lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <9E97F0997FB84D42B221B9FB203EFA273F33C2@dc1ms2.msad.brookshires.net>
From: toddtowles at brookshires.com (Todd Towles)
Subject: WiFi question

I would have to agree with GuidoZ. The changing MAC would point to
something being up. AP using different channels is pretty common in some
models but the MAC changing and being different vendors points to fake
AP.

I bet you 10 bucks the WEP key changes on all but one of them each time
too..lol  

> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com 
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of GuidoZ
> Sent: Wednesday, November 17, 2004 12:42 PM
> To: colin.scott@...lc.com
> Cc: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] WiFi question
> 
> I'm not 100% on this, as it could be something I've never 
> heard of (of course). However, it sounds a lot like someone 
> is playing with
> "FakeAP":
>  - http://www.blackalchemy.to/project/fakeap/
> 
> It's not real difficult to setup and only requires a Prisim 
> chipset card (one or more) and a compatible Linux distro. 
> It's been around for over 2 years, but hasn't been touched 
> for about the same amount of time. See the site for more.
> 
> --
> Peace. ~G
> 
> 
> On Wed, 17 Nov 2004 13:53:07 +0000, colin.scott@...lc.com 
> <colin.scott@...lc.com> wrote:
> > List,
> > 
> > I'm an expert in nothing so when I saw this I had to ask, 
> as Im sure 
> > theres someone out there that is a WiFi expert.
> > 
> > Google has found no answer so here goes.
> > 
> > Last night we saw a new access point appear. No problems 
> its an ad-hoc 
> > network so its someone's machine with XP on configured for 
> their home 
> > W-LAN probably.  Running Netstumbler shows more on it though.
> > 
> > You get 2 Access Points showing this ESSID for a few 
> seconds. Then you 
> > get a 3rd, then a 4rth. Then the first two drop off, this 
> repeats forever.
> > Always using a different MAC address when a new AP appears. The APs 
> > are all WEP enabled (which I cant crack cos I dont have the 
> savvy or 
> > the tools :) ) and this goes on forever.
> > 
> > The MACs are all from different pools (i.e. assigned to different
> > manufacturers) so the only conclusion is that they are all 
> spoofed MACs.
> > 
> > I have walked around the office and as far as I can tell its coming 
> > from this office (the IT dept), basing that assumption on 
> signal strength.
> > 
> > Anyone seen any tools that do this?   I would love a little 
> hand-held
> > gadget that would help me find it (like the scanner in Alien!)
> > 
> > Answers on a post card :)
> > 
> > Colin.
> > 
> > 
> **********************************************************************
> > ****************
> > 
> > This e-mail is confidential and may contain privileged 
> information.  
> > If you are not the addressee or if you have received the e-mail in 
> > error, it may be unlawful for you to read, copy, 
> distribute, disclose 
> > or otherwise use the information which it contains.  Under these 
> > circumstances, please notify us immediately by returning 
> this mail to 
> > 'mailerror@...lc.com' and deleting this e-mail from your system.
> > 
> > Any views expressed by an individual within this e-mail do not 
> > necessarily reflect the views of Cadbury Schweppes Plc or its 
> > subsidiaries.  Cadbury Schweppes Plc will not be bound by any 
> > agreement entered into as a result of this email, unless 
> its intention is clearly evidenced in the body of the email.
> > Whilst we have taken reasonable steps to ensure that this 
> e-mail and 
> > attachments are free from viruses, recipients are advised 
> to subject 
> > this mail to their own virus checking, in keeping with good 
> computing 
> > practice. Please note that email received by Cadbury 
> Schweppes Plc or 
> > its subsidiaries may be monitored in accordance with the 
> prevailing law in the United Kingdom.
> > 
> > 
> **********************************************************************
> > ****************
> > 
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