PDA

View Full Version : Wireless Privacy question


annelize
Mar 20, 2005, 03:17 AM
Me and my roommates share a wireless internet connection in my apartment. How private is my browsing? They can't see what I'm looking at on the internet can they? Could they potentially see, or access my computer/files? This is such a dorky question but i wanted to check. thx.

chaosbunny
Mar 20, 2005, 03:47 AM
It depends on how secure you configured your wireless network. The best things to do are

1. Choose a really complex password with letters and numbers in it.

2. In your airport utility you can limit the computers that can share your network by specifying the Client IDs (wireless or airport card serial numbers, find them in the system profiler) who can access your network.

By doing this you should be pretty secure. ;)

Cuckoo
Mar 20, 2005, 04:18 AM
Me and my roommates share a wireless internet connection in my apartment. How private is my browsing? They can't see what I'm looking at on the internet can they? Could they potentially see, or access my computer/files? This is such a dorky question but i wanted to check. thx.

Good question.

There are several security features at your disposal. Such as encryption and MAC-adress filtering. Both will make your connection more secure. But always bear in mind, that all the data is sent trew the air, which makes it possible to eavesdrop. It's a matter of how interested someone is in your data.

For normal everyday use I can say, if you use both encryption and MAC-address filtering <apple calls this access control> your OK.

If you use just encryption, depending on the type of encryption, it takes anything between 30 minutes to 4 hours to crack. MAC-address filtering makes it difficult to connect, but does not inhibt the possiblility to pick up the signal.

Hope this helps

Cuckoo

annelize
Mar 20, 2005, 05:31 AM
I mean,

I share one single network with my roommates. We're all on the the same single network. So i'm sitting in my room looking at stuff on the internet, using my laptop that is connected to the Wireless internet, the same wireless network that my roommate is also using. Could my roommate see what i am looking at?

example: I am on the internet, looking at apple.com, then I go to macworld.com, read some articles and jump over here to macrumors.com and read a bunch of posts. Maybe I download some files onto my hard drive, too. So then, could my roommate see, somehow, that I had visited apple.com, macworld.com, and macrumors.com? And could they see that I had downloaded a file?

I'm asking if this is a not so hard thing for a person to be able to do, and if so, how can i make it so they can't see what i'm doing?

Cuckoo
Mar 20, 2005, 05:38 AM
I mean,

I share one single network with my roommates. We're all on the the same single network. So i'm sitting in my room looking at stuff on the internet, using my laptop that is connected to the Wireless internet, the same wireless network that my roommate is also using. Could my roommate see what i am looking at?

example: I am on the internet, looking at apple.com, then I go to macworld.com, read some articles and jump over here to macrumors.com and read a bunch of posts. Maybe I download some files onto my hard drive, too. So then, could my roommate see, somehow, that I had visited apple.com, macworld.com, and macrumors.com? And could they see that I had downloaded a file?

I'm asking if this is a not so hard thing for a person to be able to do, and if so, how can i make it so they can't see what i'm doing?

OK, i get it, that indeed is a whole different question. Well, there are several things your roommates can do to follow your steps. All of which aren't that easy, but still, it can be done with a couple of tools.

I won't go into details as to how you could spy on your roommates (or vise versa) but there isn't much you can do. Only encrypted sessions are between you and the encrypted site, the rest is open, and thus with a couple of hacks and tricks accessible to others.

mad jew
Mar 20, 2005, 05:43 AM
From my pretty limited understanding, if you don't have file sharing enabled, then they can't check your cache or hard drive for anything. However, from what I've gathered, you're more interested in them intercepting your wireless data and seeing what you see on their monitors. They'd have to be pretty expert to be able to do this so I don't think it's all that much of a viable worry. :)

As Cuckoo says though, if they're gonna hack then you can't really stop them. It's pretty difficult/unlikely though.

Cuckoo
Mar 20, 2005, 06:03 AM
From my pretty limited understanding, if you don't have file sharing enabled, then they can't check your cache or hard drive for anything. However, from what I've gathered, you're more interested in them intercepting your wireless data and seeing what you see on their monitors. They'd have to be pretty expert to be able to do this so I don't think it's all that much of a viable worry.

