Cable modem TV antenna experiment

[Dave Platt]

In article <kcui3h$epf$1@dont-email.me>,
William Sommerwerck <grizzledgeezer@comcast.net> wrote:

That's assuming there's no data encryption. I use both encryption and MAC
filtering.

To be reasonably secure these days you need strong encryption. WEP
encryption can be broken quite easily. WPA2 using AES is still
robust, as long as you choose your passphrase well (randomly-generated
strings are good, simple phrases and names are bad). MAC filtering
helps a bit, but if the attacker is willing to hang around until s/he
sees a bit of legitimate traffic passed through your net s/he can
collect MAC addresses which go right past your filters.

Nevertheless, I appreciate this information, as the book I read indicated that
you needed hardware to spoof a MAC address. (Perhaps the author was talking
about what was required to sniff it.)

Both are almost trivially easy, without any specialized hardware at all.

A friend of mine remarked that both he and I were relatively safe from such
attacks. "Why would anyone be interested in accessing //our// computers?"
Indeed. This is true for most users. Of course, it's no excuse for not taking
simple steps to protect yourself.

Ummm... if you use any sort of on-line service (banking, iTunes,
GMail, etc.) with login credentials, or have any sort of always-on
internet access, or keep any sort of financial records on your PC,
you're a target of interest to *someone*.

The botnets which are used to distribute massive amounts of spam,
serve out malicious software, and act as "distributed denial of
service" attack nodes are *precisely* the sorts of computers that
"most users" own. Selling unauthorized access to compromised
computers of this sort, in bulk, is a pretty big bu$ine$$ for some
very active gangs of cybercriminals.

As to having people access your wireless network connection without
your knowledge... some people have had *very* painful and expensive
experiences with this, when it turned out that a "drive-by downloader"
used their open net to download "ripped" movies or songs, child porn,
etc. and the downloads were tracked back to the household in question
by law enforcement and/or the ISP. Proving that you (the householder)
didn't use the net for illegal activity could be difficult, and in a
civil suit (by a big media company for example) "innocent until proven
guilty" doesn't protect you from the costs of defending the suit.

I hate to say it... I hate the situation... but it's a very hostile
Internet out there. Believing that the average user is safe from
attack because "they wouldn't be interested" is a potentially *very*
expensive form of ignorance.

--
Dave Platt <dplatt@radagast.org> AE6EO
Friends of Jade Warrior home page: http://www.radagast.org/jade-warrior
I do _not_ wish to receive unsolicited commercial email, and I will
boycott any company which has the gall to send me such ads!

 

[Jeff Liebermann]

On Sun, 13 Jan 2013 06:58:54 -0800, "William Sommerwerck"
<grizzledgeezer@comcast.net> wrote:

Actually, it's trivial to hack into a wireless router with MAC address
filtering enabled. Just sniff the traffic to/from that wireless
router and collect the MAC addresses being used. The MAC
addresses are NOT encrypted. Then, just change the MAC address of
of your computer to one of them, and you're on.

http://www.irongeek.com/i.php?page=security/changemac

That's assuming there's no data encryption.

True. However, as I mumbled, encryption is the only truly effective
security method.

I use both encryption and MAC
filtering.

It's helpful to know how the order and sequence of making a wireless
connection. I won't describe the whole process but you can see it
happen if you enable tracing and look at the connection progress logs:
<http://technet.microsoft.com/en-us/library/bb457017.aspx>
In order to do the key exchange cerimony for encryption, the devices
need to initially associate using the unencrypted MAC addresses. If
MAC address filtering is active, the initial association will fail. If
you have a valid MAC address, it will connected. It's as simple as
that to detect MAC address filtering and determine if a sniffed MAC
address will work.

Nevertheless, I appreciate this information, as the book I read indicated that
you needed hardware to spoof a MAC address. (Perhaps the author was talking
about what was required to sniff it.)

You need quite a bit of hardware and carnal knowledge of the design in
order to permanently change a MAC address. It's usually in a
protected parts of the firmware flash memory where it's safe from user
screwups. All the various OS's read the MAC address, and then save it
in a configuration file somewhere for later use. Changing the MAC
address is nothing more than changing the saved value.

