Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: In secured office building, "Free Public WiFi" network shows up out

from [Jay] Network Security [Permanent Link]
Subject: RE: In secured office building, "Free Public WiFi" network shows up out of nowhere
Date: Wed, 20 Jun 2007 12:14:14 -0400 
You are assuming that this is originating inside your building. There are 
inexpensive wireless solutions that can broadcast over a mile. If you spend 
more you can boost that considerably.

One option is someone is attempting to lure clients for a MITM attack or it 
could be as benign as what you suspect as the training lab.

Keep your mind open to all possibilties.

Jay

----- Original Message -----
From: David Gillett [mailto:gillettdavid@fhda.edu]
To: swarzkopf@legolas.sinnerz.us,security-basics@securityfocus.com
Sent: Wed, 20 Jun 2007 08:32:36 -0700
Subject: RE: In secured office building, "Free Public WiFi" network shows up 
out of nowhere

  I see this all the time on our campuses.

  Digging a bit, I invariably find that what I'm seeing is
*clients* trying to find a service by that name -- and
failing, because it isn't here.

  My working theory is that these clients have learned of
such a service while being used off-campus, and so are
checking for it as part of finding out what's available.

  Bottom Line -- Unless they're getting a connection
established, nothing for me to worry about.  Unless this
shows up on one of our machines that never leaves the
campus....

David Gillett



-----Original Message-----
From: listbounce@securityfocus.com
[mailto:listbounce@securityfocus.com] On Behalf Of Shawn
Sent: Tuesday, June 19, 2007 1:27 PM
To: security-basics@securityfocus.com
Subject: In secured office building, "Free Public WiFi"
network shows up out of nowhere

This scenario occurred this morning- any suggestions or
insights are appreciated, as are any comments as to my
handling of this.

I'm a Security Specialist for a medium sized company. I have
only been working in security for 2 months. There are no
other Security Specialists here. I report to our Manager of
Information Security, who is out of town on business. I work
in a 6 floor office building which we own completely. We
lease the second floor to a computer training center. We do
not permit our employees to use any wireless networks, and we
do not have any access points. Ad hoc connection is prevented
through group policy. All of our laptops are XP SP2. Up until
today, I have never seen an available wireless network here.

Periodically I check to make sure that no one has installed
an unauthorized WAP. This morning I fired up NetStumbler and
found that a network named "Free Public WiFi" was not only
available, but available at full strength. This was listed as
a peer to peer network, so I assumed that the network was
actually being broadcast from another wireless device
(laptop). This network was listed as being wide open with no
required key and no encryption. The originating point
definitely appears to be coming from within my building, but
I haven't been able to determine exactly where.

I immediatley checked the MAC address of the wireless SSID to
make sure that it didn't belong to one of my company assets.
It did not.

I then connected to the network with my laptop. I was not
assigned an IP address, rather Windows gave me one of the
default 169.254 APIPA addresses. I then sniffed packets for
over an hour. I felt justified in doing this, to make sure
that none of my companies equipment was connecting to this network.
I found no network activity whatsoever.

Finally, I ran a ping sweep against the 169.254.x.x subnet to
make sure that none of my companies equipment were connected
to this network. The ping sweep returned only my laptop and
one other device. I checked the other device's MAC address in
my inventory and verified that it too was not our equipment.

I then summarized all of my investigation and sent it to my
boss in an email. I suggested that this network does not
appear to be malicious at this time and offered to take more
action pending his recommendation. I believe that this
network probably belongs to someone at the computer training
center on our second floor playing around.

Do you all feel that these were appropriate actions? The only
other possible action I considered regarding this would be to
contact the training center on the second floor and ask them
about this. What do you all think?

As always, your feedback is appreciated.

Thanks,
-Shawn
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Firewall positioning in Large Network, Mubin Shaikh
Next by Date:  Re: Firewall positioning in Large Network, Ansgar -59cobalt- Wiechers
Previous by Thread:  Re: In secured office building, "Free Public WiFi" network shows up out of nowhere, Dave Moore
Next by Thread:  Is pentesting legal in Denmark?, pentester
Indexes:  [Date] [Thread] [Top] [All Lists]