Fwd: Rogue AP Wireless on Windows/Linux

[Chris Kuethe <chris.kuethe () gmail com>]

For the archives...

---------- Forwarded message ----------
From: Chris Kuethe <chris.kuethe () gmail com>
Date: Apr 8, 2005 6:25 PM
Subject: Re: Rogue AP Wireless on Windows/Linux
To: "szynkro () gmail com" <szynkro () gmail com>


Try OpenBSD?

Prism2 (and others I don't remember at the moment, rtfm) cards can be
easily ifconfig'd into host-ap mode, and bridged, routed or natted to
an uplink interface. It comes with dhcpd, bind, apache and a very
capable packet filter allowing you to set up a captive portal or very
credibly simulate an commercial access point. Use -current and you can
even set your hardware address so you look like a commercial access
point to those crafty users with netstumblers.

Add a few goodies from ports/security and ports/net and you're set.

On Apr 8, 2005 11:52 AM, szynkro () gmail com <szynkro () gmail com> wrote:
> Hi,
>
> I'm looking for a way/all in one tool to simulate a wireless Access
> Point on a Windows XP and/or Linux system preferably with built-in
> DHCP daemon and all.
> The goal is to see if we can trick wireless clients in connecting to
> the AP, sniffing for potential credentials and other interesting stuff
> etc...
>
> I've heard about hotspotter, airsnarf and alikes but don't know if
> they are valid...
>
> The scenario would be sniffing the unknown wireless network for valid
> SSID's and setting the SSID on the rogue AP.... then fingers crossed I
> guess that signal is strong enough to get some clients connecting. Can
> we force/help the client in associating with the rogue AP?
>
> Anyone some other valid (recent) Wireless Pen-Test scenario's?
>
> thanks

--
GDB has a 'break' feature; why doesn't it have 'fix' too?


-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?