In the distant past, I was doing some wireless testing which included
determining how many MAC addresses an access point could handle.
(Reminder: All 802.11 wireless networking is done at the MAC address
layer 2 level. Layer 3 or IP addresses are strictly for management
and configuration). I had software that connected to an AP,
disconnnected, changed the MAC address, reconnected, disconnected, and
so on. Each connection had a new spoofed MAC address. The question
was how many connections could it handle before failing, how did it
fail, and how gracefully did it recover. Nobody was very happy when I
reported that the system would hang and die long before the connection
tables were full. Hopefully, things have been fixed in todays
devices.

A friend of mine remarked that both he and I were relatively safe from such
attacks. "Why would anyone be interested in accessing //our// computers?"
Indeed. This is true for most users. Of course, it's no excuse for not taking
simple steps to protect yourself.

I play both sides of the wireless fence, so it's difficult for me to
provide a consistent personal policy. I also hate getting into
security discussions as they always end in acrimonious disagreement.
For the purposes of this discussion, I'll suggest that the
manufacturers of commodity hardware are at fault for NOT providing
routers and access points that are secure by default. Out of the box,
the router should have a pre-assigned secure password and a
pre-assigned secure WPA2 key. Only after the user configures the
router can it be reduced to a lower security level. Currently, all
but 2wire routers are delivered with no password (or a default
password), and encryption turned off. I ran a little mini-campaign
called "Secure by Default" for a few years trying to get the major
players to simply understand the problem. I even suggested that they
might be deemed liable for any financial damages resulting from the
misuse of their routers. Certainly, by looking at the gaudy box
covered with security related buzzwords and acronyms, a casual buyer
would ASSUME that they were well protected. Anyway, I was told that
convenience of setup was more important and not to bother them with
such problems. Oh well.


--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

 

[William Sommerwerck]

"Windows 7 Annoyances" has a good discussion of wireless security. I had no
trouble configuring my Linksys router.

 

[Jeff Liebermann]

On Sun, 13 Jan 2013 11:16:41 -0800, "William Sommerwerck"
<grizzledgeezer@comcast.net> wrote:

"Windows 7 Annoyances" has a good discussion of wireless security.

"Windoze Annoyances" is redundant. Windoze is one big annoyance.

I got into one of those discussions on some forum. It might have been
Annoyances, but I don't recall. My pitch line was the PSK (pre-shared
key) style security sucks, because if I had access to just one machine
on the network, which has the WPA2 pass phrase saved (and encrypted)
in the registry, I could recover the hash and crack the encryption.
Users also tend to write down passwords on post it notes, which can be
found in most offices.
<http://www.nirsoft.net/utils/wireless_key.html>

What's needed is a one time password, with a user unique login and
password. That's exactly what WPA2-Enterprise does. You login with a
user name and password. The RADIUS server authorizes the user, 802.1x
authenticates the connection, and maybe additional authentication with
an X.509 certificate on a flash drive. The wireless access point then
delivers a one time maximum length password. The password is only
good for the current session. Nothing to write down or sniff.

The problem is that few wireless routers and access points have built
in RADIUS servers. You would need either a stand alone Linux box
running FreeRadius:
<http://freeradius.org>
or an account on one of the assorted online RADIUS servers. For
example:
<http://cloudessa.com> (Free for up to 10 users)

I had no
trouble configuring my Linksys router.

Router setup is fairly easy, if you know what the buzzwords mean, can
follow instructions, and understand why one needs wireless security.
The sometimes included setup disk is also handy, but I don't use it.

What happens next is somewhat predictable. One day, the internet goes
down. You call your ISP asking for assistance. After dealing with
the basics, it's still down, so support suggest your reset your
router. Just press the little button in back and everything is back
to defaults. Like magic, it works and you're on your way. The
problem is that is also clears all the security. To AT&T's credit,
they no longer do that. Same with most large ISP's. However, I'm
constantly running into users that have reset their routers trying to
solve a problem, and then was wonder why the whole neighborhood is
using their wireless. I suggest you backup your working settings to a
file. When your router goes nuts, reset it, restore the backup, and
it should work.


--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

 

[William Sommerwerck]

"Jeff Liebermann" wrote in message
news:sn86f8di2ekgbk728q9fbs6b2b9641kgqc@4ax.com...
On Sun, 13 Jan 2013 11:16:41 -0800, "William Sommerwerck"
<grizzledgeezer@comcast.net> wrote:

"Windows 7 Annoyances" has a good discussion of wireless security.

"Windoze Annoyances" is redundant. Windoze is one big annoyance.

As are Apple's filthy lies about their products, for which the company should
be dragged into court and sued. I prefer an operating system where I can see
what's going on.

For the author of this book, the principal "annoyance" is that Windows'
default settings are rarely those that give the best user protection, or take
the best advantage of the operating system's features.

I got into one of those discussions on some forum. It might have been
Annoyances, but I don't recall. My pitch line was the PSK (pre-shared
key) style security sucks, because if I had access to just one machine
on the network, which has the WPA2 pass phrase saved (and encrypted)
in the registry, I could recover the hash and crack the encryption.
Users also tend to write down passwords on post it notes, which can be
found in most offices.
http://www.nirsoft.net/utils/wireless_key.html

What's needed is a one-time password, with a user unique login and
password. That's exactly what WPA2-Enterprise does. You login with a
user name and password. The RADIUS server authorizes the user, 802.1x
authenticates the connection, and maybe additional authentication with
an X.509 certificate on a flash drive. The wireless access point then
delivers a one time maximum length password. The password is only
good for the current session. Nothing to write down or sniff.

This isn't new, of course. One Windows encryption scheme uses a permanent 128-
or 256-bit encryption code that's essentially unfactorable (in any reasonable
amount of time). It's used to pass a shorter single-session code that doesn't
slow down the encryption/decryption process too much.

I had no trouble configuring my Linksys router.

Router setup is fairly easy, if you know what the buzzwords mean, can
follow instructions, and understand why one needs wireless security.
The sometimes included setup disk is also handy, but I don't use it.

I used the setup disk, then went back and customized things.

I keep a record of my router settings. As I live by myself, it's not likely
someone will get their hands on it.

 

[Jeff Liebermann]

On Sun, 13 Jan 2013 14:51:24 -0800, "William Sommerwerck"
<grizzledgeezer@comcast.net> wrote:

"Jeff Liebermann" wrote in message
news:sn86f8di2ekgbk728q9fbs6b2b9641kgqc@4ax.com...
On Sun, 13 Jan 2013 11:16:41 -0800, "William Sommerwerck"
grizzledgeezer@comcast.net> wrote:

"Windows 7 Annoyances" has a good discussion of wireless security.

"Windoze Annoyances" is redundant. Windoze is one big annoyance.

As are Apple's filthy lies about their products, for which the company should
be dragged into court and sued.

Everyone lies, but that's ok because nobody listens.

I have my issues with Apple, few of which have anything to do with the
product. The one that really bugs me is Apple's contention that it is
"green" while it produces intentionally unrepairable and intentionally
obsolescent products. I can take lies, overcharging, and even Made in
China quality, but I don't like hypocrisy.

I prefer an operating system where I can see
what's going on.

I prefer an operating system that works as advertised. I have no
interest in becoming a programmer or hacker simply to use a product.
If Windoze worked as one would expect, then I would have no need to
see what was going on under the covers.

For the author of this book, the principal "annoyance" is that Windows'
default settings are rarely those that give the best user protection, or take
the best advantage of the operating system's features.

Yep. Both MS and Apple seem to believe that user convenience is more
important than security or performance. Apple does a fair job of
anticipating advances in hardware since it controls the hardware used
on Apple products, while MS does it badly. For example, I just had to
increase the size of my icon cache database because I added too many
icons to my new oversized monitor. Such things are slightly worse in
Vista, but better in Windoze 7. Some tweaks, mostly for XP:
<http://www.kellys-korner-xp.com/xp_tweaks.htm>

This isn't new, of course. One Windows encryption scheme uses a permanent 128-
or 256-bit encryption code that's essentially unfactorable (in any reasonable
amount of time). It's used to pass a shorter single-session code that doesn't
slow down the encryption/decryption process too much.

I usually get into trouble commenting on security issues, so I'll be
brief. If I can get physical access to a client machine on a wireless
network protected only with a PSK (pre-shared key) encryption key, it
will take me a few seconds to extract the information that I need to
access the wireless network from your computah:
<http://www.oxid.it/cain.html>
The solution is for wireless router manufacturers to provide RADIUS
services in their products, as I previous ranted. There are several
good reasons why they don't do this, but if you want decent security,
that's what will be required.

I used the setup disk, then went back and customized things.

Good enough. Whatever works. I consider it a sign of weakness for me
to read the documentation. Besides, if the product were any good and
genuinely intuitive, it wouldn't need any documentation.

I recently setup a Linksys E2500 router. I had to read and "approve"
three different repudiation of responsibility web pages before it
would let me manually configure the router. Adding legal documents to
the configuration process does not make it better, easier, or more
secure.

I keep a record of my router settings. As I live by myself, it's not likely
someone will get their hands on it.

The neighbors 17 year old slacker came over to my house and wanted me
to make a color print of one of his class projects. He brought over
the files on a flash drive, which I stupidly plugged into my machine
without first inspecting. I spent part of the evening cleaning out
the virus from my machine. Fortunately, the internet was temporarily
off while I was juggling routers, so my address book didn't escape to
the spammers. It was also the only one of my machines that had
autorun and autoplay enabled. Convenience over security triumphs
again.
<http://www.ampercent.com/stop-usb-drive-autorun/2348/>



--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

 

[Texas Dawg]

On 01/12/2013 02:40 PM, mike wrote:

On 1/11/2013 4:06 PM, Dave Platt wrote:
In article<tpidnes9q9LsBG3NnZ2dnUVZ_sudnZ2d@giganews.com>,
Texas Dawg<td@dawg.nettttttttt> wrote:

My nearest neighbor lives 1000 feet away, he's old, and sick.
He likes my Android tablet, so, I was thinking about getting
him one, but, he doesn't have Internet. I thought maybe I could
get him Internet that way, where he could watch Netflix and surf
the web without him paying for Internet at $41.11 per month.

1000 feet is gonna be more than you want to deal with.
But more importantly, how far to HIS nearest neighbor.
Maybe it's more feasible for him to steal their netflix and internet.
After the nearest neighbor, the other neighbors are more than

3000 feet away.

For movies, you can load the movies onto a flash card and deliver
it to his tablet.
How would I get the movies downloaded from Netflix to put on

a flash drive to let him watch?

Rather than trying to relay the cable signal via antennas (which would
in effect be creating an unlicensed TV transmitter, and could cause
all sorts of legal and technical grief) you'd be better off setting up
an 802.11 bridge. A 1000-foot link is definitely possible with a gain
antenna on each end, if you have a clear line of sight between the two
houses. That sort of solution would be legal, as long as you
pick 802.11 radio-and-antenna systems which have been properly
certificated. Ubiquiti is one vendor of these sorts of devices.

Your neighbor would have two WiFi devices in his house (one for the
bridge, with a directional antenna, and a second access point or
router indoors with an omni antenna to provide a base for the tablet
and any other device he wants. They would operate on different
channels from one another so as to not interfere. One run of Cat-5
Ethernet cable between them, a bit of setup on each end and you'd be
good to go.

http://wiki.ubnt.com/How_to_bridge_internet_connections

 

[alonzo]

On 01/12/2013 07:20 PM, mike wrote:

On 1/12/2013 4:06 PM, Jeff Liebermann wrote:
On Sat, 12 Jan 2013 12:40:40 -0800, mike<ham789@netzero.net> wrote:

1000 feet is gonna be more than you want to deal with.

I have 5.7GHz links that are 1.0 miles, 1.5 miles, and 3 miles. They
run a mix of Ubiquiti hardware. Zero problems with the link part of
the puzzle. In the past, I used 2.4GHz links, with bit 24dBi barbeque
dish antennas. Add some interference, and it simply didn't work.
5.7Ghz fixed that. 1000ft (1/5th of a mile) is a no brainer.

