Educause Security Discussion mailing list archives

Re: Connectify

From: "James R. Pardonek" <pardonjr () PURDUECAL EDU>
Date: Fri, 11 Mar 2011 11:11:18 -0600
It would be nice if this thread had a subject. J

 

Please let me know if there is anything additional I can assist you with
to ensure the service you received today has been excellent. 

 

James R. Pardonek, CISSP CEH CPT

Assistant Director for Information Security and Assurance

Information Services

Purdue University Calumet

Hammond, Indiana

P: (219)989-2745

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg Williams
Sent: Friday, March 11, 2011 11:04 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY]

 

Sorry I should clarify.  1600-1700 peak usage at one time.  5000-5500
unique wireless users during the week.  And we haven't seen it installed
that I'm aware of.

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg Williams
Sent: Friday, March 11, 2011 9:58 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY]

 

I tested Connectify when it first came out about 18 months ago.
Connectify will show up as a rogue AP and connected clients are
susceptible to De-Auth attacks.  Also if you have NAC in place, you
could program your appliance to search for Connectify's registry keys
and remediate the client who has it installed.  

 

As for how much we see it here - I saw it once when it first came, but
never have seen it again. Our peak usage during the week is about
1600-1700 users on wireless.

 

Our wireless policy states that no one can operate or manage an access
point outside of IT, so we do have recourse in case someone says they
have to use it.

 

Greg Williams

IT Security Principal
University of Colorado at Colorado Springs

Phone: 719-255-3211

Website: http://www.uccs.edu/~itsecure 
greg.williams () uccs edu

 

  

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of HOGGATT, ANDY F.
Sent: Friday, March 11, 2011 9:27 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY]

 

Greetings,

 

I've recently conducted testing using a piece of software called
"Connectify".  This software allows a user to turn their wireless laptop
into a Wi-fi Hotspot.  The software creates virtual wireless interfaces
for its hosts and then utilizes NAT to make the connection appear as if
it's coming from the Hotspot instead of the connected hosts.    By doing
so a student is able to allow other students to piggy-back off their
wireless connection, with only the one device/user authenticated on our
student, wireless network.  When viewing the logs of our firewall,
connections appear, in regards to both I.P. address and MAC address, as
if the connections are originating from the Wifi-hotspot and not the
connected hosts.  I suspect that Internet tethering such as this may
become more prevalent as more smartphones begin to  incorporate this
functionally into their operating systems.  

 

Has anyone else received any other reports similar to this and has
anyone come up with a solution to help remedy the situation?  Any and
all feedback would be welcome.

 

Thank You, 

 

Andy Hoggatt

Ozarks Technical Community College

Interim Network Security Systems Administrator

hoggatta () otc edu

417.447.7535
Current thread:

Re: Connectify James R. Pardonek (Mar 11)
- Re: Connectify HOGGATT, ANDY F. (Mar 11)
- <Possible follow-ups>
- Re: Connectify HOGGATT, ANDY F. (Mar 11)