Re: [Nolug] Unsecured wireless networks with everybody's favorite OS

From: brent timothy saner <brent.saner_at_gmail.com>
Date: Wed, 29 Jul 2009 17:51:21 -0400
Message-ID: <4A70C459.1070305@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dennis J Harrison Jr wrote:
> Put another router up with the same ssid, leave it open, and put no
> connection behind it. Increase the mw to 500 or better, and depending
> on the size of your install area, you should be good.
>
> I know this is a dirty work around.
>

actually, this is probably the best way to do this, and you're about
halfway there! here's a bit more complete way to do it.

what we want to do is effectively intercept all your employees' attempts
to access that AP, so the best we can do (assuming $neighbor doesn't
comply with your request to lock down his/her AP) is this:

1. grab yourself a router that you can flash openWRT[1] onto (and then
do so).

2. you'll want to, using airmon-ng, grab the following info of the
offending AP:
- -SSID
- -BSSID (should be in MAC format)
- -the channel/frequency it's broadcasting on

3. spoof the SSID and BSSID (using you should be able to set this right
within the openWRT configs), and use the same channel.

4. leave no uplink plugged in (OR set up a captive portal on it, warning
that attempting to access outside lines is outside $company's
informational security policy, etc.)

best case scenario, they'll get the captive portal page.

worst case scenario, they won't be able to pull a reliable lease.

an alternate (and even more sneaky) way of doing this is to put the AP
in client mode (which, yes, you can do with openwrt), link it to
$neighbor's AP, and firewall off all traffic between the two.

[1] http://openwrt.org/ has a link of supported devices. me
personally, i prefer the buffalo WHR-HP-G54S but there are a LOT of
options to choose from. as always with linux-related things, though,
check that hardware compatibility before you buy. read through the
hardware-specific documentation to make sure it doesn't require anything
silly like opening the thing up and soldering.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpwxFkACgkQ8u2Zh4MtlQpdIACfVottx2uppj+ShQ+XkP5FsVde
Q0kAnj+K0PzDal1+Nck1GIcPMWTk0quL
=FuLp
-----END PGP SIGNATURE-----
___________________
Nolug mailing list
nolug@nolug.org
Received on 07/29/09

This archive was generated by hypermail 2.2.0 : 08/06/09 EDT