I submit that "no brainer" for you is way more than he would want
to deal with. Spending $600 to redistribute ethernet service and
netflix service in violation of TOS seems like a lot to deal with.

And, with these threads, there seems to always be a gotcha.
50 posts into the thread the OP volunteers, "There's a huge ass
metal building in the way...does that matter?"


But more importantly, how far to HIS nearest neighbor.
Maybe it's more feasible for him to steal their netflix and internet.

If he can get a wireless or wired bridge running, one of these should
be able to provide the necessary video:
http://www.slingbox.com/go/slingbox-350

I'm just too cheap to comprehend stuff like this.
My wireless bridge is a $1 WRT54G with tomato firmware.
I expect 1000 feet would be a stretch. But I can't see more
than about 200' without running into a forest or a big ass metal pole
building.
There's no obstruction of any kind between the houses.

I administer my neighbor's system. I have many ways to steal his
netflix, with or without his permission...but it puts him at risk
and it's just wrong.

For movies, you can load the movies onto a flash card and deliver
it to his tablet.

I know very few people who a willing to watch an hour or two long
movie on a tablet screen. Large screen LCD TV's are more common.
Plugging the big LCD TV into the iPad or Android tablet via an HDMI
cable works. At that point, might was well get a streaming medial
player from WD, Netgear, Roku, and others, instead, and leave the
tablet for other things.

 

[William Sommerwerck]

"Jeff Liebermann" wrote in message
news:hsr6f81ob53385gm9r2k5k32ah8ta0lkpa@4ax.com...
On Sun, 13 Jan 2013 14:51:24 -0800, "William Sommerwerck"
<grizzledgeezer@comcast.net> wrote:

I prefer an operating system where I can see
what's going on.

I prefer an operating system that works as advertised. I have no
interest in becoming a programmer or hacker simply to use a product.
If Windoze worked as one would expect, then I would have no need to
see what was going on under the covers.

That isn't what I'm talking about. I'm talking about operating systems that
keep you from seeing what the computer is actually doing. The best example is
the increasing tendency of Windows to make the hard drive and its contents
"invisible".

 

[mike]

On 1/16/2013 6:20 AM, William Sommerwerck wrote:

"Jeff Liebermann" wrote in message
news:hsr6f81ob53385gm9r2k5k32ah8ta0lkpa@4ax.com...
On Sun, 13 Jan 2013 14:51:24 -0800, "William Sommerwerck"
grizzledgeezer@comcast.net> wrote:

I prefer an operating system where I can see
what's going on.

I prefer an operating system that works as advertised. I have no
interest in becoming a programmer or hacker simply to use a product.
If Windoze worked as one would expect, then I would have no need to
see what was going on under the covers.

That isn't what I'm talking about. I'm talking about operating systems
that keep you from seeing what the computer is actually doing. The best
example is the increasing tendency of Windows to make the hard drive and
its contents "invisible".

I think that's a very good idea for Joe Sixpack.
Most people don't care what's goin' on under the hood.
They just want to press on the gas and steer.
They can't mess up what they can't see...as easily...
And it's helpful when you have multiple single users
of the same machine. Doesn't keep the wife from finding your
porn collection, but doesn't rub her nose in it.

Personally, I like to tinker a bit.
First thing I do on windows is give myself read/write permission
to everything. For things that won't let me, I take ownership first.

Simple for Joe and Jane Sixpack. Easy enough for me to do what I want.

I worry a lot more about the continuous privacy invasion by every program
and webpage. Block it all!!!

 

[Leif Neland]

mike kom med denne ide:

Personally, I like to tinker a bit.
First thing I do on windows is give myself read/write permission
to everything. For things that won't let me, I take ownership first.

You should still have a "normal" acount and a superuser-account.

when you use the normal account, you will need the superuser-account
password for installing.

Then you have time to think "Hey, why does this website want to install
something to let me access this ... ?"

