 |
 | 
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS | Re: If You Build It Not convinced.
Purpose design hotspot PnP routers, besides the SSL login have an ISOLATE user function which prevents wifi users from seeing each other. In this scenario how is one going to get the mac address off a legitimate users laptop???? | |
|
|
jjoshua
Premium
join:2001-06-01
Scotch Plains, NJ | ICMP Tunneling That's a new one for me. Thanks! | |
|
| 
en102
Canadian, eh?
join:2001-01-26
Valencia, CA | Re: ICMP Tunneling I've typically only performed tunnelling over SSH, and have tunnelled SSH over SSH :P
--
Canada = Hollywood North | |
|
| 
Cabal
Premium
join:2007-01-21
02101
| Tunneling over DNS seems to work even better, as ICMP is optional for a lot of things these days, but DNS is still pretty much a requirement.
--
Interested in open source engine management for your Subaru? | |
|
Techie714
join:2005-08-02
Anaheim, CA |  WPA/TKIP?
| |
|
| sharksfan3
Premium
join:2004-02-16
Pleasant Valley, NY | Re: WPA/TKIP? I think the issue here is with people 'hacking onto' pay Hotspots found at places like Starbucks. I haven't seen any of these that require WEP/WPA/TKIP. | |
|
| 
Jerm
join:2000-04-10
Richland, WA | Umm no this only applies to wireless hotspots that allow you on the network, but you must pass a "pay me" page to actually gain internet access.
Actually the tunnel option is good too, but normally is pretty slow. | |
|
| | Time4aNAP
Premium
join:2007-04-09
Des Plaines, IL
 ·Speakeasy
 ·Comcast
| Re: WPA/TKIP? said by Jerm  :Umm no this only applies to wireless hotspots that allow you on the network, but you must pass a "pay me" page to actually gain internet access. That "pay me" page (captive portal) is an ideal place to set a cookie, or something similar. Pretty much anything that can generate a large random number to use as a session ID, and a rule for expiration should do it. Precisely how it's implemented can range from the most simple to being diabolically complex. As long as there's a time-out after which the user's credentials must be supplied, giving the MAC spoofer a very narrow window of opportunity to connect after the legitimate client has left, before a valid username and password is required. And since stuff like that is sent using SSL, the spoofer would be out of luck. | |
|
Jerm
join:2000-04-10
Richland, WA | Umm this is new? I used to use Ethereal and just reg-edit in a new MAC at the airport all the time... like 5 years ago :P
It's funny how time goes by and then all of a sudden the exploit is "new" again. *sigh* | |
|
| 
tekmunki
Tekmunki
Premium
join:2001-12-06
Lake City, FL
clubs: 
·NuVox Communications
·Comcast
edit:
July 11th, @02:23PM
| Re: Umm this is new? said by Jerm :I used to use Ethereal and just reg-edit in a new MAC at the airport all the time... like 5 years ago :P It's funny how time goes by and then all of a sudden the exploit is "new" again. *sigh* I was thinking the same thing- this practice has been going on for a while.
We caught some people doing this at a college I used to work at - kept having IP address conflicts on a private (faculty) network and finally an audit of the traffic of an offending IP that was "offline" at the time eventually led us to the dorm rooms, which also led the students to disciplinary action.
edit:
They then took my advice and implemented an encryption on the wireless networks. I left 2 weeks before they deployed a radius server. | |
|
| | ossito16
join:2004-07-31
Whiting, IN
| Re: Umm this is new? what did you use to sniff or audit traffic of someone who is no longer online. I used airopeek but it only gives the url's visited while they are online and I am scanning at same time. I was doin the wireshark thing myself but it became boring, plus there are way to many free hotspots to be stealing someones mac address. | |
|
| | | |
| | | | SylphFi
Premium
join:2007-06-07
Moses Lake, WA
 ·Spectrum Communica..
·Northland Cable Te..
edit:
July 11th, @06:28PM
| Re: Umm this is new? He most likely had a highly directional antenna, and then took signal strength readings from different locations, while the offender was transmitting. After recording, on a map or even plain piece of paper(just make sure you know the exact distance between each of your locations), the locations and heading from each location, he would have the offender's location pinpointed (where all the lines crossed).
I am guessing his device was able to be programmed with the offender's MAC address (or other identifying mark), so it would only "light up" when he/she was transmitting. Then they wouldn't have to worry about tracking the wrong signal, or having all the legitimate users turn off their connections during the search.
Edit: I forgot you said it was hooked to his laptop. In that case, he most likely had a program that separated out the signals and determined the direction (and possibly distance) of the signal he wanted to follow. Within 10 minutes he could be at the person's door. | |
|
|
| 
TK Junk Mail
Go ahead, make my day
Premium
join:2002-03-03
Margate City, NJ
clubs:
·Comcast
| Re: Sniffing said by Karl Bode :Our readers who think it's highly immoral to freeload off of a neighbor's unsecured Linksys should find this downright evil. And from your comment, I infer that you don't find it immoral. WHY??
--
--
Internet News
My BLOG
My Web Page | |
|
| | |
| | | |
| | quatrix
join:2005-02-11
Davie, FL | Because that's the kind of thing this site promotes. The last time I said that, I got blasted. But there's more evidence. | |
|
| | 
Anomus
@rr.com
thumbs down from:
TK Junk Mail
| I cant really comment about morality because everybody has their own version of it. I have been cantennaing off my neighbors for over 2 years now. I have my own spoofed MAC on my DDwrt Linkys and it doesnt bother anybody as my time tested behavior has proven. I DL gobs of movies so I do it for the anonimity from attack by fiscally drowning lawsuit. The access is open and I dont go thru any hacking to get it. I can be booted at the mear press of a reset button but it never happens. It would be too much hassel if I had to sniff codes and hack passwords. And why bother when so many so freely share their wireless. When you have to work hard at snatching what somebody else has worked hard to protect, then it becomes easy to label as an illegal act with dire peril and consequances. And even the DLing itself is such a grey area when calling it illegal that the industry has not allowed any of these cases to make it thru court for fear of a landslide loss. After all, we listen to free content on TV and radio and have taped and VCRed since our parents were kids. Calling us criminals is easy, making it stick in court is a total crapshoot. Only the future will reveal our new morality. | |
|
| | | AJICQ499087
join:2001-12-01
Louisville, KY
| Re: Sniffing Unprotected hot spots should be ok to use...it's the ones where you have to break in which is stealing. There are so many unprotected hotspots in my area, there is no reason to bother breaking in.
--
low cost and fast speed is what customers want in broadband | |
|
| | | | Skippy25
join:2000-09-13
Hazelwood, MO
| Re: Sniffing Ill take it further and say anom here is a moron and any wireless network that is not being publicly advertised as shared is off limits. This includes this anom moron's neighbors. Even if they leave it without security, that does not automatically give this dumbass or any other dumbass the right to leech off it. | |
|
| | | | | 
FiL
Premium
join:2005-08-16
Silver Spring, MD | Re: Sniffing Well, Skip, I think your the dumbass for broadcasting your wifi into other peoples living rooms...Thats YOUR fault, we just capitalize off it.  | |
|
| | | soccerguy
join:2004-06-28
Seattle, WA
·Speakeasy
| You don't need to comment on morality at all. You're a criminal and a thief, pure and simple. You can try and justify your actions any way you want, but it doesn't change anything. Your other posts on similar topics have bragged about how you have hacked into your neighbor's router (inferring that it was not open, but already secured) and changed the password to something that only you know and that a reset is the only way for them to regain it. That is despicable behavior (and a criminal act in many states). A router is $50, broadband about the same or less. Quit being a cheap-skate and get your own. | |
|
| | | Time4aNAP
Premium
join:2007-04-09
Des Plaines, IL
·Speakeasy
·Comcast
| said by Anomus :
Calling us criminals is easy, making it stick in court is a total crapshoot. Only the future will reveal our new morality. You make a good point. I predict a future where somebody feels free to knock down a door (or a wall, whatever works), walk right into your house, perform some experimental unlicensed surgery on you, and then take all of your stuff. And the neighbors won't see anything for some strange reason.
But hey, it's all good, right? You have the consolation of blaming someone's parents! Have fun in the brave new world that you're creating! | |
|
inteller
Sociopaths always win.
join:2003-12-08
Tulsa, OK | anyone tested this against popular airport hotspots? like sprint, ATT, and the like....they are the ones that you usually only have one option.
--
"WHEN THE LAUGH TRACK STARTS THEN THE FUN STARTS!" | |
|
|
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
edit:
July 12th, @08:07PM
| Spoofing Wifi edit: duplicate post | |
|
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
edit:
July 12th, @08:08PM
| Not convinced edit: duplicate post | |
|
|
|
|
Spoofing MAC Addresses to Swipe Wi-Fi
