Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: proving a wireless router is shared/open

From: JGrimshaw () ASAP com
Date: Fri, 13 Feb 2004 17:04:21 -0600
I would suggest looking for a MAC address in the ARP tables of your 
infrastructure equipment and look for anomalous IP addresses, and find the 
ones that do not belong.

You should already know what IP addresses you have (or hopefully a good 
idea), and you can correlate the IPs with the MACs and the pieces should 
fall into place--either a bunch of IPs are used up where they shouldn't 
be, or a bunch of IPs are associated with a specific MAC address (where 
the access point is plugged in).  Either way, what you know isn't yours is 
probably the best place to start yanking cables once you find where that 
IP/MAC are connected.

The access point has to connect somewhere, and it likely has a valid 
address on your network.  Its MAC address would be associated with it.

And yes, it would probably be easiest to just try to hijack a connection 
and see if you can trace end-to-end where the connection begins and ends. 
Even if you are unable to crack it, you could at least try to triangulate 
the position by closing in on it from three different angles.  In the 
middle--that's where the access point is.

It could be difficult to physically pinpoint one without even connecting 
to it or detecting the signal, so if you can't do that, the exercise 
becomes more of a headache.  If you are at the type of  place where there 
are hubs connected to hubs and other switches and so forth, it can be 
quite the hunt finding where the initial connection starts.



"Steve" <securityfocus () delahunty com> 
02/12/2004 02:59 PM
Please respond to
"Steve" <securityfocus () delahunty com>


To
<security-basics () securityfocus com>
cc

Subject
proving a wireless router is shared/open






Have an odd situation where we want to prove that a wireless router is 
being
shared by a bunch of people, that is not restricted in any way, so the ISP
bandwidth is being used by a groupof folks that should not be on the
router/ISP.  I cannot give more details.  But, how would you prove such a
thing if you had to ask someone else to obtain this proof since you 
yourself
could not just walk up with your laptop and wireless NIC and jump on the
wireless router?


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------




---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: