Solved

Wireless Hackers - What CAN they do?

Posted on 2004-09-30
7
554 Views
Last Modified: 2013-12-04
I was discussing the advantages/disadvatages of the different levels of wirelss security for 802.11 wirless networks. Someone said they leave theirs wide open because they dont feel anyone can do anything if they do pickup the signal outside his house. "What CAN they do?". I know you can port scan and look for vulnerabilites, but are there more serious and direct hacks where you can gain access?

What is possible once you are on the same router and subnet by picking up a stray signal?

mike
0
Comment
Question by:MikeMiller
7 Comments
 
LVL 11

Expert Comment

by:ghana
ID: 12193145
If security is based on WEP then hackers can sniff packets. WEP keys are static and not dynamic. Because of that it depends on the traffic on the WLAN how long it takes to find out the keys and to hack the net.

I know people who don't care about WLAN security because they won't see any problems if others using their network infrastructure. It doesn't disturb if others are able to use the WLAN to get internet access. From my point of view this can cause problems too: If hackers use the cracked WLAN access to start DoS attacks against remote servers then this will be done with the IP address(es) of the WLAN owner. If the attacked site goes down and they were able to find out the attacking IP the WLAN owner will be responsible for possible loss of money and so on.
0
 
LVL 3

Expert Comment

by:zamoti
ID: 12195424
As Ghana said, most people don't really care because they believe that there is nothing terribly important on the network.  One of the most useful things for someone to exploit is the antonymity of somebody else's Internet connection.  As said, they could launch bot attacks using your IP (the attack would be likely traced back to you because if they're using your connection, they're not terribly interested in using a bunch of proxies to cover their tracks.)  They might not be the script-kiddy type, but a real criminal might use the connection to send messages to cohorts.  Not to get too far flung with this, but if a terrorist wanted a means of hard-to-trace communication, they could easily get a laptop with a parabolic antenna, go driving and find a nice suburban neighborhood with lots of insecure WAPs.  I know, getting a little Tom Clancy here...

All of the above stuff would assume that the attacker is in proximity of your WLAN.  If somebody is standing on the sidewalk in front of your home with a laptop, you might be able to figure out what he/she is up to.  However, since most people don't change the default password on their router/AP, they can easily access the configuration and open ports to your network.  Then they could go home and take their time figuring out a way to get into your computer, install some sort of BS server (kazaa, gaming, DDoS bot, etc.)

Basically with enough time and resources, they could basically do whatever they want.  Sniff packets, send you to fake web sites steal passwords, steal credit card numbers, make you cry.  You get the picture.  

Would you want complete strangers to have access to your telephone?  Not much different really.

Cheers,

Z

0
 
LVL 3

Author Comment

by:MikeMiller
ID: 12195458
Since they are on the same router as your PC, is it easy for them to gain access to the PC?

With wireless aside, if someone is on the same router and subnet as you, is it easy to Hack their Windows PC?

mike
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 3

Accepted Solution

by:
zamoti earned 125 total points
ID: 12195516
The average idiot isn't going to stumble upon anything by accident, but if a little snooping is done, much can be found.

Since they are technically "inside" of your network, most firewalls aren't going to stop them.  Even if you use a software firewall like ZoneAlarm, you will likely be unprotected (most people put their internal network into the "safe zone" in order to share files and such).  Once they're inside of your network they only thing stopping them is Windows itself.  While people like to take potshots at Windows for being insecure it's not exactly easy to break in without a little work.  If the computer in question hasn't had any sort of updates AND file and print sharing is turned on, you're quite vulnerable.  Using a common port scanner like nmap (www.insecure.org) one could figure out if there are any open ports (of which there should be plenty) and then devise a scheme to exploit them.  Administrative/hidden shares (like C$ which is simply the root of your drive) is typically available and easy to get into if the user has a weak password.  Certain programs can do brute-force password guessing attacks for weak passwords in just a few minutes.

To actually answer the quesion, it's not a walk in the park to break in, but it's not that hard if an experienced hacker sets to it.

To answer the greater question, a WLAN should always be secured as much as possible.  Enable MAC filtering (though not tough to defeat), turn on WEP to the highest encryption available, disable SSID broadcasts and don't use channel 6 'cause everybody else uses it and it's the first place someone will look for a stray wireless connection.

0
 
LVL 3

Expert Comment

by:zamoti
ID: 12195587
Cool.  Thanks.
0
 
LVL 11

Expert Comment

by:ghana
ID: 12197207
To make a WLAN secure I would recommend to use WPA instead of WEP. Because WPA is using dynamic created keys it's impossible to get the key with sniffing. Of course you should choose a strong password with WPA.
0
 
LVL 2

Expert Comment

by:studlyed
ID: 12203179
if the wireless is unsecured thenanyone can connect to the network as if it were wired. have full access, use the internet print tons of pages on the printer look at documents on the computer, its as if it were art of the internal network. now if every pc on the internal network was so locked down that you cant do anything and dhcp was disabled then they cant do muchother than getting a link light unless they want to spend a LONG time port sniffing all the known ip's untill they fin the network.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now