Undetectable APs
in [Wireless Internet]
|
From: DevilsPGD on 30 Jul 2010 22:23 In message <pd075691p4j0kj3jva16dmt8judrk1nnga(a)4ax.com> John Navas <spamfilter1(a)navasgroup.com> was claimed to have wrote: >On Fri, 30 Jul 2010 15:57:07 -0700, in ><ipl656pres2kcclftlsbq1sdpq8bsdan9a(a)4ax.com>, DevilsPGD ><Still-Just-A-Rat-In-A-Cage(a)crazyhat.net> wrote: > >>If you use manufacturer supplied software on your AP then your ability >>to set limitations are based on the feature set the manufacturer >>provided. Most APs will only let you allow/deny wireless access based >>on MAC address (and of course compatible encryption settings) >> >>A few will block by hostname, although technically speaking they >>actually do have to allow the wireless connection first, then once the >>hostname is known, decide whether to route packets or not. >> >>If you control the software on your AP then your ability to code will be >>your only imagination and coding skills. > >The radio has to be on for the AP to do anything useful, which is easily >detectable no matter what your imagination and coding skills. Absolutely. However, you can deny access, or fail to reply to scans. A passive scan will still find you, but I covered that earlier in my previous message.
From: alexd on 31 Jul 2010 07:02 Meanwhile, at the alt.internet.wireless Job Justification Hearings, ArnieJ chose the tried and tested strategy of: > Do most PC wifi radios do passive or active scans and what > exactly is the difference? The answer to that is similar to with APs; in general using third-party software will give you more options. > But how can a receiver detect an AP that is not addressing packets to that > receiver, which is what a "passive" scan implies? The chipset in the wifi NIC needs to be able to pass all received data to the scanning software, ie not just packets sent to it's own MAC address. The scanning software will then instruct the NIC to hop from channel to channel, dwelling briefly on each one to listen for traffic. Whatever information can be extracted from a packet will be used to build a report for the operator of the software, eg channel, signal strength, SSID, MAC address, IP addresses if they're not encrypted, etc. How likely are you to see packets on the air from a wireless network? Very. If it's not hidden, an AP will be sending beacon frames out regularly. Even if it is hidden, there will still be regular, non-user-initiated chatter like ARP requests, AV updates, Windows updates, etc. > I think with wired network scanners they send out an abbreviated > packet or some such which are undetectable by many firewalls, > but not all. I think you're talking about a port scanner which operates at different layers to a wireless network sniffer. http://en.wikipedia.org/wiki/TCP/IP_model A port scanner isn't really much use when wanting to investigate unknown wireless networks, because you need to have IP connectivity in order to make use of it. -- <http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm(a)ale.cx) 11:34:24 up 13 days, 2:05, 6 users, load average: 0.03, 0.09, 0.11 Qua illic est accuso, illic est a vindicatum
From: John Navas on 31 Jul 2010 10:43 On Fri, 30 Jul 2010 19:23:35 -0700, in <ko1756dhlpb6mb41929a2csh82j7lb39n5(a)4ax.com>, DevilsPGD <Still-Just-A-Rat-In-A-Cage(a)crazyhat.net> wrote: >In message <pd075691p4j0kj3jva16dmt8judrk1nnga(a)4ax.com> John Navas ><spamfilter1(a)navasgroup.com> was claimed to have wrote: > >>On Fri, 30 Jul 2010 15:57:07 -0700, in >><ipl656pres2kcclftlsbq1sdpq8bsdan9a(a)4ax.com>, DevilsPGD >><Still-Just-A-Rat-In-A-Cage(a)crazyhat.net> wrote: >> >>>If you use manufacturer supplied software on your AP then your ability >>>to set limitations are based on the feature set the manufacturer >>>provided. Most APs will only let you allow/deny wireless access based >>>on MAC address (and of course compatible encryption settings) >>> >>>A few will block by hostname, although technically speaking they >>>actually do have to allow the wireless connection first, then once the >>>hostname is known, decide whether to route packets or not. >>> >>>If you control the software on your AP then your ability to code will be >>>your only imagination and coding skills. >> >>The radio has to be on for the AP to do anything useful, which is easily >>detectable no matter what your imagination and coding skills. > >Absolutely. However, you can deny access, or fail to reply to scans. > >A passive scan will still find you, but I covered that earlier in my >previous message. And traffic can be sniffed. -- John "Assumption is the mother of all screw ups." [Wethern�s Law of Suspended Judgement]
From: Jeff Liebermann on 31 Jul 2010 13:26 On Sat, 31 Jul 2010 02:55:10 +0000 (UTC), ArnieJ <ArnieJ473(a)hotmail.com> wrote: >Do most PC wifi radios do passive or active scans and what >exactly is the difference? An active sniffer transmits something to the access point, such as a connection request or broadcast probe request. The AP is expected to respond. Netstumbler works this way. A passive sniffer simply listens to the traffic going by. Kismet works this way. >I am guessing that active means >actually sending a packet out for reply. Correct. >But how can a >receiver detect an AP that is not addressing packets to that >receiver, which is what a "passive" scan implies? There are directed packets (unicast) and non-directed packets (multicast). See comments under Active and Passive Scanning at: <http://trac.kismac-ng.org/wiki/AdditionalInformation> Note that if the AP does not respond to probe requests, there would be no way to find or connect to an access point. >I think >with wired network scanners they send out an abbreviated >packet or some such which are undetectable by many firewalls, >but not all. Not that I know about. -- Jeff Liebermann jeffl(a)cruzio.com 150 Felker St #D http://www.LearnByDestroying.com Santa Cruz CA 95060 http://802.11junk.com Skype: JeffLiebermann AE6KS 831-336-2558
From: John Navas on 31 Jul 2010 21:00 On Sat, 31 Jul 2010 10:26:01 -0700, in <okm8565q0d1vj9nadksurovknk6a83s6au(a)4ax.com>, Jeff Liebermann <jeffl(a)cruzio.com> wrote: >On Sat, 31 Jul 2010 02:55:10 +0000 (UTC), ArnieJ ><ArnieJ473(a)hotmail.com> wrote: >>But how can a >>receiver detect an AP that is not addressing packets to that >>receiver, which is what a "passive" scan implies? > >There are directed packets (unicast) and non-directed packets >(multicast). See comments under Active and Passive Scanning at: ><http://trac.kismac-ng.org/wiki/AdditionalInformation> >Note that if the AP does not respond to probe requests, there would be >no way to find or connect to an access point. If the access point is enabled for a client, all that's needed is to spoof the MAC of the client, which can be determined by sniffing the wireless traffic. -- John "Assumption is the mother of all screw ups." [Wethern�s Law of Suspended Judgement]
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: Article: iPad wins the jerk demographic Next: NEWS: Boffins authenticate Apple 'Antennagate' |