lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <9E97F0997FB84D42B221B9FB203EFA279DA3B5@dc1ms2.msad.brookshires.net>
From: toddtowles at brookshires.com (Todd Towles)
Subject: Wi-fi. Approaching customers

I would run about three Linksys WRT54G's with OpenWRT or Sevasoft OS.
Using Kismet drone to detect new SSID or MAC other than your own. This
would help you find reverse wardrivers as well. Plus the outside APs
themselves shouldn't really be dectectable because they are sniffing
instead of acting as unconnected Aps.

I guess you can use FakeAP for something like this as well. 

> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk 
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf 
> Of Mark Senior
> Sent: Wednesday, March 16, 2005 10:26 AM
> To: Ron DuFresne
> Cc: full-disclosure@...ts.grok.org.uk
> Subject: RE: [Full-disclosure] Wi-fi. Approaching customers
> 
> Just making a wild guess here, but - if I were going to 
> implement something like this, I'd think to use a rough sort 
> of triangulation.
> Put access points outside the building, but don't use them to 
> grant network access, only to compare the signal strength of 
> transmissions you pick up on the inside access points.
> 
> That might then open you up to someone with a carefully aimed 
> directional antenna shooting their signal straight at one of 
> your "inside" sensors, and letting the "outside" ones only 
> see a very weak signal.  Still, just sitting in a park with a 
> laptop should be detectable.
> 
> I guess you could only meaningfully compare signal strengths 
> as seen at different points, as at light speed the delays 
> wouldn't be measurable with any sort of accuracy.  (If you 
> could measure the delays you'd be in great shape - that was 
> used in WWI to pick out the location of gun batteries, just 
> using two mics and very accurate timers.)
> 
> Purest speculation though - I've no idea how they do this.
> 
> Mark
> 
> 
> -----------
> on March 15, 2005 22:04 Ron DuFresne wrote:
> 
> On Wed, 16 Mar 2005, Gregh wrote:
> 
> 	[HEADERS SNIPPED]
> 
> >
> >
> > >
> > >>From what little I read on their site, it seems to be a 
> radius auth 
> > >>mech
> > > based upon MAC addresses.
> > >
> >
> > Isn't that basically what a lot of wi-fi broadband router/modems do
> anyway?
> >
> > Eg, set up a netgear DG834 (think it was) and it was having problems
> with auto assigned IPs for lan members so shortcut the 
> problem by telling it to manually assign IP number to MAC so 
> that each time a MAC came in range it got the same IP number 
> always. I set the IP numbers manually at each client computer 
> and thus they would only connect using that number. 
> Connection problems died off instantly, then. The upshot is 
> that if the MAC is unknown, it cant get access now even if 
> the WEP is successfully decrypted. Wouldn't that radius auth 
> be basically that idea?
> >
> 
> That's what I read, as well as a lot of talk about 
> "location-enabled network or LENs", which the more reading I 
> do give the impression they have some kind of GPS 
> functionality invovled, this is the only way I can make any 
> real sense of their claims to be able to segment the wLAN<s> 
> into locations and determine a sense of perimiter limits and 
> location sense.
> Of course, I'm trying to give the benefit of the doubt and 
> read that they actually sell what they are claiming in marketing lit.
> 
> Thanks,
> 
> 
> Ron DuFresne
> --
> "Sometimes you get the blues because your baby leaves you. 
> Sometimes you get'em 'cause she comes back." --B.B. King
>         ***testing, only testing, and damn good at it too!***
> 
> OK, so you're a Ph.D.  Just don't touch anything.
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://www.secunia.com/
> 
> This email and any files transmitted with it are confidential 
> and intended solely for the use of the individual or entity 
> to whom they are addressed. If you have received this email 
> in error please notify the system manager. This message 
> contains confidential information and is intended only for 
> the individual named. If you are not the named addressee you 
> should not disseminate, distribute or copy this e-mail.
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://www.secunia.com/
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