Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 22

Thread: WPA2 Enterprise...

  1. #11
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by curriegrad2004 View Post
    Hm... Checked the place today, as far as I can tell I can't see an unauthorized Access Point being operated in my location. So yes, there is a rouge access point kicking around.

    Oh well, I would have to thank Group Policy on Active Directory on not letting any users changing the Wireless Settings on their laptops at all. So yeah, even if I find the rouge AP, how would I exactly take that access point down using legal means or the other 'legal' means.
    If they are intentionally mimicking your own network then you might be able to report them, but I'm not sure how well that would go over. You could try changing your SSID and see if the mimicking continues, if it does, then you'd have shown that they have the intent of doing harm. You'd want to log all the evidence that you have.

    If the AP is actually on your property and owned by an employee, then you make it very clear to them that they are in violation of whatever corporate policy and that they are to remove it immediately or it will be removed by IT and disposed of. Of course, have the proper authorization from management for such a thing.

    As for the GPO thing, that's a good idea.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  2. #12
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by curriegrad2004 View Post
    ... or the other 'legal' means.
    Use my officially endorsed Rogue Remover (TM) (Pat. Pend.) Otherwise known as a baseball bat.
    Thorn
    Stop the TSA now! Boycott the airlines.

  3. #13
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by Thorn View Post
    Use my officially endorsed Rogue Remover (TM) (Pat. Pend.) Otherwise known as a baseball bat.
    It usually only takes one use of said device and all employee owned devices go home pretty damn quick. I've used similar means, and had to do it a few times, you'd think teachers would learn quicker....
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  4. #14
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by Barry View Post
    It usually only takes one use of said device and all employee owned devices go home pretty damn quick. I've used similar means, and had to do it a few times, you'd think teachers would learn quicker....
    Thanks! You just inspired my new slogan: "With just one smack, they'll take it back!"

    Please excuse me, I'm off to find Billy Mays.
    Thorn
    Stop the TSA now! Boycott the airlines.

  5. #15
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    5

    Default

    What I implied by the other legal means is a firearm, well not exactly a firearm, but it can do real pain.

    But for now I set SSID broadcasting off and I'll see how it goes. Also I haven't been getting reports from my users that their accounts are getting locked out because somebody is really trying to get in... So far the IAS entries in the system log look okay, no attempted unauthorized accesses yet...

  6. #16
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by curriegrad2004 View Post
    What I implied by the other legal means is a firearm, well not exactly a firearm, but it can do real pain.

    But for now I set SSID broadcasting off and I'll see how it goes. Also I haven't been getting reports from my users that their accounts are getting locked out because somebody is really trying to get in... So far the IAS entries in the system log look okay, no attempted unauthorized accesses yet...
    Okay, so what does turning off SSID broadcast do for you?
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  7. #17
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Barry View Post
    Okay, so what does turning off SSID broadcast do for you?
    Other than fscking up the Roaming feature of the network?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  8. #18
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by streaker69 View Post
    Other than fscking up the Roaming feature of the network?
    Yea, other than that. If the supposed rogue is spoofing the OP's network, seeing a hidden SSID is going to be cake.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  9. #19
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    Instead of it being an actual tangible access point, I'd say it's someone using a laptop with hacking software (I won't mention any Linux distributions in particular).

    One thing to be aware of is that this person might be very careful. An undisclosed amount of time ago I was working part time in a school, and the network administrator guy was suspected of having some dodgy photos on his computer (let's just say he's not the kind of person you'd wanna leave alone with your kids). Anyway, if the alarm were raised, if accusations were made, he would have just wiped his computer, or at least made the material inaccessible in some way (Truecrypt, whatever). When I got wind of the situation, I kinda said "Emm by the way, I could help a little bit, I know a little about computers".

    So I got permission from the school owner to f*** with the network however I wanted. In the next 20 minutes or so, I got by MAC filtering, got by WEP, ran Autopwn, then showed the owner exactly what was on the network admin guy's PC (which was owned by the school). All the while I was doing this, I was very careful, because I knew the network admin guy would come straight into my room if something like "You're being portscanned" came up on his screen (some firewalls do that by the way), so I was always on guard, it took maybe two or three keystrokes to make it look like I was just listening to MP3's or watching Southpark.

    Your situation is a little different though, you're not guaranteed that it's an inside job, it could be Billy who lives across the road.

    I've always a big fan of not raising the alarm, because people become careful when they think someone's on to them.
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  10. #20
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    5

    Default

    Okay, shutting off the SSID now seemed to help. All of the clients are now able to connect to the wireless network without a hitch.

    And that suspected rouge AP disappeared mysteriously...

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •