Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: Rogue AP Placement: evil + 1
From: Chris Merkel <cmerkel () gmail com>
Date: Wed, 25 Aug 2010 16:40:59 -0500

Yeah, that does just about everything I need. I'm still going to drop a big
ugly pix and ghetto AP for the fun of it.

Aside from this all-in-wonderful pwnage device, anyone else have tips for
stealthy AP usage?

- Chris

On Wed, Aug 25, 2010 at 2:19 PM, Andrew Johnson <email () andrewcjohnson com>wrote:

Have you seen this?
http://grep8000.blogspot.com/2010/07/introducing-pwn-plug.html

<http://grep8000.blogspot.com/2010/07/introducing-pwn-plug.html>-A

On Wed, Aug 25, 2010 at 10:54 AM, Chris Merkel <cmerkel () gmail com> wrote:

Question directed to fellow pen-test / red-teaming ninjas:

Have a test coming up, and want to place a rogue AP. I fully expect that a
vanilla AP/router will be detected. I'm thinking about dropping a Cisco PIX
501 with the rogue AP sitting on the other side of the NAT gateway, and
turning off all remote PIX management as well (if possible, it's been awhile
since I admin'ed these.), maybe even turn off ICMP echo replies.

My guess is that this isn't going to be detected... My question is: anyone
gone to that level of evil to evade detection on a network? If so, could you
share any tips or gotchas you encountered along the way?

(BTW, you can get a PIX 501 on ebay for under 100 bucks... so well within
the reach of an attacker...)

--
- Chris Merkel

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




-- 
- Chris Merkel
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]