Infiltrator

I haven't tried Firesheep yet, but I am guessing because you are the user performing the attack, firesheep doesn't see you as a victim but simply the attacker, so therefore you won't be able to side jack yourself. I may be wrong but there could be someone else in the forums who may be able to give the right answer.

Are you able to use another FTP Client software? Just for testing purposes. If you are able to connect to your FTP server with another client software, than it could mean that there is some bad settings within FTPES.

I would probably do that same as Vako suggested. If you have a very fast computer at home and plenty of ram just use ESXI to create Virtual Machines. You can run several VMs off the same hardware, saving you hardware costs and electricity bills. For the backtrack side of the story, if you have a laptop just install backtrack on it, easy for portability and very handy when going war driving.

Is there any other port that is not being blocked by your ISP? Because if there is you could change Apaches default port to that.

I am kind of getting confused with this new IP address scheme. I know it supports a lot more network and hosts IDs, but there are certain aspects of it, that I'm gonna have to research into it to understand it better. By the way, thanks for posting that up. I think we're gonna have a good discussion on this topic.

I haven't tried sniffing Xbox traffic yet, but its an interesting idea. But I am pretty certain some of its traffic would be encrypted. You could find it out by running wireshark on a PC and if you have a switch that is capable of port mirroring, you could mirror your Xbox Ethernet port and send all its traffic to your computer.

Have you tried Torrents, you can file very large password files in there. On the other hand, I managed to put myself a 500MB password list, just by Googling.

You can use wireshark to sniff all the traffic in your network. In addition if you have a switch that is capable of port mirroring, it could make your job a lot more easier. Port Mirroring is used on a network switch to send a copy of network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port. This is commonly used for network appliances that require monitoring of network traffic, such as an intrusion-detection system. Port mirroring on a Cisco Systems switch is generally referred to as Switched Port Analyzer (SPAN); some other vendors have other names for it, such as Roving Analysis Port (RAP) on 3Com switches. An example of a SPAN configuration on a Cisco 2950 Switch is below. Monitor session 1 source interface fastethernet 0/1 , 0/2 , 0/3 Monitor session 1 destination interface fastethernet 0/4 encap ingress vlan 1 The above example mirrors data from ports 0/1, 0/2 and 0/3 to the destination port 0/4 using vlan1 for vlan tagging. To show the status of a SPAN monitor session use the following command. show monitor session 1 Where 1 is the session number from the above statement. Source: http://en.wikipedia.org/wiki/Port_mirroring

Fair point, l like your idea.

I am pretty sure you can control the bandwidth with D-WRT. Also as an advise you might want to rethink, whether you should charge or not for the internet usage. If I was setting up a wireless hotspot, for public access I would definitely charge them a fee for using it. Internet is so expensive here in Australia that sharing is not worth it. Thats my thought by the way.

The only easy to use remote assistance I can think of is, GotoAssist its not free but its valid for 30 days I believe. However there is also team viewer, http://www.teamviewer.com/index.aspx

No problems let me know when you can, thank you.

Even though the S stands for "secure", its still encrypting the connection between the client and the server side. But yeah it should've been FTPS.

Sorry could you be a bit more clear on what you want do?

You have two options: 1. use an encrypted FTP server and change its default port to a higher port or above 1024 2. or use SSH to tunnel any FTP traffic you want, also make sure to change the default SSH port to something above 1024.

Just out of curiosity are you able to do packet monitoring and packet injecting as well. Because if you can I might buy one of yours.

If your webserver is running inside your network, I don't see any reason to why you can't access your files. Are you able to access your website from outside your network?

One of the reasons why you are receiving limited connectivity is because your computer has not received a valid ip address. If you open up a command prompt windows and type ipconfig and then press enter You most likely will get an ip address of 169.254.X.X. Instead of using DMZ, just use one of the normal ports on the router and give it shot again, it should work.

I don't know how old you are, but if you have passion and devotion to learn something, than you won' have anything to lose but to gain.

That's what really cracked me up, when I read that line. Come one its so obvious that accessing someone's else account without their consent is illegal. Anything that you access without proper authorization from its owner its illegal. I don't know what that guy was thinking.

With these graphics card nowadays providing so much computational power, eventually they will be out performing much of the supercomputers in existence today.