--
Husk křrelys bagpĺ, hvis din bilfabrikant har taget den idiotiske
beslutning at undlade det.

 

[Jeff Liebermann]

On Wed, 16 Jan 2013 06:20:18 -0800, "William Sommerwerck"
<grizzledgeezer@comcast.net> wrote:

"Jeff Liebermann" wrote in message
news:hsr6f81ob53385gm9r2k5k32ah8ta0lkpa@4ax.com...
On Sun, 13 Jan 2013 14:51:24 -0800, "William Sommerwerck"
grizzledgeezer@comcast.net> wrote:

I prefer an operating system where I can see
what's going on.

I prefer an operating system that works as advertised. I have no
interest in becoming a programmer or hacker simply to use a product.
If Windoze worked as one would expect, then I would have no need to
see what was going on under the covers.

That isn't what I'm talking about. I'm talking about operating systems that
keep you from seeing what the computer is actually doing. The best example is
the increasing tendency of Windows to make the hard drive and its contents
"invisible".

Sure. It's called the "Hardware Abstraction Layer" by Microsoft. I
forgot what Apple calls it, but it's part of their policy of "You
don't need to know that". The only time I need to dive that deep into
the system is when something goes awry or I want to trade some speed
for reliability (such as turning on HD write cacheing). As long as
the hardware is working, I don't see any benefit to me or the typical
user of knowing what goes under the covers.

Now, if you mean invisible as in where the OS hides its configuration
files and temporary workspace, yeah I can see a small problem. These
tend to get bloated, corrupted, or undersized. A few days ago, I had
to increase the icon cache database in Windoze because I dumped too
many icons on my desktop. If Windoze (and others) hide some files and
directories from the user, it's usually to protect them from
(accidental) corruption. Not a big problem methinks.

However, if you want to see everything, just download and run
UNHIDE.EXE as in:
<http://www.bleepingcomputer.com/forums/topic405109.html>
It was originally written to help recover from malware that hides file
and directories making the machine unusable. Since there was no way
to know what needed to be unhidden to recover, the program unhides
everything. Have fun, and let me know when you accidentally trash or
edit something important.

Incidentally, I come from a Unix background, where one does as little
as possible as root (superuser). All work is done as an ordinary
user. If a system file needs to be run, edited, erased, or moved, the
user gets a temporary elevation in privledges using the su or sudo
commands. This is not to isolate users, or protect user information.
It's to keep the owner of the machine from accidentally trashing it.
The same philosophy is slowly working its way into Windoze, in the
form of "Run as Administrator". If you can't see every file and every
directory, it's for your own good. I've had the OS catch me before
making a major screwup more times than I care to admit.



--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

 

[William Sommerwerck]

However, if you want to see everything, just download and run
UNHIDE.EXE as in:
http://www.bleepingcomputer.com/forums/topic405109.html
It was originally written to help recover from malware that hides file
and directories making the machine unusable. Since there was no way
to know what needed to be unhidden to recover, the program unhides
everything. Have fun, and let me know when you accidentally trash or
edit something important.

Great! Thanks.

I insist on organizing the drives the way //I// wish to. My new machine has a
256GB SSD, plus a 2TB HDD RAID 5 array. I tried to reserve the SSD for the OS
(and related software). I put as much software and data as I could on the HDD.
Fortunately, Microsoft lets you move IE and mail files anywhere you want, so I
moved them to the HDD. Thus, the system isn't constantly writing them to and
erasing them from the "fragile" SSD.

Incidentally, I come from a Unix background, where one does as little
as possible as root (superuser). All work is done as an ordinary
user. If a system file needs to be run, edited, erased, or moved, the
user gets a temporary elevation in privledges using the su or sudo
commands. This is not to isolate users, or protect user information.
It's to keep the owner of the machine from accidentally trashing it.
The same philosophy is slowly working its way into Windoze, in the
form of "Run as Administrator". If you can't see every file and every
directory, it's for your own good. I've had the OS catch me before
making a major screwup more times than I care to admit.

I have no objection to this in Windows, either, as it reduces the chance of
malware installing something nasty. However... there are certain "virtual"
directories I can't look in. I don't like this.