Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: Security issue ad-hoc network

  1. #11
    Just burned his ISO
    Join Date
    Oct 2007
    Posts
    7

    Default

    yeah 100 mile radius and 24 buildings would kinda suck ass. we have 67 sites spread all over, but each of those locations has their own domain so i'm primarily worried about what is local to this one building more so than anything else. i guess when you actually have a real wireless deployment you've got something like airwave to monitor for rouge access points and you can shut them down from there.

  2. #12
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by Barry View Post
    I've done the second part for real. It's fun to see their faces when you walk into the room and pull an illegal access point out of the wall. I see "free public wifi" all the time here. I just go into the conference room and tell them to turn off their wifi.
    Ohh I can imagine the amount of fun that could be had.
    About the closest comparable policy we have in place is no one is allowed to have cell phones with cameras equipped. Of course when someone gets caught they have to go explain to the "suits up-stairs".
    One poor guy lost his job over it. The whole "hey I don't have money for another type of phone, the wife is pregnant, there might be an emergency"
    The guy filed a lawsuit which I do not blame him one bit for it.
    The hypocrisy lies in the fact that we in management were all issued Blackberries (electronic leashes) that have cameras built in.
    Corporates' excuse is that "they" can be monitored.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  3. #13
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by archangel.amael View Post
    Ohh I can imagine the amount of fun that could be had.
    About the closest comparable policy we have in place is no one is allowed to have cell phones with cameras equipped. Of course when someone gets caught they have to go explain to the "suits up-stairs".
    My Dad was working for a company a few years ago that was bidding on a contract for the Egyptian Military. They flew over to Cairo on the same plane as their competition for the same contract. They were met at the airport by an officer and escorted to the base to meet with the CO.

    First thing the CO did was tell them there was to be no recording of anything and no pictures to be taken, then started to escort them on a tour of the facilities. They came to some kind of control room and a guy from the competition started taking pictures.

    The CO saw him and told the guards to "put him on the next plane." Not the next plane leaving for the States, but the NEXT PLANE leaving. He was put on the plane, no passport, no luggage, nothing. They're not sure where he ended up.

    Important lesson here, if someone tells you rules, chances are, you should follow them.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  4. #14
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by streaker69 View Post
    The CO saw him and told the guards to "put him on the next plane." Not the next plane leaving for the States, but the NEXT PLANE leaving. He was put on the plane, no passport, no luggage, nothing. They're not sure where he ended up.
    D**M that sucks! I would have hated to be that guy.!
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  5. #15
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by streaker69 View Post
    My Dad was working for a company a few years ago that was bidding on a contract for the Egyptian Military. They flew over to Cairo on the same plane as their competition for the same contract. They were met at the airport by an officer and escorted to the base to meet with the CO.

    First thing the CO did was tell them there was to be no recording of anything and no pictures to be taken, then started to escort them on a tour of the facilities. They came to some kind of control room and a guy from the competition started taking pictures.

    The CO saw him and told the guards to "put him on the next plane." Not the next plane leaving for the States, but the NEXT PLANE leaving. He was put on the plane, no passport, no luggage, nothing. They're not sure where he ended up.

    Important lesson here, if someone tells you rules, chances are, you should follow them.
    That's some funny shit right there.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  6. #16
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    7

    Default

    Quote Originally Posted by Barry View Post
    I've done the second part for real. It's fun to see their faces when you walk into the room and pull an illegal access point out of the wall. I see "free public wifi" all the time here. I just go into the conference room and tell them to turn off their wifi.
    Surprisingly, the ad-hoc network I'm trying to get down has that exact SSID...

    Quote Originally Posted by newkoba View Post
    I see this all the time where I work. What I do here is run WiFiFoFum on my iPaq and when it picks up a p2p connection I go wandering watching the signal levels until I find it and then remove it from the available networks on that person's computer / pda. Not really hard plus it'll get you out of your normal area for a bit.
    Cool, thank you for pointing me to this program. It works great!

    Then a side note, maybe the person who'd set up the ad-hoc network is reading this forum too. Since this morning ad-hoc network didn't came up... But as soon it comes up again I will grab my PDA and try to trace it and take it down .

    @streaker69, thank you for replaying. I've did take it up with my boss, he is going to send out a new memo to the whole staff in regards to this situation. Just as you described, thanks!

  7. #17
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by Novo86 View Post
    Surprisingly, the ad-hoc network I'm trying to get down has that exact SSID...
    Check with anybody that has traveled in the last month or so. You usually find that ssid at airports. It's usually kids trying to snarf credit card numbers.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  8. #18
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Barry View Post
    Check with anybody that has traveled in the last month or so. You usually find that ssid at airports. It's usually kids trying to snarf credit card numbers.
    But to finish your thought here. Chances are in this instance it's someone that actually connected to that SSID previously and now it's Beaconing it because it's the last one that it's seen per Simple Nomad's talk at Shmoo a couple years ago. It probably isn't someone scamming cards in this case.

    But I would be concerned if it is an employee device, because if their Wireless is beaconing, than it's not connected to the Wifi, but is it connected via the local LAN? Are there measures in place to detect rogue devices plugged in?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •