Fwd: Rogue AP Wireless on Windows/Linux

From: Chris Kuethe (chris.kuethe_at_gmail.com)
Date: 04/09/05

  • Next message: tmanster: "Re: Rogue AP Wireless on Windows/Linux" 
    Date: Fri, 8 Apr 2005 18:26:01 -0600
To: Pen Test <pen-test@securityfocus.com>

    For the archives...

    ---------- Forwarded message ----------
    From: Chris Kuethe <chris.kuethe@gmail.com>
    Date: Apr 8, 2005 6:25 PM
    Subject: Re: Rogue AP Wireless on Windows/Linux
    To: "szynkro@gmail.com" <szynkro@gmail.com>

    Try OpenBSD?

    Prism2 (and others I don't remember at the moment, rtfm) cards can be
    easily ifconfig'd into host-ap mode, and bridged, routed or natted to
    an uplink interface. It comes with dhcpd, bind, apache and a very
    capable packet filter allowing you to set up a captive portal or very
    credibly simulate an commercial access point. Use -current and you can
    even set your hardware address so you look like a commercial access
    point to those crafty users with netstumblers.

    Add a few goodies from ports/security and ports/net and you're set.

    On Apr 8, 2005 11:52 AM, szynkro@gmail.com <szynkro@gmail.com> wrote:
    > Hi,
    >
    > I'm looking for a way/all in one tool to simulate a wireless Access
    > Point on a Windows XP and/or Linux system preferably with built-in
    > DHCP daemon and all.
    > The goal is to see if we can trick wireless clients in connecting to
    > the AP, sniffing for potential credentials and other interesting stuff
    > etc...
    >
    > I've heard about hotspotter, airsnarf and alikes but don't know if
    > they are valid...
    >
    > The scenario would be sniffing the unknown wireless network for valid
    > SSID's and setting the SSID on the rogue AP.... then fingers crossed I
    > guess that signal is strong enough to get some clients connecting. Can
    > we force/help the client in associating with the rogue AP?
    >
    > Anyone some other valid (recent) Wireless Pen-Test scenario's?
    >
    > thanks
    > 

    --
GDB has a 'break' feature; why doesn't it have 'fix' too?
-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?
  • Next message: tmanster: "Re: Rogue AP Wireless on Windows/Linux"

    Relevant Pages

    • RE: wireless woes in the triangle and beyond!
      ... Wireless is going to be a big problem at many sites for sometime for sure. ... >> not as worrysome for customer info, they only have their inventory exposed ... >> As well as a really intereresting one on rogue APs: ... Not asking to be given credit ...
      (Vuln-Dev)
    • RE: [fw-wiz] Wireless
      ... Actually, I've got two Lucent Gold cards, I just think my wireless credit ... > If you can afford it, go with Cisco. ... but that doesn't help with the rogue connection issue- which is to ... > WiFi uses half duplex, so it is a shared collision domain, just like ...
      (Firewall-Wizards)
    • Re: Wireless Intrusion Detection
      ... Proxim together with a solid WLAN network management concept. ... rogue attempts from "normal use" failures. ... I haven't seen any WLAN IDS that can detect a 802.11FH AP wireless, ...
      (comp.security.misc)
    • Re: Wired detection of rogue access points
      ... Wireless security is just as important to companies without wireless networks as it is to those with! ... Wired detection of rogue access points ... A wireless router is hooked up to the network jack of a printer. ...
      (Focus-IDS)
    • Re: Detecting Rogue APs from the Wired network
      ... Can 802.1x be used to stop Rogue AP's from ... connecting, Once you have the users that is supposed to connect, ... create his own wireless lan. ... though a port on a switch, but then what happends if you have a hub ...
      (comp.security.misc)