Follow up of What is the purpose of "Access Address" in BLE
Is the peripheral's access address randomly generated? Rolled per connection? I am aware the "r" MACs are rolled to prevent tracking so I would also assume the AA is?
Why didn't the BT SIG just make the AA and the MAC to be the same thing? Is there a good reason or functional difference the MAC wasn't bumped from 48 to 64 bits and replaced the Access Address? Holdover from BT Classic?
I haven't seen a good reason that access and mac would co-exist.
The access address is different for every connection and identifies the connection. Every new connection uses a newly randomized address.
If you use the Bluetooth Device addresses, should you use the central's address or the peripheral's, or a concatenation? Note that these are longer than 32 bits. Note that two BD adresses might differ by only one bit if they are produced in sequence. If only for example the central's BD address was used as "access address", then it can't have multiple connections in a reliable way.
The access address also has a lot of rules of forbidden bit patterns. This is to avoid mistaking noise or silence as a new packet, and to "lock" the radio synchronization.
So, there are a lot of good things with the access address.
Related
My work has a login system which doesn't use HTTPS. Login details are transmitted in plain text using HTTP Post.
I isolated the post request which sends the login details using wireshark, and found the username and password in the packets, in plain text.
Could an attacker listen the HTTP POST request wirelessly by being close to client's router or laptop somehow?
Is it even possible to sniff ambient WIFI transmissions by simply being in close range (If so, how)?
Level 1
Network utilities, like wireshark can monitor the TCP/ip network data when they are connected to the network. WIFIs without passwords can be attacked by a closer Wifi router using the same SSID or wifi name. Thus becoming part of your network and monitor tcp/ip network data.
If the WIFI has a password then only those who know the password can be part of your network and monitor the TCP/IP data using this method.
Level 2
Some USB Wifi adapter supports monitor and promiscuous modes (ALFA AWUS036H) or similar and on Kali linux but you can use other versions of linux they can monitor data sent over the WIFI radio signals without being logged in.
tcpdump, pyrit are wifi tools that allow people to capture and anaylze wifi radio traffic normally to pick up all SSID signals, Google may have used these with the vehicles that created google maps street view.
Since the data sent over WIFI may include a http posted data these can be read using these modes.
If the WIFI signal is encrypted then even if the posted data was to an http not https server the data is still encrypted.
Level 3
The government among others have software that can monitor the encrypted WIFI signal wait for an arp request which has a specific length in bytes so it can be identified as an arp request. Then using brute force go through millions of potential encryption keys until one key appears to resolve the captured arp request into a valid arp request. This takes a rather powerful computer running linux with a wifi antenna on the roof sitting next to your home for several hours. Some of the encryption keys are 128 bits, that would be 3 with 38 zeros. So they almost need a supercomputer.
Once they crack the wifi encryption then the only thing standing in their way is the HTTPS encryption, which have 4,294,967,296 possibilities but don't provide an easy method for the computer to determine if the key it has is correct since it does not know what it is suppose to be looking at. None the less it is still crackable by brute force but it will take a long time.
If a strange van with a generator and antenna is outside your home, send random data through the wifi. Something like ay9wwahwh8948yr9sfsahfkh It will never find the encryption key since ay9wwahwh8948yr9sfsahfkh looks like garbage when it gets ay9wwahwh8948yr9sfsahfkh it will think the encryption key is wrong.
LEVEL 4
Government, they go to the ISP and request what sites you visit then ask those sites for your information.
YES THEY CAN, Its call session hijacking.. There are sheer number of these Wifi hacker apps available on the internet. Most notably Wireshark and Interceptor-ng
YES.That the main goal of creating Https protocol
Read this "HTTPS helps prevent intruders from tampering with the communications between your websites and your users' browsers. Intruders include intentionally malicious attackers, and legitimate but intrusive companies, such as ISPs or hotels that inject ads into pages."
To prevent it use https and in our case use Vpn it will help encrpt you credentials.
When two computers are set the same ip address in a LAN(such as 192.168.1.100), both of them may receive incomplete packets. How does tcp on them react to this situation ? Will they ask for retransmission ?
My understanding is that TCP will reset the connections because of sequence number errors. So, connections will mysteriously and randomly disconnect, depending on when the stack detects the sequence number error.
You have two situations that can occur from this, one of the computers will be able to communicate fine while the other cannot at all, or they both will not communicate (if it stored the MAC ADDRESS in the ARP cache it will still try to route to the first computer on the network). Also, depending on the direction, if a computer that does not have a duplicate address trying to contact one of the duplicates, it will not the correct computer because they will be fighting over who has the ip address. If you swap that scenario, it will be asking for re-transmissions but no guarantee that it will ever get them, which leads back to them fighting over the response of who do I send it back to.
Hello Networking Gurus,
I have a question about IP duplication and how this impact the associated switches (layer 2). Sorry, I don't have any resources available to test this. It would be great if someone can shed some lights of their experience on this.
If I have two servers (Linux), say A & B, serving exactly same contents and for some reason they both are assigned same IP address. To be more specific, if A already has an address IP.100 and B has another address IP.200. Now at this point everything seems working and the switch has proper MAC addresses stored. If, later, B also gets the address IP.100, how would this affect the switch's ARP cache? When B gets the new address I assume it broadcasts ARP? to inform the associated switch.
So the question is, Does the switch stores both machines' entries? or overwrites the existing with new? Is there any standard behaviour or proprietary switches reacts differently?
If a client, with no ARP cache, tries to connect to IP.100, which machine would it be forwarded to? A or B or none? If A OR B, can I say from client point-of-view, that there's no outage? (Assume this is a static website, with no login sessions etc)
Feel free to point any relevant documentation.
Thank you in advance.
In theory, you shouldn’t have two hosts talking on the same IP, unless they are participating in routing. Eg any-cast. As things will break.
Each host will have its own MAC address. If the switch is only doing layer two forwarding, then the switch only keeps track of MAC addresses. It is the end hosts or routers that track ARP entries.
If you move IP 100 to B, then the hosts will update their own ARP table.
But if A and B have 100 at the same time, this will cause issues.
Switch will not see any IP's and do not have arp cache for forwarding packets , it will had only mac address table map macs to ports and macs in your case will be unique
I actually think this is how multicast works.
Hosts obtain a multicast address and all of the devices share that same multicast address.
A switch will gather collections of Mac addresses to that same multicast in it's mac table.
I could be wrong though....Still learning.
Im writing application that communicate (via serial port) with electronic device which i designed myself.
When my PC application starts - it opens available COM ports one by one and it sends some string ("What are you?" for example).
My device is programmed, to reply to that "magic question" with own ID (for example: "I am evil device for supervising employees").
When my PC software receive that "magic reply" it starts working normally and its not searching other ports anymore.
Of course im not using stupid questions in data transmission, its just example.
Question is - can i send strings like on all (not busy) ports, to discover my device?
If I can - how that "question" string should look? Are there any normalized standards?
This is not first project like this on my desk, but now im developing solution for little industry and i need to pay more attention what my application is doing, because there may be other devices connected to COM ports and I do not know how they can react.
Im sorry, if i made some language mistakes, english is my third language.
Thanks in advance for replies.
After Alvin Wong confirmed my concerns I thought about it again and redesigned my device discovery functionality, because I don't want to abandon that idea.
I will send unique-complicated-ID every 1-5 seconds from device.
When my PC starts - it will try to open sequentially all available ports and will listen for that ID for few seconds.
If application receive that ID - it will be confirmation, that port number/name is correct and I my connection is established.
No, you wouldn't want to do that.
When you are using COM serial port, you have no idea what is plugged into the port. It could be nothing, your device, a modem, a mouse (though I believe nobody uses this anymore...) or whatever you can't even imagine.
