Fwd: Rogue AP Wireless on Windows/Linux

From: Chris Kuethe (chris.kuethe@gmail.com)
Date: Fri Apr 08 2005 - 20:26:01 EDT


For the archives...

---------- Forwarded message ----------
From: Chris Kuethe <chris.kuethe@gmail.com>
Date: Apr 8, 2005 6:25 PM
Subject: Re: Rogue AP Wireless on Windows/Linux
To: "szynkro@gmail.com" <szynkro@gmail.com>

Try OpenBSD?

Prism2 (and others I don't remember at the moment, rtfm) cards can be
easily ifconfig'd into host-ap mode, and bridged, routed or natted to
an uplink interface. It comes with dhcpd, bind, apache and a very
capable packet filter allowing you to set up a captive portal or very
credibly simulate an commercial access point. Use -current and you can
even set your hardware address so you look like a commercial access
point to those crafty users with netstumblers.

Add a few goodies from ports/security and ports/net and you're set.

On Apr 8, 2005 11:52 AM, szynkro@gmail.com <szynkro@gmail.com> wrote:
> Hi,
>
> I'm looking for a way/all in one tool to simulate a wireless Access
> Point on a Windows XP and/or Linux system preferably with built-in
> DHCP daemon and all.
> The goal is to see if we can trick wireless clients in connecting to
> the AP, sniffing for potential credentials and other interesting stuff
> etc...
>
> I've heard about hotspotter, airsnarf and alikes but don't know if
> they are valid...
>
> The scenario would be sniffing the unknown wireless network for valid
> SSID's and setting the SSID on the rogue AP.... then fingers crossed I
> guess that signal is strong enough to get some clients connecting. Can
> we force/help the client in associating with the rogue AP?
>
> Anyone some other valid (recent) Wireless Pen-Test scenario's?
>
> thanks
>

--
GDB has a 'break' feature; why doesn't it have 'fix' too?
-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:19 EDT