Two dead flash drives?

he's got one PS3... lol

By router disconnect, are you talking about wireless disconnect or wired/lost sync disconnects? If it's the latter (don't get many) then I know I'm safe :)

It's more of a principle, than a worried thing. "Pi** off you cheeky bugger". Do as I say, not as I do

My sis is lucky. Her neighbour has zero protection on their wireless. As soon as I told to check for unsecure networks and she discovered it, she's become a leech demon

Disclaimer:

Stealing others bandwidth is a bad thing. Don't do it.

(public thread after all )

smarteyeball said:

he's got one PS3... lol

By router disconnect, are you talking about wireless disconnect or wired/lost sync disconnects? If it's the latter (don't get many) then I know I'm safe :)

It's more of a principle, than a worried thing. "Pi** off you cheeky bugger". Do as I say, not as I do

what i mean is a router restart...
when that happens (usually more than 10 per is a caution)

smarteyeball said:

My sis is lucky. Her neighbour has zero protection on their wireless. As soon as I told to check for unsecure networks and she discovered it, she's become a leech demon

yes as far as i know i there are two open AP...

smarteyeball said:

Disclaimer:

Stealing others bandwidth is a bad thing. Don't do it.

(public thread after all )

QFT!!!!

I take it a step further and have the native syslog send all data to my computer, capturing via Kiwi Syslog Daemon (which works wonderfully in W7 - I had 0 config - read it again - 0 config - to get it working, unlike in Vista - I had to configure and usually reboot twice to get it to work).

I then use the Sans.org reporting app DShield to report the intrusions.

I had to start because back in Aug 2007 or so all of a sudden my speeds started to suffer - I spent hours trying to figure it out, then on a hunch I checked my router - and happened to look at the syslog. it was slap full. So, I cleared the log - inside of 2 minutes I had 300+ entries of blocked attempts to compromise my network.

And this was with wireless *turned off*.

I asked around, and after becoming a regular at Castle Cops (and an SRT and premium member) I was turned on to DShield. See the wiki at DShield - Wikipedia, the free encyclopedia and see the main page at DShield; Cooperative Network Security Community - Internet Security - dshield

Some seriously scary stats there.

My network is happy though, because it has gone from someone hammering in to now maybe 300 reports *per day* - not bad.

johngalt said:

I take it a step further and have the native syslog send all data to my computer, capturing via Kiwi Syslog Daemon (which works wonderfully in W7 - I had 0 config - read it again - 0 config - to get it working, unlike in Vista - I had to configure and usually reboot twice to get it to work).

I then use the Sans.org reporting app DShield to report the intrusions.

I had to start because back in Aug 2007 or so all of a sudden my speeds started to suffer - I spent hours trying to figure it out, then on a hunch I checked my router - and happened to look at the syslog. it was slap full. So, I cleared the log - inside of 2 minutes I had 300+ entries of blocked attempts to compromise my network.

And this was with wireless *turned off*.

I asked around, and after becoming a regular at Castle Cops (and an SRT and premium member) I was turned on to DShield. See the wiki at DShield - Wikipedia, the free encyclopedia and see the main page at DShield; Cooperative Network Security Community - Internet Security - dshield

Some seriously scary stats there.

My network is happy though, because it has gone from someone hammering in to now maybe 300 reports *per day* - not bad.

wow and you were using what secuirty protocol
WPA2-CCMP correct??

if not then read below

if this is correct what should happen after a number of tries is that the router would rekey itself and so would your devices....

Security Now said:

So they came up with a new double-size, this thing's eight bytes, thing called an MIC, which stands for Message Integrity Code. And actually it's known as Michael, just M-i-c-h-a-e-l. So it's the Message Integrity Code. Now, they put the Message Integrity Code first, and then the ICV, the Integrity Check Value, at the end, again because their goal was to make TKIP upward compatible with existing hardware. This actually is the flaw. The fundamental flaw in all this is that they tried to wrap improvements around a really fundamentally insecure approach for WiFi, which was WEP. But they did it with the best of intentions. They gave us all years of pretty, I mean, much better security than WEP for all of us who have routers that are using WPA and TKIP protocol, the TKIP security protocol on WPA-certified equipment. So they made it much better.

they go onto the chopchop attack on WPA-TKIP

Security Now said:

Well, it turns out that, if you do the - you start doing the chopchop guessing. You chop the last byte off the packet, and you send it back out into the air, back, for example, at the access point. If the checksum that you guess - remember they still have an ICV on the end. If the checksum is wrong, a TKIP - a newer, modern, strengthened, better protocol system - if the checksum is wrong, it ignores it. It just says, bad checksum, I'm dropping it.

Leo: And you don't get another chance.

Steve: No. It simply drops it because it figures, okay, that was a transmission error. It figures it's a transmission error, so it doesn't punish you for that. So with an average of 128 guesses, just like before under WEP, but now we're under TKIP, using the same kind of approach, when you get it right, when you do end up creating a shorter packet with the CRC, that is the ICV at the end that matches, now the problem is the MIC, the Message Integrity Code, will be wrong. And now that, when that's in violation, if you get a checksum that's correct, but the MIC, the Message Integrity Code, is wrong, now you've pissed off the access point or the client you're sending this to. Anybody who's receiving it is like, whoa, wait a minute, this is a valid packet, but the MIC is wrong. Something's fishy somewhere.

Well, they didn't want to just shut down the whole network. So they said, okay, here's what we'll do. As long as we don't get two MIC failures within a 60-second window, as long as they don't occur more often than once per minute, we'll decide that's okay. Whoops. Because look what happens. You can guess as much as you want and be wrong. But as soon as you guess correctly, you have to wait a minute. But that's not so bad because you just guessed correctly. In knowing that you have to wait a minute - because what happens is a message is sent out that says "MIC failure," so the whole network knows there was one, to sort of like put everybody on notice. But you've just been put on notice that you guessed correctly. So you've got one byte. So you wait a minute, and you start guessing the second from the last byte until you get it. Now, that allows you to march the packet down in size 12 bytes. And that'll take a little over 12 minutes. When you've done that, you've just determined the plaintext for the MIC and for the ICV. Remember, those were the last 12 bytes on a TKIP-encrypted packet.

So you can then - you decrypt the packet once, and that takes - it's going to take 12 minutes for you to get those last 12 bytes, one at a time, because you remember you're punished by having to wait a minute. And if you don't wait a minute, that sets off alarms in the whole network that causes the access point to shut down for 60 seconds and then rekey everybody. So you've lost all your work unless you make sure that you wait at least 60 seconds between succeeding with one of your guesses because the succeeding with the guess means that the message integrity value which is inside the packet will fail. And that sets off the alarm. But that's okay because it just confirmed that you guessed the last byte correctly because you got the checksum correct.

i love this podcast...lol
http://www.grc.com/sn/sn-170.htm