Results 1 to 7 of 7

Thread: Need help identifying an unknown AP

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Feb 2012
    Posts
    3

    Default Need help identifying an unknown AP

    Hello everyone, I tried posting this in the Beginner's Forum yesterday, but upon closer examination that isn't the right area for it so I'm posting a new thread here. (I'm new to the forum so I don't know if the mods will even post it there.)

    When doing a general "Airodump-ng" in my area I see normal traffic except for one router with the following properties:

    BSSID = 00:00:00:00:00:00
    ESSID = <Length: 0>
    WEP/WEP
    Channel = detected on 6 and 11
    Power = varies from about -68 to -79 every three seconds.
    Beacons = about 23 per second
    Data = 1 after two hours of monitoring

    I've found two other instances of this with little help as to what it might be:
    HTML Code:
    http://www.backtrack-linux.org/forums/showthread.php?t=1572
    HTML Code:
    http://aircrack-ng.blogspot.com/
    Last month, the video was showing the injection test on the N900. If you watch carefully, you can note that one of the BSSID is 00:00:00:00:00:00. I first thought it was a bug in aircrack-ng but it's not. I was told it's a unconfigured AP. It only sends beacons and jumps on different channels. If you're as curious as me, here is a capture file with just a beacon.
    Now I will admit that what I don't know about WLAN could fill a warehouse, but I've never heard of an "unconfigured AP" that doesn't have a real MAC address and rapidly switches channels. Can anyone help me figure out what this thing is and if I should be concerned about it?

    Thank you!
    CC

  2. #2
    Junior Member L21ZIFER's Avatar
    Join Date
    Nov 2011
    Posts
    47

    Default Re: Need help identifying an unknown AP

    You know, the problem is - that no person with even a little responsibility would help to crack the AP from someone you don't even know (and is probably a blind-chosen victim to try your rifle on).

    If it would be your AP, you'd recognize it - won't you?

  3. #3
    Just burned his ISO
    Join Date
    May 2012
    Posts
    1

    Default Re: Need help identifying an unknown AP

    Quote Originally Posted by L21ZIFER View Post
    You know, the problem is - that no person with even a little responsibility would help to crack the AP from someone you don't even know (and is probably a blind-chosen victim to try your rifle on).

    If it would be your AP, you'd recognize it - won't you?
    You know, this is the second time I've seen this kind of response to what seems to me to be a reasonable question. There didn't seem to be anything in the original post that implied that the poster was trying to crack someone else's AP. The poster seemed to be trying to learn what it was he was looking at without cracking into it.

    Let me give you a different context, and maybe someone can see their way clear to answer this question. I am a penetration tester, and a similar (all zeros) BSSID appeared on a wireless audit of one of my clients' sites. It appeared along with the following messages in the Kismet nettxt file:

    Alert : <datetime> CRYPTODROP Network BSSID 00:00:00:00:00:00 stopped advertising encryption
    Alert : <datetime> ADHOCCONFLICT Network BSSID 00:00:00:00:00:00 advertised as AP network, now advertising as Ad-Hoc IBSS, which may indicate AP spoofing/impersonation
    I am trying to figure out if there is someone setting up rogue APs at this site using some strange technique I've never seen, but all I can find are references to pseudo-IBSS networks and people assuming that any question along these lines must have been posed by a malicious user.

    As far as anyone knows, are there embedded devices that might be using this BSSID and causing these messages, or is it pretty much a certainty that this is someone running a pseudo-IBSS network using linux and madwifi or prism drivers?

    Regards,

    JS

  4. #4
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: Need help identifying an unknown AP

    Might be someone using some fake AP software to throw off war-drivers.
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

  5. #5
    Junior Member
    Join Date
    Jul 2006
    Posts
    45

    Default Re: Need help identifying an unknown AP

    The essid is hidden, you can use mdk3 to bruteforce it (good luck with that) or deauth a client when a machine connects to the AP and use wireshark with the either filters.
    wlan.fc.type_subtype == 0
    wlan.fc.type_subtype == 4
    wlan.fc.type_subtype == 5
    Last edited by Si2006; 03-03-2012 at 04:29 PM.
    ______________
    Tarmac Terrorist

  6. #6
    Just burned his ISO
    Join Date
    Jan 2011
    Posts
    8

    Default Re: Need help identifying an unknown AP

    I get these and have put it down to a mobile connection passing my office or a network connection in a car as it passes. I'm probably wrong but that's what it is for me.

  7. #7
    Just burned his ISO
    Join Date
    Dec 2011
    Posts
    3

    Default Re: Need help identifying an unknown AP

    I found this: http://tinyurl.com/czjpbna Maybe someone is using his another machine to create an AP to extend his WLAN... I don't know. I will subscirbe to this thread, I'm also curious.

    Alex

Similar Threads

  1. airmon-ng on BT5R1 not identifying any cards
    By RogueSix in forum BackTrack 5 Bugs
    Replies: 2
    Last Post: 11-17-2011, 02:14 PM
  2. Identifying network shares
    By williamc in forum OLD BackTrack 4 General Support
    Replies: 4
    Last Post: 11-19-2009, 08:20 PM
  3. identifying hidden/unnamed networks?
    By rickster434 in forum OLD Newbie Area
    Replies: 2
    Last Post: 04-01-2009, 05:45 PM
  4. identifying wireless card
    By tommy2tone in forum OLD Newbie Area
    Replies: 3
    Last Post: 06-27-2008, 09:52 PM
  5. Identifying my wireless adapter
    By thekiterunner in forum OLD Newbie Area
    Replies: 3
    Last Post: 06-16-2007, 11:10 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •