How to protect myself ...

[Archangel-Amael]

Seems to me that if one is paying for a service, a modicum of security procedures should be in place to protect the customer.
if this is not the case, again BT is not going to actually bring anything to the table, especially given the OP's ( Original Poster for skor78) obvious lack of knowledge in on the subject, (which is okay in this instance). So the best thing would be to change ISP's.

[skor78]

Thanx Amael!

Anyway, in the end, my question is, can the user actually protect himself without the ISP's action? Even if he protected his data with a encrypted VPN (to avoid password, etc. sniffing) the basics (MAC and IP) would still be visible to the sniffer, right? I don't know much about nano stations, but i assume they work similar to the public "coupon" wifi networks, right?

If you all could reply to my doubts on this it would be great!

Have a nice week!

[jFcOOd]

hi .. 10x for replying. let's start the ISP has 2 systems for distributing the internet one is by connecting to a nano station and the other is by regular access points 2.4
and i'm not connecting through the regular one sry about the wrong information. i will try to give informations from the begining. by my own request to the ISP they removed the mac filter ( i use a static ip ) so i can connect from many places on the network and that is the major problem so since not long time someone start the scanning on this network and i don't know how he is doing this ( he knows that if he put the same ip's he can take over my connection ) i use the router at home and work. when the connection problem start to appear i took an unused ip on the network to see if someone on my original ip and i found this guy and recently scanned the network to see what he's doing and appear that he changed verry fast from ip to ip and sometime he stant still on 3 or 4 ip's that i'm shure they have no mac filter on them like my ip. i called the ISP and told them about the problem and gave them some info about that so they said they will do something and till today nothing has been done. about the sniffing thing i checked the trace route and it appear that i'm directed to another ip before the default gateway. thx again hope my problem will be solved with the help of you guys .

[skor78]

The information you provide is certainly either incomplete or just false.. I'm sorry, but i do not believe nowhere on Earth you can authenticate to a internet connection only by configuring a fixed ip. ISP's are not basic networks 101, even when we all where connecting through dial-up connections, it required a user/password authentication. and mac filtering wouldn't do the trick either, as it's way too easy to catch someone else's mac and clone it. This is basic information that every single ISP network developer knows.

If you're truly giving us all the information, and your ISP's nano-stations don't require authentication, just follow everyone else's advice, change ISP.

Cheers!

EDIT:
Lupin,
I'm sorry for nagging you with this topic, truth is, silently and cooperative, unlocking it again, you made your opinion much more valid than mine. There's nothing to learn from here, and for that, i'm truly sorry. Another lesson learned for me. Regards!

[Thorn]

That's a little more knowledge for me.. Like you, i also didn't absorbed much info from the OP (what does OP stand for btw?.. original poster? ), and i didn't get how someone could access someone else's connection merely by cloning mac and ip.. In here, public access AP ISPs require an authentication before validating the connection. Otherwise you just get a "buy a coupon" screen..

Anyway, in the end, my question is, can the user actually protect himself without the ISP's action? Even if he protected his data with a encrypted VPN (to avoid password, etc. sniffing) the basics (MAC and IP) would still be visible to the sniffer, right? I don't know much about nano stations, but i assume they work similar to the public "coupon" wifi networks, right?

What i really don't understand in this situation, is how the OP's ISP can provide a connection based only on a mac-filter pass-trough to a fixed IP.. Never heard about such basic and payed configuration before..

Thanx for your answer Thorn!

I couldn't answer this before, when the thread was locked.

Yes, OP = "Original Poster"; whoever started the thread. In this case, jFcOOd.

Yes, an IP can be spoofed. Yes, a MAC can be spoofed. Although, this isn't clear that either of these is happening, the OP has so little regard for punctuation, capitalization, spelling, and grammar, that it's hard to follow what his problem might be exactly.

IF that's the issue, and IF that's all it is, then there is little that the OP can do, without the ISP's help. It really depends on the ISP setting up a proper AAA system, such as RADIUS. However, it could also be a lack of the OP simply not properly securing his own systems. The ambiguity of the posts make this an equal possibility.

The information you provide is certainly either incomplete or just false.. I'm sorry, but i do not believe nowhere on Earth you can authenticate to a internet connection only by configuring a fixed ip. ISP's are not basic networks 101, even when we all where connecting through dial-up connections, it required a user/password authentication. and mac filtering wouldn't do the trick either, as it's way too easy to catch someone else's mac and clone it. This is basic information that every single ISP network developer knows.

Sadly, there are such ISPs in the world, and unfortunately some are WISPs (Wireless ISPs.) If the system is set up without some AAA system it essentially means the ISP's engineers are either amateurs or incompetent, especially when you consider the fact that such systems are open source.

Again, however, I reiterate my original premise: This has nothing to with BackTrack.

[skor78]

Thorn, thanx for your answer, the thread was unlocked at my request to lupin, exactly for clarifying my doubts..
but after reading OP's next answer i needed to state my mind.. If there are really such basic unsecured (W)ISP's, my appologies to the OP, we're all about learning in here, but in his case, all actions remain in the ISP side.

Once again, thanx Thorn, for clarifying this for me, and whoever reads the thread.

Cheers!

[inrikey]

hi,
about this problem the wireless ISP must have to be more secure than he must take the security steps on the network starting from the broadcasting base he must lock it using mac filtering and then must have a wpa2 or any of those security password to be protected and protecting the clients and server.easy and safe i think