Eircom Netopia Routers Are Wide Open

watty

Hmm.. That link does NOT recommend changing to WPA-PSK with 32 to 63 character random key, which it should.
Simply changing the WEP key only stops the most casual leech and does not delay a determined leech more than 5 or 10 minutes. No tech training needed, only Google.

watty

pid() wrote:

Wrong, you can check logs on the routers. Put them into expert mode, Then go to Statistics -> Logs. You can then select connection logs and you'll see mac address and ip assigned to clients connecting. Of course, anyone connecting was able to clear these logs if you didn't have a password on your router.

If you knew enough to enable logging (which is minimal compared with professional firewall product), BEFORE you found out about this wonder flaw, you would have WPA, or at least not have used the eircom CD so wouldn't be prone to visitors in the 1st place.

standbyme

watty wrote:

Hmm.. That link does NOT recommend changing to WPA-PSK with 32 to 63 character random key, which it should.
Simply changing the WEP key only stops the most casual leech and does not delay a determined leech more than 5 or 10 minutes. No tech training needed, only Google.

Sounds like eircom need to be configured
I noticed Basic Modem Config: on the broadband main page it showed me my OS & password, is that the default one?

Also i noticed when you copy & paste instead of clicking on http://wirelesssecurity.eircom.net/ into google it doesnt exist?

Sorry for all the questions but you do get curious in this situation.

Thanks, time for bed-yawwwnnnnnn!!

pid()

watty wrote:

If you knew enough to enable logging (which is minimal compared with professional firewall product), BEFORE you found out about this wonder flaw, you would have WPA, or at least not have used the eircom CD so wouldn't be prone to visitors in the 1st place.

Logging is enabled by default on the routers.

watty

All of them or just more recent ones? Actually the last Netopia I set up was a long while ago and had no wireless, so the user went and bought a Netgear, which I then setup instead.

How much can it possibly log and in what detail given the very limited memory free on a router? I had to switch from a Dlink to ClarkConnect running on Linux CentOS for my own firewall as I ran out memory to add port forwarding. I only use the Dlink wan router as a MIMO airpoint now.

pid()

Logging has been enabled on every eircom netopia router with wireless capability that I have come across.

I'm unsure of the logging capacity, however, on my router at home all connections for the last 36 days have been logged. In saying that, I am the only one connecting to the router so there's not a whole lot of logging to be done. It logs the IP and MAC of the clients which connect. When I was in college our router was shared by 20+ people and I remember the logs being very big on there, and it was still logging fine. By very big I mean if you printed the connection logs it would be over 100 pages. After all, it's only text. I imagine it can store a few megs at least.

pedro_m

Actually, the netopia routers support full syslog logging to an external syslog server. This can provide logging down to the packet level and generates huge volumes of data. If you ever have trouble sleeping at night try wading through them and see all the s**t bouncing off the fire wall!

It's particularly amusing when you drop the connection and get allocated a new ip address that was being heavily attacked when it dropped its connection...

ZeRoY

TelePaul wrote:

That's a good point, like...why bother! It'd let them piggyback though I guess....I know I have a download allowance or some such, guess they could use that up. So should I change SSID as well as changing to WPA?

I think you are missing an important point here. The issue of "piggybacking" on your broadband isn't the traffic usage as such - Imagine the intruder piggyback and then goes on to hack a company's network or website, who do you think the public IP will belong to?

You of course! Then you can be in trouble :eek:

spockpower

em question.
i just got the netopia wireless 3d reach usb adapter.

but whenever i plug it in to my usb the whole computershuts down???
why is this happenin??

TelePaul

ZeRoY wrote:

I think you are missing an important point here. The issue of "piggybacking" on your broadband isn't the traffic usage as such - Imagine the intruder piggyback and then goes on to hack a company's network or website, who do you think the public IP will belong to?

You of course! Then you can be in trouble :eek:

Ah okay. I see. I have WPA now.

