Home page logo

pauldotcom logo PaulDotCom mailing list archives

Re: Rogue AP Placement: evil + 1
From: David Porcello <DPorcello () vermontmutual com>
Date: Thu, 26 Aug 2010 08:48:34 -0400

Great idea Andrew! I put this plug idea together a couple months ago for HOPE and folks have been coming up with all 
sorts of "creative" applications (my favorite so far is the GSM backdoor). You could certainly plug an ALFA into the 
USB port and run this as an evil AP. It pulls about 2 watts idle (low enough for battery power!), and the form factor 
is great for pentests -- it could easily pass for a printer surge box, carbon monoxide detector, etc.

I am working a guruplug-based version that has built-in wireless (not sure about the chipset yet) as well as 2 
ethernet, 2 USB, and eSATA. I have a handful on order but the US distributor is a nightmare (4-6 weeks delivery, if 
they don't lose your order).

-- Dave [grep8000] http://www.rocketbearlabs.com/pwn-plug.html

From: pauldotcom-bounces () mail pauldotcom com [mailto:pauldotcom-bounces () mail pauldotcom com] On Behalf Of Andrew 
Sent: Wednesday, August 25, 2010 3:20 PM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] Rogue AP Placement: evil + 1

Have you seen this? http://grep8000.blogspot.com/2010/07/introducing-pwn-plug.html


On Wed, Aug 25, 2010 at 10:54 AM, Chris Merkel <cmerkel () gmail com<mailto:cmerkel () gmail com>> wrote:
Question directed to fellow pen-test / red-teaming ninjas:

Have a test coming up, and want to place a rogue AP. I fully expect that a vanilla AP/router will be detected. I'm 
thinking about dropping a Cisco PIX 501 with the rogue AP sitting on the other side of the NAT gateway, and turning off 
all remote PIX management as well (if possible, it's been awhile since I admin'ed these.), maybe even turn off ICMP 
echo replies.

My guess is that this isn't going to be detected... My question is: anyone gone to that level of evil to evade 
detection on a network? If so, could you share any tips or gotchas you encountered along the way?

(BTW, you can get a PIX 501 on ebay for under 100 bucks... so well within the reach of an attacker...)

- Chris Merkel

Pauldotcom mailing list
Pauldotcom () mail pauldotcom com<mailto:Pauldotcom () mail pauldotcom com>
Main Web Site: http://pauldotcom.com

NOTICE: The information contained in this e-mail and any attachments is intended solely for the recipient(s) named 
above, and may be confidential and legally privileged. If you received this e-mail in error, please notify the sender 
immediately by return e-mail and delete the original message and any copy of it from your computer system. If you are 
not the intended recipient, you are hereby notified that any review, disclosure, retransmission, dissemination, 
distribution, copying, or other use of this e-mail, or any of its contents, is strictly prohibited.

Although this e-mail and any attachments are believed to be free of any virus or other defects, it is the 
responsibility of the recipient to ensure that it is virus-free and no responsibility is accepted by the sender for any 
loss or damage arising if such a virus or defect exists.
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]