Beginning network analysis

[doyouhas]

Ok so, I am a long time watcher of the show and although I have played around with breaking WEP encryption on some neighboring access points and only briefly poking around in there, I don't have a whole lot of experience with network analysis. So I decided I would download Back Track 4, throw it on a DVD and head over to Barnes and Noble to scout around their network and see what I could find.

And what I did find, was disappointing. First of all, although the network itself is unencrypted, just connecting to an ATT hotspot does not give you access to the internet. I'm not sure what they use to achieve this. I remember seeing an episode in which Mubix did a piece about tunneling DNS and he said the one prerequisite was you needed to be able to ping a website and get a response. I pinged google.com...no response.

The thing is, I'm not so interested in having access to the internet, just in identifying hosts on the network and running some potential exploits against them, or just saving the entire session the a capture file. I would totally appreciate being pointed in the right direction so I could find some entry level information on the topics I just talked about. I'm not looking for a handout or anything just some help is all.

[Sparda]

For DNS tunnelling to work, ping doesn't need to work, nslookup needs to work.

[doyouhas]

I'm also looking for an update guide on pulling off DNS tunneling because the way that Mubix explains it in the episode I referenced earlier no longer works because godaddy has since changed their interface and validates all name servers before submitting the changes. So if you have another way to achieve DNS tunneling that would be swell.

Thanks,

Zach

[digininja]

Ok so, I am a long time watcher of the show and although I have played around with breaking WEP encryption on some neighboring access points and only briefly poking around in there, I don't have a whole lot of experience with network analysis. So I decided I would download Back Track 4, throw it on a DVD and head over to Barnes and Noble to scout around their network and see what I could find.

And what I did find, was disappointing. First of all, although the network itself is unencrypted, just connecting to an ATT hotspot does not give you access to the internet. I'm not sure what they use to achieve this. I remember seeing an episode in which Mubix did a piece about tunneling DNS and he said the one prerequisite was you needed to be able to ping a website and get a response. I pinged google.com...no response.

The thing is, I'm not so interested in having access to the internet, just in identifying hosts on the network and running some potential exploits against them, or just saving the entire session the a capture file. I would totally appreciate being pointed in the right direction so I could find some entry level information on the topics I just talked about. I'm not looking for a handout or anything just some help is all.

Do you realise what you are doing is illegal? Breaking your neighbours WEP then connecting to their network and then going to scout around Barnes and Nobles network are both things that could get you into trouble. You should only ever practise these kind of things against your own network or networks you have permission to access.

[doyouhas]

I'm not doing this analysis for financial gain and I don't have any nefarious intentions in mind, it's just a little exploration. Calm down. I realize breaking encryption is illegal, but how is scouting an ATT wifi hotspot illegal? There is nothing you have to sign to gain access to it, you simply connect. No terms of service agreements that I could see on the portal page. But even if there was, it doesn't matter because I'm not using the internet. Everything that is being transmitted between the clients and that access point is out in the open for anyone with a wireless card to see. That is not illegal.

[digininja]

If you are mapping out networks and planning to run exploits then that is illegal, regardless of what your motives are, curiosity or financial gain.

[barry99705]

I'm not doing this analysis for financial gain and I don't have any nefarious intentions in mind, it's just a little exploration. Calm down. I realize breaking encryption is illegal, but how is scouting an ATT wifi hotspot illegal? There is nothing you have to sign to gain access to it, you simply connect. No terms of service agreements that I could see on the portal page. But even if there was, it doesn't matter because I'm not using the internet. Everything that is being transmitted between the clients and that access point is out in the open for anyone with a wireless card to see. That is not illegal.

Here's the applicable part of the AUP you'd have to agree to for usage. I'll highlight the parts you're violating.

Security Violations

It is Customer's responsibility to ensure the security of its network and the machines that connect to and use IP Service(s). You are responsible for configuring and securing your services to prevent damage to the AT&T network and/or the disruption of Service(s) to other customers, and ensuring that your customers and users use the Service(s) in an appropriate manner. Customer is required to take all necessary steps to manage the use of the IP Service(s) in such a manner that network abuse is prevented or minimized to the greatest extent possible. It is Customer's responsibility to take corrective actions on vulnerable or exploited systems to prevent continued abuse. Violations of system or network security are prohibited and may result in criminal and/or civil liability.

AT&T IP Services may not be used to interfere with, to gain unauthorized access to, or otherwise violate the security of AT&T's or another party's server, network, personal computer, network access or control devices, software or data, or other system, or to attempt to do any of the foregoing. Examples of violations of system or network security include but are not limited to:

* intercepting, interfering with or redirecting e-mail intended for third parties, or any form of network monitoring, scanning or probing, or other action for the unauthorized interception of data or harvesting of e-mail addresses;

* hacking - attempting to attack, breach, circumvent or test the vulnerability of the user authentication or security of any host, network, server, personal computer, network access and control devices, software or data without express authorization of the owner of the system or network;

* impersonating others in order to obtain another user's account password or other personal information.

* using the IP Service(s) to deliver spyware, or secretly or deceptively obtain the personal information of third parties (phishing, etc.), or engage in modem hi-jacking;

* using any program, file, script, command or the transmission of any message or content of any kind, designed to interfere with a terminal session or the access or use of the Internet or any other means of communication;

* distributing or using tools designed to compromise security, including cracking tools, password guessing programs, packet sniffers or network probing tools (except in the case of authorized legitimate network security operations);

* unauthorized monitoring of data or traffic on any network or system without express authorization of the owner of the system or network; this would include use of sniffers or SNMP tools;

* falsifying packet header, sender, or User information whether in whole or in part to mask the identity of the sender, originator or point of origin;

* knowingly uploading or distributing files that contain viruses, Trojan horses, worms, time bombs, cancel bots, corrupted files, or any other similar software or programs that may damage the operation of another's computer or property of another;

* engaging in the transmission of pirated software;

* with respect to dial-up accounts, using any software or device designed to defeat system time-out limits or to allow your account to stay logged on while you are not actively using the AT&T IP Service(s) or using your account for the purpose of operating a server of any type;

* using manual or electronic means to avoid any use limitations placed on the Services;

* gaining unauthorized access to private networks;

* violating rules, regulations, and policies applicable to any network, server, computer database, web site, or ISP that you access through the IP Service(s).

[digininja]

Well said sir!

[barry99705]

Well said sir!

Many many years in other network security forums and work experience pays off sometimes.... ;)

[Brian Sierakowski]

Have to agree, as they teach you in Sec+, the absolute first step in any penetration testing exercise is to get senior management approval (in writing.)

[doyouhas]

It would be hard for me to believe that no one else here has explored a network other than their own. What happened to the hacker community? When did everyone become so prude? I'm not even interested in disrupting traffic just in mapping and discovery.

[Webhostbudd]

What happened to the hacker community? This is a hacker community, just not a black hat hacker community. We hack software and hardware to do as we wish while abiding by rules and regulations.

I'm not even interested in disrupting traffic just in mapping and discovery.

You obviously didn't read his post

* unauthorized monitoring of data or traffic on any network or system without express authorization of the owner of the system or network; this would include use of sniffers or SNMP tools;

[doyouhas]

And can you be so helpful as to tell me when someone would actually press charges against you for mapping their hotspot? I doubt that is a common occurrence.

[Sparda]

And can you be so helpful as to tell me when someone would actually press charges against you for mapping their hotspot? I doubt that is a common occurrence.

Currently the RIAA are continuing the sue people for pirating 20 od songs. Do you think that a different asshat group won't latch on to wifi attacks if it becomes a problem?

[doyouhas]

The RIAA's lawsuits are ineffectual. They have attempted to sue thousands of people out of existence and have failed in almost every case. In fact, there is only one single case involving hundreds of thousands of dollars that I have heard of going through. If they decide to sue me for misuse of a public wifi hotspot, who gives a shit. Oh wow, I now have a police order saying I'm not allowed within 1000 feet of any public hotspot... so that would basically mean I can't go into any Barnes and Noble, Starbucks, Burger King, McDonalds, and like a million other restaurants that have public wifi. You think such a court order would ever go through? Doubtful. Stop with this far fetched nonsense. I am aware people do get sued for ridiculous things involving technology, but most of the time (RIAA lawsuits as an expample), they don't go through. The legal system may be fucked up in America, but a good percentage of judges are smart enough not to send someone to prison for downloading a couple songs off their favorite Britney Spears album. By the way, "Sparda" I think your information is a little out of date. Sure they are always sending out cease and desist letters to people guiltily of pirating music but as I said the number of those lawsuits that make it to trial is astronomically small.

[ArkNinja]

They aren't talking about if you will get successfully sued/arrested whatever, they are talking about the fact that what you are doing COULD get you sued/arrested.

[doyouhas]

I just think that all of you are getting a little carried away with the "what ifs." What if a nuclear bomb hits the U.S. right now? We would all be dead. Is it likely to occur, even given the state of world security? No. The chances of a nuclear explosion happening without any warning are still very slim. What if I get arrested for mapping out poor, innocent Barnes and Noble's hotspot? I might spend the night in jail, or they might have a little talk with me and send me on my way. Is it even likely that they would care about me mapping their fucking network? The manager at the book store probably wouldn't even know what the hell that means let alone care. I want to poke around a book store hotspot big freakin deal, are you all seriously gonna play the card of "oh well technically under article blah blah blah of this law that particular action is illegal?" Did you know that that "[in Utah] adultery, oral and anal sex, and masturbation are considered sodomy and can lead to imprisonment. " So if I lived in Utah and you caught me masturbating are you seriously gonna call the cops on me?

[decepticon_eazy_e]

I just think that all of you are getting a little carried away with the "what ifs." What if a nuclear bomb hits the U.S. right now? We would all be dead. Is it likely to occur, even given the state of world security? No. The chances of a nuclear explosion happening without any warning are still very slim. What if I get arrested for mapping out poor, innocent Barnes and Noble's hotspot? I might spend the night in jail, or they might have a little talk with me and send me on my way. Is it even likely that they would care about me mapping their fucking network? The manager at the book store probably wouldn't even know what the hell that means let alone care. I want to poke around a book store hotspot big freakin deal, are you all seriously gonna play the card of "oh well technically under article blah blah blah of this law that particular action is illegal?" Did you know that that "[in Utah] adultery, oral and anal sex, and masturbation are considered sodomy and can lead to imprisonment. " So if I lived in Utah and you caught me masturbating are you seriously gonna call the cops on me?

You did start the thread with this...

"I'm not so interested in having access to the internet, just in identifying hosts on the network and running some potential exploits against them"

If you want help running exploits against people connected to hotspots, this is not the forum for you. People here are more white than blackhat. Most of the threads that say, I want to hack my school/work/friends, don't go anywhere. We're not here to discuss that, we know how to do that and we don't really want you to. Read books, go to schools, setup test networks, do your homework. That's what we did. I was hard work and we made sacrifices. I know that you haven't done these things because you wouldn't be here asking the question if you did, you would already know.

Good day sir.

[doyouhas]

I did say potentially running exploits against machines on the network, and maybe you're right, maybe it's so ungodly that I would even think about doing such a thing for the sake of learning. I don't have access to tons of networking equipment and tons of other computers to set up networks. I have a laptop, a desktop, my dad has one desktop, and we have one older box I use as a server. Did I say anything that remotely sounded like "OMGG need l33t haX0r to helpp me hax dis guy whoze bein a douche!@!" ? No. I just said I would like to be pointed in the right direction to resources that would help me understand network structure and how to go about exploring. What the hell is wrong with that? By the way, it's really not good to make generalizations. You think I don't do homework or something just because I'm on a hacking forum asking, what you thought, was a childish request? I am an A+ student and I have a job and many other responsibilities that require a decent amount of energy to manage. Maybe you shouldn't immediately "ass"ume that you know what kind of person I am. All I was looking for was direction to books/articles/etc that talk about network infrastructure and network reconnaissance.

[i.have.rewt]

Hmm well I think you've been found out and any further defense on your part is...hmmm..futile?

I may be new here but I believe this thread had run its course after your first post.

*voting for a lockout or further flaming of thread starter*