BloodSugarSex

spockpower wrote:

em question.
i just got the netopia wireless 3d reach usb adapter.

but whenever i plug it in to my usb the whole computershuts down???
why is this happenin??

thats weird

try sticking it in a different usb port

watty

eircom should have Marketed this as a feature 6mnths ago and beaten BT
http://www.theregister.co.uk/2007/10/04/bt_fon_wifi_kibbutz/

towel401

I leave mine open on purpose. I do quite a bit of piggybacking myself so I would be a hypocrite not to. though its unlikely somebody will be able to access it from the road cause its so far away.

sure if someone hacks or loads kiddy pr0n off your connection you might get a few phonecalls and that. but at the end of the day they need more than a report of your IP address being used before they can do anything to you. everyone is allowed to run an open network if they want and i hope it stays that way.

life would be just too easy for the IRMA ****ers and those if every IP address was bound to a particular person. the people who run open access points in coffee shops, or run TOR proxies don't get in trouble so ordinary folk wouldnt either if they had an open AP

bartificer

towel401 wrote:

I leave mine open on purpose. I do quite a bit of piggybacking myself so I would be a hypocrite not to. though its unlikely somebody will be able to access it from the road cause its so far away.

sure if someone hacks or loads kiddy pr0n off your connection you might get a few phonecalls and that. but at the end of the day they need more than a report of your IP address being used before they can do anything to you. everyone is allowed to run an open network if they want and i hope it stays that way.

life would be just too easy for the IRMA ****ers and those if every IP address was bound to a particular person. the people who run open access points in coffee shops, or run TOR proxies don't get in trouble so ordinary folk wouldnt either if they had an open AP

You might be right. But I for one don't want the hassle. And, since I never steal other people's broad band I don't feel even remotely guilty for locking mine down

pid()

towel401 wrote:

everyone is allowed to run an open network if they want and i hope it stays that way.

Actually you're completely wrong. Read eircom's terms of service. This is against the terms and conditions of your contract with eircom. This contract can be terminated and you can be fined as a result of this.

Tazzle

Hands up who's with eircom and signed a contract? Not me anyway....

IrlJidel

towel401 wrote:

sure if someone hacks or loads kiddy pr0n off your connection you might get a few phonecalls and that. but at the end of the day they need more than a report of your IP address being used before they can do anything to you. everyone is allowed to run an open network if they want and i hope it stays that way.

I used to work for an ISP and used to liase with the Gardai with requests to map IP addresses to customers.

If the only evidence the Gardai have so far is that your connection was used on a number of occasions to upload kiddy pr0n, _and_ they want to investigate further , then the next step would be to get a search warrant and seize your equipment to examine for evidence.

Unfortunately at that stage all your neighbours will just presume you're guilty. If the guards have seized your equipment it would also take some time before you get it back.

watty

Tazzle wrote:

Hands up who's with eircom and signed a contract? Not me anyway....

payment implies acceptance of contract terms. Ordering via phone or online without signature is deemed to be be contract once they supply you.

You don't have to physically sign for a contract to be binding.

watty

towel401 wrote:

I leave mine open on purpose. I do quite a bit of piggybacking myself so I would be a hypocrite not to. though its unlikely somebody will be able to access it from the road cause its so far away.

sure if someone hacks or loads kiddy pr0n off your connection you might get a few phonecalls and that. but at the end of the day they need more than a report of your IP address being used before they can do anything to you. everyone is allowed to run an open network if they want and i hope it stays that way.

life would be just too easy for the IRMA ****ers and those if every IP address was bound to a particular person. the people who run open access points in coffee shops, or run TOR proxies don't get in trouble so ordinary folk wouldnt either if they had an open AP

People running WiFi Hotspots like Hotels etc have to sign up for a business package.

You are only allowed to run an open network if your T&C permit it. It would not be regarded as "Fair Use".

