Šta je novo?
Od:
Filteri

WiFi krađa protoka / zaštita

Status
Zatvorena za pisanje odgovora.
Imam samo TP-LINK ili Atheros kako ga prepoznaje AIDA,mreznu karticu AR5005g,kabal i antenu :D I da, na informacijama pise secyriti type-unsecured.
 
Znači da još jedan komp u mreži ima istu IP adresu, što dovodi do konflikta, jer ruter ne zna gde treba da šalje paketiće podataka
Najbolje da su u mreži sve manuelno postavljene IP adrese
 
Ја користим само филтрирање по мац адресама, јер су ми остале заштите слабо радиле, да ли могу фикснр ип адресе да се наместе на телефону?
 
Ima li ko ideju, zasto ruter kroz DHCP salje kao 'gateway' svoju adresu 192.168.1.254, umesto adresu modema 192.168.1.1? Sve ostalo radi ok, ali ovo ubi. I naravno ljudi ne mogu na mrezu, nego mora rucno da im se zadaje.
 
ironmanbg je napisao(la):
Ја користим само филтрирање по мац адресама, јер су ми остале заштите слабо радиле, да ли могу фикснр ип адресе да се наместе на телефону?
Kliknite za proširenje...

Ako misliš na Androidu - može.
Ideš na SSID koji te zanima, držiš prstom dok se na pojavi "modify network", štikliraš "Show advanced options" i voila ;)
Sve to ima na ICS, ne sećam se kako beše na GB.
 
sirNemanjapro je napisao(la):
DHCP je majka, kad radi. Manuelno postavljanej IP adresa samo kroz server (ruter), nikako kroz klijent (računar).
Kliknite za proširenje...

A što da se ne postavljaju IP adrese manuelno na računarima ?
Imam mrežicu od 20-tak kompova, DHCP na routeru isključen odma, znam za svaki komp IP napamet, administriram ih remoteom, da radi DHCP morao bih da tražim IP od određenog kompa + što poslovna aplikacija zahteva da budu statičke IP
 
Skoro svaki ruter ima mogućnost da fiksira IP na odredjenu MAC adresu. Fiksiraš i zaboraviš da postoji :)
A i nemaš šta da tražiš, pogledaš na ruteru ;)
 
Pozz ljudi imam ogroman problem. Nov sam student i trebao sam da se uselim u novogradnju, ali ona jos nije zavrsena pa sam u nekom privremenom smestaju.
Problem je taj sto cale nece da placa internet dok sam u ovom smestaju, pa hvatam razne wireless konekcije na Asus N61-JQ laptopu.
Ima jedna koju redovno vidim, nekada sa tri, nekada sa jednom, ali uglavnom sa 2 crte, unprotected je i ta uglavnom radi.
E sad sta mislim pod uglavnom, naime nekad radi super, ide punih 150kb/s(ne skidam nista, ali se oseti lepo da ide puna brzina), a nekada prosto nema protoka iako pise da imam internet access. U celoj sobi u kojoj sam smesten u sredini sobe nekako najpouzdanije hvata internet, iako na jednom kraju sobe ima 3 crte tu do sad nikad nisam uspeo da se konektujem(izbaci gresku prilikom konektovanja). E sad, pored te postoji jos jedna unsecured konekcija, dve WEP konekcije i dve WPA konekcije dok su sve ostale WPA2, ali su sve uglavnom na dve crte i ni na jednu sem ove nisam se do sada konektovao(mad WEP i WPA nisam jos pokusavao da provalim).

Zna li neko zasto nekad imam pun net, a zasto nekad nemam nikakav protok, a da se laptop nije pomerio sa jedne lokacije u oba slucaja, kao i kako mogu da nacinim da stalno imam net?
Zna li neko kako da pojacam signale konekcija? Pare nisu problem, posto ce mi tako nesto trebati i u buducnosti.
Zna li neko pouzdan nacin da se provale WEP i WPA konekcije(ne WPA2), ja sam citao nesto o koriscenju Backtrack Linux-a i AirCrack programa, ali necu da se bakcem sa time ako neko iz iskustva moze da mi kaze da nema vajde od toga.
 
Pa ako cale ne placa net, zaposlis se i placas sam net ;)
 
Izvinjavam se, nije da cale nece, nego nema uslova za ADSL-Kablovsku, tj gazdarica trazi da ako se uzme da se plati na godinu dana, a ja sedim ovde mesec dana.
 
Pa što ne probaš BackTrack?:) Može da razbije WEP.

