Security Basics mailing list archives
Re: Strange WLAN behavior
From: Jarrod Frates <jfrates.ml () gmail com>
Date: Tue, 30 Mar 2010 15:54:22 -0700
On Tue, Mar 30, 2010 at 11:58 AM, Jon Janego <jonjanego () gmail com> wrote:
By default, Windows XP will probe for all the access points you've set up and you want to remove any reference to the "hijacked" AP.
I believe that there was a patch that was integrated into SP3 that addressed this behavior, stopping it by default. But clearing out the wireless configuration is probably still a good idea. On Tue, Mar 30, 2010 at 10:30 AM, Adam Mooz <adam.mooz () gmail com> wrote:
It sounds like there's a rogue/malicious AP hijacking your internet, I'd suggest you cloak your SSID, implement MAC address filterting, and change your password ASAP.
Depending on how the malicious AP is setup, the first two will not work at all. MAC addresses are also trivial to spoof, even automatically. Cloaking your own SSID means that one has to send out a probe for it, which can be happily answered by a rogue AP. If the rogue AP is using KARMA (or worse, Karmetasploit), it will be perfectly happy to answer as just about any mainstream service, saving all of the associated passwords and keys and forwarding the traffic on (while, of course, monitoring everything going by, and maybe even sending back other helpful things in addition to the requested information). Changing the password may work only so long as one doesn't inadvertently connect to the rogue AP again. -- Jarrod Frates GAWN, GCIH, GPEN ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Strange WLAN behavior Norealenemy (Mar 30)
- Re: Strange WLAN behavior Jon Janego (Mar 30)
- Re: Strange WLAN behavior Rob Thompson (Mar 31)
- Re: Strange WLAN behavior Norealenemy (Mar 31)
- Re: Strange WLAN behavior Adam Mooz (Mar 31)
- Re: Strange WLAN behavior Norealenemy (Mar 31)
- Re: Strange WLAN behavior Rob Thompson (Mar 31)
- Re: Strange WLAN behavior Adam Mooz (Mar 30)
- Re: Strange WLAN behavior Jarrod Frates (Mar 31)
- Re: Strange WLAN behavior Adam Mooz (Mar 31)
- Re: Strange WLAN behavior Jarrod Frates (Mar 31)
- RE: Strange WLAN behavior Murda (Mar 31)
- RE: Strange WLAN behavior Norealenemy (Mar 31)
- Re: Strange WLAN behavior Jon Janego (Mar 30)