thanks lain (rule) : 196

[–] [email protected] 20 points 9 months ago (1 children)

A lot of the comments here are saying that a pineapple can configure their subnet to use 10.x.x.x or 192.168.x.x. Is there any other way to determine if an access point is compromised?

[–] [email protected] 57 points 9 months ago (2 children)

Do some online banking. If your balance goes down more than expected, it's probably compromised.

[–] [email protected] 8 points 9 months ago (2 children)

Unless the pineapple operator also has solved DHKE and symmetric keys in general, using https means you're safe to do whatever on public wifi.

load more comments (2 replies)

load more comments (1 replies)

[–] [email protected] 46 points 9 months ago (2 children)

*connects to pineapple

*sets subnet to 10.0.0.0/16 so I don't have to type a yee yee ass class B/C address everytime I wanna do something with an address

Or

*connects to pineapple

*Sets subnet to same as target network so paranoid user doesn't realize he connected to evil twin

load more comments (2 replies)

[+] [email protected] 87 points 9 months ago* (last edited 4 months ago) (4 children)

[deleted]

[–] [email protected] 3 points 9 months ago

You mean op’s waifu was wrong?

[–] [email protected] 70 points 9 months ago (2 children)

It's not that it's on the 172.16.0.0/12 range. That's totally normal and used for all kinds of stuff.

It's that it's in 172.16.42.0/24 which is the default dhcp settings for a wifi pineapple. It's the /24 mask given on the .42 that's a little suspicious because that's not a common range for anything else.

Being assigned one of those specific 253 hosts with that subnet mask would definitely make me think twice.

[–] [email protected] 11 points 9 months ago (2 children)

It's the /24 mask given on the .42 that's a little suspicious because that's not a common range for anything else.

Well now I know. I operate a ton of /24 subnets in the 172.16.0.0/12 scope. Technically I could fit them in the 192.168.0.0/16 scope, but I have lots of students connecting SoHo wifi-routers to the subnets, and this way it's pretty easy to tell, if someone put the WAN cable in a LAN port when people are getting 192.168.1.0/24 DHCP offers.

load more comments (2 replies)

load more comments (1 replies)

[–] [email protected] 15 points 9 months ago (1 children)

Isnt it also for docker?

[–] [email protected] 12 points 9 months ago (2 children)

Wtf is with the "..." Explain why pls.

[–] [email protected] 36 points 9 months ago (2 children)

So I guess I must be a leet haxor because of all the businesses I configured for the 172.x space because 192.168.x space was too small and 10.x space was way the hell too big.

[–] [email protected] 6 points 9 months ago (3 children)

For bigger networks, I always went with 10.0.0.0/8 for endpoints, 172.16.0.0/12 for servers and other back-end services, leaving 192.168.0.0/16 for smaller networks like OOB IPMI (eg HP iLO, Dell iDrac) services, cluster heartbeat connections, and certain DMZ segments.

load more comments (3 replies)

[–] [email protected] 9 points 9 months ago (1 children)

wdym too big? That's what subnetting is for.

[–] [email protected] 5 points 9 months ago (1 children)

I know what subnetting is for. That’s why I know which RFC range to use. I’m talking based on the number of devices and needed groupings, 172 is a good sweet spot where 198.x would be a bit tight and 10.x is complete overkill.

[–] [email protected] 3 points 9 months ago* (last edited 9 months ago) (3 children)

Could you please explain, how 172.x is different "size" than 10.x? Don't both of those have 255*255*255 spaces?

Edit: Ok, I made ChatGPT explain it to me. Apparently, with 172.x the convention is to only use range from 172.16.x.x to 172.31.x.x because that range is designated for private networks under some internet regulations...

load more comments (3 replies)

[–] [email protected] 63 points 9 months ago (1 children)

Please use a VPN anyway, as if hotel WiFi is secure lmao

[–] [email protected] 48 points 9 months ago (3 children)

HTTPS solved much of the security issues of untrusted networks. As long as you're not doing banking or whatever, you should be fine without a VPN.

[–] [email protected] 19 points 9 months ago (1 children)

It should be fine as long you don't click through any SSL errors. And something like a bank should have HSTS enabled, meaning your browser will refuse to load the site if there's an SSL error.

load more comments (1 replies)

[–] [email protected] 44 points 9 months ago (2 children)

Why would banking be an issue? I get that its a target, but I really would expect a bank to take care of their TLS.

[–] [email protected] 19 points 9 months ago

Also i would expect banks to use some sort of 2FA where you have to manually confirm any transaction on your mobile device, or enter a code generated from there into your computer.

load more comments (1 replies)

[–] [email protected] 19 points 9 months ago (2 children)

While I've never seen a router default to the 172.16... range, to me it just means that someoe bothered to modify the settings. No wonder the network is faster.

Fear-mongering much?

load more comments (2 replies)

[–] [email protected] 34 points 9 months ago

Thank you, Lain.

[–] [email protected] 22 points 9 months ago

Thanks Lain.

[+] [email protected] 1 points 9 months ago

[deleted]

[–] [email protected] 24 points 9 months ago

Thank you Lain.

[–] [email protected] 130 points 9 months ago (1 children)

A pineapple can have any subnet it wants. Also I have multiple subnets that start 172.16.xx.xx

[–] [email protected] 45 points 9 months ago

you must be leet haxor

[–] [email protected] 108 points 9 months ago (1 children)

172.16.0.0/12 is a valid prefix for private networks. In fact, you get more hosts than 192.168.0.0/16, but less than 10.0.0.0/8.

https://en.wikipedia.org/wiki/Reserved_IP_addresses

[–] [email protected] 76 points 9 months ago (1 children)

Yeah, it’s not that it’s not valid for private networks, it’s that 172.16.42.x is common for WiFi Pineapples

[–] [email protected] 12 points 9 months ago (1 children)

Every "well ackqually" person in this thread is insufferable

[–] [email protected] 22 points 9 months ago (1 children)

IDK, I find them quite sufferable and in fact I'm learning something from this thread.

[–] [email protected] 6 points 9 months ago

Can't argue with that, I guess

[–] [email protected] 48 points 9 months ago (1 children)

really start to worry when it’s 169.254.0.x …

[–] [email protected] 10 points 9 months ago* (last edited 9 months ago) (2 children)

That just means the ~~DNS~~DHCP is disabled.

Edit: words

[–] [email protected] 23 points 9 months ago (2 children)

That is not what that means, it means there's no dhcp on that network segment.

[–] [email protected] 17 points 9 months ago (2 children)

In my defense, whenever there's a networking issue, it's always DNS related.

[–] [email protected] 4 points 9 months ago (1 children)

DNS being down is why the DHCP server didn't start ;)

[–] [email protected] 2 points 9 months ago

I can totally see dnsmasq causing this sort of thing.

[–] [email protected] 44 points 9 months ago (1 children)

The three stages of grief:

It can’t be DNS
There’s no way it could be DNS
It was DNS

[–] [email protected] 14 points 9 months ago

[–] [email protected] 1 points 9 months ago (1 children)

If there isn't DHCP and you device isn't set for a static IP, would it even connect?

load more comments (1 replies)

[–] [email protected] 23 points 9 months ago

“The hotel’s free WiFi is really fast”
“the DNS is disabled”

196

Be sure to follow the rule before you head out.

Rule: You must post before you leave.

Other rules