![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
cellioGo read ![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif)
siderea's post about Firesheep and network security. Hijacking your credentials at many web sites, ranging from Twitter to Amazon, just got a lot easier.
No network is really secure, and especially not a wireless one. Someone who really wants to crack you can do so pretty much at will. As with physical security, the point isn't to keep the pros out; it's to discourage the kiddies so they'll go bother someone else instead. That said, you used to have to do at least a little work to crack someone else's security -- run a packet sniffer, launch dictionary attacks, and I'm not really sure what-all else. Now, it comes in the form of a convenient Firefox plug-in. (The running of which is almost certainly a violation of your ISP's terms of service and your employer's IT policies, just to be clear.)
So, reluctantly, I have ended our brief foray into leaking wireless into the street and not minding so long as they didn't eat much. (I had disabled our security recently because I was having problems connecting a new device.) An open network might be mostly harmless (given that we do no commerce, banking, etc from wireless devices), but I don't want to invite casual packet-sniffers onto my network -- don't want the risk that they can in fact get to me, and don't want that activity potentially associated with my IP address.
What I'd really like to have, and I can see no way to do this if you don't build your own router, is to receive an alert when an unknown device does show up on the network. Anyone know how I could do that when the tools available are a couple of Macs, legacy PCs (that are not usually left on), and a Verizon modem/router combo?
siderea's post about Firesheep and network security. Hijacking your credentials at many web sites, ranging from Twitter to Amazon, just got a lot easier.No network is really secure, and especially not a wireless one. Someone who really wants to crack you can do so pretty much at will. As with physical security, the point isn't to keep the pros out; it's to discourage the kiddies so they'll go bother someone else instead. That said, you used to have to do at least a little work to crack someone else's security -- run a packet sniffer, launch dictionary attacks, and I'm not really sure what-all else. Now, it comes in the form of a convenient Firefox plug-in. (The running of which is almost certainly a violation of your ISP's terms of service and your employer's IT policies, just to be clear.)
So, reluctantly, I have ended our brief foray into leaking wireless into the street and not minding so long as they didn't eat much. (I had disabled our security recently because I was having problems connecting a new device.) An open network might be mostly harmless (given that we do no commerce, banking, etc from wireless devices), but I don't want to invite casual packet-sniffers onto my network -- don't want the risk that they can in fact get to me, and don't want that activity potentially associated with my IP address.
What I'd really like to have, and I can see no way to do this if you don't build your own router, is to receive an alert when an unknown device does show up on the network. Anyone know how I could do that when the tools available are a couple of Macs, legacy PCs (that are not usually left on), and a Verizon modem/router combo?
(no subject)
Date: 2010-10-28 03:37 am (UTC)If you're willing to run your own DHCP server, this can be trivial. Depending on your DHCP server implementation, there may even be a "run a script if an unknown MAC address connects" option.
If you don't want to run your own server, whatever IS running your DHCP server can probably be configured to write to syslog. There are a few "watch syslog for interesting entries" programs out there. It's pretty easy to make a Mac start saving syslog information. Configure all of your devices to use static addresses at home. Then, if the DHCP server EVER hands out an address, send an alert.
You could always convert one of those legacy PCs to a dedicated network monitoring machine, but that's probably overkill.
(no subject)
Date: 2010-10-29 01:47 am (UTC)I think the DHCP is being done by the router. Is it even possible to move that? I'm not up for building my own router to replace the current box. I'll look around in the settings for something like "run a script if an unknown MAC address connects"; that would be handy.