Imagine if it is connected to another computer (probably a Linux/router), sending things may lead to execution of "that command", thus creating unexpected effects (though your program may not notice). Or if it is some badly-programmed device, it may trigger a bug in the firmware, thus failing the device and making it malfunction.
In short, in the worst case, you can cause a catastrophic event.
Serial (RS232 or UART I assume) communications don't have a designated transfer protocol (in contrast to USB which has one) to identify a device, so it isn't fail-safe. The user must make sure he selected the correct port. This is probably one of the reasons why hardware manufacturers choose USB, and one of the reasons why USB is so popular, even to computer idiots.
Why do we need an IP address when the MAC address is unique? Cant we communicate only with the MAC address?
You COULD communicate using only the MAC address, but only on your local network. IP addresses are routeable, without every system on the network needing to know about every other. You just need to know a range of addresses that are on your local network, and throw everything else up to your router. The same thing happens at the ISP level. "All 216.x.x.x traffic goes that way, all 105.x.x.x goes that way..."(Obviously a gross oversimplification, but that's the basic process).
If we tried to route everything by MAC address, every machine on the network would have to maintain a list of every other participant, and it just wouldn't scale.
No. MAC addresses are specific to Ethernet, IP is independent of the underlying hardware. You can connect machines that don't use Ethernet to the Internet, if you have the required bridges.
MAC addresses are not unique. MAC addresses are reused between media. This is why wireless (802.11) and wired (802.3) may not both be present on one collision domain (see 802.1D).
MAC addresses are not clustered -- meaning that devices which are nearby in network space do not have nearby MAC addresses. IP addresses do have this property of locality. Do you intend to route packets by having a universal list of MAC addresses copied to every computer on the Internet, or do you intend to route packets to their destinations through a hierarchy of localities?
On a single collision domain, MAC addresses can be the primary addressing mode (q.v. arp and rarp). However, extension to multiple collision domains is ineffective for the above reasons.
A great professor of mine named George Varghese, now at UCSD, made the following apt analogy: You want to send someone a letter. The analogy of sending to a device anywhere in the USA based on its MAC address is like sending someone a letter knowing only their Social Security Number. It does uniquely identify someone (OK, yes, SSN isn't guaranteed unique, but suppose it was for the sake of example), but it would be very hard to find them without some giant table of where everyone lived that you could look up indexed by their SSN.
An IP address (and the similar Open Systems Interconnect, or OSI, network addresses) are more like USA phone numbers with area codes and exchange numbers: (AAA) BBB-CCCC, where AAA is an area code, BBB is an exchange number, and CCCC identifies an individual line at that exchange. There is hierarchical information encoded in that number, so that when you are far away from the destination, you only need a small table indexed by area code to determine a good "next hop" to forward the call to, rather than a table of all phone numbers in the country.
Ethernet is a Medium Access Layer protocol. It was designed specifically to connect computers on the same network. If you want to connect computers remotely located, you certainly need to jump to destination by hopping through several routers. IP (Internet Protocol) was designed with this goal in mind, hence the need for it, while Ethernet protocol does not support routing. Only some forms of primitive bridging that would not scale for something huge like the Internet.
they are used for different protocol layer.
MAC address is your device specific address. It has no relation with the geographical location, etc. you are in currently.
Ex: You can buy a cellphone/laptop in US and use it in Japan,
Australia, etc. But MAC address would remain the same. But IP address
would change with respect to the network you are connected to.
So it is difficult to route packet in an internetwork of portable devices especially.
How would it be:
Consider you have a portable network-accessing device with you on which you are using the internet. If we use only the MAC address, how would any incoming packet find the location of your portable-device. Since MAC address gives you only a fixed 48-bit device address. (The worst case scenario is using a desktop computer and having a MAC address without the IP facility. Coupling it with the static table to find your predefined location based on the MAC address, but our life is incomplete without these portable devices right?)
Thus we need some addressing scheme that can help us with addressing in a big and portable environment like internet, and thus the role of IP comes into picture, where address is hierarchal to provide a more geographically exact location.