PaulDotCom mailing list archives
Rogue AP Placement: evil + 1
From: Chris Merkel <cmerkel () gmail com>
Date: Wed, 25 Aug 2010 10:54:53 -0500
Question directed to fellow pen-test / red-teaming ninjas: Have a test coming up, and want to place a rogue AP. I fully expect that a vanilla AP/router will be detected. I'm thinking about dropping a Cisco PIX 501 with the rogue AP sitting on the other side of the NAT gateway, and turning off all remote PIX management as well (if possible, it's been awhile since I admin'ed these.), maybe even turn off ICMP echo replies. My guess is that this isn't going to be detected... My question is: anyone gone to that level of evil to evade detection on a network? If so, could you share any tips or gotchas you encountered along the way? (BTW, you can get a PIX 501 on ebay for under 100 bucks... so well within the reach of an attacker...) -- - Chris Merkel
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Rogue AP Placement: evil + 1 Chris Merkel (Aug 25)
- Re: Rogue AP Placement: evil + 1 Andrew Johnson (Aug 25)
- Re: Rogue AP Placement: evil + 1 Chris Merkel (Aug 25)
- Re: Rogue AP Placement: evil + 1 Robin Wood (Aug 25)
- Re: Rogue AP Placement: evil + 1 Chris Merkel (Aug 26)
- Re: Rogue AP Placement: evil + 1 Robin Wood (Aug 26)
- Re: Rogue AP Placement: evil + 1 Chris Merkel (Aug 25)
- Re: Rogue AP Placement: evil + 1 Nick Baronian (Aug 25)
- Re: Rogue AP Placement: evil + 1 Bacon Zombie (Aug 25)
- Re: Rogue AP Placement: evil + 1 Rob Fuller (Aug 26)
- Re: Rogue AP Placement: evil + 1 Vernon Miller (Aug 26)
- Re: Rogue AP Placement: evil + 1 Andrew Johnson (Aug 25)