Da pojačaš? Treba ti neki repeater, ja sam to recimo radio sa Linksys WRT54GL + DDWRT.
 
Će da primeti kao i ona gomila ljudi koja ima nezaštićene mreže godinama :)
 
Swiper je napisao(la):
Pa što ne probaš BackTrack?:) Može da razbije WEP.

Da pojačaš? Treba ti neki repeater, ja sam to recimo radio sa Linksys WRT54GL + DDWRT.
Kliknite za proširenje...

Taj Linksys sa 2 antene, on znaci moze da prima i pojacava signal u isto vreme?
 
E sad, "pojačava"... Radi kao repeater, dobija signal i šalje ga dalje :)
 
1) Da li si jednog trenutka pretpostavio da onaj koji plaća tu konekciju je zapravo i koristi za YouTube, download, itd.? :)
2) Možeš da kupiš neki wifi ruter koji bi mogao da služi kao Access Point za tvoju sobu/stan.
3) N/A
4) Ako imaš telenor karticu, uplatiš 300 dinara kredita i aktiviraš net paket. Tako imaš ceo mesec flat GPRS i nešto sitno u punoj brzini. Za surf, fejs i mejlove puna kapa. Ako nemaš mogu da ti pošaljem 3G modem da ne kupuješ. Kad završiš, ti vrati.
 
zechs bio si od izuzetne pomoci, a za ovo te prijavljujem, pa nismo dosli da se vredjamo.
Treba mi internet zbog raznih dodatnih aktivnosti oko fakulteta, slanje domaceg, istrazivanje za seminarske radove itd, znaci ne skidam nista, ne igram online igre i ne idem na youtube.
Problem je u tome sto na ovom wireless-u ili ima interneta ili nema ni 1KB protoka.

Zahvaljujem se Swiper-u i sirNemanji, sigurno uzimam Linksys i nabacujem custom firmware, a imacu na umu i ovu Telenor varijantu.
 
To je prosto. Skeniraj, pokupi pakete, što više paketa da bi imao s čime da radiš "rečnički napad", pri tom treba samo da pogodiš IV (inicijalni vektor) koji je kod WEP-a uvek isti ...

Da se ne bi mnogo zamarao postoje alati koji će sve to da ti urade, ali treba malo vremena dod skupiš dovoljan broj paketa i primeniš Brute Force napad.

Ali, treba da znaš, nije lepo da kradeš tuđ internet kada za 300-500 din možeš to da rešiš na legalan i pošten način. Nemanja ti je još ponudio i modem, samo treba da uplatiš internet.

A to da se odužiš tom čoveku zaboravi. Možeš samo sebi da prouzrokuješ probleme jer ne znaš s kim treba da se susretneš. Možda je neki prek čovek. Čak i da mu nađeš IP nećeš moći da odrediš gde živi.
 
Poslednja izmena:
Soleslave, ja ne znam sta da ti kazem...mene uzasno nervira kada neko pokusa da mi se nakaci na mrezu, jer to vidim kroz logove..mada valjda kada su videli da nema vajde od toga i prestali su :D 22-karakterni kljuc i WPA2 enkripcija :D A ti ako ti treba net povremeno, sirNemanja ti je vec dao predlog putem Telenor Net kartice koji je po meni sasvim na mestu ako ti je to prelazno resenje..za sve ostalo moraces sam da se snalazis..da je u edukativne i akademske svrhe jos i da razumem, ali ovo kako da opljackam banku a da me ne provale je bez veze
 
Poslednja izmena od urednika:
Proste stvari koje možete da uradite:
  1. the main thing you can do, is be the hardest person to hack around you. That's the biggest deterrent. If I'm going to hack you, but you're taking too long or are too expensive to crack, I'll try the next person. This will require some playing around in your router settings.
  2. I'll assume you would never use WEP. 10 minutes on youtube and your mom can crack it.
  3. Switch off WPS. this is EXTREMELY vulnerable to brute force attacks and can be hacked in seconds, even if you are using WPA2 with a ridiculously complex password. Tools like reaver and revdk3 or bully make light work of these. You're only a little bit more protected if your router supports rate-limiting, which slows down, but doesn't prevent brute force attacks against your routers pin. Better to be safe and just switch WPS off and be 100% safe against these attacks.
  4. turn off remote access, DMZ, UPNP, unecessary port forwarding
  5. turn on, any inbuilt intrusion detection systems, MAC address filtering (tedious to set up if visitors to your house want access to your wifi (you will have to add your friends device to the router's MAC white-list to enable access) This can be hacked by faking a MAC address easily, and getting your MAC is also easy with an airodump-ng scan, but nevertheless, this will slow down attackers, requires them to be near a client device (mobile phone, or laptop in the whitelist) It will be pretty effective against some remote attacks.
  6. have a very long, non-human, complex password. If you have ever tried to decrypt a password you'll know that it gets exponentially harder to crack a password the more complex, less predictable and longer it is. If your password even remotely resembles a word, or something that could probably be a set of words (see: markov chains) you are done. Also don't bother adding numbers to the end of passwords, then a symbol... these are easily hacked with a dictionary attack with rules that modify the dictionary to flesh it out to cover more passwords. This will take each word or words in the dictionary, and add popular syntax and structures, such as passwords that look like this 'capital letter, lowercase letters, some numbers then a symbol. Cat111$, Cat222# or whatever the cracker wants. These dictionaries are huge, some can be investigated on crackstation or just have a look at Moxie Marlinspikes' cloudcrackr.com. The goal here is to be 'computationally expensive'. If you cost too much to crack using ultra high speed cloud based cracking computers then you're safe against almost anyone. So ideally you want to use the maximum 64 characters for your password, and have it look like the most messed up annoying symbol infused piece of incoherent upper-lower-case dribble you've ever seen. You'll probably be safe after 14 characters though, there's quite a bit of entropy here, but it's far easier to add characters than it is to decrypt.
  7. change your routers default password and SSID. nobody does this, but everyone should. It's literally the dumbest thing. Also, don't get lazy. and don't keep the router's model number in the SSID, that's just asking for trouble.
  8. update your router's firmware. Also, if your router is old. throw it out and buy a newer one, because it's likely your router is on some website like routerpwn.com/ and you've already lost the battle. Old routers are full of bugs, can be easily denial-of-serviced, don't usually have firewalls or intrusion detection systems and don't usually have brute-force WPS rate limiting among other things. just get a new one.
  9. learn about evil-twin hacks. The easiest way to protect against this is to stop your device from auto-connecting. However, this might still snag you. Become familiar with software like wiphishing and airbase-ng, these apps clone your router, then Denial of service your router making your device connect to the attackers cloned router, allowing them to intercept your traffic. They'll usually try to phish the WPA2 password from you here. You're safer from these attacks if you actually know what your router's web console looks like, because the default phishing pages that come with these types of apps are usually pretty old looking, however a sophisticated attacker can create a good landing page. Put simply, if your 'router' ever wants you to type in a password don't type it! You'll only ever be asked when you are creating the password, when you specifically log in to the 192.168.0.1 or 10.1.1.1 user interface, then you are being phished and it's game over. To prevent this attack you could also artificially reduce the range of your router. pull out the antenna's and create a little faraday cage around it, leaving a small area that points to your most ideal wifi position. Alternatively, just use a cable to your laptop or computer until the attacker gives up.
  10. handshake attacks are pretty popular, this is where the attacker sends a deauthorisation packet to anyone connected to your router using your password, then when that device (say an iPhone) tries to reconnect, it captures the '4 way handshake' which let's the device and router authenticate using your WPA2 password. This is what hackers use to crack offline using the password attacks in point 6. However if you have used a strong password (as described in point 6) then you've mitigated this attack already.
  11. So i've focussed on router based defence, but there's actually even easier ways to be attacked. If the attacker knows who you are, you're screwed. With a tiny bit of social engineering, they can find your facebook your email or some other way to contact you and insert some malicious snippet of code that's invisible and hijack your entire computer, which therefore lets them simply check the wifi settings in your computer and obtain the ultra strong password you've spent so long making. One popular method is to send you an email that's junk, and keep sending it until you click unsubscribe, as you usually would for junk mail, except this link is exactly the worst thing to do. You've broken the cardinal law of email. Don't click links in emails. If you have to click one, at least check where it goes first.
  12. If someone has access to any of your devices, or plugs/gets your to plug a device into your laptop, you're gone. things like usb sticks 'usb rubber ducky' can compromise your computer and reveal your WPA2 password to a relatively novice hacker.
  13. if you use a wireless keyboard, and you live near an attacking neighbour, they can use things like keysweeper to compromise your wifi, and a lot more. This could be creatively used with an evil twin attack to increase the likelihood you type your password (it listens to wireless keyboard signals). The way to prevent this attack is to not use a wireless microsoft keyboard.
Kliknite za proširenje...

Nešto kompleksnije:
https://privacywonk.net/2010/10/security-how-to-wpa2-enterprise-on-your-home-network.php
 
Status
Zatvorena za pisanje odgovora.
Nazad
Vrh Dno