Jump to content

TitaniumRat

Active Members
  • Posts

    7
  • Joined

  • Last visited

Everything posted by TitaniumRat

  1. I don't think it really matters if your machine is connected and surfing the net or connected and configuring the device, your machine is still vulnerable for no reason if all you're really trying to do is connect to via ssh and http. --------- edit: no, you're right. don't really see myself connected long enough for it to really matter.
  2. the actual WPA2 wifi network is secure. however, the issue is that eth0, wifi0(open wireless network) and wifi0-1(secure wireless network) are all part of in the bridge group br-lan. they all have layer 2 connectivity, they all receive ip addresses in the 172.16.42.0/24 subnet when they connect, and clients in all three networks can freely communicate with each other, since packet filtering and firewalling happen at layer 3. so, if you have allow communication freely between clients connected via the secure wireless network, the open wireless network and through the ethernet adapter via the bridge br-lan, then you are at still at risk of attacks, port scans, connection attempts and whatever nasty malware on clients connected through your secure wlan and ethernet interface by clients in your open wireless network. the security risk is worse than normal, since you might want to entice people to connect at times, and then there's the always on by default open network with full access to your machines via the bridge and the only security on it is a hidden ssid with a predictable range of the default SSID (Pineapple5_$VAR). oh, the open wifi also get to communicate through client mode connestions, too. try it yourself, connect to the open network with one machine, connect to the secure network with another, then try communicating to the secure network. ping/portscan/remote desktop/whatever.
  3. by default, the name of the hidden ssid is vulnerable if you know what to look for... it seems to get created with Pineapple5_ followed by the last 4 digits of the wireless adapter's MAC address. a shell script, a while loop, an incrementing $counter and iwconfig wlan1 essid Pineapple5_${counter} would get you through most of the combinations of 4 digits. you'd just have to account for the rest of the hex possibilities to be thorough.
  4. If a client connects to the Open AP and a client connects to the Secure AP, are they not connecting to he same AP!? by default, the ethernet, the open SSID and the secure SSID are all bridged, so they all end up in the same subnet and can communicate with one another. I can connect one machine to the secure SSID and one to the open SSID and ping/browse shares/etc on the machines connected to the secure wireless network from the open network. I have built a new network named MNG and moved my secure interface/SSID to it(also, reconfigured dhcp to server both networks, reconfigured the firewall to allow the new MNG traffic to flow). I'm going to try to setup some firewall rules to restrict traffic from the open network to the management network, then I'm going to see if I can get ssh/httpd/etc configured to only bind to the IP address on the secure network.... I'm sure it's going to break all kinds of stuff, though. but, I'll have a routed and filtered management network that won't let people connect from the open network to my secure machines.
  5. ah, thanks. just got mine, so I'm catching up. better to disable/reenable than to secure, in that case. it's a shame that it's not in its own network.
  6. datahead is right, I was doing exactly that until I decided to secure them both. ifconfig wlan0 down will disable the unsecured SSID. I was kind of lazy and just added the command to /etc/rc.local to disable at boot. if you ever need it, you can just run `ifconfig wlan0 up` and it will be active until your next reboot. I decided to secure them both with WPA2 from the command line. so, here's how mine looks now(also added freeradius): config wifi-device 'radio0' option type 'mac80211' option hwmode '11ng' option macaddr '00:13:37:a5:39:34' option htmode 'HT20' list ht_capab 'SHORT-GI-20' list ht_capab 'SHORT-GI-40' list ht_capab 'RX-STBC1' list ht_capab 'DSSS_CCK-40' option channel '1' config wifi-iface option device 'radio0' option network 'lan' option mode 'ap' option ssid 'Pineapple5_3934' option key 'SharedSecret' option server '172.16.42.1' option port '1812' option encryption 'wpa2' option hidden '0' config wifi-iface option device 'radio0' option network 'lan' option mode 'ap' option ssid 'wpa2' option disabled '0' option encryption 'wpa2' option key 'SharedSecret' option server '172.16.42.1' option port '1812' is there some reason for the unsecured network? I would just try to remove it, but I'm affraid something depends on it being there..
  7. sorry for the late response. you need to install the 64bit version of that library, so the 64 bit apps can use them. the version it's telling is already installed is the 32-bit i686 version. try installing the libgcrypt-1.4.5-11.el6_4.x86_64.rpm.
×
×
  • Create New...