How can this be possible?

[hitthemlow]

I tried to post this in a different sub-forum, it wouldn't let me.

If a cheeto munching guy in a pickup truck parks close to my network. Deauths my farthest client, and then sets up his laptop to "loopback" to connect to himself, even if all my windows shares are closed and ports closed.

Is it possible to dump my registry keys still? Because I imagine it would be as people have mentioned it b4. I am just unsure of :

A) How it is done.
B) How I can stop it from happening.

[imported_cybrsnpr]

B) How I can stop it from happening.

Use WPA with a strong password

[KMDave]

B) How I can stop it from happening.

Don't use wireless. I try to avoid it as good as I can, be it for customers or for myself.

[hitthemlow]

I need wireless for my Laptop, as a wired connection isnt always possible.

Use WPA with a strong password

How would the encryption on my connection matter? Isnt the whole idea of a MITM attack to control the flow of information? He wouldnt need to connect the client to my network, since as I stated: I have no open shares, so he could very easily leech off my neighbours wifi, and use that connection for my stolen client.

A friend of mine suggested I run nessus on the windows boxes in my network, he says ill find at least a few vulns on each one. Which makes no sense to me because:

A) My network is using the strongest encrytion it can.
B) All shares are disabled, even for local. ( including net bios itself )
c) My router is passworded and webadmin is disabled.
d) All my windows boxes are afaik fully patched, unless they need a reboot.

The only way I see that someone could get into my net is physical access, which translates intp pwned in all circumstances.

[KMDave]

Wait a sec, how could he possibly get access to your network if he is using your neighbors wifi?

Or are you on your neighbors wifi too?

If he can't connect to your AP he won't be able to get any access to any of the machines connected to your AP.

[Archangel-Amael]

Wait a sec, how could he possibly get access to your network if he is using your neighbors wifi?
Or are you on your neighbors wifi too?

Ooops! That's not right.

[floyd]

@KMDave: I think he meant the truck guy could use the AP of the neighbour as gateway to the internet in a MITM Attack. Right HitThemLow?

Okay I agree with you that deauth should work for the attacker. For this problem see KMDave's answer, it's harder to cut your cable

So usually if you have MITM Attacks, the counter measure is a digital certificate. Never used it in wireless network, but I'm sure there are the same weaknesses like in hmm let's say https: SSLstrip and user who trust the wrong certificates (like self-signed).

The other thing is: isn't your "stolen client" then connecting to another essid? I mean, why should a client connect to the "cheeto munching guy in a pickup truck"? As long as the client don't connect to any wireless AP by default (what would be very dumb)...

Maybe an attacker could set up an AP with the same essid, mac, etc. but he can not use the same password for the WPA2, because he don't know it! So far so good? Did I miss something?

[xorred]

anyway, using wireless is not that bad. Consider allowing remote access only through vpn, though. Be it people want to use the wifi when they are in front of the building, in the cafe, on the stairs - they will still need to log in via vpn to access the network. You can even open the wireless with no key at all - vpn will do the job, and days of fear will be over.

[hitthemlow]

@KMDave: I think he meant the truck guy could use the AP of the neighbour as gateway to the internet in a MITM Attack. Right HitThemLow?

Yes that is correct, Im not on my neighbours AP, but since I have no network drives open on any of the boxes, if he were to use the neghbours as the link to the internet, my user would not notice.

Okay I agree with you that deauth should work for the attacker. For this problem see KMDave's answer, it's harder to cut your cable

I will look into getting a nice big roll of wire, but for the two laptops, wired isnt always a nice option.

So usually if you have MITM Attacks, the counter measure is a digital certificate. Never used it in wireless network, but I'm sure there are the same weaknesses like in hmm let's say https: SSLstrip and user who trust the wrong certificates (like self-signed).

The other thing is: isn't your "stolen client" then connecting to another essid? I mean, why should a client connect to the "cheeto munching guy in a pickup truck"? As long as the client don't connect to any wireless AP by default (what would be very dumb)...

Maybe an attacker could set up an AP with the same essid, mac, etc. but he can not use the same password for the WPA2, because he don't know it! So far so good? Did I miss something?

Thats more what I was worried about, since the extremely long pass is in the registry and is the default connection. If he does manage to get a client in a MITM environment, I was more wondering if there was any way (short of a 0 day, which noone on the good side (our side ) can really stop while it works. ) that he could manipulate the files on client he has "stolen".

I know there have been local network only kind of exploits, so I was really wondering if he could get in by some means, then pilfer any data he wanted, including the WPA key, which would then lead him right into my network. As you can see Im more than a little over cautious

[Barry]

Yes that is correct, Im not on my neighbours AP, but since I have no network drives open on any of the boxes, if he were to use the neghbours as the link to the internet, my user would not notice.



I will look into getting a nice big roll of wire, but for the two laptops, wired isnt always a nice option.



Thats more what I was worried about, since the extremely long pass is in the registry and is the default connection. If he does manage to get a client in a MITM environment, I was more wondering if there was any way (short of a 0 day, which noone on the good side (our side ) can really stop while it works. ) that he could manipulate the files on client he has "stolen".

I know there have been local network only kind of exploits, so I was really wondering if he could get in by some means, then pilfer any data he wanted, including the WPA key, which would then lead him right into my network. As you can see Im more than a little over cautious

It's pretty damn hard to mitm your internet connection from someone else's internet connection. As long as you have your wifi secured and your internet connection device(router/computer/modem/phone/whatever) properly configured, he's not going to be able to do anything to your computers.