PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Pauldotcom Digest, Vol 38, Issue 14

From: shep husted <opensourceservers () gmail com>
Date: Fri, 25 Nov 2011 11:12:39 -0500
Nils - i have the same behavior here - suspect karma or some sort ap
spoofing - if you let it run and look into it a bit more (run kismet perl
script on your logs) you will see that most are emanating from just a few
aps...that is my 2 cents anyways -

On Fri, Nov 25, 2011 at 7:00 AM, <pauldotcom-request () mail pauldotcom com>wrote:


Send Pauldotcom mailing list submissions to
       pauldotcom () mail pauldotcom com

To subscribe or unsubscribe via the World Wide Web, visit
       http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
or, via email, send a message with subject or body 'help' to
       pauldotcom-request () mail pauldotcom com

You can reach the person managing the list at
       pauldotcom-owner () mail pauldotcom com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Pauldotcom digest..."


Thank you for subscribing to the PaulDotCom Mailing list digest.  Please
visit our site, http://pauldotcom.com, for more hacking entertainment.

Today's Topics:

  1.  Strange Kismet Newcore behavior (Nils)


----------------------------------------------------------------------

Message: 1
Date: Thu, 24 Nov 2011 09:40:42 +0100
From: "Nils" <nils () hemmann de>
Subject: [Pauldotcom]  Strange Kismet Newcore behavior
To: pauldotcom () mail pauldotcom com
Message-ID: <Q029d5nAO7oeZc.RZmta () mo-p00-ob rzone de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed


Hi,
any one having Kismet newcore running on TP-Link TL-WR1043ND without any
problem?
The problem is not about the general installation or configuration, it
is about the Kismet log filling up with strange/weird APs.  Please see
below.

Thanks,
Nils


On 21.11.2011 18:09, Nils wrote:

Hi guys,
I?m looking into a strange Kismet behavior.

The wireless IDS I?m running is based on:
Kismet Newcore Server 2011-03-R2
Kismet Newcore Drones 2010-07-R1 running on  Atheros Fonera Drones
This setup is working great!

Then I?ve tried to add a drone based on TP-Link?s TL-WR1043ND access
point with a AR71xx 802.11ng chipset and running OpenWrt Backfire
10.03.1-RC6
The wireless chipset driver is  ath9k/mac80211
It didn?t matter which version of the Kismet-drone I?ve tried, I ended
up with Kismet filling up the logs with strange APs popping up. See
log output below!
Next to Kismet 2011-03-R2 I?ve compiled the lastest svn version of
Kismet-Drone for OpenWrt Backfire, both including full support for
libnl/netlink mac80211.
But still......
These BSSIDs look weird. They are changing and popping up every
second. I?d have expected ~30 APs around me but not hundreds of them
in a few minutes, all with hidden SSID. But it looks more like a
general wireless driver issue as even Aircrack/Airodump-ng shows some
strange APs.  Both either Kismet or Aircrack show broken SSIDs with
strange characters in them, too.

INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID
48:2D:35:DF:BA:72,
       encryption yes, channel 0, 0.00 mbit
INFO: Detected new data network "<Unknown>", BSSID 54:49:85:9F:4C:49,
      encryption yes, channel 0, 0.00 mbit
INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID
E4:54:97:63:58:64,
       encryption yes, channel 0, 0.00 mbit
INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID
38:2F:D1:48:E1:BF,
       encryption yes, channel 0, 0.00 mbit
INFO: Detected new data network "<Unknown>", BSSID BB:63:45:87:FA:8A,
      encryption no, channel 0, 0.00 mbit
INFO: Detected new managed network "<Hidden SSID>", BSSID
37:44:79:6F:01:F2
      , encryption yes, channel 0, 0.00 mbit
INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID
15:36:B8:4E:13:0D,
       encryption no, channel 0, 0.00 mbit
INFO: Detected new data network "<Unknown>", BSSID 3E:E0:96:8A:5A:EE,
      encryption no, channel 0, 0.00 mbit
INFO: Detected new data network "<Unknown>", BSSID 73:8F:F0:2F:80:9D,
      encryption yes, channel 0, 0.00 mbit
INFO: Detected new managed network "<Hidden SSID>", BSSID
F9:B0:5E:08:39:E3
      , encryption yes, channel 0, 0.00 mbit
INFO: Detected new data network "<Unknown>", BSSID 5A:46:FC:11:D9:3C,
      encryption no, channel 0, 0.00 mbit
INFO: Detected new data network "<Unknown>", BSSID E5:DB:15:B0:31:14,
      encryption yes, channel 0, 0.00 mbit
INFO: Detected new data network "<Unknown>", BSSID 31:F2:29:E9:73:39,
      encryption no, channel 0, 0.00 mbit
INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID
5F:89:FA:75:FB:E1,
       encryption yes, channel 0, 0.00 mbit
INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID
CE:1B:50:D8:1F:21,
       encryption no, channel 0, 0.00 mbit



An suggestions?
Thanks,
Nils

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




------------------------------

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom


End of Pauldotcom Digest, Vol 38, Issue 14
******************************************





-- 
Best Regards,

Shep Husted
opensourceservers.com
opensourcenetworks.com
engineeredcomputer.com
1-207-409-4038
809 congress st. #7
portland, maine
04102

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: