OT: Luas fun

gutta

Here's a screen grab from MacStumbler (wireless sniffer) taken while travelling south on the Luas from the Stephen's Green terminus to the junction of Harcourt St. About 200 m or so.

Rew

Iv seen tsunami as an ESSID before but not in dublin, bit of a strange one, anyone knowi if its a defualt on some equipment or belongs to a particular company?

happydude13

proxim make a brand of gear called tsunami

parsi

Rew wrote:

Iv seen tsunami as an ESSID before but not in dublin, bit of a strange one, anyone knowi if its a defualt on some equipment or belongs to a particular company?

Its Cisco default SSID...

sirlinux

"6105 7371" is the default ssid on the 40 euro adsl modem eircom are doing

Enigma365

-Harcourt1 is KPMG

-OCallaghans is the Stephens Green Hotel(O'Callaghans Hotel Group)

Don't know the other two.

I live in that area(I can pick up those signals) but I cannot connect to the unencrypted wans. One unencrypted network just dosn't respond when I try to connect and the other(OCALLAGHANS) asks for a username and password when I open the web browser, as part of a Nomadix login.

Does that mean the networks are relatively un-connectable or is there a way to connect to them? If this question is not allowed on this board, please let me know and I will immediately remove it.

Rew

Enigma365 wrote:

-Harcourt1 is KPMG

-OCallaghans is the Stephens Green Hotel(O'Callaghans Hotel Group)

Don't know the other two.

I live in that area(I can pick up those signals) but I cannot connect to the unencrypted wans. One unencrypted network just dosn't respond when I try to connect and the other(OCALLAGHANS) asks for a username and password when I open the web browser, as part of a Nomadix login.

Does that mean the networks are relatively un-connectable or is there a way to connect to them? If this question is not allowed on this board, please let me know and I will immediately remove it.

Its not allowed to ask how to break in to a WLAN as that is illegal. The first on that dosnt respond is either MAC address restricted or there is no DHCP server. The 2nd one with the web login is prbably a hotspot belonging to the hotel.

Both of them are pretty crap from a security point of view but enough to keep the average joe blogs out.

gutta

Rew wrote:

Both of them are pretty crap from a security point of view but enough to keep the average joe blogs out.

Are you an average joe blogs?

Rew

gutta wrote:

Are you an average joe blogs?

You asking how much I know about WLAN security?

garthv

NERD FIGHT!!
/me gets popcorn

Rew

GaRtH_V wrote:

NERD FIGHT!!
/me gets popcorn

Not at all, im just trying to clarify what he's asking

gutta

Rew wrote:

Not at all, im just trying to clarify what he's asking

I'm asking if you're an ordinary Joe Blogs.

Superman

I'd say the more insecure one's are arround housing estates, people buying **** online hooking it up and not readin manual.

Rew

Superman wrote:

I'd say the more insecure one's are arround housing estates, people buying **** online hooking it up and not readin manual.

Yeah there is alot of that about but companies are just as bad for doing it. You aslo get people bringing their own AP's in to large offices and setting up their own WLAN's without asking or thinking of the consequences.

bridigo

Why is it not allowed to ask how to break in to a WLAN? it's not illegal to ask!

Numerous books have been written on hacking and cracking and how to do it - tools have been written to crack WEP keys... All with security improvement in mind.

Nomadix cannot use WEP as it is a crap standard. WPA has limited support. So it uses MAC Address AAA, associating it with a username and password... Something a 'good joe', would have difficultly getting around ???

Rew

bridigo wrote:

Nomadix cannot use WEP as it is a crap standard. WPA has limited support. So it uses MAC Address AAA, associating it with a username and password... Something a 'good joe', would have difficultly getting around ???

There are ways around that entire setup that im not going to post but its all fairly obvious stuff. Could be an intresting paper "Smashing Hotspots for Fun and Profit"....

bridigo

Obvious but extremely impracticable, users only use that username and password once, so the chances of snorting it are extremely remote. These hotel hotspots tend to be crap installations with access points interfering with each other, data packets and beacons colliding all over the place. I know Nomadix configuration inside out, and breaching it is close to impossible.

Rew

bridigo wrote:

I know Nomadix configuration inside out, and breaching it is
close to impossible.

Im not familular with Nomadix in particular but im assuming it works along the same lines as No Cat Auth and Open Stockholm. Are all the passwords one time use? Sounds a bit impracticle? Even one time passwords are vunerable to rouge AP combined with social engineering.

The main vunrability of those sytems is bumping off an authenticaed client and assuming their sessinon, the hard part is making sure the system dosnt notice. How hard that is depends very much on how the session is tracked.

gibo_ie

Rew wrote:

Im not familular with Nomadix in particular but im assuming it works along the same lines as No Cat Auth and Open Stockholm. Are all the passwords one time use? Sounds a bit impracticle? Even one time passwords are vunerable to rouge AP combined with social engineering.

The main vunrability of those sytems is bumping off an authenticaed client and assuming their sessinon, the hard part is making sure the system dosnt notice. How hard that is depends very much on how the session is tracked.

Actually nomadix are quite secure and very hard to bypass. I have been working with them for years now. They use a hardware applicance built on VXworks OS. They communicate with the client at a hardware level and then associate with your MAC address. It does not matter what your IP is set up as. AS for WEP/WPA -- yes nomadix will work with both if you have it set up on the access point.

As for logging on Nomadix, this is really non existant as is but there are third party software to assist in this.

Basically you buy your time either FREE/voucher/credit card or bill your room (PMS systems in hotels)

Not a bad system really
Gibo

Capt'n Midnight

Don't forget that the billing system usually costs more than the WiFI hardware or the broadband connection.