Telnet and router security
 

In a vain attempt to see if I can increase the wireless power of my dlink router (yes MB, I know - I will buy a proper router just as soon as I have broken this one) -an option that was in an earlier firmware release but has now disappeared from the gui- I stumbled about with telnet commands.

One command showed me my ISP password and another seemed to want to show the encryption keys. Here in the countryside I can use an open network so no keys were disclosed. Am I to believe that the telnet command would have displayed the unencrypted key values ?

Since you're insistent on running an open network anyway why not try it and see ? it's not like your security is going to get any worse than it already is !

Fair point but you underestimate my laziness. Problem is if I set security, precious daughter may be denied some essential connectivity function. It was easier to ask than to embark on that journey. I think it will show the key. I will have a go tomorrow (but it would be easier for all concerned if someone could tell me the answer before facebook goes offline).

EDIT: I typed facebook so where did facepprune come from ?

EDIT 2: MODS: why does face**** become facepprune ??

No worries.

Well, unfortunately for you, I stay well clear of Dlink, so you'll have to wait until some other enlightened soul logs in to PPRune....

Happy tinkering !

Yeah, and it replaces the word b*logspot with all stars.... which is infuriating when you are trying to give people a genuine link to a blog on that site.

It's possible that your Dlink router has a subset of a Telnet server functions.

I don't think you will ever see a password "in clear", through a Telnet server, as they don't have a password function per see, but rather piggy back on the box's password function. Furthermore, I don't think passwords would be stored "in clear" on the box, just for the reason so they could not be seen "in clear", if someone dumps or has access to the router's RAM.

You had a second question which seemed to be an echoing of the characters you're typing, with an Uppercase to Lowercase conversion, combined with the "anticipation of what you type" based on previous words that you've typed. It;s not clear if this comes through the use of Telnet or not. Telnet has a feature of enabling/disabling Upper case and Lower case, depending on which there is an automatic Uppercase to Lowercase conversion. The "anticipation of characters typed previously" - the latter - is a feature in some browsers, that can be disabled by reconfiguring Properties. All you have to do, is type the full word to override the "anticipation".

airtren

dear oh dear. :ugh:

Telnet is a plaintext network protocol.

Thus all you require is the ability to snoop on the network. Snooping on a wireless network is even easier than a wired network because you've no longer got the physical constraints to bypass, only logical constraints. And in the case of Mr Optimistic even those have been removed :


You should also have a read up on brute-force attacks whilst you're at it.

What's that about brute force attacks ? Not sure I understand. Re lack of wireless encryption, uninvited wireless clients are not a concern here owing to distance and the inverse square law.

Mr Optimistic,

Sorry for the confusion, that was aimed at airtren as part of my overall reply to his post.

Or were you just asking what it means out of curiosity ?

Brute force attacks on what? On WEP?

IO540,

WEP in itself is broken and shouldn't be used anyway. It's as bad as running an open network.

Brute force can be used on anything from router passwords to wireless network keys and anything in between. The most common form of brute force attack is a dictionary attack, but there are others.

I've read about the various attacks but so far I don't see a simple self contained tool, running on a normal windoze laptop, which just goes and does it. The normal attacks involve various unix-based tools and nobody short of an ultra-geek is going to be doing that.

Is there a meaningful attack on WPA/PSK? Ignore the dictionary attack for now, which is obvious, but trivial to defeat.

Available in pre-compiled binary for Windows, Mac OS X and source code should you wish to compile it yourself.

I'm sure there are others examples out there too that run on Windows. Of course, if you run virtualisation software on your Windows box then your argument is further obsolete, same goes for any tools that make a source code format available ! :E

You should really always use the highest available, which for the home user these days is WPA2-PSK, which offers additional protection over plain WPA-PSK.

mixture,

Sorry, I was referring to the ISP password, as in the password used for the authentication required prior to establishing the virtual link from the router to the ISP's access router (next hop from the Dlink). There was no information about the type of link to the ISP - DSLAM, cable, etc..- so there was one or two assumptions too many there, from my side.... too eager to help....

Your comment related to Telnet is correct, in that the telnet client/server command/password exchange is "in clear", like everything else, unless the Encryption option is used. Certain proprietary OS Telnet implementations have used options to exchange OS info, and based on a match between client and server, exchange a rough compression/encryption of the user name and password.

For accuracy purposes, I would call Telnet a Network Application Protocol, even if some Internet references may call it Network Protocol It is a layer 7 protocol, (or 4, depending on the reference model), using a network layer protocol as a transport. Network Protocols are usually equated with network later protocols, which are layer 3 (TCP/IP is the most common in case of Telnet).

Someone snooping on a wire in a home between the laptop and the router could be quite a stretch, particularly when happening in the same room and a short wire.:O.

Configuring the router over a wireless link, may be risky, depending on what is being configured, as the router may disconnect during the configuring for a reboot, and after reboot, depending on what has been done, the link between laptop/PC and router may not get re-established, which would require a reset, and start from scratch.

I never run my wireless network in clear, so there is always a link layer (layer 2) encryption of some sort, which is the lowest packet later, and which takes care of everything put in the packet by the layers above, which includes user data (telnet exchanged characters for instance - they go forth and back, as the characters typed on the keyboard go first from the client to the server, from where they're echoed back before being displayed on the client's screen).

airtren,

Ah right, I didn't spot it was to do with the ISP password.

Depends if we're getting into TEMPEST tin-foil hat territory.

Rumor has it that it's amazing what you can pick up by reading the blinking transmission light on an ethernet port. :cool:

However I would say this is the more likely form of attack :

http://imgs.xkcd.com/comics/security.png

I started this so have only myself to blame :O

I only have to set up encryption on the wireless network if I use one of the company's machines to vpn in.
With the wife using two wireless printers and the daughter connecting with numerous gadetry, this causes major hassle.
The ISP password was shown in the clear and there was a 'key' field which looked like it was standing ready to show the 64 character seed. As I don't use one it was blank hence the question. For reasons moaned at above, too arduous to experiment.

I'm curious as to why you need local wifi encryption to connect with a company PC - with an IPSec VPN you would have a secure tunnel from the NIC of the company PC to the company's VPN end point, without any need for wireless encryption.

With SSL you would be encrypting the contents of packets sent between you and the SSL host, without any need for wireless encryption.

SD

Saab Dastard,

Probably a measure against a MITM type attack vector.

Dunno but its the rules. Noticed that windows maintains a list of used networks and their encryption status so not conforming would be apparent (unless action taken to manually clear the history - and I wouldn't like to have to explain that if discovered !). Also had a recent scare with the dongles which got press coverage so security concerns remain high on the list.

Next time I get a day to myself I will set up the network and then go looking to see what telnet will disclose.

And how would encrypting the wifi link prevent that? :confused:

SD

It's more than likely a policy-based pre-requisite from the VPN server end.