Security Basics mailing list archives
Re: Strange WLAN behavior
From: Adam Mooz <adam.mooz () gmail com>
Date: Tue, 30 Mar 2010 13:30:18 -0400
First thing I have to confirm is the unknown MAC address, is it broadcasting an SSID or not? Secondly, could you clarify what the network looks like? I.e. what you think it's supposed to be vs. what it is? It sounds like there's a rogue/malicious AP hijacking your internet, I'd suggest you cloak your SSID, implement MAC address filterting, and change your password ASAP. ----------------------------------------------------------------- Adam Mooz Adam.Mooz () gmail com http://www.AdamMooz.com On 2010-03-30, at 9:37 AM, Norealenemy wrote:
Hello out there, since a couple of days my wife complained her bad wireless connection. She said that the System (XP) often disconnects and sometimes the connect messages says "connected to MyWLAN(insecure)" The WLAN is WPA2 protected using a very log PW including special characters. So yesterday I had some time to play with her laptop and was wondering as I saw that her system told me to be connected to "MyWLAN" with 54 MBits on the router she was connected with 48 MBits. I started kismet on my laptop and was sniffing the air on my channel. First thing I was wondering, was that MyWLAN has 7 (up to 9) Clients, but the most strange thing was, that when I was generating traffic on her laptop I saw the packet count growing on her and an absolute unknown MAC address. The packet count stops on both addresses and starts again growing when I start the ping (or anything else generating traffic) again. Does that mean that my wifes laptop connects to an attacker AP, that is forwarding her packets? - How can I find out who it is? - What would you do next? - Is there a way to prevent such attacks? Thanks in advance Jensemann -- , , __. . . . ,._.*-+--+-_ ._ _ ._ (__ _.|_ | _ ._ ._ * \/\/ [ | | |(/,[ ) (_)[ ) .__)(_.[ )|(/,[_)[_)| | | _, _, , _, _, _, _, _, , ._, _, _, _, _, '_)|.|/| |.|___|.|'_)___'_)|.| /| |_ *'_)'_)*'_)'_) /_.|_|.|.|_| |_|._) ._)|_| .|.._)*/_./_.*/_./_. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Attachment:
smime.p7s
Description:
Current thread:
- Strange WLAN behavior Norealenemy (Mar 30)
- Re: Strange WLAN behavior Jon Janego (Mar 30)
- Re: Strange WLAN behavior Rob Thompson (Mar 31)
- Re: Strange WLAN behavior Norealenemy (Mar 31)
- Re: Strange WLAN behavior Adam Mooz (Mar 31)
- Re: Strange WLAN behavior Norealenemy (Mar 31)
- Re: Strange WLAN behavior Rob Thompson (Mar 31)
- Re: Strange WLAN behavior Adam Mooz (Mar 30)
- Re: Strange WLAN behavior Jarrod Frates (Mar 31)
- Re: Strange WLAN behavior Adam Mooz (Mar 31)
- Re: Strange WLAN behavior Jarrod Frates (Mar 31)
- RE: Strange WLAN behavior Murda (Mar 31)
- RE: Strange WLAN behavior Norealenemy (Mar 31)
- Re: Strange WLAN behavior Jon Janego (Mar 30)