Strange SSID in the air...

Hi,

I've been noticing that one of my neighbors occassionally spits out the SSID "hpsetup", unencrypted on channel 1 (2.412Ghz), in adhoc mode.

I'm not going to mess with it, but was curious as to what it may be? A printer? A previous adhoc connection on one of their computers (laptop) that is trying to "re-connect" (that WinXP bug)?

The owners appear to be security minded since their main SSID has a unique SSID and is WPA-PSK'd... Makes me wonder if they even know they are radiating this unencrypted "hpsetup"....

Out of respect, I moved one of my SSID's off of channel 1 and onto channel

  1. I'd move it further, but I'm already clobbering the air here on channels 2, 6, 11, 52, and 152. (52 and 152 are 802.11a)
Reply to
Eric
Loading thread data ...

Hewlett-Packard networked printers are usually configured to have an ad-hoc WiFi network with the SSID named "hpsetup". This allows one to print to the printer by joining the ad-hoc network. Of course, this assumes that the SW drivers have been installed onto the host computer.

The WiFi radio can be disabled via a configuration item in the printers embedded web server. It is also disabled whenever the Ethernet cable is attached. At least according to some fora I got to after googling the above.

Reply to
Kurt Ullman

That makes sense. Reading a little about it on HP's website...

Seems kind of a drag though. If you want to talk to one of these printers, then unless you have two wireless NIC's or a bridge connected to it, you have to come off your network to talk to the printer... HP site also says that software needs to be installed from CD. That seems to defeat the whole purpose if this thing is trying to be a "network printer"? The built-in wireless seems to give more obstacles than anything else. (?) Call me crazy, but I'd rather use Bluetooth than that. Or, just attach a wireless bridge to a real network printer... (?)

Cheers, Eric

Reply to
Eric

Yep. He probably has a flashy new HP all-in-one printer with wireless connectivity in addition to ethernet and USB. What happens is that the printer gets left on (in fax mode) when he turns off the computer. The disconnects the ethernet connection, so the printer switches to wireless and goes hunting for something to connect to. (It will only do either ethernet or wireless, not both). Since he's not using the wireless, I guess he's found no reason to configure the wireless settings in the printer.

Y'er no fun. Of course you want to mess with it. Let it automatically connect to your computer by setting up an ad-hoc connection to the printer. It will be much easier if you determine the exact printer model and download the HP software. When he turns off the computah for the evening, setup the connection, and leave him a few printed pages with "Configure thy your wireless" inscribed in 72 point type. That might get his attention.

He probably doesn't. Wanna guess how I found out how all this works? I dragged into my palatial office a new HP printer for a customer, set it up and left. The college brat across the road from my office decided to have fun and printed me a few messages.

Reply to
Jeff Liebermann

There's an open commercial hotspot in town. Within range of that hotspot are at least two SSIDs, locked, that are "You Think This Is A Hotspot", or some contrivance like that. I wonder if they were running unlocked and unmolested until the shop owner starting advertising his free WiFi.

Reply to
dold

snipped-for-privacy@03.usenet.us.com hath wroth:

Cute. Most of the SSID's in the off campus residential area for the local university are obscene or provocative. Another residential system has some hacked software that belches about 100 different SSID's. (Security by absurdity). Good luck finding the real SSID in that mess. The dual SSID Sonicwall system at a local coffee shop is "hotspot" and "notspot". "Notspot" is of course heavily secured.

Reply to
Jeff Liebermann

snipped-for-privacy@cruzio.com (Jeff Liebermann) wrote in news: snipped-for-privacy@4ax.com:

One of my neighbor's has an open network with an SSID of "wanna get a virus?".

Reply to
Bert Hyman

One of my customers found one of those sniffing from a hotel. My customer decided that an open access point was more convenient than paying the hotel for wireless service. So, when he returned to town, I got to spend half a day cleaning the viruses off his laptop.

I found a good one today. A new customer was having problems configuring their wireless. I found that they had used an online WEP/WPA key generator to create a suitably cryptic WPA-PSK key. However, they misunderstood the instructions and also used it to create an SSID consisting of what looked equally cryptic. That would have been just an inconvenience but I also found that although the SSID can be 32 characters long, the DI-624 Rev C was only taking 31 characters. A firmware update solved that problem.

Incidentally, they didn't use cut-n-paste to load the characters, but typed them in by hand. What are the odds of getting it right? Sigh.

Reply to
Jeff Liebermann

How would one get a boatfull of viruses simply by using an unsecured network? I am assuming that one is not indulging in unsafe hex, like visiting seamy sites or downloading questionable applications etc.

If I disable file and printer sharing, enable Windows firewall, and use an updated antivirus, will I be safe when using public Wi-Fi networks?

My question is basically: If I simply connect to such a network, will my laptop automatically get filled with virus/spyware etc? or do I have to do something stupid while using the network to allow this occur?

Aloke

-- remove the numbers and invalid to email

Reply to
Aloke Prasad

Aloke Prasad hath wroth:

Sigh. If I tell you how it can be done, everyone and his brother, the script kiddie, is going to be doing the same thing. I really don't want to be responsible for all the damage that can be done and this is not the proper place to be discussing exploits in detail.

However, I'll give you a general clue. Think about URL redirection (splash page) in the router pointing to a rouge web site or server. Also, open shares. Remember, that since *YOUR* router is now owned by the evil hacker, there's much more than can be done than on some random web site on the internet. In effect, the evil router is the "man in the middle".

No, it's much easier than that. Incidentally, most of the pioneering work on what can be done with web pages was done by porno web site designers.

That covers about 80% of the possible attacks. It will not protect you against phishing (counterfeit web sites), password sniffing (in the router), simple trickery, DNS redirection, or a few other things I don't wanna get into. Again, remember that the evil hacker owns

*YOUR* router (or rather the router that you're using). That opens up many possibilities.

You are probably safe with the security measures mentioned against everything except password sniffing and faked web sites. In the case of password sniffing, you don't have to do anything. In the case of fake web sites, you have to click on something. I don't really want to describe what my customer did to get a bunch of viruses (actually a downloader) installed. I'm afraid many of us would have done the same thing.

Here's a cute example. When you sign up for Comcast service, the CMTS delivers a rather interesting DNS server. It doesn't matter what you try to lookup, it always points to the Comcast service signup site. Now pretend that instead of always pointing to the legitimate site, I setup a static DNS table that points various ecommerce or banking sites to my handy phishing web server. To you, it looks like everything is working just fine as most other sites work normally. However, when you try to do some banking, you get redirected to the fake site. Whether you can detect the fake site is largely dependent on your attention to detail and alarms. Most people will not notice and simply inscribe their login and password.

In short, this potential for abuse and similar potential problems is why I don't use many private open wireless access points very much.

Reply to
Jeff Liebermann

The places that I go to that require passwords (specifically to sign on to Yahoo and the webmail for my REAL e-mail address are all secure sockets (the lock is locked). Does this have any impact on trying to sniff passwords?

Reply to
Kurt Ullman

I've followed this thread with interest, as I'm learning about wireless networking from scratch. I also know about the cracking being done and all the programs that allow some password cracking, sniffing, etc.

However, I'm wondering if we are all not just a bit paranoid about all this.....

Take Win for example. If MS wasn't such a big target, then all these updates, patches, etc wouldn't be needed and our lives would be much simpler. It also seems to me that AV sofware benefits from virii, since they become a needed commodity.

Which brings me to my point. With all the "security consultants" out there looking for work, wouldn't it be a good thing (for them) to hype the holes in wifi? Say I've got a wifi router, set to AES security, shared pass phrase, and limited range. How "actually" vulnerable am I really?

So, OK< the public spots may be more problematic. So, can you not use common sense and be done with it?

I'm not trying to start a flame war, just a little discussion..........

Reply to
Travis McGee

Kurt Ullman hath wroth:

I don't know any easy way to circumvent SSL/TLS security. It is possible to do a man in the middle attack on SSL.

I'm not sure exactly how to impliment this, but I suspect that having the hacker own the users connecting router certainly makes things easier.

Reply to
Jeff Liebermann

So, would you call this a minor, major or no concern to people using the WIFI at Paneras or your local Holiday Inn or Starbucks? I rented a house last Jan and Feb in FL and plugged directly into the modem for real high value stuff like my bank. Any reason this is overkill or is this more prudent surfing>?

Reply to
Kurt Ullman

"Travis McGee" hath wroth:

Yes. Only the paranoid survive (which was the title of a book by Andrew Grove of Intel).

Sure. Enforcement and compliance are big business. Where would crime fighters be without crimes? If you eliminate one crime, just create a new one to fill in the shortfall. Same with security. If it weren't for hackers, bugs, exploits, etc, there wouldn't be any need for prophylactic software.

They are doing exactly that. Almost all the major security holes have been discovered and announced by various "security researchers". However, it's not just to promote their consulting business. It's because the various culprits (Microsoft et al) aren't really thrilled about admitting they have problems. Someone has to do the research and annoucements. Who else would you prefer to do it? The governmint?

I have no idea. Security is a systems problem. Just because one component is secure doesn't mean the system also is secure. For example, one of my corporate customers bought a very expensive wireless bridge with more than adequate security and encryption. They asked me to verify that it couldn't be sniffed or hacked. Instead, I picked the lock on the wiring closet in the hallway, and plugged into the their unencrypted ethernet network, thus bypassing all their security. I've done the same thing to other companies with unprotected ethernet ports. If I really wanted to break into your system, I couldn't do it via wireless. Instead, I would find where your ethernet connects, and simply install a wireless bridge radio. I can make it look like a wall wart so you would probably not even notice.

