Re: Rogue AP Placement: evil + 1

[Chris Merkel <cmerkel () gmail com>]

Had not seen that - looks like fun, I'll definitely check it out. Could
something like this be used in conjunction with an ARP cache poison to route
all traffic through the device, rather than just getting inline between a
device and the switch?

- Chris

On Wed, Aug 25, 2010 at 5:06 PM, Robin Wood <robin () digininja org> wrote:

> On 25 August 2010 22:40, Chris Merkel <cmerkel () gmail com> wrote:
> > Yeah, that does just about everything I need. I'm still going to drop a
> big
> > ugly pix and ghetto AP for the fun of it.
> > Aside from this all-in-wonderful pwnage device, anyone else have tips for
> > stealthy AP usage?
> > - Chris
>
> Have you seen my Interceptor project?
> http://www.digininja.org/interceptor/ If you build one of these you
> can drop it on the network and use it to tap all the traffic during
> the day then take over one of the devices thats been turned off
> overnight or just become it and don't let legit traffic flow through
> to it then you can do whatever you want out of hours.
>
> Robin
>
>
> > On Wed, Aug 25, 2010 at 2:19 PM, Andrew Johnson <
> email () andrewcjohnson com>
> > wrote:
> > > Have you seen
> > > this? http://grep8000.blogspot.com/2010/07/introducing-pwn-plug.html
> > > -A
> > >
> > > On Wed, Aug 25, 2010 at 10:54 AM, Chris Merkel <cmerkel () gmail com>
> wrote:
> > > > Question directed to fellow pen-test / red-teaming ninjas:
> > > > Have a test coming up, and want to place a rogue AP. I fully expect
> that
> > > > a vanilla AP/router will be detected. I'm thinking about dropping a
> Cisco
> > > > PIX 501 with the rogue AP sitting on the other side of the NAT gateway,
> and
> > > > turning off all remote PIX management as well (if possible, it's been
> awhile
> > > > since I admin'ed these.), maybe even turn off ICMP echo replies.
> > > > My guess is that this isn't going to be detected... My question is:
> > > > anyone gone to that level of evil to evade detection on a network? If
> so,
> > > > could you share any tips or gotchas you encountered along the way?
> > > > (BTW, you can get a PIX 501 on ebay for under 100 bucks... so well
> within
> > > > the reach of an attacker...)
> > > >
> > > > --
> > > > - Chris Merkel
> > > >
> > > > _______________________________________________
> > > > Pauldotcom mailing list
> > > > Pauldotcom () mail pauldotcom com
> > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > Main Web Site: http://pauldotcom.com
> > >
> > >
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom () mail pauldotcom com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
> >
> >
> >
> > --
> > - Chris Merkel
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com



-- 
- Chris Merkel

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com