Tuesday, June 17, 2008

Ahhh, poor IT management is my gain

I'm sitting in a hotel (hotel to remain unnamed) room in Rexburg (I'm here for a wedding) and the hotel is supposed to have wireless internet. The connection was working for about 10 minutes and then crapped out. So I started doing some troubleshooting. Luckily the access points are mounted outside on the balcony completely accessible. So the first step was to try connecting to another of the access points they have, no luck. So I disconnected one of them and plugged in my own ethernet cord, that worked beautifully, so the problem was with the access point itself. So I came back inside and re-associated with the access point. Then I pinged the broadcast to see what IP address would respond, just one. Good, that must be the access point. So I do a port scan on it and discover it indeed has port 80 open (web page access).

I point my browser at the IP address and I get the expected login prompt. I quickly try a few default passwords (usually Linksys devices are setup with no username and the default password is 'admin') this, and a couple of variations didn't work. However, on like my fifth try I got in. Username: 'admin' Password: 'admin'. [shakes head slowly]. If I were a jerk I could simply go around and reprogram each of their access points and cause all sorts of mayhem. But since my goal was to get internet access I moved ahead with that in mind.

Note: First of all, allowing admin logins over the wireless connection is a very stupid idea. Second, leaving the default name and password on access point which allows wireless admin logins is a very bad idea.

But in this case, it worked quite nicely. I then did a wireless scan to find the least cluttered channel (guessing that the connection issues were due to channel congestion). I then switched the access point to run on channel 8, and low and behold everything is working marvelously.

So the moral of the story is: Don't leave admin accounts to your wireless access points using the default information especially if you allow wireless admin logins--- unless, of course, you want to allow a friendly guest hacker to fix your poorly configured network.

2 comments:

Brooklyn said...

Hahahahhahhhahaha.

This entry was amazing. :) Hope Rexburg is fun ... looks like you decided against the "fit it all in one day" idea :)

enigmatic said...

I think the real lesson is to either have a secure network or don't have cs people near you network.

I am glad you were able to fix the problem. I hope you had a good time at the wedding :)