Computerworld - People using the Firesheep add-on may be breaking federal wiretapping laws, legal experts said today. Or maybe not. "I honestly don't know the answer," said Phil Malone, a clinical professor of law at Harvard Law School as well as the director of the school's Cyberlaw Clinic at the Berkman Center for Internet and Society. Malone also served for more than 20 years as a federal prosecutor with the U.S. Department of Justice. Firesheep, which was released just over a week ago and has been downloaded nearly half a million times since, is an add-on to Mozilla's Firefox browser that identifies users on an open network -- such as a coffee shop's public Wi-Fi hot spot -- who are visiting an unsecured Web site. A double-click in Firesheep gives its handler instant access to the accounts of others accessing Twitter and Facebook, among numerous other popular Web destinations. But while the tool itself is not illegal, using it may be a violation of federal wiretapping laws and an invasion of privacy, experts said. "There are two schools of thought," said Jonathan Gordon, a partner in the Los Angeles office of law firm Aston & Bird. "The first is that there's no reasonable expectation of privacy in a public insecure Wi-Fi connection." Gordon, who regularly counsels clients on their Internet business practices, cited the U.S. statute pertaining to wiretapping, which states that it's not a violation of the law "to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public." But a second school of thought, said Gordon, "is that when people are accessing their social network [account], they have an expectation that whatever they're doing is governed by the privacy settings in that network." In other words, the fact that accessing a site takes place in an unsecure environment is beside the point. Gordon acknowledged that the second position was held by a minority of legal experts. Scott Christie, a partner in the Newark, N.J., office of law firm of McCarter & English, is in that minority, and he said that using tools such as Firesheep -- dubbed "packet-sniffers" -- is illegal. "Do people have a reasonable expectation of privacy when they're at a public node? The answer is probably yes," said Christie. "They don't forfeit their expectation of privacy simply by using a public Wi-Fi spot. And wiretap laws in general make it illegal to intercept real-time communications and content." But privacy laws were not crafted to cover scenarios where the owner of the data -- in the Firesheep example, people accessing their Facebook accounts at an unsecured hot spot -- didn't take steps to protect their information. That's one of the reasons why the legality of Firesheep, and other tools like it, remains up in the air. "It's an unsettled legal issue, but it will be tested at some point," Christie said. "Like many other situations, this is one of those areas where the law was crafted prior to the Internet age, and the courts will have to catch up." Gordon agreed. "It may be difficult [to clarify this], but it will happen," he said. Another law may also apply to Firesheep use, said Malone. That law, the Pen Register and Trap and Trace Devices Act (sometimes shortened to the Pen/Trap Act), was crafted with telephone line wiretapping in mind, but it could be called on by prosecutors, Malone said. A packet-sniffer that snatches important information, such as the IP address or other sending and receiving information, including addressing or routing data, is one case where the Pen/Trap Act might be applied. "If something like Firesheep grabbed some pretty bad stuff, technically it may have violated [the Pen/Trap Act]," said Malone, adding that an aggressive prosecutor might decide to file charges based on that law. Christie wasn't so sure. "If a tool like Firesheep captured IP addresses, the criminal component of it might apply, but I'm not sure anyone would use it." The legal experts also noted similarities between the Firesheep situation and Google's trouble with U.S. and foreign regulators over its Street View vehicles. Earlier this year, Google admitted that those vehicles had grabbed information from unsecured wireless networks as they snapped photos and mapped hot spots. Two weeks ago, Google admitted that in some cases the Street View sniffers had captured complete e-mail messages and user passwords. Google claimed that the data collection had been unintentional, and it argued that the practice did not violate federal laws because the wireless networks were not password-protected. However, that didn't stop several state attorneys general from asking Google for more information as they tried to decide whether the company broke federal or state laws, including wiretapping and privacy statutes. Last week, the Federal Trade Commission closed an investigation into Google's Street View activities. However, the company faces numerous class-action lawsuits in the U.S. over the practice and may be fined by some European privacy agencies. Malone said he suspected that before the law catches up to Firesheep and its ilk, Web sites will lock down their services, making the issue moot. That's also the hope of Eric Butler, the Seattle-based Web application developer who said he released Firesheep to raise awareness of the lack of Web site security. "Maybe all the bad press [over Firesheep] will make people realize that there's a problem, and enough to shame sites into changing," Malone said. "Maybe this is the wake-up call we needed." Source: http://www.computerworld.com/s/article/919...p_at_Starbucks_

Yeah just turn off all the services on the router and then you should be able to use it as switch only.

