Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Wired detection of rogue access points

from [tim_holman] Network Security [Permanent Link]
Subject: Re: Wired detection of rogue access points
Date: Mon, 26 Mar 2007 23:24:25 +0000 
Filtering by MAC gives you no additional security whatsoever, period.  MAC 
addresses can be easily spoofed and although your solution may assist in 
spotting misconfigurations a determined intruder will get straight through....

Sent from my BlackBerry® wireless device  

-----Original Message-----
From: "Adam Graham" <agraham@datastreamcowboys.net>
Date: Mon, 26 Mar 2007 15:52:21 
To:<focus-ids@securityfocus.com>
Subject: RE: Wired detection of rogue access points

First off is it even possible to buy a laptop that does not have wifi built
in?

I have set up an automated scan looking for MACs. If the MAC does not appear
on my list I drop its packets in the IPTabes FW. It's rather simple to do.
The main thing I do that seems to work the best is the APs are un-trusted
and therefore stuck out in the DMZ. Before one can get to network resources
they need to open the VPN client after connecting to the AP.  

A simple way to handle MACs with IPTables (NOTE: simple rule if you need
more instruction I can send it to you or just the complete iptable script):

Let's create 2 text files:
/tmp/whiteist
/tmp/blackist

Insert into whiteist  00:06:25:2E:56:A0
Insert into blackist  00:06:25:2E:56:E1


Add following to your IPTabes script
TABLES = "filter nat mangle"
iptables = /sbin/iptables
touch /tmp/whiteist
touch /tmp/blackist
WHITELIST = `cat /tmp/whiteist | awk '{print $1}'
BLACKLIST = `cat /tmp/blackist | awk '{print $1}'

# Forward good MACs
$iptables -t filter -I FORWARD 1 -m mark --mark 0x42 -j ACCEPT

# mark all packets from the good macs
for MAC in $WHITELIST ; do
        $iptables -t mangle -I PREROUTING -m mac --mac-source $MAC -j MARK
--set-mark 0x42
done

# drop all packets from the good macs
for MAC in $BLACKLIST ; do
        $iptables -t mangle -I PREROUTING -m mac --mac-source $MAC -j DROP
done





------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to 
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Wired detection of rogue access points, Eric Hacker
Next by Date:  Re: Wired detection of rogue access points, jay.tomas
Previous by Thread:  RE: Wired detection of rogue access points, Adam Graham
Next by Thread:  Re: Wired detection of rogue access points, Adam Crosby
Indexes:  [Date] [Thread] [Top] [All Lists]