Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Strange WLAN behavior

From: Jarrod Frates <jfrates.ml () gmail com>
Date: Tue, 30 Mar 2010 15:54:22 -0700
On Tue, Mar 30, 2010 at 11:58 AM, Jon Janego <jonjanego () gmail com> wrote:

By default, Windows XP will probe for all the access points you've set
up and you want to remove any reference to the "hijacked" AP.


I believe that there was a patch that was integrated into SP3 that
addressed this behavior, stopping it by default.  But clearing out the
wireless configuration is probably still a good idea.

On Tue, Mar 30, 2010 at 10:30 AM, Adam Mooz <adam.mooz () gmail com> wrote:

It sounds like there's a rogue/malicious AP hijacking your internet, I'd suggest you cloak your SSID, implement MAC 
address filterting, and change your password ASAP.


Depending on how the malicious AP is setup, the first two will not
work at all.  MAC addresses are also trivial to spoof, even
automatically.  Cloaking your own SSID means that one has to send out
a probe for it, which can be happily answered by a rogue AP.  If the
rogue AP is using KARMA (or worse, Karmetasploit), it will be
perfectly happy to answer as just about any mainstream service, saving
all of the associated passwords and keys and forwarding the traffic on
(while, of course, monitoring everything going by, and maybe even
sending back other helpful things in addition to the requested
information).  Changing the password may work only so long as one
doesn't inadvertently connect to the rogue AP again.
-- 
Jarrod Frates
GAWN, GCIH, GPEN

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: