Questions

How would/could someone sniff passwords on a setup like this?

+
0 Votes
Locked

How would/could someone sniff passwords on a setup like this?

nylentone
My ex-employer set up dozens of networks, including their own, like this:

http://www.flickr.com/photos/28053558@N08/6310456457/

The server and the WIFI access point would both have routable internet addresses. The access point would be a router and would be DHCP server with a private range of IPs for clients.

My boss would use administrator credentials for anything that wasn't attached to a specific user, and would set up everything with plain text authentication (I don't think he was aware there was any other kind, despite my attempts to educate him). So there would be lots of unencrypted passwords, actually for all users (and many users would be set up as domain admins even though they shouldn't be!

I have seen passwords in traffic when I plug a laptop into the switch and run Wireshark, of course, but how would/could someone sniff this traffic from an internet connection, or the wifi connection? I mean it seems to me like you would have to be in the subnet that the server's internet IP address falls into, right?

I am asking this so as to improve my security knowledge, not to try to hack them (really, it wouldn't even be this difficult).
  • +
    0 Votes
    OH Smeg

    Particularly if they where not part of the network.

    Just break the WiFi Security if there is any only takes a few seconds and you're in the entire LAN for any shared services/devices.

    Col

    +
    0 Votes
    markp24

    They can connect once they hack the wireless security, Once that done they are in the network. Im not sure what to tell you in regards to educating him, maybe show hime the video of how to hack wep in 670 seconds and how to hack wpa. then he will see how easy it is and might think twice.

    +
    0 Votes
    robo_dev

    The way it's drawn, the server has no hardware firewall...is that correct?

    I don't mean to sound mean, but, unless somebody here is really really good at patching/hardening servers, and unless that server is some very secure web server/OS, it will get hacked.

    Normally you cannot sniff traffic from the Internet connection, unless a remote attacker compromised a host on the local network, or compromised the AP-router.
    In your diagram, the attacker could not bypass the firewall of your AP-router, however having the server interface exposed with no hardware firewall is very risky, as noted above.

    Now moving over to the LAN side:

    First of all, remember that WLAN is a shared medium. A WLAN access point is a mac-layer bridge.

    This means that a user who has been granted access to the WLAN will see EVERYTHING if they fire up a sniffer.

    However, if there is at least SOME encryption (WPA2) on the WLAN side, then the real threat may vary, and is not as bad as people will lead you to believe. Personally I have tested many different WLAN hacks and it is not as easy as people think to break into a WLAN.

    From a threat perspective for your WLAN, if you're across the street from a nursing home, no problem, across the street from where they hold the DEFCON convention, then all bets are off.

    +
    0 Votes
    oldbaritone

    Hopefully the DSL Modem has a NAT router. I suppose it's too much to ask that the "server" is also a RADIUS authentication source.

    If not, just leave it like it is. You'll find out soon, probably within just a few days.

    If you want to hasten things, post the street address and take bets on something less than an hour until it's hacked.

  • +
    0 Votes
    OH Smeg

    Particularly if they where not part of the network.

    Just break the WiFi Security if there is any only takes a few seconds and you're in the entire LAN for any shared services/devices.

    Col

    +
    0 Votes
    markp24

    They can connect once they hack the wireless security, Once that done they are in the network. Im not sure what to tell you in regards to educating him, maybe show hime the video of how to hack wep in 670 seconds and how to hack wpa. then he will see how easy it is and might think twice.

    +
    0 Votes
    robo_dev

    The way it's drawn, the server has no hardware firewall...is that correct?

    I don't mean to sound mean, but, unless somebody here is really really good at patching/hardening servers, and unless that server is some very secure web server/OS, it will get hacked.

    Normally you cannot sniff traffic from the Internet connection, unless a remote attacker compromised a host on the local network, or compromised the AP-router.
    In your diagram, the attacker could not bypass the firewall of your AP-router, however having the server interface exposed with no hardware firewall is very risky, as noted above.

    Now moving over to the LAN side:

    First of all, remember that WLAN is a shared medium. A WLAN access point is a mac-layer bridge.

    This means that a user who has been granted access to the WLAN will see EVERYTHING if they fire up a sniffer.

    However, if there is at least SOME encryption (WPA2) on the WLAN side, then the real threat may vary, and is not as bad as people will lead you to believe. Personally I have tested many different WLAN hacks and it is not as easy as people think to break into a WLAN.

    From a threat perspective for your WLAN, if you're across the street from a nursing home, no problem, across the street from where they hold the DEFCON convention, then all bets are off.

    +
    0 Votes
    oldbaritone

    Hopefully the DSL Modem has a NAT router. I suppose it's too much to ask that the "server" is also a RADIUS authentication source.

    If not, just leave it like it is. You'll find out soon, probably within just a few days.

    If you want to hasten things, post the street address and take bets on something less than an hour until it's hacked.