Jump to content

Mac Address


film

Recommended Posts

No i know what they are just i was talking to this guy and he said that he just put a MAC ADDRESS !!!! on his router anyways i was like ok... but he said now im unhackable and i was thinking no way there must be a way to get past them and i was wondering if he was right or wrong about saying NO ONE could get on this router ?

Link to comment
Share on other sites

If it can be built it can be unbuilt. There is nothing that is unhackable. It may be difficult and it may not have a current solution but if someone trys hard enough there is a way to do it I am sure. If Vako is correct and he setup a MAC whitelist then all you have to do it spoof a good mac address and boom your on. :) 8)

Link to comment
Share on other sites

If he programmed his router to only allow certain MAC address to connect to it, then all it takes is to watch what MAC addresses are connected using a program like airodump (part of the aircrack suite). After that you could try disconnecting them from the router using a deauth attack, reprogramming your MAC address to match theirs, and then connect to the AP. You'll want to add your real MAC address to their whitelist and disconnect yourself. If you do it quick enough maybe the victim won't realize why he was disconnected and won't think to check the router's config for a new entry.

Link to comment
Share on other sites

all i can say is kismet

kismet is a passive wifi scanner and it can show all associated wifi NICs,

couple minutes of that and you are sure as hell gonna get his mac address,

then either start airodump to dump wifi traffic and aircrack his wep or dump wpa traffic and brute or dictionary attack his psk.

when you have that it's simple to just nmap his lan with nmap with the spoof mac address and you know what's inside. in linux you can change mac address easily and windows i guess it's not hard, then it's as simple as running a nessus scan and fire up metasploit or have a look at security forest's extensive exploit range or a look at security focus and compile/ executed the exploit and soon his box is completely and utiley PWNED.

if you are going to run a wifi lan the only security technology that is is not defeated yet is wpa2 with radius and still that is still possible prone to brute force or dictionary attack for the psk.

in general all i can say is

"the only safe computer is one that is turned off"

and even then i have my doubts

just tell you friend that their is no definitive way to protect a network

Link to comment
Share on other sites

Wireless is NOT secure at all... anyone who tells you it is, is either stupid or lying. If security is important turn off wireless and use a cable, because someone will always find a way to 1337 H4X0R you.

That is why we have encryption, wireless can be secure if you know what you are doing and how to set it up correctly.

Link to comment
Share on other sites

it's secure to an extent if you set it up properly. but sorry guys, nothing beats cable (except of course, no network connection).

Also, when choosing how to set up your network, it's important to understand what sort of information people will be able to access, and who exactly will want to access it. If you are using WPA with mac address filtering, it's secure enough for 99.999999999999999999999% of people. For someone to actually bother trying to gain access to your network is highly improbable unless they are after you specifically.

i would say for a lot of people also that WEP with mac address filtering is secure enough. sure it CAN be cracked, but the amount of completely unsecured networks around here, it's still too annoying to bother with. it's also likely that the unsecured wifi's have less knowledgeable people behind them, so it's even more unlikely to get caught.

Link to comment
Share on other sites

it's secure to an extent if you set it up properly. but sorry guys, nothing beats cable (except of course, no network connection).

Also, when choosing how to set up your network, it's important to understand what sort of information people will be able to access, and who exactly will want to access it. If you are using WPA with mac address filtering, it's secure enough for 99.999999999999999999999% of people. For someone to actually bother trying to gain access to your network is highly improbable unless they are after you specifically.

i would say for a lot of people also that WEP with mac address filtering is secure enough. sure it CAN be cracked, but the amount of completely unsecured networks around here, it's still too annoying to bother with. it's also likely that the unsecured wifi's have less knowledgeable people behind them, so it's even more unlikely to get caught.

I'm a bit disagreed with you. it's difficult to say how a wireless network is secured. It mainly depends of...the people living in your area. You could get no trouble at all during 10 years as you could be hacked after two weeks.

The facts are : WEP is crackable, WPA is crackable. The way WEP is cracked (I actually didn't see how WPA works but it seems aircrack can beat it too), you get the client(s) MAC-ADRESS so the mac-address access list is useless. If a guy decided to crack your WEP key, changing his MAC-adress by yours is nothing. With linux, it takes one command.

Because of this, I don't use wi-fi at home even if it could help me out. I prefer to have a 10 meters cable. it's not handy, but it's a lot more secured than wireless network. At least, I don't have to fear against potential threats in my neighbourhood.

The guy who tries to get access to your network is not obligatory a guy who wants to harm your network. He may just want to have an internet connection for free (or maybe he's just an internet addict, he just moved and can't wait for his internet connection).

My advice, if you use the WI-FI anyway, it's at least to use WPA, change your key regulary and monitor your network too..and don't use P2P. There's a chance the guy can't make injection of packets but p2p will help him a lot. In less than one day, he will get enough packets.

Link to comment
Share on other sites

How's a 63 char random pass phrase on a weekly rotation, mixed in with 255.255.255.254 netmasks and seperated VLANS sound?

It sounds better :D .

Actually, with the linksys router named WPC-54G (If I remember well the name), you can use linux firmwares. I tried dd-wrt once and I was amazed how good it was compared with the original linksys firmware.

It manages vlans and it pertmits to easily check who's connected in via the MAC-ADRESS.

Link to comment
Share on other sites

The guy who tries to get access to your network is not obligatory a guy who wants to harm your network. He may just want to have an internet connection for free (or maybe he's just an internet addict, he just moved and can't wait for his internet connection).
that's exactly my point. i'm not sure about your area, but around my area there is atleast a 1:1 ratio of unsecured wireless networks to secured wireless network (possibly even approaching 2:1). now, if he has no specific purpose to get access to MY network, then why would he even bother? he can drive an extra 200m and he can connect with no trouble.
My advice, if you use the WI-FI anyway, it's at least to use WPA, change your key regulary and monitor your network too..and don't use P2P. There's a chance the guy can't make injection of packets but p2p will help him a lot. In less than one day, he will get enough packets.
solid advice. my point before when stating that WEP with mac address filtering is enough for most people is highlighting the fact that security issues are probably quite overstated due to paranoia. and that it's much easier to just find an unsecured network than it is to bother breaking even the simplest of security measures. it's also less risky for the attacker as there is less chance of the admin/owner having a clue and monitoring the network.

Another very good thing to do is change the broadcast strength of the wireless AP to as low as you can have it while still serving your needs, while it can still be accessed with the use of a dish or cantenna, it's less likely to be seen in the first place.

i'm lucky in this case because my neighbors have no clue and i live in a battleaxe (i'm not sure if this is an aussie term or not, but it's essentially a house behind a house, with a long driveway which goes to 2 houses, resembling a battleaxe from the air) so it's even weaker to access from the road.

Link to comment
Share on other sites

that's exactly my point. i'm not sure about your area, but around my area there is atleast a 1:1 ratio of unsecured wireless networks to secured wireless network (possibly even approaching 2:1). now, if he has no specific purpose to get access to MY network, then why would he even bother? he can drive an extra 200m and he can connect with no trouble.

I live in an appartement. I only recieve 4 wireless signals and sometimes another one.

The last one is Open :? but stays few minutes and it's quite rare.

There is only one wireless network with WPA encryption.

The rest uses WEP encryption.

In this exemple, i guess the guy with WPA encryption is the one with less risks.

if I had to hack one of them, I'll just waith for the first who makes a sufficient number of packets to get cracked. It is actually just a question of time and patience as I can't inject packets.

Another very good thing to do is change the broadcast strength of the wireless AP to as low as you can have it while still serving your needs, while it can still be accessed with the use of a dish or cantenna, it's less likely to be seen in the first place.

That's a very important advice.

There's another important advice. Change your admin password of your access-point/router !

I noticed a lot of people don't do it. In the cas of a wireless attack, the bad guy just have the complete control of your network. He can do whatever he wants.

In the case of the ACLs, he could add a mac-address for himself or simply remove the acls.

If your access point is the router, he could even open ports for his own needs.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...