hey all, me again.

My mom recently asked me to reveal the security flaws in our home network and her computer in particular because it contains very sensitive data and she needs to know how easy or hard it is for people to get to her information both from connecting to our network (through WEP cracking) and from the internet.

The problem with this is that I don't know how to do most of this. I've only done some light research on WEP cracking but other than that I know very little of penetration testing.

Aside from running distros of linux specially designed for penetration testing (like nubuntu, which I will probably end up running), what else should I keep in mind? utilities, methods, etc?

for the sake of keeping this knowledge off of the forum (because I realize it can be used for black-hat hacking), I kindly ask that you PM me any/all information you have and lets keep TBCS from being a hacking website. Also, applications for windows hacking are acceptable, but I know linux is typically more powerful for this as there's a lot of stuff that's not regulated like it is under windows.

Thanks,
Omega

**The staff has talked it over. While some of this information could be used negatively, it is still good information for anyone wanting to intrusively test their personal networks. It's up to you to use such information responsibly. Any talk of hacking someone's network other than your own, and your post will be removed.**

That being said; discuss...

I was interested in seeing this held in a public discussion because I feel that learning how to test your own network's security is very useful information for everyone. Obviously, it is nearly impossible to hold this discussion without explaining how to penetrate security measures which would normally be seen as illegal hacking and would be punished. In this thread, all of this information is for the sole purpose of trying to hack one's own network and never anything else. With that in mind, some of you may feel uncomfortable not knowing what could get you in trouble here. So with that in mind, we will refrain from any refractions, bans, or other means of discipline. If we see something that we don't think we can allow we will simply delete it and you won't have any consequences. This applies to this thread only.

l337 H4X0r1hG 5k177s!

ok, had to get that out. ;)

Nmap (www.insecure.org) is great for port scanning to see what you look like to the world. It will find ports and OS fingerprint.

Next up, is Wireshark. Great for packet capturing to see what you are transmitting between your machines. You'd be amazed how much you can learn from a 10 sec capture.

Without going into too much detail, if you have sensitive data, don't use it on a central network which also has wireless. It's been shown that very strong wireless protection can be broken easily.... by a GTX280.

@Crenn - it's ok to go into detail.

If you want a distro with all the penetration testing tools you need grab a copy of Backtrack http://www.remote-exploit.org/backtrack.html. It is the best it beats the others by a country mile. It has tools for putting together expliots, the full metaspliot frame work all the wifi tools you need.

Like Luke122's said nmap is a good tool use in inside your network to scan host machines and also scan the public IP address of the internet connection. Play around with some of the options. There are some neat options for version detection along with probing ports to see what service is running on them.

Once you have found some ports see if you can connect to them using the programs most likey to access a port on the service. If a service is running on a port but you cant connect maybe the service is password protected you could try some other tatics to get code to execute on the host machine.

If people want I could do a write up on WEP and WPA sniffing and cracking guide.

If you want more info on anything hit me up in this thread or a pm.

If people want I could do a write up on WEP and WPA sniffing and cracking guide.

If you want more info on anything hit me up in this thread or a pm.

I think that's what this thread needs. Just to reiterate, this information will be used for your own personal networks only. Ok, I'm done beating the dead horse.

A great tool for overall network security testing is wireshark. If you need help with MAC address spoofing or packet inserts, feel free to pm. From the side of your network, there are many programs you can use to track the people trying to get in, close ports as soon as intrusions are detected, etc. Like I said, feel free to pm me if you're interested.

It depends on how indepth a level of protection you are wanting to establish. Hit up your external IP with a good port scanner and make sure your firewall is denying basically everything. That takes care of a lot of issues (most script kiddies).

The main thing is to realize that any system can be broken, the question is how far up the food chain are you wanting to be before they become a threat to you. A good closed firewall will stop the entry level stuff (unless you invite them in with a trojan). After that it just becomes a process of diminishing returns for signifigant investment to start weeding out higher level attackers.

Ultimately it just boils down to the point that a determined cracking team would be able to break the box writing some custom 0 day exploit and the only next secure step is an isolated workstation with a sneakernet to the rest of your network. Of course that can be broken as well, but now we are looking a MI style physical intrusion.

Basically I just mean to illustrate the viscious cycle that intrusion/countermeasures lead into.

If you want a good example of what can happen. Take a spare PC, set it up with an un-patched version of windows, say Win98. Install a good logging program. Set it to DMZ on your router, and watch the logs. It's called a honeypot and the average Time To Intrusion is measured in hours, not even days. Great way to learn whitehatting, catch a blackhat.

http://www.atomicsoftwaresolutions.com/honeybot.php

I want to know about war-driving, the sneeky so and so's who sit in range of your wireless router and find a way into it.

I live in a quite a busy wireless area and sitting in my house can pick up between 4-6 APs and i always have the feeling of if I can see them then they can see me. Im very sure iv seen computers on the network who shouldn't be there and the basic admin pass being changed every now and again in the past, i completly dont know how they do it.

i understand for a counter is to set the mac filter but at the same time cant a attacker sit at my AP, pick up who is connected to my AP and then "mask" his mac on his nic to look like mine thus getting past the counter of a mac address filter?

what other counters are around to me other then the standard what every says like turn off broadcasting, filter macs, change default keys and pass's?

I would make sure that you are using the most secure encryption method you can. I would also get a router that can only allow new clients when a button has been pushed. In that case, as long as you are the only person with physical access to the router, it should be relatively secure.

If someone built something, someone else will be able to reverse engineer it. Ergo... wireless cannot be totally secure, as there isnt anything to stop other signals communicating with the access point, unlike cables, which need physical access.

One of the first rules of wireless security is changing the basic admin password to something really complicated that you can write down somewhere, so only you can find it. In that case, if anyone does manage to get through your wireless key (which should also be fairly complex), they wont be able to change any settings. You should also set up MAC address filtering. You are right saying that MAC addresses can be 'spoofed', but it's bloody hard. As long as your wireless accesspoint is more secure than the others in your area, you should be fine, as most, if not all would go for the easiest one to crack.

My Bitdefender firewall has popped up with messages of "port scan blocked" on my laptop many times, but my PC which is connected to the router via wire has never done so. Are port scanning attacks limited to wireless connections?

No, as the ports 'system' is used with every type of connection, including USB.