So you are saying that by placing another DHCP server on the same network segment, won't make any difference whatsoever.

It had to happen sooner or later, and it's happening today: a solar powered keyboard is now reaching commercial status. Logitech has been known for their innovations in the peripheral market, with the nearly microscopic Unifying USB receiver being the latest. But the company's newest keyboard is likely to be the one that people remember most from 2010. The Wireless Solar Keyboard K750 is the company's first keyboard designed to be powered entirely by ambient light. That means that you can just use ambient, extra light in your office to power it; you don't need to be under direct sunlight. This is definitely a major step forward for keyboards, and it will be difficult to see too many companies ignoring this going forward. It had to happen sooner or later, and it's happening today: a solar powered keyboard is now reaching commercial status. Logitech has been known for their innovations in the peripheral market, with the nearly microscopic Unifying USB receiver being the latest. But the company's newest keyboard is likely to be the one that people remember most from 2010. The Wireless Solar Keyboard K750 is the company's first keyboard designed to be powered entirely by ambient light. That means that you can just use ambient, extra light in your office to power it; you don't need to be under direct sunlight. This is definitely a major step forward for keyboards, and it will be difficult to see too many companies ignoring this going forward. If You've Got Light, You've Got Power: Logitech Introduces Solar-Powered Keyboard Logitech Wireless Solar Keyboard K750 Powered By Light - Even Indoors FREMONT, Calif. - Nov. 1, 2010 - Today, Logitech (SIX: LOGN) (NASDAQ: LOGI) introduced the Logitech® Wireless Solar Keyboard K750 - the company's first light-powered keyboard. The Logitech Wireless Solar Keyboard powers itself whenever there's light, even indoors, making battery hassles a thing of the past. "The keyboard is still the best input device for typing emails and IMs, updating your Facebook™ page or posting responses to your favorite blogs - and the Logitech Wireless Solar Keyboard K750 is the next big innovation in keyboard technology," said Denis Pavillard, vice president of product marketing for Logitech's keyboards and desktops. "The Logitech Wireless Solar Keyboard is powered by light but can work in total darkness for up to three months. Plus, with its PVC-free construction and fully recyclable packaging, it's designed to minimize its footprint." Powered by Light - Even Indoors To give you hassle-free convenience, the Logitech Wireless Solar Keyboard powers itself through its integrated solar panel - no power bricks or charging cables needed. The included solar power app (available for download at logitech.com/k750/solarapp) features a lux meter to help you get the necessary light, makes it easy to get at-a-glance information about battery levels, and even alerts you when you need more power. Logitech's first solar keyboard can be powered by indoor light and stays charged for at least three months in total darkness. Plus an integrated power-indicator light eliminates surprises. Only 1/3-Inch Thick But Logitech did much more than bring solar power to the keyboard. At only 1/3-inch thick, the sleek Logitech Wireless Solar Keyboard looks good. With its rounded edges and thin profile, this stylish, streamlined keyboard is a joy to hold and behold. Feel-Good Typing The low-profile keyboard features Logitech Incurve keys™. Using a concave design, Incurve keys support the shape of your fingertips, while helping guide your fingers to the right keys. In addition, the soft, rounded edges make it easy for your fingers to glide from key to key. Powerful, Reliable Wireless Connection with Logitech Unifying Technology The Logitech Wireless Solar Keyboard K750 offers Logitech Advanced 2.4 GHz wireless connectivity, keeping you connected with virtually no delays or dropouts, so you get all the benefits of a cord, with the convenience of wireless. Logitech Advanced 2.4 wireless also includes 128-bit AES encryption with the keyboard - one of the highest levels of security available. Plus, the tiny Logitech® Unifying receiver is small enough to stay in your laptop, so there's no need to unplug it when you move around. And you can easily add up to six Logitech Unifying and Unifying-ready mice and keyboards - without the hassle of multiple USB receivers. Pricing and Availability The Logitech Wireless Solar Keyboard K750 is expected to be available in the U.S. and Europe in November 2010 for a suggested retail price of $79.99 (U.S.). To learn more about the Logitech Wireless Solar Keyboard K750 please visit www.logitech.com or our blog for more information. Source: http://hothardware.com/News/Logitech-Debut...-Keyboard-K750/