Results 1 to 10 of 10

Thread: How does one stop a airbase-ng -P -C Attack

  1. #1
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    4

    Default How does one stop a airbase-ng -P -C Attack

    I recently spoke with one of my friends having issues connecting to her wireless network. I asked her for some details about what is happening and she told me that all of her wireless networks show up even some that are miles away. Then she told me that she also sees a new access point called "Free Wifi". Obviously some one is using airbase-ng but didn't set it up correctly to forward the packets to another network. I told her to plug in to her Ethernet port.

    So my question is how do you stop a airbase attack?

    I thought of going over there with a WiFi detector and find where its coming from then confronting them.

  2. #2
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by r4is3r View Post
    I recently spoke with one of my friends having issues connecting to her wireless network. I asked her for some details about what is happening and she told me that all of her wireless networks show up even some that are miles away. Then she told me that she also sees a new access point called "Free Wifi". Obviously some one is using airbase-ng but didn't set it up correctly to forward the packets to another network. I told her to plug in to her Ethernet port.

    So my question is how do you stop a airbase attack?

    I thought of going over there with a WiFi detector and find where its coming from then confronting them.
    That's a good way to get a shotgun put in your face. It's generally a bad idea to confront people like this. I'd get the police involved if possible, and yes, it's going to be difficult getting them to do anything based on theory and circumstantial evidence.

    More than likely your best course of action will be to read up on all of the defensive measures one can take and simply never allow her box to connect to a network besides the one(s) she specifies. Whitelisting would be the term there.

    EDIT: Oh yeah, don't create two threads on the same subject. That's a no-no around here....



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  3. #3
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by r4is3r View Post

    I thought of going over there with a WiFi detector and find where its coming from then confronting them.
    I'm gonna agree with Shadowkill here, confronting is only going to lead to problems with the potential of YOU ending up dead, injured or in jail.

    It is not your responsibility to confront someone like that. Gather as much evidence as you can and contact the proper authorities.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  4. #4
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    4

    Default Whitelisting

    She is running Windows XP sp3. How would I do mac address filtering to only allow her access point?

    I know they can use macchanger to emulate her access point, but since they didn't even set up forwarding correctly I doubt they would go that far.

    Another method I thought of doing was broadcasting deauth packets so no one connects to his/her network and makes them think the scripts are not working properly. Morally standing fighting illegal activities with illegal activities may prove to be a stupid move.

    Sorry about the double post didn't read the redirect saying that admin's check if each post is valid, and thought there was a post error.

  5. #5
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by r4is3r View Post
    She is running Windows XP sp3. How would I do mac address filtering to only allow her access point?

    I know they can use macchanger to emulate her access point, but since they didn't even set up forwarding correctly I doubt they would go that far.

    Another method I thought of doing was broadcasting deauth packets so no one connects to his/her network and makes them think the scripts are not working properly. Morally standing fighting illegal activities with illegal activities may prove to be a stupid move.
    Mac Filtering would be handled via her router, not XP. Just log in and check off the settings. I would stray away from your deauth route, that's bad ju-ju man. The last thing you want is to be "helping" your friend and then end up under the hammer yourself. That wouldn't be much help to her now would it?

    Quote Originally Posted by r4is3r View Post
    Sorry about the double post didn't read the redirect saying that admin's check if each post is valid, and thought there was a post error.
    Gotcha.



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  6. #6
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by ShadowKill View Post
    Mac Filtering would be handled via her router, not XP. Just log in and check off the settings.
    Isn't there a way to tell windows to only connect to a certain access point by mac address?
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  7. #7
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Barry View Post
    Isn't there a way to tell windows to only connect to a certain access point by mac address?
    Some third party connection managers provide it, but it does WZC does not do it as I believe it's against the 802.11 specification. Connection management is supposed to be handled on the AP side, not on the client side.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  8. #8
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by streaker69 View Post
    Some third party connection managers provide it,
    Wifihopper does this. There is a trial period before a purchase is required.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  9. #9
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    4

    Default

    let me get this straight. Enabling mac filtering would not allow the airbase-ng attack work because it could not contact the router and not get the information from it? I thought the airbase-ng attack worked by accepting all probe requests from the wireless clients and the wireless access point isn't really in the picture.

    I know that the wireless zero configuration does not allow for mac filtering, but don't some wireless cards allow you to do this as a driver configuration?

  10. #10
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by Barry View Post
    Isn't there a way to tell windows to only connect to a certain access point by mac address?
    Just like they said, it can be handled via 3rd party software, primarily COTS products. It is not inherent within the OS as that would be against 802.11 spec.



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •