Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: Detecting and blocking rogue access points

  1. #1
    Just burned his ISO
    Join Date
    Feb 2008
    Posts
    4

    Default Detecting and blocking rogue access points

    Hi everybody,

    I have an asignment for school where i have to detect and block any unauthorized access point en every p2p connection between pc's that are not found in some kind of list. I have done some research but i'm was only able to remove the clients from a certain access point with the aircrack suite but i never got the AP out of the air. I have read that you can do several Dos attacks on an AP so it doesn't respond to anything anymore but I can't seem to find the right tools or maybe there is another way i don't know. My teacher told about a program called Airjack this should to the trick the problem is i don't have a supported card. So my question is can anyone help me find a program like airjack that works with a wireless card with atheros chipset or maybe a totally other solution to block AP's.

    Thx

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    I gotta be honest with you. I'm in school and never once have any of my networking or security class teachers ever gave me any sort of assignment like that. Nice try though. I don't feel comfortable helping you but if someone else wants to they can. I will allow the thread until there is a mention of something illegal.

  3. #3
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Blomzakske View Post
    Hi everybody,

    I have an asignment for school where i have to detect and block any unauthorized access point en every p2p connection between pc's that are not found in some kind of list. I have done some research but i'm was only able to remove the clients from a certain access point with the aircrack suite but i never got the AP out of the air. I have read that you can do several Dos attacks on an AP so it doesn't respond to anything anymore but I can't seem to find the right tools or maybe there is another way i don't know. My teacher told about a program called Airjack this should to the trick the problem is i don't have a supported card. So my question is can anyone help me find a program like airjack that works with a wireless card with atheros chipset or maybe a totally other solution to block AP's.

    Thx
    If it's a Rogue AP plugged into the Local LAN then it should just be a matter of tracking the MAC address of the AP to the particular switch port. Once you know the switch port it's on, either disable the port or disconnect it from the LAN. Any properly configured network this should take about 30 seconds to 1 minute to determine.

    Once you know which port it's on, you also know which office it's in. Then you go to that office and dispatch the rogue with all due prejudice.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  4. #4
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by pureh@te View Post
    I gotta be honest with you. I'm in school and never once have any of my networking or security class teachers ever gave me any sort of assignment like that. Nice try though. I don't feel comfortable helping you but if someone else wants to they can. I will allow the thread until there is a mention of something illegal.
    There's one college I know of where they do that, but it's not done as an assignment and the sysadmins supply all the needed tools.
    Thorn
    Stop the TSA now! Boycott the airlines.

  5. #5
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Thorn View Post
    There's one college I know of where they do that, but it's not done as an assignment and the sysadmins supply all the needed tools.
    Thorn, sitting here watching the History channel on ancient weapons got me thinking on a way to make a "Rogue Popper".
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  6. #6
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by streaker69 View Post
    Thorn, sitting here watching the History channel on ancient weapons got me thinking on a way to make a "Rogue Popper".
    Easy: a short wooden handle, an 18" length of chain, and a studded metal ball. It's called a "mace." Guaranteed to stop any rogue AP within reach.


    Back on topic: You know the Rogue Killer device I'm talking about, right? PSKL had it at shmoocon last year.
    Thorn
    Stop the TSA now! Boycott the airlines.

  7. #7
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Thorn View Post
    Easy: a short wooden handle, an 18" length of chain, and a studded metal ball. It's called a "mace." Guaranteed to stop any rogue AP within reach.


    Back on topic: You know the Rogue Killer device I'm talking about, right? PSKL had it at shmoocon last year.
    I didn't see PSKL's last year. But it's probably similar to what I'm thinking of, a 555timer, a relay, an audio transformer and a 9v battery should do it.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  8. #8
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by streaker69 View Post
    I didn't see PSKL's last year. But it's probably similar to what I'm thinking of, a 555timer, a relay, an audio transformer and a 9v battery should do it.
    No, I don't think so. PSKL's device is based on a WRT54G, is carried in a backpack, and worked in concert with the college's switch. The user merely has to walk through a dorm or hall, and it would talk with any open APs, query them against a database, and set the route for any rogues to fixed page that could not be navigated away from. The page would be a warning of being in violation of the college's policy, and would direct the abuser to contact the college IT Dept.
    Thorn
    Stop the TSA now! Boycott the airlines.

  9. #9
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Thorn View Post
    No, I don't think so. PSKL's device is based on a WRT54G, is carried in a backpack, and worked in concert with the college's switch. The user merely has to walk through a dorm or hall, and it would talk with any open APs, query them against a database, and set the route for any rogues to fixed page that could not be navigated away from. The page would be a warning of being in violation of the college's policy, and would direct the abuser to contact the college IT Dept.
    That sounds like an awful lot of walking. My solution just involves finding which port they're on and walking to the wiring closet and plugging in my soon to be patented Rogue Popper.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  10. #10
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by streaker69 View Post
    That sounds like an awful lot of walking.
    Which is why they have a PFY do it.

    Quote Originally Posted by streaker69 View Post
    My solution just involves finding which port they're on and walking to the wiring closet and plugging in my soon to be patented Rogue Popper.
    I must admit, there is a definite BOFH appeal to that solution.
    Thorn
    Stop the TSA now! Boycott the airlines.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •