Page 1 of 4 123 ... LastLast
Results 1 to 10 of 40

Thread: Suspect a rogue acces point, how to expose?

  1. #1
    Junior Member
    Join Date
    Jan 2010
    Posts
    35

    Default Suspect a rogue acces point, how to expose?

    Hello, this may sound strange. But I suspect that there is a rogue AP nearby where I live.

    I noticed that it's up all the time and is unsecure. The SSID is "linsys" to make the impression that it is a Linksys AP. I suspect it to be a rogue AP, a laptop/desktop computer waiting for stations to connect.

    If it is really an rogue AP, then many people who know nothing about this things will be victims. How to find out if the SSID really belongs to a rogue AP?

    thanks in advance!

  2. #2
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    If you suspect it to be a rogue AP then stay away from it. Keep it for you, avoid it.
    What others do or might do is not your issue and you should not make it your issue either.
    Tiocfaidh ár lá

  3. #3
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    How is it "rogue" if it isn't on your network?
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  4. #4
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by thorin View Post
    How is it "rogue" if it isn't on your network?
    My question exactly
    dd if=/dev/swc666 of=/dev/wyze

  5. #5
    Junior Member
    Join Date
    Jan 2010
    Posts
    35

    Default

    Quote Originally Posted by thorin View Post
    How is it "rogue" if it isn't on your network?
    What do you mean?

  6. #6
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by portal View Post
    What do you mean?
    "Rogue access point" is a phrase often used when discussing network security. It implies that a wireless access point has been placed on a network without the network owner's/administrator's permission. (Usually in the context of businesses/corporations but conceivably it would apply to home networks as well.)

    Therefore, if it's not on your network how is it "rogue"?

    The situation you describe seems like thousands of other setups in North America, someone bought a Linksys router ... plugged it in and started using it without any configuration. No big deal. Or maybe a malicious individual set it up knowing that said configuration is popular with the intention of having unsuspecting users connect to it. Either way it's not rogue and it's not your problem. If people (your neighbors or whatever) connect to a network they know nothing about they deserve to be owned.

    You could use a directional antenna and kismet to try and physically locate it but then what? You're going to report it to the police for _______? Being like 1000s of other lazy users in the world. You're going to go to all your neighbors and tell them not to use it? Though I fail to see how knowing the location of the device would change the content of the discussion.

    There's no surprise in seeing an AP that the default out-of-box configuration.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  7. #7
    Junior Member
    Join Date
    Jan 2010
    Posts
    35

    Default

    I understand it now, thanks for the explanation. That AP is not on my network indeed, and is not in a corporate environment. When I said that it may be a rogue AP, I meant that this individual has possibly setup a computer to do a MITM attack, and collect data from people.

    Youre right that it's not my problem. But I do know that this individual is working in the IT so I don't think he just neglected to properly configure his AP.. either way, it's strange that this AP is unsecure all the time. But I'll leave it as it is.

  8. #8
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Youre right that it's not my problem. But I do know that this individual is working in the IT so I don't think he just neglected to properly configure his AP.. either way, it's strange that this AP is unsecure all the time.
    If you know who is operating it you have a few options.
    1) Ask them about it.
    2) Tell your neighbors about it.
    3) Do nothing.

    I'm not sure why you find it strange that the AP is "unsecure" all the time, they're sold default "unsecure". (It's the who security vs. usability argument. Vendors ship things default insecure in order to increase usability/convenience.)

    Sadly standing up an insecure AP isn't illegal (well not yet anyway ... lots of people have suggested that it should be).
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  9. #9
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

    Default

    Quote Originally Posted by portal View Post
    But I do know that this individual is working in the IT so I don't think he just neglected to properly configure his AP.. either way, it's strange that this AP is unsecure all the time. But I'll leave it as it is.
    You mentioned it's not in the corporate environment, but then say the rogue AP is in the IT department? Who's to say it isn't connected to the corporate intranet? You'd be surprised how lazy some IT people can be.

    If you believe the AP is within the confines of your facility, I'd connect to it and see what IP you receive. If its internal, you might want to disconnect it as quickly as possible. I'd never be of the mindset of "let things be" when you suspect a MITM or rogue device on your network.

    William

  10. #10
    Junior Member
    Join Date
    Aug 2009
    Posts
    27

    Default What are you worried about?

    You are using backtrack, do a fresh install on a clean machine and connect to it. Have a poke around on his machine, use ettercap's scan_poisoner plugin if you want. Then you'll know weather he has created a fake AP for malicious intent or whether he just couldn't be bothered to set it up correctly. It could also be he has a driver that doesn't support encryption so has to or has just decided upon mac filtering.

    Chill

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •