|
10-12-2004
|
#1 (permalink) |
|
Registered Member
Join Date: Oct 2004
Posts: 2
|
Hunting APs
My RA in my dorm has asked me to attempt to hunt down wireless networks that are attached to the univeristy's network. I am using a new alienware laptop with an a+b+g internal wifi card. I have netstumbler and need to know how i can get the IP address the AP is using to connect to University's network. If there is a way to do this I would love to know. Thanks.
|
|
|
|
10-12-2004
|
#3 (permalink) |
|
Dumbass checker
Join Date: Sep 2002
Location: Somewhere below Lake Ontario
Posts: 1,076
|
I really dont think there would be a way to differentiate the location of a rogue AP amongst the legal ones. You'd be seeing the signal from multiple AP's and besides; trying to locate an AP in a dorm with all the walls and stray signals, you'd never do it.
|
|
|
|
|
10-12-2004
|
#4 (permalink) |
|
Registered Member
Join Date: Sep 2004
Posts: 76
|
From how I'm understanding it is all wireless AP's are considered rogue.
In that case, the easiest way to find what rooms the access point are located in would be to create some sort of dampener around the NIC (I'm thinking back to the running man competition at defcon and their potato chip bag dampener as basis for this idea). Then somehow watch the signal strengths are you walk down the halls. It wouldn't be perfect, but it would be more effective as the NIC would only see the signal when it is stronger and therefore (hopefully) closer to the AP. As for finding the IP addresses, that would require connecting to each individual AP and even doing something as simple as accessing a web server and logging the accesses, or a multitude of other methods. The only issue you may run into with this is it is likely illegal even in this case to connect to those AP's as they are owned by the students. Optimally, I wouldn't worry about finding the IP addresses, and would just use the first method to figure out where they are. Even from that much information, the RA might be able to check those rooms (which might depend on what powers they are granted by the university, etc). |
|
|
|
|
10-13-2004
|
#5 (permalink) | |
|
Did you do the math?
Join Date: Apr 2002
Location: Villa Straylight
Posts: 10,084
|
Quote:
To do it right, rogue hunting requires a full set of tools, including multiple cards, multiple antennae, attenuators, cables, pigtails, etc. Also a dual-boot Win/Linux laptop or multiple laptops/handhelds with at least two OSs should be availble. *For those who missed DC and the WarDriving Contests, the idea is to stuff a handheld PC in a small, snack-sized potato chip bag aluminized-mylar bag. Either clean the bag well with detergent to get rid of the grease, or place the handheld in a plastic sandwich bag first and then put both in the potato chip bag. The aluminum coating on the bag will attenuate the signal about 6-9dB, on both TX and RX, which will to reduce what the card is transmitting to and detecting to a rather local area. Local (NetStumbler Forums) discussion about the whole thing was here: The RunningMan Contest article The actual article is here and mirrored here. I called this the "Anti-Pringle's" when we were organizing the DC WarDriving Contests. So named because it a) dampened the signal, and b) used the container from real potato chips; both things being the opposite of Rob Flickenger's "Pringle's Cantenna". 
__________________
Thorn "I'm The Doctor. I'm a Time Lord. I am from the planet Gallifrey in the constellation Kasterborous. I'm 903 years old and I am the man who is going to save your lives and all 6 billion people on the planet below... You got a problem with that?" |
|
|
|
|
|
10-13-2004
|
#6 (permalink) |
|
Registered Member
Join Date: Apr 2004
Location: Midwest
Posts: 53
|
Seems like overkill if you just looking for a unauthorized AP. If your doing security work then its a different story.
You need: Pigtail=1 Small hand held direction antenna=1 Verify your RF sampling rate is high enough since rooms are jammed next to each other. Walk slow and verify any possible positive hits on a second verification walk. This will hopefully reduce false hits as you will have some. |
|
|
|
|
10-13-2004
|
#7 (permalink) |
|
root\.workspace\.garbage.
Join Date: Aug 2003
Posts: 4,796
|
Definition of Terms:
RA - Resident Assistant (1 per floor, student) RC - Resident Coordinator (1 per building, "Boss") DG - Door Guard The RA's lackey (usually freshmen, they watched the doors from midnight to 6am) I was an RA in college and let me tell you the easiest way to find 'unauthorized' anything in a dorm. Have an unscheduled firedrill. During a firedrill the RA's were required to enter each room to ensure they were not occupied. Well, to do this job meant we would have to open closet doors and look under beds. Occasionally we would find an unregistered guest in the room. They didn't want to get caught so they stayed in the room. It never occured to them if it was a real fire they could be dead. But I digress. The firedrill gives us enough time to scan the room and find Alcohol (under 21 rooms), drugs, stolen items, animals, fire hazards, microwaves, etc. You could easily find a Wireless AP during a firedrill since you should know where the outlets are in the room just follow the cable and see if it goes to a WAP. |
|
|
|
|
10-13-2004
|
#8 (permalink) |
|
Registered Member
Join Date: Oct 2004
Posts: 2
|
Thanks for the help. The reason we were looking for an IP was so we can determine which dorm the AP is in. There are several dorms near us and that proves difficult to search every one. If we could narrow it down to a dorm we can have the university come out with their search team complete with directional antennas and the like. Thanks again.
|
|
|
|
|
10-13-2004
|
#9 (permalink) | |
|
I amuse you?
Join Date: Dec 2003
Posts: 9,127
|
Quote:
With a directional antenna and a few sweeps you should be able to narrow it down to the right dorm(s). What school is this? |
|
|
|
|
Linear Mode
