Security Basics mailing list archives
Re: proving a wireless router is shared/open
From: JGrimshaw () ASAP com
Date: Fri, 13 Feb 2004 17:04:21 -0600
I would suggest looking for a MAC address in the ARP tables of your infrastructure equipment and look for anomalous IP addresses, and find the ones that do not belong. You should already know what IP addresses you have (or hopefully a good idea), and you can correlate the IPs with the MACs and the pieces should fall into place--either a bunch of IPs are used up where they shouldn't be, or a bunch of IPs are associated with a specific MAC address (where the access point is plugged in). Either way, what you know isn't yours is probably the best place to start yanking cables once you find where that IP/MAC are connected. The access point has to connect somewhere, and it likely has a valid address on your network. Its MAC address would be associated with it. And yes, it would probably be easiest to just try to hijack a connection and see if you can trace end-to-end where the connection begins and ends. Even if you are unable to crack it, you could at least try to triangulate the position by closing in on it from three different angles. In the middle--that's where the access point is. It could be difficult to physically pinpoint one without even connecting to it or detecting the signal, so if you can't do that, the exercise becomes more of a headache. If you are at the type of place where there are hubs connected to hubs and other switches and so forth, it can be quite the hunt finding where the initial connection starts. "Steve" <securityfocus () delahunty com> 02/12/2004 02:59 PM Please respond to "Steve" <securityfocus () delahunty com> To <security-basics () securityfocus com> cc Subject proving a wireless router is shared/open Have an odd situation where we want to prove that a wireless router is being shared by a bunch of people, that is not restricted in any way, so the ISP bandwidth is being used by a groupof folks that should not be on the router/ISP. I cannot give more details. But, how would you prove such a thing if you had to ask someone else to obtain this proof since you yourself could not just walk up with your laptop and wireless NIC and jump on the wireless router? --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- iptables Jorge Garcia (Feb 12)
- RE: iptables Joey Peloquin (Feb 12)
- proving a wireless router is shared/open Steve (Feb 13)
- Re: proving a wireless router is shared/open JGrimshaw (Feb 13)
- security architecture Nagy Gergely (Feb 16)
- Re: security architecture Hollis Johnson (Feb 18)
- proving a wireless router is shared/open Steve (Feb 13)
- Re: proving a wireless router is shared/open phaseone (Feb 16)
- RE: proving a wireless router is shared/open dave kleiman (Feb 16)
- Re: proving a wireless router is shared/open JM (Feb 16)
- RE: iptables Joey Peloquin (Feb 12)
- <Possible follow-ups>
- RE: iptables Mike (Feb 12)
- RE: iptables Shawn Jackson (Feb 13)