Computer Tips -Tech Info

So, let’s say we want to have an open wireless access point for some reason. (Maybe offering it to guests if you’re a business?) There are certainly a lot of BAD ways to give open wireless access. As we’ve seen in this series so far, it could be quite easy to hijack all connections in a network using arp spoofing. If you run business machines on a network you do NOT by any means want an open access point on the same subnet. Here are some possibilities though…..

Read the rest of this entry »

So, if you haven’t already had enough cause to tighten your wireless security…. we’ve been talking about arp poisoning (spoofing) and the basic conclusion is that IF an attacking machine is on the same subnet as your machine (same IP address range), they can “own” all traffic from you machine to the gateway. It doesn’t matter if you’re using wireless or wired for your machine. As a demonstration I connected my laptop to my wireless access point…..

Read the rest of this entry »

So, we’ve spent a couple articles talking about arp spoofing. It sounds really bad, it’s a frighteningly easy way to do a “mitm” or man in the middle attack and anyone using arp spoofing could capture ALL network traffic including passwords. There’s got to be an easy fix right? Um…. well. This is not something you’re going to want to read, but there aren’t a lot of good options. It’s possible to setup a static arp table. With a static arp table, a machine ( switch/router ) has a list of known good MAC addresses and which IP addresses they should match.

Read the rest of this entry »

When a machine has been arp spoofed, ALL network traffic from it is likely passing through a “hostile” machine. So, NO, https and ssh traffic is not immune, it is travelling through a hostile machine. However, it should be encrypted. There are a few exceptions though. SSH version 1 is a broken encryption scheme and should be avoided like the plague. As far as I know SSH 2 should be safe. Pay attention to complaints about the host identification not being able to be verified….

Read the rest of this entry »

So…. what is arp spoofing (poisoning)…. and what are it’s implications? ARP spoofing involves tricking a machine into thinking that you’re machine is, yet another. Let’s put this in IP address terms. Let’s say that 192.168.0.1 is the default gatway on the network and 192.168.0.150 is our target. We are given another network address – say 192.168.0.250…. Arp spoofing would tell 192.168.0.150 that OUR network adapter is the place to send information destined for 192.168.0.1, (and we could also tell 192.168.0.1 that WE are the rightful recipient of data sent to 192.168.0.150). These is done by offering up our MAC address as the legitimate desitination to each machine through a crafted ARP response.

Read the rest of this entry »

So, for those that have a little bit of knowledge about network hardware, you’ve probably heard this. “You can’t sniff switched networks”…. wrong…. let’s see what this is about. Older networking hardware was dominated by what’s called a hub. This was basically a “dumb” device that when it received data, it would retransmit the data to every machine connected with the expectation that the correct recipient would answer and all others would ignore that data. Of course, this stream of data is possible to watch and easily available software could log all network traffic fairly easily.

Read the rest of this entry »

A while back I did a network security series and one of the points that I mentioned was that it’s important to know what is normal for your network. In other words, what machines are NORMALLY connected, what services are normally running, etc. Well, I’m about to start a serious look at something that makes this knowledge essential and that may have some rethinking whether or not it’s wise to run an open wireless access point on the same network as their traditional LAN.

Read the rest of this entry »

This is a good idea…. let’s say you want a linux install, but you’re very particular. You’d like to have a certain setup out of the box, say a basic desktop with OpenOffice and Firefox/Thunderbird. Nothing fancy, just a basic desktop and you wanted to deploy over several systems. Some distributions give you the choice to save settings for a later install, but for most, this can be the start of a fairly tedious install-fest. Someone has come up with a good solution to this (and a solution to the multi-GB of iso downloads….) You go to a web page answer a few questions and then download a CUSTOMIZED linux install iso that then takes care of the whole process for you.

Read the rest of this entry »

The Official Googleblog has an article today about their decision to filter results in China. I took a look at the Chinese version today (I saw an image search comparing Tienamen (spelling?) results in English and Chinese. I also searched for my site and found that I seem to be absent from the Chinese search results. Now you might say the latter is not surprising for a number of reasons, but I’ve found other English language sites showing up in the Google.cn results…. I guess information about computer security is too risky for the Chinese People to find. !!Correction-8:30PM EST!! I had earlier seen Sunbelt mention guiness.com missing from the results and they just noted that was in the results now. Likewise, my site was missing and now is present in the Google.cn results… !!End Correction!!

Read the rest of this entry »

There have been a couple stories out of the “Blackhat federal” conference in the last couple days. Brian Krebs at the Security Fix gives a good overview. One of the more troubling notes is the possibility of creating a rootkit that can hide itself in a systems BIOS. Security Focus has some detail on this as well.

Read the rest of this entry »