Wow, they are that far into the playoffs.  Way to much Metasploit for me.  I usually start watching the playoffs.  Dang.

Go Mavs!!

Cutaway

I am going to recommend http://www.pfsense.com/.  Quick and easy to install.  I comes with some great features and it is built on top of FreeBSD.

Either way you will learn.

Good luck,
Cutaway

Saber123316:

First off welcome to our little community.  We hope you find it helpful and contribute often.

You have started as many people start.  I will tell you, and most here will probably do the same, that you need to stop analyzing your school's network because you will, eventually, get into very big trouble and your career in IT will grind to a halt.  NEVER, analyze anybody's network without WRITTEN permission.  So, if you are going to be helping your school get with your system administrators and write up a plan or contract.  If you are going to be helping your friend crack his wireless network you may want to get him to put it in writing in case you ever have a falling out.  The key to this game is to learn as much as you can while protecting your integrity and not crossing the line into illegal activity.

Now that all of that is out of the way here is some more guidance.  The questions you are asking are typical and have generally been answered.  Search here, search Google/Yahoo, Search other forums.  A good wireless forum (after you search here) is http://www.kismetwireless.net/forum.php or http://www.wardrivingonline.com/.

You are off to a good start.  Keep us informed with your finds and questions and we'll be glad to help.

Go forth and do good things,
Cutaway

Hmm, I'll start this with some Sun Tzu quotes from Wikiquote http://en.wikiquote.org/wiki/Sun_Tzu (because it is fun):


I think that we can all agree that these apply in some form or fashion.  Although some will like certain sayings better than others.

The point is that ethical hackers obtain their skills so that they can make a difference. If the only hackers out there are unethical hackers then there is only defense and no way to test the defenses.  This is a losing proposition.

Here is a real world example.  We have good police officers and we have police officers who act unethically.  Are you willing to dismiss all police officers because of the potential for an unethical element?

Go forth and do good things,
Cutaway

Submitted.  And I am graphic design challenged!
Cutaway

In the News on Mike Rothman's blog: http://securityincite.com/TDI-2007-04-23#TBP1

Cutaway

On the first day of the conference you should arrive a little early.  You are going to have to go through a manual or automated sign in process.  There you will be given your credentials and a schedule of sessions, classes, and vendor expos.  Most conferences do not make you sign up for specific events that are open to all attendees.  Generally there is room for all comers.

Good luck and have fun,
Cutaway

Although you say:


You actually mean, "Yes, for non-ethical reasons" when you say:


Although these may be in violation of your companies policies and procedures you are definitely treading on unethical grounds here.  This is the essence of ethical behavior, looking at something that might not be against the rules but think that "Hey, maybe I should not able or permitted to do this." 

If you have a concern about you colleagues business related activities then you need to bring it up with your management.  Of course, be ready to be critiqued yourself.  Management can the take it up with their IT staff or, if you are the IT staff, they can authorize you to take action.  In other words, as we always say here, "Always get written permission."

Of course, you will have to notify all of the personnel working at your business that they are being monitored.  You will want to check into bannering for all of your systems and all of the methods of access.  Then, once the banners are in place, you will need to train all of your personnel on the new policy and how if affects them before you can hold them responsible for adhering to it.

So, although looking at the information transiting the wire might be fun, is it worth your job or, possibly to likely, jail time?

Go forth and do good things,
Cutaway

I was going to print this out so that I can review it at my leisure but the PDF and PRINT options appear to be broken.

Thanks,
Cutaway

Calimar,
 
   Testing web applications is not something that you just jump into and get done.  There are many factors to it.  My suggestion to you is that you first consider how you have deployed your application.  You should look at resources like OWASP http://www.owasp.org/index.php/Main_Page which has guides to secure deployment and considerations for writing scripts that permit user interaction.  You will also find some useful guides to assessing your applications and tools to assist with the assessment.

   Don't forget to check out the XOOPS forums http://www.xoops.org/modules/newbb/.  I am willing to bet that somebody here has had the same experiences you have and they will be able to assist you.  If nobody has experienced your problems then the experts monitoring these forums are going to want to know about your issues so that they can begin to address them within their environments.

Go forth and do good things,
Cutaway

Great job to you both.
Cutaway

Wkto and BiDiBLAH are great tools that really require this extra functionality to provide the features that set them apart from other tools.   Adding AURA to give back this functionality is a great resource. 

Hopefully Google provides people with another way to utilize their services.  It is too bad that they don't have a problem changing how they do things at a moments notice and without notification.  If Microsoft did this people would riot.

Cutaway

You are not going to have a problem connecting your Linksys Wireless Router to your DSL/Router.  Just configured the Wireless Router for DHCP and it should obtain a IP address from the DSL/Router.  I would suggest that you change the LAN network for the Wireless router to a different NAT range (i.e 192.168.2.1) that way you do not have conflicts.

For your wired lab you are probably going to need a switch with 48 ports.  You should be able to pick on up from CompUSA or order it on Ebay or Craig's List.

Opps, I just got it.  You want to connect the two routers using wireless.  Well, you should take a look at this tutorial over at DD-WRT: http://www.dd-wrt.com/wiki/index.php/Wireless_Bridge although I suggestion you flash with OpenWRT http://openwrt.org/ which also has a tutorial at http://wiki.openwrt.org/OpenWrtDocs/Configuration#head-aba1228974499bb5dcaffdb2c3d45b07bcab2013.

Good luck,
Cutaway

What?  Now my monitor connection has to support copy-writing protections?  That is just wrong.  These things are starting to spread too far.  These protections need to be limited to the media and the software involved with reading it.  Somebody needs to grab these guys by the throat and tell them to knock it off.  (I know, that is not very PC but neither are they.)

Cutaway

Wow, I didn't realize that Kevan was talking about that type of system. 

Kevan, whoever suggested this to you must have been pulling your leg.  If you found these because they were cheap, well, you have to remember that you need a system that can run uptodate software.  The majority of operating systems that can run on this Compaq are no longer supported.  Sure they still run but they will have security flaws.  Plus most of the tools you are going to want to use will not work either. 

I suggested you go no lower than this.

http://cgi.ebay.com/DELL-LATITUDE-WIRELESS-LAPTOP-PIII-500-MHz-WIRELESS-NET_W0QQitemZ120106382481QQihZ002QQcategoryZ140080QQssPageNameZWDVWQQrdZ1QQcmdZViewItem

You can usually get these for somewhere around $100-$200.  If you can save a little more then you could get an even better laptop.  But that is up to you.  Just be careful with ebay sellers.  Always read the descriptions and try to get the seller on the phone and have them explain what you are getting.  Make sure that everything works including the power supply and battery.  The last thing you want to do is shell out for these which will double the cost of your laptop.

Good luck,
Cutaway