1 Attachment(s)
Rouge ap / Honeypot with airbase-ng and AWUS036H + tcp dup ack problem
Hello guys i have been playing with airbase-ng and tried to build my own honeypot but i have a few problems. The speed from my laptop through my fake ap and out is very slow, around 26 kb/s when i try to download an iso file from a mirror nearby.
I have done a lot of testing but here is a few of them.
Tried with iperf sending 100,600,1GB of data from my laptop to my fake aps wireless interface. result was ok.
Tried to do the same from fake ap to one of my other wired computers. result was ok.
Tried to do the same from laptop to one of my wired computers through my fake ap, result was very bad.
Tried another chipset(atheros AR9285) with airbase-ng, still slow.
Tried different drivers and distros + latest version of aircrack-ng suit, still slow.
Tried changing mtu and such.(I dont have much of experince in this field, so it does not prove anything)
I guess it's my knowledge when it comes to iptables, tcp/ip and commands like ip that makes this problem bigger then it may be. anyway this is my starting point.
Code:
ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up
airbase-ng -e 'FakeAP' -c 8 wlan0
ifconfig at0 up
ifconfig at0 192.168.2.1 netmask 255.255.255.0
route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1
echo 1 > /proc/sys/net/ipv4/ip_forward
/etc/init.d/dhcp3-server start
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE (Have done a lot of different iptable settings :/)
To bad that non of my wireless cards support master mode... but airbase-ng only support monitor mode(?) so it cant be anything there, i guess.
And look what wireshark told me : (
http://i.imgur.com/6U4M6.png
I guess i have the answer in front of me but i dont know how to fix it, so i started to read the documentation about tcp/ip but i dont know how to apply it :)
Anyone have some sort of hint or anything that could help me ?
One more thing im going back to my virtualbox environment because i tried with real equipment and i got the same problem so easier for me to play in virtualbox. its more likely me that fails and not my environment ^^
Re: Rouge ap / Honeypot with airbase-ng and AWUS036H + tcp dup ack problem
Sorry to bring up an old thread, but wanted to help others who Google for this. I had the same problem in easy-creds which uses airbase-ng in the background. Seem to be an issue with the MTU. I set my tunnel to use a smaller MTU:
ifconfig eth1 mtu 567
and that made things work better. Got packets for web traffic through.
Not sure if there is a more elegant solution.
