Re: attwifi ssid

[Joshua Wright <jwright () hasborg com>]

I'm pasting a message I sent to the SANS GPWN list a few months ago 
regarding the attwifi SSID.  I love attwifi.

-Josh
--
I often tell people that I love the SSID "attwifi".  Millions of
wireless clients from iPad's to Windows machines love "attwifi" too, and
many will connect to this network at their first opportunity.

At home, I have my own "attwifi" network up and running.  When people
connect to my home network, I let them get access to the Internet (since
I'm a nice guy) ... but I spuriously manipulate their connections
inspired by this idea:

http://www.ex-parrot.com/pete/upside-down-ternet.html

In my configuration, I like to blur images using ImageMagick's
command-line tools, a little bit (1%-5%) at first, and then more and
more the longer they are on my network (a sample blurry photo is here
http://www.willhackforsushi.com/images/josh_ryan_blur.jpeg; remove the
"_blur" part to see a picture of me with Kevin Finisterre's afro, and
Ryan Seacrest, to scale).

In an interesting development, I thought I'd try this out at the airport
recently.  While waiting in a connecting airport somewhere, I took out a
pocket AP and bridged it to the Internet over my EV-DO connection while
using the SSID "attwifi" (no upside-down-ternet).  I went to connect my
laptop to the AP and found that I could not.  After some frustrating
experimentation, I discovered that within 30 seconds or so, my AP
reached its 50 connection limit and was rejecting new connections.

I've said this before, but it bears repeating: in every wireless
pentest, all eyes will eventually fall to the clients.  I like to scope
tests where we spend a day on each client device, monitoring the
networks they are probing for and impersonating vulnerable networks.
This could be one day for a Windows 7 box and one day for an iPad, but
you could also spend several days on Windows 7 boxes if you have
multiple laptops with different wireless card hardware or software versions.

-Josh

p.s. I did not eat at the Waffle House in the background of that
picture, although Kevin Finisterre and Don Weber tried their best to
convince me otherwise.  Sadly, there was no sushi to be had for hundreds
of miles.



On 1/11/2012 3:34 PM, Marshal Graham wrote:
> Sort of but I don't think it's a legacy thing. I have yet to see this
> on an iPhone 3GS but I have on iPhone 4. It also works on all AT&T
> Androids I have seen thus far, old and new.
>
> http://www.att.com/gen/general?pid=13540
>
> This page lists the US AT&T wifi hotspots along with their address and
> ssid. Most of these are in restaurants, malls, etc... Starbucks is
> also on that list.
>
> Marshal
>
> On Wed, Jan 11, 2012 at 2:09 PM, Bruce Barnett<grymoire () gmail com>  wrote:
> > > AT&T smartphones will automatically connect to a ssid of attwifi.
> >
> > Most likely a legacy when iPhone customers could access Starbucks WiFI for
> > free.
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com