Re: Connectify

["HOGGATT, ANDY F." <hoggatta () OTC EDU>]

My apologies.  This was my first post and I forgot the Subject.  Thank you for notifying me.  I'll do better next time. 
:)

Thanks,

Andy Hoggatt
Ozarks Technical Community College
Interim Network Security Systems Administrator
hoggatta () otc edu<mailto:hoggatta () otc edu>
417.447.7535


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James R. 
Pardonek
Sent: Friday, March 11, 2011 11:11 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Connectify

It would be nice if this thread had a subject. :)

Please let me know if there is anything additional I can assist you with to ensure the service you received today has 
been excellent.

James R. Pardonek, CISSP CEH CPT
Assistant Director for Information Security and Assurance
Information Services
Purdue University Calumet
Hammond, Indiana
P: (219)989-2745

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg 
Williams
Sent: Friday, March 11, 2011 11:04 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY]

Sorry I should clarify.  1600-1700 peak usage at one time.  5000-5500 unique wireless users during the week.  And we 
haven't seen it installed that I'm aware of.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg 
Williams
Sent: Friday, March 11, 2011 9:58 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY]

I tested Connectify when it first came out about 18 months ago.  Connectify will show up as a rogue AP and connected 
clients are susceptible to De-Auth attacks.  Also if you have NAC in place, you could program your appliance to search 
for Connectify's registry keys and remediate the client who has it installed.

As for how much we see it here - I saw it once when it first came, but never have seen it again. Our peak usage during 
the week is about 1600-1700 users on wireless.

Our wireless policy states that no one can operate or manage an access point outside of IT, so we do have recourse in 
case someone says they have to use it.

Greg Williams
IT Security Principal
University of Colorado at Colorado Springs
Phone: 719-255-3211
Website: http://www.uccs.edu/~itsecure
greg.williams () uccs edu<mailto:greg.williams () uccs edu>



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of HOGGATT, 
ANDY F.
Sent: Friday, March 11, 2011 9:27 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY]

Greetings,

I've recently conducted testing using a piece of software called "Connectify".  This software allows a user to turn 
their wireless laptop into a Wi-fi Hotspot.  The software creates virtual wireless interfaces for its hosts and then 
utilizes NAT to make the connection appear as if it's coming from the Hotspot instead of the connected hosts.    By 
doing so a student is able to allow other students to piggy-back off their wireless connection, with only the one 
device/user authenticated on our student, wireless network.  When viewing the logs of our firewall, connections appear, 
in regards to both I.P. address and MAC address, as if the connections are originating from the Wifi-hotspot and not 
the connected hosts.  I suspect that Internet tethering such as this may become more prevalent as more smartphones 
begin to  incorporate this functionally into their operating systems.

Has anyone else received any other reports similar to this and has anyone come up with a solution to help remedy the 
situation?  Any and all feedback would be welcome.

Thank You,

Andy Hoggatt
Ozarks Technical Community College
Interim Network Security Systems Administrator
hoggatta () otc edu<mailto:hoggatta () otc edu>
417.447.7535