Security (was Re: [TriLUG] who else is experimenting with the
Andrew C. Oliver
Fri, 17 May 2002 11:31:34 -0400
David A. Cafaro wrote:
> Here is a scenario (this depends on how close your house is to the
> street). A van that is painted to look like a bellsouth truck (or
> name your utility) pulls up into your neighbor hood and stops on the
> corner. It sits there for say 45mintues 1 hr and drives away. What
> could that truck have done?
;-) my wireless net doesn't really work in the front yard that well :-)
> 1. 45minutes to 1 hr is enough time to pull out your WEP keys from
> your WIFI network and have full access to traffic on your net (except
> the SSL stuff). Can also now go behind your firewall (depending on
> setup) and behave as a normal internal network client. Unless you
> change your WEP key, he/she now has easy access to your private net
> when ever they feel like driving by again.
yeah all the stuff I don't do over VPN (work stuff) or SSL is generally
ending up public anyhow. Now if they hacked into my desktop (since
they'd be behind my firewall) that would be a bit more interesting, but
we generally bank on line over SSL.
Lets talk likelyhood per amount of effort. Its fairly unlikely I'd be a
target due to the pure lack of gain. General hacking over the net is
another story because kids in Korea can do it with little chance of
getting caught and low skill and effort so the low pay off (being
annoying) is probably worth it.
Heck with older portable phones I used to sometimes pick them up on my
FM radio... Just not really worth doing for the most part.
> 2. If you have standard Analog Cordless phones, if you happened to
> make a call to your bank, he/she could now have full records of your
> bank account number, pin and pass code depending on the conversation.
> Also any other phone conversations.
Nope my cordless phones get dropped in water at least once every 2
years. We boiled one once..
> 3. That may even be enough time to break into some digital cordless
> phones, though I'm not as well versed on that stuff.
Then they'd hear me tell 1,000,000 telemarketers never to call me again.
> Multiply that by say 2-8 houses depending on how big each lot is and
> how big of an extended antenna the van has hidden inside. Now it may
> not be worth while for someone to go to all the trouble of scanning,
> but maybe it is in a more well todo townhouse/condo type area? I'm
> certainly not protected 100% against any of this, but I am aware of
> the risk I run with having WIFI and Cordless phones. You just have to
> be aware of it, and gauge your risk. Might be a good argument for a
> VPN over the wireless to a Linux authentication server :-).
Now I have a better question. How do I extend my vulnerability (my
wireless network) further into my backyard without more wires? I've
got the Linksys wireless hub/cable router and it works okay but about
half way into the back yard it quits (and its not very fast). Is there
some form of wireless repeater that will communicate with a base and
client so that the signal strength is increased and extended? :-)
> At 10:58 AM 5/17/2002, you wrote:
>> Have there been any cases of this? My wireless network extends into
>> my back yard. I have the security pretty low. For one, if you're in
>> my back yard long enough to hack behind the firewall, I have a bigger
>> problem. WHAT are you doing in my backyard!
>> Secondly all sensitive transactions I do are over SSL anyhow, so if
>> you're back there long enough to crack the 128 bit encryption on my
>> banking...again WHAT are you doing in my backyard! :-)
>> M. Mueller wrote:
>>> On Friday 17 May 2002 09:41 am, you wrote:
>>>> far. I have gotten kismet working which is a wireless network sniffer
>>>> and found 3 networks around my house.
>>> YIKES! How's that for privacy?
>>> Here's another: call bank on wireless analog phone, enter ID and
>>> PIN, get information, end call. Someone with a baby monitor might
>>> have heard your tone entries. Someone more evil might have recorded
>>> the conversation and now has information that can be used to steal
>>> your identity.
>> TriLUG mailing list
>> TriLUG Organizational FAQ:
> TriLUG mailing list
> TriLUG Organizational FAQ: