Educause Security Discussion mailing list archives
[SECURITY]
From: Greg Williams <gwillia5 () UCCS EDU>
Date: Fri, 11 Mar 2011 10:04:05 -0700
Sorry I should clarify. 1600-1700 peak usage at one time. 5000-5500 unique wireless users during the week. And we haven't seen it installed that I'm aware of. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg Williams Sent: Friday, March 11, 2011 9:58 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] I tested Connectify when it first came out about 18 months ago. Connectify will show up as a rogue AP and connected clients are susceptible to De-Auth attacks. Also if you have NAC in place, you could program your appliance to search for Connectify's registry keys and remediate the client who has it installed. As for how much we see it here - I saw it once when it first came, but never have seen it again. Our peak usage during the week is about 1600-1700 users on wireless. Our wireless policy states that no one can operate or manage an access point outside of IT, so we do have recourse in case someone says they have to use it. Greg Williams IT Security Principal University of Colorado at Colorado Springs Phone: 719-255-3211 Website: http://www.uccs.edu/~itsecure greg.williams () uccs edu From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of HOGGATT, ANDY F. Sent: Friday, March 11, 2011 9:27 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Greetings, I've recently conducted testing using a piece of software called "Connectify". This software allows a user to turn their wireless laptop into a Wi-fi Hotspot. The software creates virtual wireless interfaces for its hosts and then utilizes NAT to make the connection appear as if it's coming from the Hotspot instead of the connected hosts. By doing so a student is able to allow other students to piggy-back off their wireless connection, with only the one device/user authenticated on our student, wireless network. When viewing the logs of our firewall, connections appear, in regards to both I.P. address and MAC address, as if the connections are originating from the Wifi-hotspot and not the connected hosts. I suspect that Internet tethering such as this may become more prevalent as more smartphones begin to incorporate this functionally into their operating systems. Has anyone else received any other reports similar to this and has anyone come up with a solution to help remedy the situation? Any and all feedback would be welcome. Thank You, Andy Hoggatt Ozarks Technical Community College Interim Network Security Systems Administrator hoggatta () otc edu 417.447.7535
Current thread:
- Re: Connectify, (continued)
- Re: Connectify David Gillett (Mar 11)
- Re: Connectify Di Fabio, Andrea (Mar 11)
- Re: Connectify Chris Green (Mar 11)
- [SECURITY] Russ Leathe (Mar 11)
- [SECURITY] Valdis Kletnieks (Mar 11)
- [SECURITY] Kevin Wilcox (Mar 11)
- [SECURITY] HOGGATT, ANDY F. (Mar 11)
- Re: Connectify Jeff Kell (Mar 11)
- Re: Connectify Greg Williams (Mar 11)
- [SECURITY] Greg Williams (Mar 11)