Full Disclosure mailing list archives

Re: WiFi question

From: GuidoZ <uberguidoz () gmail com>
Date: Thu, 18 Nov 2004 00:18:50 +0000

A very good point indeed Mark; one that shouldn't be dismissed even
WITH common SSIDs. Other technology clashing with WiFi certainly isn't
new... in fact it getting worse!

Besides motion sensors, also look for wireless phones, security
systems (like ADT's window/door systems - they use wireless to
communicate with some systems), things like that. With the amount of
wireless technology out there, it's becoming less and less common to
find unaffected WiFi.

--
Peace. ~G


On Wed, 17 Nov 2004 12:41:44 -0500, Lachniet, Mark
<mlachniet () sequoianet com> wrote:

Could also be RF interference.  One of my coworkers tracked down a
particularly interesting problem with motion sensor lights.  Turns out
the motion sensors worked at the 240mhz range, which has resonance at
2.4ghz, or something like that.  Hence every time the motion sensor
worked, it would spew what the wardriving (site survey) apps thought was
a zillion different access points with widely varying MAC addresses.  I
would have though it was a FAKEAP program also.  I would assume the same
could happen with other interference.  Having a common SSID would seem
to indicate this is not the problem, but just thought I'd mention it.

Mark Lachniet

-----Original Message-----
From: KF_lists [mailto:kf_lists () secnetops com]
Sent: Wednesday, November 17, 2004 10:21 AM
To: Colin.Scott () csplc com
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] WiFi question

fake ap....
http://bsdvault.net/bsdfap.txt
http://www.blackalchemy.to/project/fakeap/
-KF



Colin.Scott () csplc com wrote:

List,

I'm an expert in nothing so when I saw this I had to ask,

as Im sure

theres someone out there that is a WiFi expert.

Google has found no answer so here goes.

Last night we saw a new access point appear. No problems

its an ad-hoc

network so its someone's machine with XP on configured for

their home

W-LAN probably.  Running Netstumbler shows more on it though.

You get 2 Access Points showing this ESSID for a few

seconds. Then you

get a 3rd, then a 4rth. Then the first two drop off, this

repeats forever.

Always using a different MAC address when a new AP appears. The APs
are all WEP enabled (which I cant crack cos I dont have the

savvy or

the tools :) ) and this goes on forever.

The MACs are all from different pools (i.e. assigned to different
manufacturers) so the only conclusion is that they are all

spoofed MACs.


I have walked around the office and as far as I can tell its coming
from this office (the IT dept), basing that assumption on

signal strength.


Anyone seen any tools that do this?   I would love a little

hand-held

gadget that would help me find it (like the scanner in Alien!)

Answers on a post card :)

Colin.

**********************************************************************

****************

This e-mail is confidential and may contain privileged

information.

If you are not the addressee or if you have received the e-mail in
error, it may be unlawful for you to read, copy,

distribute, disclose

or otherwise use the information which it contains.  Under these
circumstances, please notify us immediately by returning

this mail to

'mailerror () csplc com' and deleting this e-mail from your system.

Any views expressed by an individual within this e-mail do not
necessarily reflect the views of Cadbury Schweppes Plc or its
subsidiaries.  Cadbury Schweppes Plc will not be bound by any
agreement entered into as a result of this email, unless

its intention is clearly evidenced in the body of the email.

Whilst we have taken reasonable steps to ensure that this

e-mail and

attachments are free from viruses, recipients are advised

to subject

this mail to their own virus checking, in keeping with good

computing

practice. Please note that email received by Cadbury

Schweppes Plc or

its subsidiaries may be monitored in accordance with the

prevailing law in the United Kingdom.

**********************************************************************

****************

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

WiFi question Colin . Scott (Nov 17)
- Re: WiFi question KF_lists (Nov 17)
- Re: WiFi question GuidoZ (Nov 17)
- Re: WiFi question Dave King (Nov 17)
- <Possible follow-ups>
- RE: WiFi question Lachniet, Mark (Nov 17)
  - Re: WiFi question GuidoZ (Nov 17)
  - RE: WiFi question Paul Schmehl (Nov 18)
    - RE: WiFi question Paul Schmehl (Nov 19)
    - Re: WiFi question Esmond (Nov 19)
    - RE: WiFi question Ake Nordin (Nov 21)
    - RE: WiFi question Paul Schmehl (Nov 22)
    - RE: WiFi question Ron DuFresne (Nov 22)
    - RE: WiFi question Colin . Scott (Nov 23)
- RE: WiFi question Todd Towles (Nov 17)
- RE: WiFi question Todd Towles (Nov 17)
- RE: WiFi question Lachniet, Mark (Nov 18)

(Thread continues...)