Diary of a Network Geek

Of course, that could describe almost any week or weekend for me.

So, Saturday, I got up early to run out and get a few parts to upgrade my laptop, braving the near cataclysmic, torrential downpour.  Naturally, I was far from the only geek hard core enough to weather the storm to spend some quality time at MicroCenter.  Though I have to admit, it wasn’t nearly as crowded as I thought it would be, even with the flooding.  I know that Fry’s Home Electronics is more popular with some geeks, but I think MicroCenter’s prices are competitive and I think I get better, less aggressive, more knowledgeable, service there.  Though, in this case, I knew just what I wanted.  My main purpose was to get a bigger internal drive for my laptop, because all the pictures that I take suck up drive space like a drunk soaking up free booze and I was starting to feel the pinch.  But, I also wanted to get a wireless, “laptop” mouse that I can throw in my bag when I hit the road, since my laptop is quickly becoming my creative workstation.  I also grabbed a bunch of magazines that I usually don’t find in my usual haunts.  Mainly Photoshop stuff, but some others that I wouldn’t normally get like Practical Web Design and Giant Robot.  The particular issue of Practical Web Design has an article about time-sensitive, dynamic stylesheets that seemed pretty cool.

In any case, after that, I ran home to start cloning my laptop drive…  In fact, I’ll have a better, detailed post on that later this week.  Once I got the cloning process started, I ran over to some friends’ house with the intention of all of us going to the Friends of the Houston Library book sale.  However, after having my car almost get caught in water far deeper than it seemed, which was made worse by a jackass in a pickup cutting me off and throwing up a wave of water almost over the hood of my car, we thought better of making the attempt.  So, instead, I did a little work on her laptop, getting it on their wireless network and running some antispyware on it.  (Though, it sounds like it already could use another cleaning, so I’ll probably be back.)

After that it was church and dinner.

Sunday, I got up early to get in a good workout.  I’ve been getting into a bad pattern of exercising late, staying up late and dragging all day long without enough sleep.  After watching another friend at dinner who’s burning her candle at both ends, I made up my mind to not let that happen this week.  So, I got my lazy bones out of bed and got breakfast and coffee and got my behind in gear for a good, longer, workout before 10:00AM.

After that I was editing some photos for a project a friend of mine in New York is putting together.  Naturally, I hooked up my new wireless mouse to get better control of my editing tools.  I got a Logitech “laptop” mouse and it works great.  It’s a little smaller than a regular mouse, but not uncomfortably so.  What’s cool about it, though, is that it has a little USB dongle that links the mouse to the computer.  When it’s not in use, it fits on the bottom of the mouse and, when you slide it on and off, it automatically turns the mouse on and off to save battery life.  That may seem like a little detail, but it’s a great feature that helps not waste batteries when you’re on the road.  That can be a big deal sometimes.  In any case, that probably took longer than it should but my graphic editing skills are weak, weak, weak.  So, the practice no doubt did me good.  Also, it was flattering to have her invite me to submit some of my photos for her project.

I also managed to get in a little reading and some photography, too.  Not much, but, still, every bit counts!  Obviously, when I get through with the book I’m reading, I’ll review it.  And, sadly, I still didn’t get any work done on the WordPress themes I want to build or the creative website either.  As busy as I get, I’m not sure how I’ll manage time to work on that as regularly as I’d like.  I am trying to leverage Google Alerts to get some of that work done, but, there’s still a component of it that requires quite a bit of work from me, so…  Well, I’ll get there somehow.  (And, yes, I count the new site as part of the “coolness to come”, along with the step-by-step post on upgrading a laptop hard drive.)

At least, as much as you can secure anything.

Some time back, I pointed you all toward an article about extending your wireless connection. Some of you expressed concern regarding security in relation to wireless connections in general and, specifically, after expanding the range of your wifi router. So, I thought I should get you all some links on how to batten down the hatches, so to speak.
I do think it’s important, though, to say a little something about security in general first.
Nothing is totally secure. If a computer is on a network, it can be compromised eventually, given enough time and money. Security is a matter of degrees, of balancing ease-of-use with peace-of-mind. And, while having wifi makes mobile communication easy, it is, by it’s very nature, insecure. Anything that broadcasts over an unsecured medium can only be so secure, you know? So, I think it’s important as you look at the links below to keep in mind that a determined attacker is going to get into your wifi network, no matter what you do. And, personally, I am more than a little paranoid, so there are just some things I wouldn’t do over a wireless network.

Okay, so, without further ado, here are the links:
First, if you don’t mind the pop-ups on About.com, here are Ten Tips for Securing Your Home WiFi Network. They’re not bad, but, really, some of them aren’t all that secure. Or, rather, they just give a somewhat inflated sense of security. Still, they’re better than nothing.
Better than those tips, though, is the Lifehacker Guide to Setting Up a Wireless Home Network. This takes you through setting up a wifi router and network from scratch and gives you fairly good tips about securing it along the way. (But, make sure to follow the link to their article ToDo – Secure Your Wireless Home Network!) Better still, follow the article at Ars Technica titled The ABCs of Securing Your Wireless Network.
Freakishly, Microsoft, who’s not known for their security practices, has an article about making Windows XP wireless a little more secure. If you run XP, it’s worth a look.
And, finally, for those of you with a little extra time, some spare computer resources, and a high level of paranoia, read the Step-by-Step Guide at SearchWindowsSecurity.com titled How To Create A VPN For Your Wireless Network. (Or, if you’d rather download a printable PDF, check out TechRepublic’s A Secure Wireless LAN Hotspot For Anonymous Users. It’s another way to do the same thing.) Frankly, it doesn’t get much more secure than that!

Hopefully, that gives all those curious minds out there enough to chew on to keep you off the streets at night!

Attack someone’s network or website, that is.
Okay, this has been on my mind lately, not because I’ve done any actual hacking recently, since: a) that would be illegal and b) I haven’t done that sort of thing in, well, years. No, I’ve been thinking about it because, according to a friend of mine, at least one fan (short for “fanatic”) seems to think that I am not only capable of doing such things, but that I, in fact, have. And recently, too! As the French say, “It is to laugh…” So, as a thought experiment (that’s a mental exercise for you vocabulary impaired), here’s how I’d go about doing this, if I were, in fact, to do “ownz” someone’s “box”.
First off, I wouldn’t use a computer that I own, that can be traced to my ownership, or that uses an IP address that has ever been associated with my name. There are several ways around this, of course, including IP spoofing, anonymous remailers and other redirectors, and a compromised, third-party’s machine. That last one is the best, and, ironically, the easiest method. Surprised? You shouldn’t be. Compromised Windoze machines are a dime a dozen. There are hordes of script kiddies out there just hammering away at every weak Windoze machine they can ping. Also, there are more and more insecure Linux machines floating around out there, too. (Have you applied all the latest patches to your penguin box?) Or, if you know of any systems that you left behind at an unhappy employment situation, that are still vulnerable, you can use them. Usually, a corporation will have a nice, fat data pipe which makes your “job” faster and easier. Of course, if they have half a brain, after you leave, they’ll change all the passwords, but sometimes someone slips. (The last place I knew of like that from my own past finally, after three years, changed the passwords as part of an upgrade.) Or, you could simply go to a coffee house that offers free Internet access via a wireless network. Every time you change coffee houses, you change IPs. And, while I normally am just fine with industrial-strength institutional coffee, a nice cafe au lait from Cresent City is always nice. Or, according to this article on Slashdot, Panera Bread Company is a good place to find a free wifi link.
So, now you have one or more launching platforms from which to case your mark. (That there’s criminal slang that means “look at your ultimate hacking goal”.) What do you use to look for a way in? Well, there’s three that I’d recommend, based on reviews; Snacktime, Nessus and NMAP. Of the three, NMAP is, arguably, the more robust and well known. In fact, NMAP was used in The Matrix movies. Now, that, my faithful readers, is “geek cred”! Though Snacktime is interesting to me because it’s PERL-based. Now, if you’re not familiar with these three tools, just stop reading and go play with your IIS 6.0 webserver. We’re about to talk “big boy” stuff here and you just won’t be up to it. So, if you’re still man enough to be following this, you’d load up your lookeeloo tool of choice on your remote launch platform at this point and get a fingerprint of your target system’s OS.
Now, we get to the meat of this little mental exercise… Okay, you’ve got your “open door”, or “doors”, as it were, into your target system. At this point it’s a matter of taking the information from the nice, clean results that NMAP, or whatever, gives you and applying your exploit. What and how you do that really depends on what you’re attacking, but it’s pretty much a paint-by-numbers affair now, thanks to the legions of script kiddies that keep us up to date. Right, root access (or Administrator, if your target is foolish enough to run Windoze). Now what? Well, that sort of depends, doesn’t it? Do you want data? Start a background transfer to a third party that you can collect later. (Use ftp, tftp, or, for loads of sneaky fun, telnet, to transfer your data. Many admins disable logs on these protocols because they don’t think they’re running. Double check.) Want to install something? Go for it! (Try a keylogger. Now you’ll get loads of target passwords to compromise other machines for further adventures!) Just want to crash the system? You should have skipped all this hassle and just hit your target with a DDoS attack from your many compromised machines, stupid. (Incidentally, for you Windoze admins out there, the entire Code Red scare you sloppy bastards caused was all about a Distributed Denial of Service “issue”. )

Of course, this is all very illegal and somewhat morally questionable as well, so I would NOT do it. What’s more, I would not recommend that anyone else attack, hack, assault, fold, spindle or mutilate any system other than your own. In short, the Network Geek, RyuMaou.com and Jim Hoffman (yes, we’re all the same entity) does not in any way endorse any of the above listed activities, except the cafe au lait from Cresent City. In fact, I suggest that you do NOT do anything that I’ve written about in this entry, including flinging wild accusations that cannot be proven. That’s called “libel”, or, if you say it instead of write it “slander”. That’s against the law, too, the last time I checked.

Advice from your Uncle Jim:
"We are what we think. All that arises is with our thoughts. With our thoughts we make our world."
   --Buddha