InterceptRadio.com Forums

One of the things I find WiFi most useful for is being able to VPN into my home LAN. However, I've run across some systems that, for whatever reason, seem to actively block VPN traffic.

For the benefit of others who may be using (or trying to use) VPN, here's some of what I've found in the region so far.

SEATTLE MAIN LIBRARY (free access, wired or wireless): VPN seems to work as long as you use Microsoft PPTP or Cisco's LEAP protocols. IPSEC-based clients (at least Watchguard's implementation of such) do not seem to work.

KING COUNTY LIBRARY SYSTEM (free access, wireless, all locations): VPN works fine, either IPSEC or PPTP. Haven't tried LEAP as I don't have a Cisco firewall.

RENTON LIBRARY (free access, wireless): Terrible. VPN doesn't work at all. Utterly useless for anything other than surfing the web.

DOWNTOWN KENT WIFI ZONE (free access, time-limited to two hours per session, online acceptance of user terms required for access): Didn't work as of my first attempt just before Christmas of 2005. However, the City of Kent network admin says that this was due to a configuration error following an equipment upgrade. Will try again soon.

BEST WESTERN HOTELS (free access, wireless, wired as well in some locations): One of BW's goals is to eventually have free high-speed wireless at all their properties. So far, with the ones I've stayed at (in Yakima and Olympia), VPN works just fine, either IPSEC or PPTP.

I hope this helps. Keep the peace(es).

_________________

Bruce Lane, KC7GR
Owner, Blue Feather Technologies
Motorola programming and conversion service available. See http://www.bluefeathertech.com/rf.html
"Salvadore Dali's computer has surreal ports..."

Hey, how did your little green monster know who I am?
I mean firefox, nocharge and xp, wow!

Now i'm going to trace you!
That's scary! :twisted:

(chuckle) I wondered that myself the first time I used that silly thing. Apparently, what it's doing is querying your browser, through standard HTML calls, as to the nature of the OS, browser, and originating IP address.

You can make your own "little green monster" simply by visiting the Danasoft.com site and doing a little typing. They'll let you create your own customized sign.

As for tracing, heck... All my contact info is at http://www.bluefeathertech.com, and I work for the State Patrol. I'm not hard to find if you know where to look. ;-)

Keep the peace(es).

_________________

Bruce Lane, KC7GR
Owner, Blue Feather Technologies
Motorola programming and conversion service available. See http://www.bluefeathertech.com/rf.html
"Salvadore Dali's computer has surreal ports..."

Yeah I checked it out after my last reply.
I was curious as I am trying to teach myself html and web authoring.
So what do you do w/ WSP? I'm retired LE myself.

There are also little green monsters that prowl around wifi spots looking for people to vpn to home or work. Please be careful!

I hope the firewall & Zone Alarm would stop a peer to peer snoop.
I was over in Spokane a couple weeks ago and picked up unsecured wifi signals all over the place. Downtown its free for two hours after you register and accept. The hotels all had wifi, and even in residential areas there were signals.

Firewalls are great from protecting you from the internet itself, but if the attacker is on the same network as you....thats where the problem lies.

Free hotspots equal everyone on the same network. Nat is not going to protect you from that. Even if you think your secure on a wireless vpn (very bad idea) readily available programs such as ethereal can sniff out key packets quite easily.

WEP is a joke. Keys can be cracked (depending on the attacking computers speed) within an hour(s)

WPA is somewhat better than WEP if its used properly (key over 30 characters)

With enough time any wireless encryption can be broken. Hotspot= slim to no protection.

And no Zone Alarm won't help you either.

Stay Secure!! :D

Thanks for the tip. I learn something everyday.
I don't use wifi except for the experience in Spokane. Can a snoop get into my unshared files on a wlan? Or a peer to peer?
Jay

Where can I learn how to set up a VPN? I use a Cingular UMTS card.

_________________
I taste copper.
Comments, views, opinions - and trails of destruction - are my own.

Once someone is part of the same network as you and has a few tools. Unshared files can be made shared. Or they can log in as you and basically have the same control over your computer as you do. A fun program is netbus. It allowed for taking complete control of ones computer (got better as internet speeds increased) Imagine just surfing around the net and your mouse suddenly had a mind of its own?!?!?!? Your cd tray began to open and close on its own. Its a fun program that I have on my own network (I play tricks on the wife) It is an older program and there are better ones.

As far as vpns.....they are fussy. It can work great for a day and then the next its all jacked up. Its all about having the proper equipment. I vpn to my work through a very expensive router. The better your equipment the more reliable and secure your connection will be. Just do a search on google and take some time to read about it. Its not hard to setup at all....it just takes routine work to keep it tidy.

Good Luck

I'm the radio shop tech for D2 (Bellevue), though my duties frequently venture beyond fixing trooper radios into the realm of using every talent I've got to solve a given electronics problem. I also certify the radar and LIDAR units used to catch speeders.

And no, there really isn't any way to fool such devices without tipping off the operator that something's amiss. ;-)

Keep the peace(es).

_________________

Bruce Lane, KC7GR
Owner, Blue Feather Technologies
Motorola programming and conversion service available. See http://www.bluefeathertech.com/rf.html
"Salvadore Dali's computer has surreal ports..."

It's not particularly easy, and you need three things before you can even try.

(1) A home (or office) network with machines you want to access from the road.

(2) A router/firewall as part of said home/office network that is capable of handling VPN traffic.

(3) Client software for your remote computer that matches the type of VPN (IP-SEC or PPTP) you're trying to use.

Once you have those three things, you should follow the instructions in your router's user manual. No two network hardware vendors will implement it in quite the same way. My own firewall is a Watchguard Firebox II I got years ago.

I have good reason to need VPN because I'm fully self-hosted for my Internet presence (translation: I run all my own servers -- Web, DNS, mail, FTP, the works). I am, in effect, my own ISP, but this also means I need a way to get in and get my mail while I'm on the road, and that method needs to be faster than dialup.

Yes, there is always a risk that someone will set up a "man-in-the-middle" attack. However, they'd have to be pretty bloody clever, and have just the right equipment, to make themselves look like your target VPN node.

Given the degree of sophistication required to pull this off, and considering the military-grade encryption that a properly-configured IP-SEC VPN interface uses (called 3DES, if I recall correctly), I consider the risk to be minimal.

Sure, any encryption can be broken... but how quickly? You still need supercomputer power for the high-end stuff if you expect to break it in less than months or years.

Keep the peace(es).

_________________

Bruce Lane, KC7GR
Owner, Blue Feather Technologies
Motorola programming and conversion service available. See http://www.bluefeathertech.com/rf.html
"Salvadore Dali's computer has surreal ports..."

You're right on the radar thing. When I was LE I've heard "but I have a radar detector" several times. I want to say "so what". The 'instant on' feature was cool, it was either the falcon or custom thet has it, I can't remember. Probably both now.
Radar detectors are the biggest, complete waste of money. Especially with Lidar.

Exactly. The laser beam is so tightly focused, and pulsed so quickly, that by the time your detector alerts you the trooper has already acquired your speed. It really does happen in milliseconds once the LIDAR unit gets a good reflected signal back.

Keep the peace(es).