What exactly does SSL protect in a web site forum/mail?

I just looked and I don't see any "isolation" settings for the main network, although I do see client isolation checkboxes for the guest networks (which aren't enabled anyway).

formatting link

I just looked also to see if there were any attached devices by an adversary, but all the MAC addresses check out using my "mac" command.

formatting link

$ cat $(which mac) #!/bin/bash MAC_DB=/data/save/mac_address.db # egrep -i '$1' $MAC_DB # I have no idea why this doesn't work egrep -i $1 $MAC_DB

Reply to
Alice J.
Loading thread data ...

Umm... that's a RADIUS server. Well, at least you spelled my name correctly.

Not dedicated. It can be used for other things at the same time. Think multitasking. There's very very very little traffic involved in the use of a RADIUS server. However, it does have to be powered on and running in order to be useful.

If you want to test your system, you might want to download the latest Kali DVD (2.6GB) and boot it on a random laptop. The major penetration testing, password cracking, and network sniffing tools are there, ready to run.

Reply to
Jeff Liebermann

The first time I had heard of a "Kali" linux was in a reference today to the cable-modem hack.

I didn't know what a Kali system was.

This is the SECOND time I'm hearing that word today.

Download Kali Linux ? our most advanced penetration testing platform we have ever made. Available in 32 bit, 64 bit, and ARM flavors, as well as a number of specialized builds for many popular hardware platforms. Kali can always be updated to the newest version without the need for a new download.

Reply to
Alice J.

Well, but you do not need to do that hack, to use that program, in order to listen, I understand. :-?

Well, that was a hack for 2005. Maybe they did not check all the network, only part of it.

Reply to
Carlos E. R.

Eumm....

On the inside of your router you can see all of your traffic, unless the router (or switch, really) isolates all plugs.

On the outside of your router you can see all your local traffic that goes or comes to internet, plus, possibly (depends on how the ISP does things) also your neighbours traffic.

On my other message what I meant is that you can not see your neighbours traffic on the inside part of the router.

Reply to
Carlos E. R.

It could be it had a hub instead of a full switch.

No, I'm sure I wasn't. :-) For one thing, the WAN was the two wire phone cable (it was an ADSL home router).

Reply to
Carlos E. R.

Start with a more simple test. Run your packet capture on the same laptop where you're logging in with bogus credentials so that you can see what a successful capture looks like.

You're on the right track, but by default your laptop doesn't let you see traffic flying back and forth between the wireless router and the ipad.

Reply to
Char Jackson

Try accessing it with a web browser. Many cable modems have a web server running at http://192.168.100.1.

Reply to
Char Jackson

I am guessing but I think that hack wouldn't work ten years later because Docsis3.0 has SEC which is encryption that is almost certainly turned on by the cable company.

So, I'm guessing (because I do not know) but if I were the cable company, I'd turn on SEC encryption at the modem, so that everything on the cable from the modem to the cable company server would be encrypted.

Reply to
Alice J.

Looks OK to me.

Reply to
William Unruh

Oh.

On the one hand, I definitely agree with you that my neighbor's traffic won't be find on the inside half of my router.

But, my WiFi card in my laptop would pick up ANYTHING when it's in Monitor mode. Right?

So, wouldn't my WiFi card, in monitor mode, pick up EVERTYHING in the air?

Reply to
Alice J.

By definition, switches do perform that isolation. Like Jeff said, some switches can be configured to mirror traffic to a specific 'monitor' port, but I don't think I've seen a consumer router that offers that. Alternate router firmware, like dd-wrt, might be able to do that.

Reply to
Char Jackson

I don't know how things work now, but back then you only had to have a modem MAC address that was unique to your CMTS. There were websites where people from geo-distant areas could share their legitimate MAC address with each other. Acquire a second cable modem, load special firmware, change its MAC to a valid MAC from another area, and you're online. You're unique on your local CMTS, just as the other guy is still unique on *his* local CMTS, even though both are using the same modem MAC. That probably doesn't work anymore.

Reply to
Char Jackson

I was thinking an old out-of-service router running dd-wrt might be able to serve as a RADIUS server.

Reply to
Char Jackson

That's probably a good idea. Here is the result:

formatting link

  1. On the laptop get tcpdump ready to press ENTER $ sudo tcpdump -i wlan0 -w wlan0.pcap
  2. On the laptop point firefox to Bimmerfest ready to press "LOG IN" $ firefox
    formatting link
    User Name = asdfgh Password = qwerty
  3. Press ENTER to start tcpdump [sudo] password for alice: tcpdump: listening on wlan0, link-type EN10MB (Ethernet), capture size 65535 bytes
  4. Press LOG IN to attempt a bogus bimmerfest log in
  5. Quickly hit control + c to stop tcpdump 141 packets captured 160 packets received by filter 0 packets dropped by kernel
  6. Run wireshark on the pcap results and search for the login/password combination $ wireshark wlan0.pcap
  7. Wireshark: Edit > Find Packet > String > Packet Details > qwerty > Find
    formatting link
    Notice that does find the login of "asdfgh" and the password of "qwerty", but, what I was trying to find was that same sequence from the ipad.

So, I'm confused (maybe Jeff Liebermann can tell me)?

formatting link

What did I just prove by doing everything from the same machine?

Reply to
Alice J.

Yes. VPN or TOR provides a "tunnel" which is impenetrable to prying eyes. They even hide the information about the ultimate destination site. One end of the tunnel is inside your PC. The other end of the tunnel is somewhere far from your nosy neighbors. With TOR you don't even know where it is, and it changes!

Right.

No. That's why you want to use SSL for sensitive information.

Reply to
default

Don't forget though that with Tor running the ISP knows you're using Tor. With only VPN running, the ISP knows you're using VPN. But with both VPN and Tor running, the ISP only knows you're using VPN. The ISP does not know you're using Tor.

That was my point.

How would YOU log into bimmerfest.com? You don't have the *option* of SSL (so https-everywhere won't work).

Reply to
Alice J.

Hmm, firefox-43.0.4 shows a lock just accessing the site using

formatting link

Reply to
Bit Twister

This is new. It has been a while since I last spoke to the admin. I complained all the normal complaints (he insisted they stored the password as a hash, for example).

I haven't complained recently. They may have improved.

Darn. I should have used https-everywhere, which would have caught this, but it still doesn't change that there are still web sites that don't have encryption.

But, still, this is new. Thank you for testing as I had not tested https recently at that site! My mistake.

Reply to
Alice J.

I wouldn't care if the world knew that I logged on or what my password to that site was. Mind you I probably would not go there anyway.

>
Reply to
William Unruh

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.