"Free Public WiFi" at 32, 000 feet over the Pacific.

[cmerkel at gmail.com (Chris Merkel)]

I saw this phenomena as early as 03-04 in the midwest. I've also seen viral
ad-hoc SSID's offering up "Free Porn", "Sky Lounge WiFi", etc. In my
experience, you're going to see this the most in big cities, where, due to
population density, most people have realized they need some kind of
encryption (Chicago for example). That leaves a lot of XP boxes on, but not
associated with a specific AP.

This made me think of an interesting question - let's say a person is
plugged into ethernet, but is broadcasting an ad hoc SSID. Assuming you can
own his box, gaining access to the internal network should be a snap, right?
I've never had that kind of test in-scope for a pen test - any pentesters on
list ever tried that on a client site?

- Chris Merkel


On Tue, Dec 2, 2008 at 7:13 AM, Joshua Wright <jwright at hasborg.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > Other explanations exist for this phenomena...
> http://billkosloskymd.typepad.com/wirelessdoc/2008/01/free-public-wi.html
>
> Also:
>
> "How WiFi Ad-Hoc Networks are Like Zombies (or, the Free Public WiFi
> Phenomenon)"
>
>
> https://edge.arubanetworks.com/article/how-wifi-ad-hoc-networks-are-zombies-or-free-public-wifi-phenomenon-0
>
> https://edge.arubanetworks.com/article/how-wifi-ad-hoc-networks-are-zombies-or-free-public-wifi-phenomenon-part-2
>
> - -Josh
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
>
> iEYEARECAAYFAkk1NIMACgkQapC4Te3oxYx6VwCeKv1kDnkn763+v3R22Tobcy8a
> oa8AnjbuWsscJTYSozwmpO0n9VHbycJg
> =k6Ix
> -----END PGP SIGNATURE-----
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20081202/e3952344/attachment.htm