On the 27th of April, took place another OPOSEC Meetup.
On the OPOSEC [0x62] Agenda there were the follwing topics to talk about:
- RFID/NFC Cloning
- Home Network Security
And as usual, “LockPick Station”, where attenders could try to open several types of lockers, with some special tools.
Unfortunately I could only attend the first 30m of the meeting, enough time for some socialization, food and drinks, and learn something new…
The first talk was about Home Network Security, I only attended the first 20m and it was interesting, back in the days, people would be connected to the internet directly by a modem, which means everyone would be assigned a public IP to his computer.
This was all good, but would expose all sort of open ports to the internet, allowing all sort of attacks.
Nowadays, how routers are connected to the internet and filter all sort of traffic, protect us from many attacks, pretty much hide us from the all internet.
Now according to “deluxor” making this talk, if you set your router to go into “bridge” mode, like some people do to have their own router making all the network management instead of the ISP router, you would be assigned a Public IP on your PC, bypassing all sort of filtering rules.
He also tested a port scan on /24 IP range of his public IP and found all ports that used to be “filtered”, to be “open”.
This would allow people to easily find SMB ports open with no protection, being able to access all sort of private information.
On this Talk, “deluxor” tested this on the Portuguese “NOS” internet operator, I did tried on another operator “MEO”, and even though I would be assigned a Public IP on my PC, a port scan would still show ports “filtered”.
I do believe this is because of the type of connection to the operator, while “NOS” might still use PPPOE, “MEO” uses IPOE.
The second talk was about a more interesting topic, RFID/NFC cloning, now unfortunately I wasn’t present, but more interesting topics are still to come.