Educause Security Discussion mailing list archives

[SECURITY]

From: Greg Williams <gwillia5 () UCCS EDU>
Date: Fri, 11 Mar 2011 10:04:05 -0700

Sorry I should clarify.  1600-1700 peak usage at one time.  5000-5500 unique
wireless users during the week.  And we haven't seen it installed that I'm
aware of.

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg Williams
Sent: Friday, March 11, 2011 9:58 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY]

I tested Connectify when it first came out about 18 months ago.  Connectify
will show up as a rogue AP and connected clients are susceptible to De-Auth
attacks.  Also if you have NAC in place, you could program your appliance to
search for Connectify's registry keys and remediate the client who has it
installed.  

As for how much we see it here - I saw it once when it first came, but never
have seen it again. Our peak usage during the week is about 1600-1700 users
on wireless.

Our wireless policy states that no one can operate or manage an access point
outside of IT, so we do have recourse in case someone says they have to use
it.

Greg Williams

IT Security Principal
University of Colorado at Colorado Springs

Phone: 719-255-3211

Website: http://www.uccs.edu/~itsecure 
greg.williams () uccs edu

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of HOGGATT, ANDY F.
Sent: Friday, March 11, 2011 9:27 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY]

Greetings,

I've recently conducted testing using a piece of software called
"Connectify".  This software allows a user to turn their wireless laptop
into a Wi-fi Hotspot.  The software creates virtual wireless interfaces for
its hosts and then utilizes NAT to make the connection appear as if it's
coming from the Hotspot instead of the connected hosts.    By doing so a
student is able to allow other students to piggy-back off their wireless
connection, with only the one device/user authenticated on our student,
wireless network.  When viewing the logs of our firewall, connections
appear, in regards to both I.P. address and MAC address, as if the
connections are originating from the Wifi-hotspot and not the connected
hosts.  I suspect that Internet tethering such as this may become more
prevalent as more smartphones begin to  incorporate this functionally into
their operating systems.  

Has anyone else received any other reports similar to this and has anyone
come up with a solution to help remedy the situation?  Any and all feedback
would be welcome.

Thank You, 

Andy Hoggatt

Ozarks Technical Community College

Interim Network Security Systems Administrator

hoggatta () otc edu

417.447.7535

Current thread:

Re: Connectify, (continued)
- - - Re: Connectify David Gillett (Mar 11)
    - Re: Connectify Di Fabio, Andrea (Mar 11)
    - Re: Connectify Chris Green (Mar 11)
    - [SECURITY] Russ Leathe (Mar 11)
    - [SECURITY] Valdis Kletnieks (Mar 11)
    - [SECURITY] Kevin Wilcox (Mar 11)
    - [SECURITY] HOGGATT, ANDY F. (Mar 11)
    - Re: Connectify Jeff Kell (Mar 11)
    - Re: Connectify Greg Williams (Mar 11)
- [SECURITY] Greg Williams (Mar 11)
  - [SECURITY] Greg Williams (Mar 11)
- [SECURITY] Nathaniel Hall (Mar 11)