Log in

No account? Create an account

Previous Entry | Next Entry

more mandatory reading. Read and understand these. That's an order.

If lowes employed WEP, they wouldn't have been put in the position they were to begin with. They became the low lying fruit by trying to follow these myths (although when I connected, long before Adam and Brian, they didn't even employ mac filtering).

I shall deliver a swift kick in the balls to anyone I see implementing these. Seriously.



( 17 comments — Leave a comment )
Jun. 10th, 2005 10:42 pm (UTC)
I don't use any of that, I use IPsec. Although I wish prism54 would finish WPA support, I want to use EAP-TLS instead of IPsec. IPsec tunneling has some issues.
Jun. 10th, 2005 10:51 pm (UTC)
yea, besides the pain in the ass it generally is, people can also connect to the IPsec gateway and attempt attacks on it. Even if you seal everything off, if your IKE daemon becomes exploitable (or already is), you're still screwed.

I want someone to come up with WPA support for the orinoco stuff. Not because I really like orinoco much anymore, but because my laptop has one built in, and I'd like to switch away from WEP.
Jun. 10th, 2005 11:06 pm (UTC)
Pain in the ass is an understatement. The *only* reason I do it is because I lived in a dorm. I trust my friends not to abuse the nightmare filesystems exported from my server, I don't trust the skiddie down the hall with aircrack.

The other reason I want WPA support is I have a program that does a weak shared-key attack on WPA-PSK that I want to try out :p Kind of useless without the ability to connect afterwards though.
Jun. 11th, 2005 03:57 am (UTC)
Should I mention that I used to allow non-IPsec on my wifi and ran dsniff on all the traffic :p Got myself a shitload of login passwords for MTU with that.
Jun. 12th, 2005 08:18 pm (UTC)
Jun. 10th, 2005 11:10 pm (UTC)
I have some pretty tough security implementations.
in the form of about 200' of cat5 ;op

(and if someone walks in and attempts unauthorized network access, in the form of plugging into my router, I have a baseball bat...)

I'm so leet, or something. hehe
(I also have an old-school VCR instead of tivo. weeee)
Jun. 11th, 2005 02:23 am (UTC)
awesome. Your security is perfect.
Jun. 11th, 2005 05:20 pm (UTC)
if the cable is in a compromisable location you're still subject to cutting in, jacking out the two ends, having a switch tossed into the works, and it's the ideal example of a man in the middle attack.
I admit this is a metric assload less likely than some dillweed with a wireless card, but physical security is highly under valued.
(Deleted comment)
Jun. 12th, 2005 04:43 am (UTC)
Bet that was a bugger to pin down.
Personally I wouldn't go to that much expense. A cheap wireless router that has a built in 4 port switch can easily be hidden in a ceiling and having access to an electrical outlet isn't an unreasonable hope.
Jun. 12th, 2005 08:21 pm (UTC)
That's also clever, but when you need a gig, my friend, you need a gig.

Besides, I'll bet if they were using wireless, they'd have found it quickly. I'd be willing to bet that the university in question was running airespace gear, which if I recall correctly, can find rogue wireless gear and triangulate it.
Jun. 12th, 2005 08:19 pm (UTC)
Dude. That's all kinds of hardcore awesome. Do you know if this was a mistake, or intentionally done to avoid detection?
(Deleted comment)
Jun. 13th, 2005 08:59 pm (UTC)
I've heard of that sort of thing (and have seen the directories on those servers), but never knew any of them were in Michigan.
Jun. 11th, 2005 09:24 pm (UTC)
Right, so I should be using WEP, right? I checked and realized I was using WPA-PSK. I have switched over to WEP with 128 bit encryption. I really need to do my homework on this whole wireless shit. This is what I get for getting away from the industry, it's so hard to get back in the know.
Jun. 12th, 2005 08:16 pm (UTC)
No, not at all. WEP is better than nothing, but WPA-PSK (so long as you don't have a shitty password) is WAY, WAY better than WEP.
Jun. 13th, 2005 01:04 am (UTC)
Oh, so I should have stuck with WPA-PSK and my complex pass key?
Jun. 13th, 2005 04:03 am (UTC)
absolutely. you're probably safe as a household at 128 bit WEP (it's what I use), but if all your cards and your AP support WPA-PSK, definitely use it.
(Almost none of my gear supports WPA but my access point, so I can't use it)
Jun. 13th, 2005 03:15 pm (UTC)
Yeah, I switched back to WPA-PSK (128b) and used a very complex pass key, so I feel somewhat secure.
( 17 comments — Leave a comment )