Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: WiFi question
From: GuidoZ <uberguidoz () gmail com>
Date: Wed, 17 Nov 2004 18:42:25 +0000

I'm not 100% on this, as it could be something I've never heard of (of
course). However, it sounds a lot like someone is playing with
"FakeAP":
 - http://www.blackalchemy.to/project/fakeap/

It's not real difficult to setup and only requires a Prisim chipset
card (one or more) and a compatible Linux distro. It's been around for
over 2 years, but hasn't been touched for about the same amount of
time. See the site for more.

--
Peace. ~G


On Wed, 17 Nov 2004 13:53:07 +0000, colin.scott () csplc com
<colin.scott () csplc com> wrote:
List,

I'm an expert in nothing so when I saw this I had to ask, as Im sure theres
someone out there that is a WiFi expert.

Google has found no answer so here goes.

Last night we saw a new access point appear. No problems its an ad-hoc
network so its someone's machine with XP on configured for their home W-LAN
probably.  Running Netstumbler shows more on it though.

You get 2 Access Points showing this ESSID for a few seconds. Then you get
a 3rd, then a 4rth. Then the first two drop off, this repeats forever.
Always using a different MAC address when a new AP appears. The APs are all
WEP enabled (which I cant crack cos I dont have the savvy or the tools :) )
and this goes on forever.

The MACs are all from different pools (i.e. assigned to different
manufacturers) so the only conclusion is that they are all spoofed MACs.

I have walked around the office and as far as I can tell its coming from
this office (the IT dept), basing that assumption on signal strength.

Anyone seen any tools that do this?   I would love a little hand-held
gadget that would help me find it (like the scanner in Alien!)

Answers on a post card :)

Colin.

**************************************************************************************

This e-mail is confidential and may contain privileged information.  If you
are not the addressee or if you have received the e-mail in error, it may
be unlawful for you to read, copy, distribute, disclose or otherwise use the
information which it contains.  Under these circumstances, please notify
us immediately by returning this mail to 'mailerror () csplc com' and deleting
this e-mail from your system.

Any views expressed by an individual within this e-mail do not necessarily
reflect the views of Cadbury Schweppes Plc or its subsidiaries.  Cadbury
Schweppes Plc will not be bound by any agreement entered into as a result
of this email, unless its intention is clearly evidenced in the body of the email.
Whilst we have taken reasonable steps to ensure that this e-mail and
attachments are free from viruses, recipients are advised to subject this mail
to their own virus checking, in keeping with good computing practice. Please
note that email received by Cadbury Schweppes Plc or its subsidiaries may be
monitored in accordance with the prevailing law in the United Kingdom.

**************************************************************************************

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault