The Other Everynet

Posted by Tobias Mueller 2003-10-23

Yesterday I’ve been to a customer. Two employees from the IT-Department talked about WLAN security.
While working on my Thinkpad T40 I started IBM Access Connection and surprise, surprise, two wide open WLANs were shown up.
IBM Access Connections
I’ve showed them but they didn’t know those WLANs. I decided to go deeper in one of the WLANs. I connected and bingo, thanks DHCP I received an IP-Address.
I started Mozilla and I was able to surf the web. A quick look in ‚ipconfig‘ told me that 192.168.1.1 is the router address. I gave Mozilla „http://192.168.1.1“ to eat and a „Username and Password“ dialog popped up.
The router was a Linksys modell. A little google research and one minute later I had the default settings for this router. No username and ‚admin‘ as password. I tried it and here we go the Configuration Interface of the router.
Linksys Admin Interface
I started my IM Clients and Lotus Notes and I was able to chat and replicate Databases with the company.
So while I was in why don’t make a portscan with Superscan ? I discovered another machine in the WLAN which turned out as another Windows PC. What about ’security‘ on this machine ? I tried the adminstrative share ‚\\192.168.1.100\c$‘ and the ‚Username and Password‘ dialog popped up. What would you trying ? Yes. ‚Administrator‘ and no Password. Unbelievable I was on the local ‚c:\‘ drive.
There were a few Worddocuments and I decided to open one of them. It turned out that the sender of this document was a local bookstore on the other side of the street.
I went over the street and asked the manager which company installed the WLAN. He said that it was a friend of him. I told him that I don’t think that this guy is a friend of him because the WLAN is very unsecure (Ok. ‚No security‘ describes it in a better way). The manager smiled.
Then I told him the router modell, the IP range, his IP Address, no password on the router, no password for ‚Administrator‘ on his machine and then about the worddocument I’ve read and that this was an effort of ten minutes. He didn’t smile anymore and he asked me what to do. I told him to set passwords and to activate WEP keys, configure DHCP for his MAC Address only (hey, this tips are for free! If you want more, pay me!).
I’ve been to the same customer today and do you know what? Nothing changed…

email | twitter | facebook

Recent Posts

  • Alles Gute zum 18. Geburtstag, Jakob!
  • Pommes
  • Kindle App on Mac keeps crashing [fixed]
  • Gastronomie Lieferung und Abholung Rüppurr (Corona)
  • Gravit Designer Session
  • VOI E-Roller in Karlsruhe getestet
  • Guter Schlüsseldienst in Offenburg
  • Alles Gute zum 14.Geburtstag, Jakob!
  • localhost https mit ssl auf dem Mac
  • Sunspot Reindex And Devise

    • Archives

    1. Mai 2022
    2. September 2020
    3. April 2020
    4. November 2019
    5. Oktober 2019
    6. Mai 2018
    7. Oktober 2017
    8. August 2017
    9. Mai 2017
    10. Juni 2016
    11. Mai 2016
    12. Februar 2016
    13. Mai 2015
    14. Januar 2015
    15. November 2014
    16. Mai 2014
    17. Februar 2014
    18. Oktober 2013
    19. September 2013
    20. März 2013
    21. Januar 2013
    22. August 2012
    23. Juli 2012
    24. Mai 2012
    25. März 2012
    26. Februar 2012
    27. Januar 2012
    28. November 2011
    29. Oktober 2011
    30. August 2011
    31. Juli 2011
    32. Juni 2011
    33. Mai 2011
    34. Januar 2011
    35. Dezember 2010
    36. November 2010
    37. September 2010
    38. Mai 2010
    39. Februar 2010
    40. Januar 2010
    41. November 2009
    42. Juli 2009
    43. Juni 2009
    44. Mai 2009
    45. April 2009
    46. März 2009
    47. Februar 2009
    48. Januar 2009
    49. November 2008
    50. Oktober 2008
    51. September 2008
    52. August 2008
    53. Juli 2008
    54. Juni 2008
    55. Mai 2008
    56. Januar 2008
    57. Dezember 2007
    58. November 2007
    59. September 2007
    60. August 2007
    61. Juli 2007
    62. Mai 2007
    63. April 2007
    64. März 2007
    65. Januar 2007
    66. Dezember 2006
    67. Oktober 2006
    68. September 2006
    69. August 2006
    70. Juli 2006
    71. Juni 2006
    72. Mai 2006
    73. April 2006
    74. März 2006
    75. Februar 2006
    76. Januar 2006
    77. Dezember 2005
    78. August 2005
    79. Juli 2005
    80. Juni 2005
    81. Mai 2005
    82. April 2005
    83. März 2005
    84. Februar 2005
    85. Januar 2005
    86. Dezember 2004
    87. November 2004
    88. Oktober 2004
    89. September 2004
    90. August 2004
    91. Juli 2004
    92. Juni 2004
    93. Mai 2004
    94. April 2004
    95. März 2004
    96. Februar 2004
    97. Januar 2004
    98. Dezember 2003
    99. November 2003
    100. Oktober 2003
    101. September 2003