Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

kdn



198 posts

Master Geek
+1 received by user: 6


Topic # 31056 3-Mar-2009 12:09
Send private message

Recently whilst "auditing" my home network (read: hax0ring with linux) I discovered a rather shocking truth, which is the DLINK wirless ADSl router I have (supplied by telecom) will broadcast out all wired traffic over the wireless radio aswell.

I am not sure if this is limited only to DLINK's don't have anything else to test with, but basically I was simulating MITM SSL certificate injection to the wifi clients, and was intercepting all the usernames and passwords that I entered over encrypted pages on the laptop. It was just by chance that on the desktop PC that has only a wired connection to a leve1 firewall which connects to the dlink I opened outlook to check my emails and bang.. up came my pop3 username and password on the snooping laptop which has only a wireless connection.

I had a 100% success rate of pulling down the submitted data off the wired lan. I should also point out the desktop PC is on a different subnet to the wifi network, and of course https and pop3 is unicast tcp so its not like it was just broadcast traffic I was intercepting.

The one good piece of news is you have to know the wifi passkey before you can achieve any of this, so I would recommend to everyone with a DLINk to check their wifi settings are using WPA encryption (there is no excuse for using WEP) and that your passkey is strong.. I would recommend visiting:

http://www.pctools.com/guides/password/?length=20&phonetic=on&alpha=on&mixedcase=on&numeric=on&punctuation=on&quantity=10&generate=true

which will generate some random pass phrases, use at least 20 digits, with symbols and mixed case, as far as I am aware no-one has cracked WPA yet without using brute force.

Flamer.

Create new topic
75 posts

Master Geek


  Reply # 198955 3-Mar-2009 13:19
Send private message

FYI while we are handing out bad news...

WPA is no longer secure either, WPA2 is the only secure encryption for 802.11 networks.

2584 posts

Uber Geek
+1 received by user: 5

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 198956 3-Mar-2009 13:20
Send private message

kdn, this is normal behaviour and true of I would guess every home wireless router on the market. The wireless side of your router is treated as part of your internal network. As such there is no firewall between the wireless and wired side of your network.

If that was not the case you would have a lot of very unhappy people.

"Why can't I print to my shared printer connected to my PC from my laptop!" etc.

You are absolutely correct though. It is CRITICAL that you secure your wireless network. It is best to use as many layers of security as possible as well. Better yet only turn on the wireless when you need it and have it secured.

I remember a few years ago driving though Wellington with netstumber running and being shocked at the % of unsecured wifi access points. It is a lot better now but I am quite sure you would still find them.







Media centre PC - Case Silverstone LC16M with 2 X 80mm AcoustiFan DustPROOF, MOBO Gigabyte MA785GT-UD3H, CPU AMD X2 240 under volted, RAM 4 Gig DDR3 1033, HDD 120Gig System/512Gig data, Tuners 2 X Hauppauge HVR-3000, 1 X HVR-2200, Video Palit GT 220, Sound Realtek 886A HD (onboard), Optical LiteOn DH-401S Blue-ray using TotalMedia Theatre Power Corsair VX Series, 450W ATX PSU OS Windows 7 x64

2584 posts

Uber Geek
+1 received by user: 5

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 198957 3-Mar-2009 13:21
Send private message

iainw: FYI while we are handing out bad news...

WPA is no longer secure either, WPA2 is the only secure encryption for 802.11 networks.


WPA2 is also not secure.. it is just the hardest to crack.







Media centre PC - Case Silverstone LC16M with 2 X 80mm AcoustiFan DustPROOF, MOBO Gigabyte MA785GT-UD3H, CPU AMD X2 240 under volted, RAM 4 Gig DDR3 1033, HDD 120Gig System/512Gig data, Tuners 2 X Hauppauge HVR-3000, 1 X HVR-2200, Video Palit GT 220, Sound Realtek 886A HD (onboard), Optical LiteOn DH-401S Blue-ray using TotalMedia Theatre Power Corsair VX Series, 450W ATX PSU OS Windows 7 x64

xpd

Chief Trash Bandit
8915 posts

Uber Geek
+1 received by user: 1327

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 198959 3-Mar-2009 13:27
Send private message

Nothings secure.... if its been made by man, then itll be cracked - eventually Wink




XPD / Gavin / DemiseNZ

 

For Free Games, Geekiness and Reviews, visit :

 

Home Of The Overrated Raccoons

 

Battlenet : XPD#11535    Origin/Steam/Epic/Uplay : xpdnz


Hawkes Bay
8477 posts

Uber Geek
+1 received by user: 4

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 198962 3-Mar-2009 13:42
Send private message

xpd: Nothings secure.... if its been made by man, then itll be cracked - eventually Wink


Uncrackable encryption?

Interesting story.







1818 posts

Uber Geek
+1 received by user: 52

Trusted

  Reply # 198966 3-Mar-2009 13:50
Send private message

http://hothardware.com/News/Russian-Firm-Uses-NVIDIA-GPUs-To-Crack-WPA-WPA2/

With a modern gaming rig WPA2 can be broken.

I find that the ISP's have a bigger problem with the free modems username and password on factory default and that the users are not warned to change it.

kdn



198 posts

Master Geek
+1 received by user: 6


  Reply # 199015 3-Mar-2009 18:32
Send private message

Nety: kdn, this is normal behaviour and true of I would guess every home wireless router on the market. The wireless side of your router is treated as part of your internal network. As such there is no firewall between the wireless and wired side of your network.

If that was not the case you would have a lot of very unhappy people.

"Why can't I print to my shared printer connected to my PC from my laptop!" etc.



I would disagree, in terms of routing, My PC wants to connect to westpac.co.nz, I have a default gateway of 172.17.1.1/24, my default gateway is a router, using DNS I know the site is 202.x.x.x, my router has no specific route for this address except its default gateway which points to a router at xtra (via the dsl interface). Why would my wireless router also send the traffic out a second interface 172.17.2.255/24 (which is my wirless lan) when no traffic is destined for that network?

would people be happy if all local gaming traffic on the wifi subnet also went out the dsl and went against their monthly quota?

should I want to connect 172.17.1.5 to 172.17.2.7 My router would direct the traffic out the wifi interface because the two subnets are directly connected.

Flamer.

2439 posts

Uber Geek
+1 received by user: 144


  Reply # 199026 3-Mar-2009 19:28
Send private message

This is normal behaviour...

637 posts

Ultimate Geek
+1 received by user: 2

Trusted

  Reply # 199028 3-Mar-2009 19:42
Send private message

Nety: kdn, this is normal behaviour and true of I would guess every home wireless router on the market. The wireless side of your router is treated as part of your internal network. As such there is no firewall between the wireless and wired side of your network.

Not really "normal behavior".  The reason it occurs is because on most low-end CPE, the Wireless and Wired interfaces are a single IP interface configured on a L2 bridge interface.  If you telnet/ssh to the router and type 'ifconfig' you'll probably see a br0 interface, which is the bridge.  NB: This assumes your particular model of DLink is running Linux, which a fair number do.

A proper bridge should not flood traffic like this, so it seems like a bug or a misconfiguration of the bridge on the router (or perhaps something you were doing confused the bridging instance).

An alternative solution is to use a router which actually routes between the Wired and Wireless interfaces.  The caveat to this is that you will have two separate subnets in use (e.g. 192.168.0.0/24 and 192.168.1.0/24), and that the forwarding performance of the router as, well, a router, may be lousy.

2584 posts

Uber Geek
+1 received by user: 5

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 199101 4-Mar-2009 08:05
Send private message

kdn:
I would disagree, in terms of routing, My PC wants to connect to westpac.co.nz, I have a default gateway of 172.17.1.1/24, my default gateway is a router, using DNS I know the site is 202.x.x.x, my router has no specific route for this address except its default gateway which points to a router at xtra (via the dsl interface). Why would my wireless router also send the traffic out a second interface 172.17.2.255/24 (which is my wirless lan) when no traffic is destined for that network?

would people be happy if all local gaming traffic on the wifi subnet also went out the dsl and went against their monthly quota?

should I want to connect 172.17.1.5 to 172.17.2.7 My router would direct the traffic out the wifi interface because the two subnets are directly connected.

Flamer.


Your router does not sound like it works like most home routers in that you have two subnets, one for your wired network and one for the wireless network. Most routers use a bridge as the last person talks about and just have one subnet for both wireless and wired networks.

My statement that every home router would be like this was wrong as I myself have a router that does not work that way. But then it is not running the original firmware either. I guess it would have been more accurate to say that most home routers would work that way out of the box.

At the end of the day if someone gains access to your wireless network then you are have a serious problem no matter how your router works.







Media centre PC - Case Silverstone LC16M with 2 X 80mm AcoustiFan DustPROOF, MOBO Gigabyte MA785GT-UD3H, CPU AMD X2 240 under volted, RAM 4 Gig DDR3 1033, HDD 120Gig System/512Gig data, Tuners 2 X Hauppauge HVR-3000, 1 X HVR-2200, Video Palit GT 220, Sound Realtek 886A HD (onboard), Optical LiteOn DH-401S Blue-ray using TotalMedia Theatre Power Corsair VX Series, 450W ATX PSU OS Windows 7 x64

3224 posts

Uber Geek
+1 received by user: 624

Trusted

  Reply # 200721 11-Mar-2009 21:14
Send private message

Most decent routers now have wlan isolation from the lan. Yours may have this - if so, it may be worth looking into.




Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here




Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.