RE: Lan access via wifi

From: Todd Towles (toddtowles@brookshires.com)
Date: Tue Jun 07 2005 - 14:10:11 EDT

• Next message: Hugo Vinicius Garcia Razera: "pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Previous message: Lohan Spies [ MTN - Agip ]: "RE: Lan access via wifi"
• Maybe in reply to: Sherwyn Williams: "Lan access via wifi"
• Next in thread: Neil Moore: "Re: Router Access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

 That is a good point. Putting your WAPs into a restricted VLAN is a
best practice method.

So if that is the case, the VLAN ends at a router...which means if you
gain access to that router you can jump VLANS. If this turns out to be
case, look up Layer 2 - VLAN attack on Google.

> -----Original Message-----
> From: Lohan Spies [ MTN - Agip ] [mailto:LohanS@mtnnigeria.net]
> Sent: Tuesday, June 07, 2005 11:00 AM
> To: 'Sherwyn Williams'; pen-test@securityfocus.com
> Subject: RE: Lan access via wifi
>
> This is just a guess, maybe you are connected to a VLAN that
> is only allowed to surf the net and not access the internal network!
>
> -----Original Message-----
> From: Sherwyn Williams [mailto:sherwill22@tmail.com]
> Sent: Tuesday, June 07, 2005 4:49 AM
> To: Peter Van Epp; pen-test@securityfocus.com
> Subject: Re: Lan access via wifi
>
>
> No redirect straight internet access, I did a nbtscan from
> the local ip the ap gave me but still, nothing. Maybe the
> machines are lock down with windows firewall sp2 enabled.
>
> I guess, I have to keep thinking of something, or just end it
> by saying do not use default router settings. But that is not
> scary enough.
>
>
>
> On Mon, 6 Jun 2005 20:29, Peter Van Epp wrote:
> > On Mon, Jun 06, 2005 at 02:05:52PM -0400, Sherwyn Williams wrote:
> >> The thing is that is did that already, I stated that in my first
> >> post. I
> >> did a nmap and noticed that all the internal host are
> filtered by some
> >> firewall. I have access to the wireless router and I open up the
> >> internal host by pointing them to the dmz side of the
> router. I did a
> >> nessus scan and also and got no usefull info. So
> >> Is why my next step was to try a unc shared access by
> doing \\.\x:\
> >> but
> >> that did not gave me any useful info.
> >>
> >> That is why I email the list.
> >>
> > Have you tried opening a web browser and going out to the net
> > somewhere
> > to see if you get redirected to a login page instead of where you
> > expect? If
> > there is one of the wireless authentication devices on the lan
> > (Vernier, Blue
> > Socket etc.) this is what you would see before you log in.
> >
> > Peter Van Epp / Operations and Technical Support
> > Simon Fraser University, Burnaby, B.C. Canada
> Sherwyn Williams
> Technical Consultant
> (917) 650-5139
> Sherwill22@tmail.com
> NOTE: This e-mail message is subject to the MTN Nigeria disclaimer see
> http://www.mtnonline.com/contact/disclaimer.asp
>

• Next message: Hugo Vinicius Garcia Razera: "pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Previous message: Lohan Spies [ MTN - Agip ]: "RE: Lan access via wifi"
• Maybe in reply to: Sherwyn Williams: "Lan access via wifi"
• Next in thread: Neil Moore: "Re: Router Access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:22 EDT