The thing is, you don't need to be quite an expert.

All your evil roommate <for arguments stake evil of course> needs to do is set his network card in promiscuous mode <this makes the network card receive all data, instead of just his own data>

And type in de terminal something like 'sudo tcpdump -i en1 -v' which gives you ALL TCP traffic from your computer on the network. And TCP language isn't that hard to read, here is a piece i just drew from my pb while syncing my .mac idisk:

12:56:59.396461 IP (tos 0x0, ttl 48, id 41555, offset 0, flags [DF], length: 598) idisk.mac.com.http > localhost.53008: P 5198:5744(546) ack 5652 win 8688 <nop,nop,timestamp 3103860893 778801639>
12:56:59.396697 IP (tos 0x0, ttl 48, id 41556, offset 0, flags [DF], length: 57) idisk.mac.com.http > localhost.53008: P [tcp sum ok] 5744:5749(5) ack 5652 win 8688 <nop,nop,timestamp 3103860893 778801639>
12:56:59.454788 IP (tos 0x0, ttl 64, id 17591, offset 0, flags [DF], length: 52) localhost.53008 > idisk.mac.com.http: . [tcp sum ok] ack 5749 win 65535 <nop,nop,timestamp 778801639 3103860893>


You can clearly see, all info you need.... Source <localhost>, Destination <idisk.mac.com> and type of transfer <http>

Is this an answer that helps you?

Cuckoo

mad jew
Mar 20, 2005, 06:09 AM
The thing is, you don't need to be quite an expert.

All your evil roommate <for arguments stake evil of course> needs to do is set his network card in promiscuous mode <this makes the network card receive all data, instead of just his own data>

And type in de terminal something like 'sudo tcpdump -i en1 -v' which gives you ALL TCP traffic from your computer on the network. And TCP language isn't that hard to read, here is a piece i just drew from my pb while syncing my .mac idisk:

12:56:59.396461 IP (tos 0x0, ttl 48, id 41555, offset 0, flags [DF], length: 598) idisk.mac.com.http > localhost.53008: P 5198:5744(546) ack 5652 win 8688 <nop,nop,timestamp 3103860893 778801639>
12:56:59.396697 IP (tos 0x0, ttl 48, id 41556, offset 0, flags [DF], length: 57) idisk.mac.com.http > localhost.53008: P [tcp sum ok] 5744:5749(5) ack 5652 win 8688 <nop,nop,timestamp 3103860893 778801639>
12:56:59.454788 IP (tos 0x0, ttl 64, id 17591, offset 0, flags [DF], length: 52) localhost.53008 > idisk.mac.com.http: . [tcp sum ok] ack 5749 win 65535 <nop,nop,timestamp 778801639 3103860893>


You can clearly see, all info you need.... Source <localhost>, Destination <idisk.mac.com> and type of transfer <http>

Is this an answer that helps you?

Cuckoo

Wow :eek:

I think we've got different views of expert but nevertheless, you're right and that's not quite as hard as I thought it would be... A major emphasis on the not quite part! ;) :p

Cuckoo
Mar 20, 2005, 06:15 AM
Wow :eek:

I think we've got different views of expert but nevertheless, you're right and that's not quite as hard as I thought it would be... A major emphasis on the not quite part! ;) :p

Yeah, well, it doens't spy out of the box.... i'll give you that, but if you play with it for an hour, you'll probably be an expert as well

<what i forgot to mention, this is just the packet information, not the payload, you can intercept the payload as well, but as you can imagine, that will give a far greater amount of network traffic> And usually the packet itself gives enough information, just when trying to discover unencrypted passwords <evil roommate wise> then the payload ofcourse is starting to get interesting.

I think being aware of the possibities makes you more aware of what you can and can not do...

annelize
Mar 20, 2005, 05:20 PM
:)

skubish
Mar 20, 2005, 06:59 PM
Don't forget that who has access to the router could access the logs and see what sites have been visited.

superbovine
Mar 21, 2005, 12:01 AM
http://www.securitytechnique.com/2003/11/wsc.html