You don't just get a phone call. The Garda do seize all the computers.

towel401

watty wrote:

People running WiFi Hotspots like Hotels etc have to sign up for a business package.

You are only allowed to run an open network if your T&C permit it. It would not be regarded as "Fair Use".

You don't just get a phone call. The Garda do seize all the computers.

i have the business package & i never heard of anyone getting in trouble for running an open wifi network. i know about this T&C thing where they dont want you to share it with other people to encourage the other people to get their own connection but eircom says that you only can't resell it. so if you are giving it away for free its ok

the garda coming after you is unlikely unless you are doing some hardcore kiddy pr0n trading or someone is doing it off your connection.

standbyme

Tazzle wrote:

Hands up who's with eircom and signed a contract? Not me anyway....

When broadband was enabled in my place i signed up for the free wireless router worth that time E90
Also when you live in a rural area, you have no choice AFAIK.

ZeRoY

towel401 wrote:

I leave mine open on purpose. [...] sure if someone hacks or loads kiddy pr0n off your connection you might get a few phonecalls and that. but at the end of the day they need more than a report of your IP address being used before they can do anything to you. [..]

You are wrong. Trust me an IP will link to you and you will have to seat in court or at least be question by garda.

nobodythere

Am......


Surely the person who designed this scheme did it in full knowledge that he could break it.

Backdoor in disguise as a security screwup

Martyr

thats what i thought too..but after looking at the code, it seems like genuine mistake - actually quite common in alot of default settings for routers.

towel401

ZeRoY wrote:

You are wrong. Trust me an IP will link to you and you will have to seat in court or at least be question by garda.

at the end of the day thats the worse that could possibly happen. you won't get in trouble because they need a load more evidence than just that. also the more open wifi networks there are, the less they will be inclined to hassle the people who run them

Conor108

So this exploit only affects Netopia routers? Phew! Was panicking for a while there. Anyway while I'm here..techie questions:)

How do I filter my MAC Addresses anyway? I can't find it on my routers homepage. I have WPA-AES encryption and its 14 digit numerical. I have a Linksys router anyway because I'm UTV. And the routers remote admin is disabled. I'm only broadcasting B-Only and I'm on channel 5. Should I be on that channel? Is 6 or 7 better? That's ok-ish secure right? I'll have to get my non-techie Eircom buddies to change to WPA tomorrow....

nobodythere

Don't know about your other questions but the channel 5 is just a frequency to transmit on, nothing to do with security.

AlmightyCushion

You may as well enable a and g. There is no point using mac filtering, it can be spoofed easily.

Conor108

OK Thanks, I would enable B&G but my PSP is the only thing that uses the wifi and I seem to get better signal when streaming video/audio if I'm just transmitting B:)

watty

Conor108 wrote:

So this exploit only affects Netopia routers? Phew! Was panicking for a while there. Anyway while I'm here..techie questions:)

How do I filter my MAC Addresses anyway? I can't find it on my routers homepage. I have WPA-AES encryption and its 14 digit numerical. I have a Linksys router anyway because I'm UTV. And the routers remote admin is disabled. I'm only broadcasting B-Only and I'm on channel 5. Should I be on that channel? Is 6 or 7 better? That's ok-ish secure right? I'll have to get my non-techie Eircom buddies to change to WPA tomorrow....

14 digits is low.
32 to 63 mixed alphanumeric key recommended. Or 63 Hex digits 0..9, A B C D E and F

The channel is irrelevant.

WPA-AES is also called WPA2

What you are using is also called WPA-PSK mode unless you have a Radius server for passwords. WPA-Enterprise

a, b & g are bands/Modulation types, b can do 11Mbps and g do 54Mbps. SuperG modes will do 108Mbps or 125Mbps but these are not 100% compatible. Unless you have a very fancy MIMO WiFi it only actually transmits in one mode at a time, tending to stay on mode b if any device is mode b. 54g devices will then be forced down to 11Mbps