Results 1 to 3 of 3

Thread: Trapeze webaaa vlan network - help?

  1. #1
    Junior Member
    Join Date
    Dec 2008
    Posts
    47

    Default Trapeze webaaa vlan network - help?

    Hi, I've been lurking for a while and playing around with BT3, I signed up to the forums a while back but for some reason did not have the permission to post until today...

    Anyway, I was at the library doing some research when I got bored and decided to see what the security was like of the wifi network. The wifi system is a trapeze webaaa authentication network that requires submission of login name and password to gain access to http and ssl traffic - basic net surfing. I'm not sure if SSH would work. I figured that I could use the simple airport wifi hack which would be to connect to the authentication page, autoscan and then spoof some other client's MAC address. No cigar. Autoscan yielded 0 hosts on the network. The library is literally FULL of people online writing their dissertations.

    I then decided to read up a little on how Trapeze operate and they mentioned something about every connection being isolated after authentication by being allocated a VLAN. I also noted that this network runs on a cisco system alongside a private webserver.

    Firing up Kismac and airodump-ng I noted that there was not 1 BSSID but 6 locked WPA networks termed "Library Wifi" versus 6 unlocked "Library Wifi Authentication" AP's.

    I had to leave fairly quickly and did not try to crack the wpa of the locked networks but I wondered if anyone could help me with a few questions -

    1) if the WPA protected AP was cracked - would I be able to have access to the system?

    2) supposing I could access the system, would I be isolated inside the channel with the other host or would i be able to view all hosts on the network?

    3) how noisy would penetration into the system be noting that it might/might not have AirDefense set up?

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by relaxis View Post
    Hi, I've been lurking for a while and playing around with BT3, I signed up to the forums a while back but for some reason did not have the permission to post until today...

    Anyway, I was at the library doing some research when I got bored and decided to see what the security was like of the wifi network. The wifi system is a trapeze webaaa authentication network that requires submission of login name and password to gain access to http and ssl traffic - basic net surfing. I'm not sure if SSH would work. I figured that I could use the simple airport wifi hack which would be to connect to the authentication page, autoscan and then spoof some other client's MAC address. No cigar. Autoscan yielded 0 hosts on the network. The library is literally FULL of people online writing their dissertations.

    I then decided to read up a little on how Trapeze operate and they mentioned something about every connection being isolated after authentication by being allocated a VLAN. I also noted that this network runs on a cisco system alongside a private webserver.

    Firing up Kismac and airodump-ng I noted that there was not 1 BSSID but 6 locked WPA networks termed "Library Wifi" versus 6 unlocked "Library Wifi Authentication" AP's.

    I had to leave fairly quickly and did not try to crack the wpa of the locked networks but I wondered if anyone could help me with a few questions -

    1) if the WPA protected AP was cracked - would I be able to have access to the system?

    2) supposing I could access the system, would I be isolated inside the channel with the other host or would i be able to view all hosts on the network?

    3) how noisy would penetration into the system be noting that it might/might not have AirDefense set up?
    You've lurked all this time and haven't read a single thread related to what you're trying to do?

    You have no business testing the network of which you have explicit permission to do so.

    Enjoy your banning.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    Junior Member
    Join Date
    Dec 2008
    Posts
    47

    Default

    I have been reading but a lot of it is quite difficult to understand without it being explained in layman's terms. And I do not plan on exploiting my library network, I'm simply curious as to how to get around the problem of VLAN connections. If there are posts that I have missed on the topic I'd appreciate being pointed towards them!

    Apologies, I didn't want a flaming...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •