link is asking for trouble.

Users can be blocked by MAC address or IP address at the wireless router. There are IDS (intrusion detection systems) that look for abuse and automagically isolate the offenders. For example:

formatting link
It is fairly easy to detect if a user is sniffing. I have a trick that detects if a wireless device is in promiscuous mode (required for sniffing), but it's marginally reliable and does not work with every client. Search Google for "detect promiscuous mode" for how others are doing the same thing. For example, a free and commercial promiscuous mode scanner:
formatting link
've used the free version to detect wireless sniffers.

Reply to
Jeff Liebermann

Banking sites are secure sites. Use secure SSL webmail and not your pop3/SMTP program.

Reply to
DanR

I think you give people too much credit. From what I have seen, most people see "Wireless hotspot here" and go woopee i can get my email and surf the web. I will guarentee you that you can go into any starbucks, ask how many people know what VPN or SSL are and probably about 1/4 of them would be able to tell you, if that. Then they probably don't even realize that everyone can see what they are doing on a wireless network.

Reply to
teh Mephisto

Hi

could you please provide some reference material (websites or groups messages) describing HOW to set up a secure wireless connection and more secure ways of using public hotspots.

Thank you

Reply to
bobrics

Hey this is a security group, we tend to think.

Surfing the web is fine, webmail is fine, providing its on SSL

We don't all live in the evil empire.

-- Jim Watt

formatting link

Reply to
Jim Watt

Um.

In what way is this different that using any other publicly shared service?

Incidentally, and in case you hadn't noticed, the Internet itself is.. um.. a shared public service. Any privacy you happen to gain from someone else's routing table is pretty much a side-benefit.

Coming up next.. blutooth it am teh sc4ry!!!1!!!

;o)

Reply to
Hairy One Kenobi

Not exactly. Wireless 802.11 is bridging. A bridge is a 2 port switch. It only lets traffic across the bridge that has a destination MAC address that's known to be on the other side of the bridge. Also, broadcasts go everywhere. With a hub, access to one port gave me access to all the traffic since the hub was just a repeater. With a switch, sniffing one port only gives access to that ports traffic. It's the same with wireless except that wireless shares a common medium (air space) and allows all the bridged/switched connections to be simultaneously sniffed. I guess one could say this is like something like a hub, but it's still bridging.

You'll be suprised what I find floating around some networks. The old hubs just don't seem to completely disappear and are often more conenvenient to use than to purchase a proper switch. I use hubs for sniffing ethernet, but that's not a common application.

Reply to
Jeff Liebermann

Wossat mean? Every single computer in every lab connected with wifi ( are they stupid? ) or just total wifi coverage?

I'm sure many of you have been to a coffee shop

[snip]

VPN. VPN is how you do wireless security.

Reply to
Leo Fellmann

I don't know about every single computer in every lab but I do know they are completely wireless.

Reply to
teh Mephisto

Now that everyone uses switches, its a lot better than it used to be. WIFI is still ran just like a hub, where everyone connected can see everything you are doing.

Sure there are still some hubs around but noones stupid enough to put them up where it really matters.

Reply to
teh Mephisto

thats a mighty tall order man.....

you might try this search term in google: wireless+hotspot+securing+encryption+vpn

and see what you come up with.

Reply to
Technomage Hawke

teh Mephisto wrote in news:iUT_e.76499$Jp.2279820 @twister.southeast.rr.com:

Even the monitors?

SCNR :-)

Doc.

Reply to
Doc.

Shrugs, wireless using something like

formatting link
seems to be a relatively secure solution. Tends to defeat intruders and listeners fairly effectively. When coupled with wireless IDS to detect attack attempts you can secure the network about as well as you can on a wired connection.

Winged

Reply to
Winged

Erm, actually "they" do. Both genuine hubs and switches configured for-a-purpose.

The purpose is usually the same sort of load balancing used by Windows (NLBS, or WLBS as it used to be called). It uses MAC spoofing (MS borged a company); this doesn't always work on particular Cisco switches, even when they've been set to bridge ports (which is the other case you'll commonly see. Damned hard to sniff or run an IDS without this sort of facility - although you have to be careful that it can handle the sort of traffic that you're likely to see, particularly if you're on/near the backbone.).

I have a military customer that ended up doing this - it was cheaper to recycle an old hub than to buy a new switch that actually did what it was supposed to (bearing in mind that the selected switch /should/ have had the capabilities, but might have broken one of their other security rules. They're a customer; they get to do it they was they want )

These sort of configs tend to be where you *really* need load-balancing (i.e. at the very heart of "where it really matters")

In my case, I just have the two hubs - one sits on the Cable Modem connection at home (so that I can simply plug-in a sniffer or firewall tester); the other is my "network in a bag" that travels with me on-site. UK companies generally don't let you plug into their networks, these days, so it's a useful last resort for data transfer if we already have someone there. Or if I end up running software that's licensed by MAC address - modern laptops switch you between different NICs, which buggers all that up. Must get around to making one of those "key" thingummies that you used to be able to buy.

H1K

Reply to
Hairy One Kenobi

That's why you always want to use VPN to connect via an unknown wireless network.

Google now offers a free VPN service. Supposedly it's slightly less secure than some of the paid VPN services but this is according to the paid VPN services.

Some ISPs offer VPN as part of their plans. One reason I chose the ISP that I chose is because they offer VPN at no extra charge.

Reply to
SMS

Another company offering VPN for free is iPig, see

formatting link

iPig comes with the iPig SERVER (also freeware), so you can set up your own VPN server very easily. Thus the traffic is NOT routed via the company's server.

iPig Server is MUCH easier to install then OpenVPN, basically you just start the installer, add the user name and password you want to use, and your private VPN server is ready to go.

Reply to
WifiFan

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.