Do you know who’s using your WiFi? Or how to check?

This may sound like a stupid question, but in reality most people don’t. I work in IT support, the customers I support all work from home, or on the road. Many have no idea even what devices are connected to their network, let alone how to set encryption.

My goal for this post is to show you some easy ways to map your network, to ensure only devices you want are using your network. Rogue devices can negativity impact your network in a variety of ways. An attacker could steal your passwords or files, a poorly functioning device could cause internet speeds to drop to a crawl, or even disconnect your computers from the net.

That said, it is easy to monitor your network, and at a very minimum you should audit network usage twice a month (I do it almost daily, because it really only takes seconds to check).

The quickest way to get an idea of who or what is connected on your network is a ping scan, there is an app built specifically for network mapping and even some troubleshooting on android called ‘Fing’ it will report all live ip addresses, along with the manufacturer of the devices network card. Once you have the list of connected/live devices, Fing will let you troubleshoot each device. Some of the things I do with Fing are; port scanning, connecting to windows shared drives, ftp. here is a link to Fing in the play store.

image

Here is a shot of Fing in action

Some of us that are hyper focused on the security of our networks, even go so far as building lightweight intrusion detection systems, but I would not expect that an average person would take the time to learn how to set one up, or even pay the huge prices charged by others to do it. Simply scanning your network is a great step in protecting your digital privacy, if you notice connected devices that shouldn’t be there, you can adjust settings within your routers configuration to block the device.

I will write a follow-up post, with some windows, and Linux tools that are user friendly, and give similar function to Fing on android. I would also like to note that Fing is also available on iOS, but it has been awhile since I used it as I avoid my iPad like the plague.

If you have concerns or questions, feel free to hit me up on Twitter @DarkLordZim or email DarkLordZim@gmail.com

Curiosity part 2

So it appears that our LAN team said all peer to peer communication should be off, and I was able to replicate the issues I found the other day. To make things worse, each of our Access Points (APs) have 3 or more SSID’s. our networks are laid out as follows on a single AP, keep in mind the building I work in is very large, and we have 10k employees that work in the building, so there are hundreds of APs that work as repeaters throughout the building.

Guest – Our open wireless network, available to employees and visitors

Company – Open network, but requires you to use your network login to access (functions much like the “Accept” page on most public wifi’s in hotels or coffee shops)

Hidden – A non broadcast SSID, you need a corporate issued certificate to authenticate.

I found that DHCP is not handled by the Access points, but by a DHCP server behind them, so no matter which of the networks you connect to, you get the same IP address.

One flaw I had found a few months ago (that they have fixed now) was that I could set up a server running on the “Company” open wireless network, and connect to it from our “Guest” network. As you can imagine, this posed a few separate threats, because it meant that data was not segragated to each of the networks, and it didn’t matter which you connected to, because all the data was visible.

I can still find the IP addresses of almost all the IP’s on any network through netdiscover, and due to the sensitive nature of the company I work for, I will not be posting ANY of my collected data. However, I found that there are SOME computers, (not all) that I am able to connect to and scan.

the ones that pose the biggest problem are unpatched XP machines, which have RDP open. I have tried my attack on both the Guest network and Company network and found that I am able to connect to select machines, even though that functionality is supposed to be turned off.

It is possible that these machines are bypassing the network security protocols because of malware, but at this point, we are unsure. This is again, just a reminder that you should constantly be checking your own network security, because a bug you find, and fix, is one that an attacker wont be able to destroy you with later!