Also, you mentioned "shared pass phrase". I think that's marginal security. If I can get physical to your computah, I can usually extract the shared WPA key from your Windoze registry. For example:

I was at a party about a week ago and did exactly that to the owners wireless network. I was playing on my laptop using his wireless network. The owner is an IT manager at a large organization and almost immediately asked how the (deleted explitive) I had managed to hack into his wireless network. It took me exactly 12 seconds (I timed it) to recover the key with a scripted USB memory dongle, and about 2 minutes of fumbling to configure WPA-PSK on my laptop.

In other words, the wireless was quite secure from external attack, but not from internal attack. He's looking into getting a RADIUS server to prevent a repetition.

Sure you can. It doesn't take much to stop the well known attacks and script kiddies. However, anyone with a good understanding of how the system works, can easily cause problems. Just make a list of the possible exploits and assign a number to the probability you'll be attacked using each exploit. Sort. Then, you can easily determine what to worry about. (Note: I haven't done this as it's too much work).

Drivel: One of my coffee shop hot spots has quite a bit of wireless traffic. They're showing 19 users on a Saturday morning. Business must be good. I've been logging how often and how long the various VPN tunnels are being used (IPSec, PPTP, and L2TP) for about 2 weeks. I see IPSec 3 times, and PPTP 8 times (2 of which are me). So much for VPN hot spot security.

Reply to
Jeff Liebermann

Kurt Ullman hath wroth:

I don't know. I'm not a security expert. My guess(tm) is that it's minor because it appears to be very difficult. However, the history of the computer security seems to be punctuated by minor concerns becoming major headaches overnight immediately after someone writes a scripted exploit. Assuming nobody has wiretapped the house network, you're probably fairly safe from a man in the middle SSL attack.

The banks all use some form of SSL security. As long as you use something like BofA's SiteKey:

to prevent phishing, I think you're safe for now. BofA is also a PITA for missing passwords. One typo and they ask you to re-enter all your personal info. I guess it's more secure, but it's sure an irritation. Anyway, SSL/TLS is end to end security, so sniffing or man in the middle is difficult.

Incidentally, one very real danger to online banking is a keylogger capturing your login and password. If you're in the habit of making big online bank transactions, I strongly suggest you ask about "one time key" dongles for generating passwords:

It's fairly new and none of the major banks are doing this for small accounts. However, I expect to see it quite commonly used immediately after the next security disaster. There's also rumors that PayPal might offer the service. Dunno.

Reply to
Jeff Liebermann

Anything I get e-mail from my bank or utility or other, I just call teh appropriate 800 number from statement. That precludes any phishing problems at all. And sometimes I let the bank know of a new phishing attempt.

I'll check into this with my peeps at the bank. It is a combined checking/broker account. I check on it pretty much daily because of that.

Reply to
Kurt Ullman

LOL. That may be an idea for a rainy day...

Reply to
Eric

Two words: Captive Portal. Jeff answered everything else.

Don't forget about social engineering. Like already said in the thread, the MitM can make anything you "connect to" look legit. At minimum, all the MitM needs to do is to simply run a web server and change his hosts file.

Not necessarily, but do you want to be automatically strobed and probed for vulnerabilities? If you are doing all the above, plus using Firefox, you will "likely" be okay. No guarantees though. The MitM is counting on connectees with little security, who are using Internet Explorer. They won't last seconds...

Security is a two way street. So much attention has been put on securing your own wireless networks, while relatively little has been given towards security from the client connectee perspective. This seems to changing though. That open, unencrypted, default SSID that looks tempting to use in public could very well be a honeypot. First line of security should be common sense...

Reply to
Eric

URL redirection: will some of the anti-phishing features in Firefox or IE7 help in this case? This is a serious problem if people are unable to detect this on public network.

How can I verify if any of this is happening on my home network (with the cable modem assigning Gateway+DNS to the Linksys router etc.)?

...

Is the "Evil hacker owning the router" scenario applicable for public routers at airports, Starbucks etc?While those are administered by professionals (I hope), I suppose it is safest to assume that they could be compromised.

How do I detect password sniffing in the (public) router? I'm assuming that this will not happen on my home router (WRT54GS). What about my ISP's router? How do I detect password sniffing in general?

What If I save a bunch of bookmarks (like the bank's login page) with IP addresses instead of domain names. I bet the IP addresses of commercial pages don't change that often.

Password sniffing has me worried, though. How to detect/deal with that?

Aloke

-- remove the numbers and invalid to e-mail me

Reply to
Aloke Prasad

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.