I went to a coffee shop today to do some work. Update a few documents and get some random things I have been putting off. As always I log onto the coffee shop wireless and connect to my VPN. (read other articles here and here).
After completing the items I had set out to do. I took some time to do some poking around on the wifi. Since wireless is basically you sharing a network with others, it is easy to see what people are doing. I used a simple nmap query to see who my neighbors are.
That scan showed me 5 active people and their IP. It also let me know that the router had HTTP running. Since I already knew the PC names and what ports they had open. (some one had a web server running). I decided to look at the wireless router. To my surprise it was running DD-WRT, my favorite router firmware. DDwrt is a very powerful router firmware that can turn a basic wireless router into a great device.
However there are a few settings you need to understand when using DDWRT. One in particular is to disable the default status page for unauthenticated users. This page shows a lot of information that you don’t want snooping people like me to see. Things like:
- Public IP
- Firmware version
- Device Type and name
- Connected users (IP address, mac address, dhcp lease)
Not only was this on but I was able to also see the other computers on the network (with out doing a nmap scan). So everyone who had connected in the last 2 hours pc was listed on this page. I decided to push up a pic. My pc is called TP2.
This is scary to me because someone took the time to use a great opensource Firmware but not the time to properly secure it. It is also interesting to see the number of android devices that were using the wifi. I guess the same is true for iPhone devices.
I can’t stress this enough, when on public wifi use a VPN. If you don’t have one. Head on over to wifi-vpn.com and subscribe or purchase.
The other item on the list is BT, that is the backtrack vm that I started to do some network sniffing.