# Unsecured networks which are actually inaccessable



## Widjaja (Apr 26, 2011)

I am sure many of you have come across this from time to time on your laptops.

But does anyone know what makes these so called unsecure network impossible to connect to?


----------



## AsRock (Apr 26, 2011)

Distance and mac restrictions ?.


----------



## _JP_ (Apr 26, 2011)

Subnetting FAIL?
(I've seen this happen. The DHCP wouldn't work.)


----------



## lilhasselhoffer (Apr 26, 2011)

I second AsRock.

MAC filtering is the easiest way to have an "open" network that is still secure.  I've also seen QOS that prevents all traffic from common web applications.  You aren't giving us enough information to tell you anything concrete.


----------



## Widjaja (Apr 26, 2011)

lilhasselhoffer said:


> I second AsRock.
> 
> MAC filtering is the easiest way to have an "open" network that is still secure.  I've also seen QOS that prevents all traffic from common web applications.  You aren't giving us enough information to tell you anything concrete.



I'm talking about the unsecured networks with decent signal strength.
Should have added.

But MAC filtering is food for though.
Something to look into.


----------



## _JP_ (Apr 26, 2011)

MAC filtering, IP filtering, Firewall rules, that's all stuff I have done in my router, besides not braodcasting SSID and having strong passwords.


----------



## Deleted member 24505 (Apr 26, 2011)

Is MAC filtering better than wpa etc?


----------



## _JP_ (Apr 26, 2011)

What it does is basically an invitation list, where only the computers with the MAC addresses on the list get to go to the party. And it adds some huge bouncers so that everyone else can't even attempt to get in.
WPA just encrypts traffic so that computers eavesdropping to the wireless signal can't understand what is being transmitted. Certain programs can decrypt it, though. But what you get is mostly incomprehensible gibberish.


----------



## slyfox2151 (Apr 26, 2011)

um...... really mac filtering wont stop even the stupidest hacker.....



it takes 1 line of code to change the laptop mac address to one that is already connected to the network.... 


your an idiot if you have mac filtering turned on in the router... it wont stop or hinder a hacker in the slightest way.


----------



## Deleted member 24505 (Apr 26, 2011)

How does he get the mac address of a device already connected? In our router its called mac access list or something.


----------



## slyfox2151 (Apr 26, 2011)

tigger said:


> How does he get the mac address of a device already connected? In our router its called mac access list or something.



thats the easy part,

all you need to do is scan for wireless devices on the same Channel.

you can see who is connected to what.



Have a look at this (EDITED) screenshot, this is what the hacker can see. on the left side is the list of routers BSSIDs... on the right are the SSID's.

now look at the last line, you can see that BSSID is connected to that (Laptop) Station. it shows you the mac address that is connected.

NOTE: even if you have your SSID Broadcast disabled, the hacker can still see the router / BSSID and any one connected to it.


----------



## slyfox2151 (Apr 26, 2011)

Vrgn86 said:


> Name calling is the IDIOT of this thread.:shadedshu



maybe, but your giving false infomation here that could put someone else's network at risk of easily being cracked.
Mac filtering does nothing to protect you.
WEP does nothing to protect you.
Hiding your SSID does not protect you.


infact by only having mac filtering turned on and no type of security, even WEP, anyone would only need to scan your network, find the laptop's mac that is connected to the router.... very easy to do as you can see in the above image. it lists every router and laptop and what each is connected to.

change the mac address of the hackers laptop to one the laptops connected and your in.


----------



## Yukikaze (Apr 26, 2011)

lilhasselhoffer said:


> I second AsRock.
> 
> MAC filtering is the easiest way to have an "open" network that is still secure.  I've also seen QOS that prevents all traffic from common web applications.  You aren't giving us enough information to tell you anything concrete.



MAC filtering in no way secures a network, but it will stop someone from simply connecting. Someone with a sniffer can still read all your traffic (or save it for later use), and spoofing a MAC address of a currently connected station is also pretty easy once your capture all traffic (not very hard). Hiding your SSID doesn't do much either, since you can find the access point by capturing wireless traffic.

You need actual encryption to really make the traffic secure, and you need a password on the access point to actually stop people from connecting to it. Also note that WEP is weak and can be hacked quite quickly. WPA(2) with AES encryption is by far superior and is an excellent way to protect your wireless network (as long as your password is strong).


----------



## slyfox2151 (Apr 26, 2011)

Vrgn86 said:


> Then why have any type of that security if it does not work. What does work?



WPA and WPA2 works,

WPA2 is "safer" then WPA... however neither of them will be cracked by a random hacker if you use a Safe password..... 8 characters or longer with letters and numbers.


WPA2-Aes should offer the best performance/protection of all.


----------



## newtekie1 (Apr 26, 2011)

vrgn86 said:


> then why have any type of that security if it does not work. What does work?



WPA2-AES is the most secure, as it has yet to be cracked to my knowledge.  However, even basic WPA-TKIP will be 99% effective in keeping people off your wifi.  WEP I would say is about 50% effective, MAC filtering is about 5% effective, and hiding the SSID is also probably 5%. <- Note, these numbers are pulled totally out of my ass based on my own experience with the easy of bypassing each type of protection.


----------



## lilhasselhoffer (Apr 26, 2011)

slyfox2151 said:


> maybe, but your giving false infomation here that could put someone else's network at risk of easily being cracked.
> Mac filtering does nothing to protect you.
> WEP does nothing to protect you.
> Hiding your SSID does not protect you.



Slyfox,

Your criticism is fair, I should have placed the quotes around "secure" too.  I know that MAC filtering only stops the most basic of attacks, but I would presume anyone smart enough to know about MAC filtering should be able to set-up a network with security enabled.

I make the assumption that an open network without any encryption exists as such for a decent reason.  Otherwise, the effort to setup MAC filtering would be the same as setting up a WPA password.  

I view your response as angry, because you view what has been said as an implication that MAC filtering would be sufficient to secure a network.  I made no such implication.  I stated that MAC filtering was more secure than nothing.  If it helps, try this; MAC filtering is more secure than nothing, in the same way a knitted blanket resists bullets better than air.


----------



## cheesy999 (Apr 26, 2011)

_JP_ said:


> MAC filtering, IP filtering, Firewall rules, that's all stuff I have done in my router, besides not braodcasting SSID and having strong passwords.



not broadcasting the ssid makes no difference to how easy the network is too hack, in fact its often been claimed it makes it easier to hack as the wireless adaptors in pc's do some abnormal things such as continuing to broadcast when you stop being connected etc when the ssid is hidden


----------



## slyfox2151 (Apr 26, 2011)

lilhasselhoffer said:


> Slyfox,
> 
> Your criticism is fair, I should have placed the quotes around "secure" too.  I know that MAC filtering only stops the most basic of attacks, but I would presume anyone smart enough to know about MAC filtering should be able to set-up a network with security enabled.
> 
> ...






not angry 

also my responce was targeted at tiger(to answer his question),_jp_ and vrgn86 who said he use'd mac filtering because WEP is insecure.

i do however become anoyed by people who think Mac filtering, Hiding your SSID or using WEP will stop a hacker, none of them will even if all are turned on.


it will stop grandma next door from acidently connecting to your network instead of there own.


----------



## Steevo (Apr 26, 2011)

WPA2-AES with PSK, and a radius third party authentication?

I use WPA2-AES with PSK, didn't think I needed a secure radius server. And my wireless is in the basement so the signal just barely goes beyond my lot. And my neighbors are idiots, so itte chance of them ever using a sniffer, then trying to hack a 23 random digit key.


----------



## slyfox2151 (Apr 26, 2011)

Steevo said:


> WPA2-AES with PSK, and a radius third party authentication?
> 
> I use WPA2-AES with PSK, didn't think I needed a secure radius server. And my wireless is in the basement so the signal just barely goes beyond my lot. And my neighbors are idiots, so itte chance of them ever using a sniffer, then trying to hack a 23 random digit key.



WPA2-AES with a random key longer then 10-13 or so digits would be strong enough to stop 99.999% of hackers  

anyone with the Hardware power needed to crack such a complex password would not be using it on a random residential network.


----------



## Disparia (Apr 26, 2011)

... then after hardening your real wireless network, create a slightly weaker broadcasting trap network with a share with false data, hide a tracer in MyPorno.mov or something like that.

Can hook up some USB warning lights to go off, perhaps set your outside cameras to record any cars/people on the street. If possible, have your real wireless network turn down it's signal strength to hide it even more.

Oh... if only I didn't live in such a rural town, could be quite fun


----------



## cheesy999 (Apr 26, 2011)

Jizzler said:


> ... then after hardening your real wireless network, create a slightly weaker broadcasting trap network with a share with false data, hide a tracer in MyPorno.mov or something like that.
> 
> Can hook up some USB warning lights to go off, perhaps set your outside cameras to record any cars/people on the street. If possible, have your real wireless network turn down it's signal strength to hide it even more.
> 
> Oh... if only I didn't live in such a rural town, could be quite fun



you sound paranoid, honestly no ones gonna go to hack your network unless you live in an area not full of Muppets who can't secure their wireless (hint: theres always an idiot using no password or wep)

our network barely works on the edges of our house, trying to get a connection from outside in the street wouldn't work anyway as the signal dosn't go that far (wooh! wireless G and really thick walls in your house ftw!!!


----------



## Wrigleyvillain (Apr 26, 2011)

Hmm well I knew it was relatively easy to find and spoof a MAC but I also kinda figured the wireless device would not or could not let the same MAC connect at the same time as in the legit real world that would never happen.


----------



## slyfox2151 (Apr 26, 2011)

Wrigleyvillain said:


> Hmm well I knew it was relatively easy to find and spoof a MAC but I also kinda figured the wireless device would not or could not let the same MAC connect at the same time as in the legit real world that would never happen.



that is also an easy fix, disconnect the other mac address.... that only takes one line of code ... you can usualy tell if anyone is using the device, if its idle for more then 5 mins its likely just sitting there un use'd yet still connected.


or wait for them to disconnect.


----------



## AsRock (Apr 26, 2011)

slyfox2151 said:


> um...... really mac filtering wont stop even the stupidest hacker.....
> 
> 
> 
> ...



True it will not stop a hacker but it's another line of defense but yes you cannot depend on it as there is programs that allow you to get mac addresses easily.

Should watch who you calling stupid as well.


----------



## _JP_ (Apr 26, 2011)

slyfox2151 said:


> um...... really mac filtering wont stop even the stupidest hacker.....
> 
> 
> 
> ...


I didn't really say it would stop a hacker. Common knowledge doesn't know how to properly protect a network (WiFi), but common knowledge does know that a dedicated hacker will overcome whatever has been set up against him and will manage to HACK.
I do have MAC addressing on, if that labels me as an idiot to you, so be it. I'm glad, then, that I do not have hackers around me.
And it's just a matter of time until I can connect trough wire all my computers to the network, because I know WiFi isn't secure, besides other things. I'm fully aware that what I've done is nothing more than to add some brick walls so that the hacker takes a few seconds more to hack into my network.
It was not my intent, though, to mislead anybody into thinking there would be a definitive solution to completely protect a wireless network besides turning it off. If that's the case, I apologize and, please, disregard what I've said.


----------



## Disparia (Apr 26, 2011)

cheesy999 said:


> you sound paranoid, honestly no ones gonna go to hack your network unless you live in an area not full of Muppets who can't secure their wireless (hint: theres always an idiot using no password or wep)
> 
> our network barely works on the edges of our house, trying to get a connection from outside in the street wouldn't work anyway as the signal dosn't go that far (wooh! wireless G and really thick walls in your house ftw!!!



Didn't say it was a need, just that it would be fun 

The only time a setup like that would "go off" is if I did a vulnerability audit on myself. Kinda ruins the surprise though. Or the 1 in a _xxxxxxx_ chance that someone was actually roaming the area out here for wifi networks.

However, could certainly rack up the hits on a trap network if I still lived in the city (from experience). Could adjust the security to draw more or less attention to it.


----------



## Wrigleyvillain (Apr 26, 2011)

Yeah I use MAC only too at this point and while I admit it's not quite as secure as I previously thought it's still more than likely "good enough" considering where I live. However, just Monday was another story in the news about a Federal raid on some poor SOB who's wireless was jacked to download kiddie porn. You just never know...


----------



## tuyen (Apr 26, 2011)

Wrigleyvillain said:


> Yeah I use MAC only too at this point and while I admit it's not quite as secure as I previously thought it's still more than likely "good enough" considering where I live.



Okay...so...I'm sitting here scratching my head, trying to figure out WHY you would use MAC filtering as your only source of "protection".  If you're tech-savvy enough to set up MAC filtering, then you're obviously tech-savvy enough to set up WPA on your router with a secure password.

Why are you deliberately going out of your way to make your network insecure?  Is it because you're bored?  Or because you just don't perceive any threat whatsoever?


----------



## Wrigleyvillain (Apr 27, 2011)

Mainly lazyness. My gf is really the only one that uses it and I hate having to touch her laptop for any reason even to do something as seemingly quick and easy as entering the WPA key.

I justified said lazyness furthermore as I live in a Mexican 'hood where barely anyone even subscribes to my cable modem node much less has a wireless network (though my landlord upstairs is an exception). Nobody around here is a threat in that way and this certainly isn't where a war driver would come looking for good pickings. Downtown is ten minutes east and nicer, more affluent 'hoods ten minutes north. Also, it's an Apple Airport Extreme I got free at work that doesn't even have much range outside the apartment.

However, I did just buy a Tomato firmware Linksys basestation from Newtekie and had already planned on enacting WPA etc anyway cause I want to play and it's really past time anyway.


----------



## hat (Apr 27, 2011)

Yeah, MAC filtering is pretty much an unnecessary pain in the ass. Any hacker can get around it, and it makes more work for you to use your network, and it also requires more resources from the router to run that.


----------



## _JP_ (Apr 28, 2011)

I confugred mine once...two years ago, I think, and never touched it again. Was not a pain and I never noticed any decrease in network performance.

@Slyfox besides the things I said, that you say that are useless, I do use a WPA2-AES key.


----------



## LAN_deRf_HA (Apr 28, 2011)

How is mac filtering the lazy answer? I find that more time consuming than checking a box and making up a password.


----------



## tuyen (Apr 29, 2011)

LAN_deRf_HA said:


> How is mac filtering the lazy answer? I find that more time consuming than checking a box and making up a password.



I would call it useless rather than lazy.
However, I suppose you can say it's lazy because you only have to set things up at the router, whereas with password authentication, you have to set things up both at the router AND at each client that wants to connect to the router.


----------



## LAN_deRf_HA (Apr 29, 2011)

Even then you have to turn on the individual devices to get the mac address. So it's in no way easier, just shitty and pointless.


----------

