It's that it's in 172.16.42.0/24 which is the default dhcp settings for a wifi pineapple. It's the /24 mask given on the .42 that's a little suspicious because that's not a common range for anything else.

Being assigned one of those specific 253 hosts with that subnet mask would definitely make me think twice.

[–] BigDanishGuy@sh.itjust.works 11 points 1 week ago (2 children)

It's the /24 mask given on the .42 that's a little suspicious because that's not a common range for anything else.

Well now I know. I operate a ton of /24 subnets in the 172.16.0.0/12 scope. Technically I could fit them in the 192.168.0.0/16 scope, but I have lots of students connecting SoHo wifi-routers to the subnets, and this way it's pretty easy to tell, if someone put the WAN cable in a LAN port when people are getting 192.168.1.0/24 DHCP offers.

load more comments (2 replies)

load more comments (1 replies)

[–] bamfic@lemmy.world 15 points 1 week ago (1 children)

Isnt it also for docker?

load more comments (1 replies)

[–] Donkter@lemmy.world 12 points 1 week ago (2 children)

Wtf is with the "..." Explain why pls.

[–] praise_idleness@sh.itjust.works 23 points 1 week ago (2 children)

It's just one of many private ranges. Saying it's dangerous is like saying every websites using .xyz domain is dangerous(which makes little more sense than this, btw)

load more comments (2 replies)

[–] Carlo@lemmy.ca 23 points 1 week ago (1 children)

There's nothing at all suspicious about the 172.16.0.0/12 address block. It's a standard block of IP addresses that's reserved for use on local networks, just like 10.0.0.0/8 and 192.168.0.0/16. It's not a scheme exclusively or primarily used for illicit purposes.

load more comments (1 replies)

[–] tfw_no_toiletpaper@lemmy.world 61 points 1 week ago (1 children)

Please use a VPN anyway, as if hotel WiFi is secure lmao

[–] calcopiritus@lemmy.world 48 points 1 week ago (3 children)

HTTPS solved much of the security issues of untrusted networks. As long as you're not doing banking or whatever, you should be fine without a VPN.

[–] WIPocket@lemmy.world 43 points 1 week ago (2 children)

Why would banking be an issue? I get that its a target, but I really would expect a bank to take care of their TLS.

[–] Tryptaminev@lemm.ee 19 points 1 week ago

Also i would expect banks to use some sort of 2FA where you have to manually confirm any transaction on your mobile device, or enter a code generated from there into your computer.

load more comments (1 replies)

[–] Cornelius_Wangenheim@lemmy.world 19 points 1 week ago (1 children)

It should be fine as long you don't click through any SSL errors. And something like a bank should have HSTS enabled, meaning your browser will refuse to load the site if there's an SSL error.

load more comments (1 replies)

[–] secret300@lemmy.sdf.org 54 points 1 week ago (1 children)

Public WiFi is just PvP enabled

[–] Natanael@slrpnk.net 13 points 1 week ago

[x] Client isolation on

This is now a safe zone

[–] MystikIncarnate@lemmy.ca 51 points 1 week ago

The only part of this I didn't immediately realize is the wifi pineapples default IP range.

From now on, I'm going to set that as my clients default public IP range to troll anyone who knows.

[–] cerement@slrpnk.net 47 points 1 week ago (1 children)

really start to worry when it’s 169.254.0.x …

[–] joyjoy@lemm.ee 10 points 1 week ago* (last edited 1 week ago) (2 children)

That just means the ~~DNS~~DHCP is disabled.

Edit: words

[–] OsaErisXero@kbin.run 23 points 1 week ago (3 children)

That is not what that means, it means there's no dhcp on that network segment.

[–] joyjoy@lemm.ee 17 points 1 week ago (3 children)

In my defense, whenever there's a networking issue, it's always DNS related.

[–] 4am@lemm.ee 44 points 1 week ago (1 children)

The three stages of grief:

It can’t be DNS
There’s no way it could be DNS
It was DNS

[–] prex@aussie.zone 14 points 1 week ago

load more comments (2 replies)

[–] cerement@slrpnk.net 23 points 1 week ago

“The hotel’s free WiFi is really fast”
“the DNS is disabled”

[–] mlg@lemmy.world 46 points 1 week ago (2 children)

*connects to pineapple

*sets subnet to 10.0.0.0/16 so I don't have to type a yee yee ass class B/C address everytime I wanna do something with an address

*connects to pineapple

*Sets subnet to same as target network so paranoid user doesn't realize he connected to evil twin

load more comments (2 replies)

[–] jbk@discuss.tchncs.de 37 points 1 week ago

thank you lain

also omw to set up my dhcpv4 server to use that network whenever I create a hotspot

[–] ramble81@lemm.ee 35 points 1 week ago (5 children)

So I guess I must be a leet haxor because of all the businesses I configured for the 172.x space because 192.168.x space was too small and 10.x space was way the hell too big.

[–] InFerNo@lemmy.ml 9 points 1 week ago (5 children)

wdym too big? That's what subnetting is for.

load more comments (5 replies)

load more comments (4 replies)

[–] Draegur@lemm.ee 34 points 1 week ago

Thank you, Lain.

[–] thawed_caveman@lemmy.world 30 points 1 week ago (2 children)

Does this matter if the traffic is encrypted, such as an https website instead of http? Like, really how often is internet traffic unencrypted?

[–] beveradb@lemm.ee 20 points 1 week ago (1 children)

Yes, back when I was playing around with my WiFi pineapple there were a wide variety of tricks to break SSL authentication without it being obvious to users. Easiest was to terminate the SSL connection on the pineapple and re-encrypt it with a new SSL cert from there to the users browser, so to the user it looked like everything was secure but in reality their traffic was only encrypted from them to the pineapple, then decrypted, sniffed and re-encrypted to pass along to the target websites with normal SSL.

Man in the middle attacks really do give the attacker tons of options

[–] kahdbrixk@feddit.de 17 points 1 week ago (1 children)

That kind of ssl interception would normally be quite visible without your client device having the pineapples cert in your devices trust store, or am I wrong?

load more comments (1 replies)

[–] rmuk@feddit.uk 19 points 1 week ago

Not often. For web browsing - and the majority of apps - your session is encrypted and certified. Breaking SSL is possible but you'll know about it due to the lack of certs.

[–] Onionguy@lemm.ee 29 points 1 week ago

Thank you lain.

[–] peanuts4life@lemmy.blahaj.zone 24 points 1 week ago

Thank you Lain.

[–] Deadeyegai@lemmy.world 23 points 1 week ago

Thank you, Lain

[–] jabathekek@sopuli.xyz 22 points 1 week ago

Thanks Lain.

[–] aldalire@lemmy.dbzer0.com 20 points 1 week ago (1 children)

A lot of the comments here are saying that a pineapple can configure their subnet to use 10.x.x.x or 192.168.x.x. Is there any other way to determine if an access point is compromised?

[–] SirQuackTheDuck@lemmy.world 58 points 1 week ago (4 children)

Do some online banking. If your balance goes down more than expected, it's probably compromised.

load more comments (4 replies)

[–] MachineFab812@discuss.tchncs.de 19 points 1 week ago (2 children)

While I've never seen a router default to the 172.16... range, to me it just means that someoe bothered to modify the settings. No wonder the network is faster.

Fear-mongering much?

load more comments (2 replies)

[–] x4740N@lemm.ee 18 points 1 week ago

Thank you lain

[–] Rozauhtuno@lemmy.blahaj.zone 17 points 1 week ago

Thank you Lain.

[–] marfey@discuss.tchncs.de 14 points 1 week ago

Thank you lain.

[–] abbiistabbii@lemmy.blahaj.zone 12 points 1 week ago

Thank you Lain.

[–] Codandchips@lemmy.world 12 points 1 week ago

Thank you Lain!

load more comments