something to keep in mind...

09-09-2001

Just a piece of common sense that it seems alot of these new "l33t wlan hax0rs" seem to forget... The connection is two way. Meaning that by connecting to a rogue network, you better protect yourself and not do anything stoopid like check your mail, log into work, home systems, etc. Because while your on my network, I've been dsniffing (and then some) the hell out of you and just love snooping my little visitors and all the nice places they take me... To date I have a 4 meg text file full of naughty words that get me into wonderful places...

So please, feel free to connect anywhere you want. Just keep in mind who the real sucker might be.

-k

09-09-2001

good advice... i wouldnt be surprised if alot of these kiddies load up ICQ or AIM or somthing and brag to their friends

im sure the UIN#'s or whatever are transmitted across... would prove to be alot of fun if i got my hands on that info if it happened to my wireless network

also if you have a DSL or cable connection where your ISP forces you to use a weird or special computer name, it might be wise to remove it when war driving

cuz that is nothing more than a direct line to yourself if the admin can trace that computer name of yours to a local ISP in the city

09-09-2001

Now what if you're email link is over ssl? That would be ok. Can't sniff that. You can grab the packets, but good luck cracking them open. What about having a vpn setup somewhere on the net so you can connect through someone else's ap and then tunnel through your vpn proxy to the net. Wouldn't that work???

09-09-2001

IPSEC......

09-09-2001

How about arpwatch? If you have arpwatch running, it will quite nicely syslog when there is a "new station" and it will also log whenever a MAC/IP pair changes (indicating that somebody used and existing IP address).

In addition to arpwatch, you might want to run something like logcheck and have "new station" be listed in the 'alert' section.

It probably wouldn't be too hard to have some process tail /var/log/messages and start a snort or tcpdump of any "new station"....that could be quite interesting

09-09-2001

These are some sweet ideas. Would be neat to see a program that automates all this. Perhaps I'll do it when I finish the ssl code I'm working on.

09-10-2001

My favorite is the "smarty pants" that figure, "I'm leet, I tunnel everything over SSH"... yeah, SSH v1 ya dummy. By using a typical man-in-the-middle attack, you accepted my server's public ssh key instead of realizing that it was different than the one you had before. Now I just proxy your ssh session and begin my snoopin' n poopin'...

All I'll say it two words... dsniff & ettercap.
http://ettercap.sourceforge.net/

Also, I love the sites thats have you log into a "secured" site, but before the SSL starts, your user/password is passed across in clear text. Too funny.

Just get yourself a nice big omni antenna, run it through an OpenBSD box, and then play with all the tools out there. I honestly did not set this up to be malicious with the uneducated public, but instead its been an awesome learning experience with regards to how the public tools work, how to recognize them in action, and what apps/protocols to stay away from.

09-10-2001

Wouldn't use SSH any other way, unless of course it was through the use of PuTTY.

Hey knuckles, I'm seriously interested in everything you setup. Mind dropping a full description somewhere in the forums or emailing it to me???

09-11-2001

Will do... I'm smack in the middle of a big project, but as soon as I'm finished I plan of throwing together a howto or something. Will post here once its at least in rev1.

09-11-2001

Thanks.

09-09-2001	#1 (permalink)
Posts: n/a	something to keep in mind... Just a piece of common sense that it seems alot of these new "l33t wlan hax0rs" seem to forget... The connection is two way. Meaning that by connecting to a rogue network, you better protect yourself and not do anything stoopid like check your mail, log into work, home systems, etc. Because while your on my network, I've been dsniffing (and then some) the hell out of you and just love snooping my little visitors and all the nice places they take me... To date I have a 4 meg text file full of naughty words that get me into wonderful places... So please, feel free to connect anywhere you want. Just keep in mind who the real sucker might be. -k

09-09-2001	#3 (permalink)
Posts: n/a	What about... Now what if you're email link is over ssl? That would be ok. Can't sniff that. You can grab the packets, but good luck cracking them open. What about having a vpn setup somewhere on the net so you can connect through someone else's ap and then tunnel through your vpn proxy to the net. Wouldn't that work???

09-09-2001	#4 (permalink)
Posts: n/a	one word IPSEC......

09-09-2001	#6 (permalink)
Posts: n/a	Ooh. These are some sweet ideas. Would be neat to see a program that automates all this. Perhaps I'll do it when I finish the ssl code I'm working on.

09-10-2001	#8 (permalink)
Posts: n/a	OpenBSD all the way. Wouldn't use SSH any other way, unless of course it was through the use of PuTTY. Hey knuckles, I'm seriously interested in everything you setup. Mind dropping a full description somewhere in the forums or emailing it to me???

09-09-2001	#2 (permalink)
Posts: n/a	good advice... i wouldnt be surprised if alot of these kiddies load up ICQ or AIM or somthing and brag to their friends im sure the UIN#'s or whatever are transmitted across... would prove to be alot of fun if i got my hands on that info if it happened to my wireless network also if you have a DSL or cable connection where your ISP forces you to use a weird or special computer name, it might be wise to remove it when war driving cuz that is nothing more than a direct line to yourself if the admin can trace that computer name of yours to a local ISP in the city

09-09-2001	#5 (permalink)
Posts: n/a	How about arpwatch? If you have arpwatch running, it will quite nicely syslog when there is a "new station" and it will also log whenever a MAC/IP pair changes (indicating that somebody used and existing IP address). In addition to arpwatch, you might want to run something like logcheck and have "new station" be listed in the 'alert' section. It probably wouldn't be too hard to have some process tail /var/log/messages and start a snort or tcpdump of any "new station"....that could be quite interesting

09-10-2001	#7 (permalink)
Posts: n/a	My favorite is the "smarty pants" that figure, "I'm leet, I tunnel everything over SSH"... yeah, SSH v1 ya dummy. By using a typical man-in-the-middle attack, you accepted my server's public ssh key instead of realizing that it was different than the one you had before. Now I just proxy your ssh session and begin my snoopin' n poopin'... All I'll say it two words... dsniff & ettercap. http://ettercap.sourceforge.net/ Also, I love the sites thats have you log into a "secured" site, but before the SSL starts, your user/password is passed across in clear text. Too funny. Just get yourself a nice big omni antenna, run it through an OpenBSD box, and then play with all the tools out there. I honestly did not set this up to be malicious with the uneducated public, but instead its been an awesome learning experience with regards to how the public tools work, how to recognize them in action, and what apps/protocols to stay away from.

09-11-2001	#9 (permalink)
Posts: n/a	Will do... I'm smack in the middle of a big project, but as soon as I'm finished I plan of throwing together a howto or something. Will post here once its at least in rev1.

09-11-2001	#10 (permalink)
Posts: n/a	Good shit. Thanks.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode