Re: FakeAP

I'm such a sucker for wireless fun.

> > ettercap, add this tool to any of the above methods and control
> > your wireless world ;)
> >
>For the gui version, see 'ethereal'. However, note issues below.

?
http://ettercap.sourceforge.net/

>Orinoco cards aren't all that good. Well, they are useful, but when it
>comes to 'trickery', they don't always work. For example, the Orinoco
>in one of the dells I have here will do everything BUT set mac
>addresses. Another Orinoco I have won't go into monitor mode. You
>can go to www.nongnu.org/orinoco and upgrade your drivers, but you're
>still at the mercy of your firmware. Firmware 6.x works best
>(6.14?). My one NIC is 6.x, and the other (that does virtually
>nothing) is 8.x . (Remember: no monitor mode, no promiscuous mode, no
>really good sniffing)

Opps, I was thinking this card, true that, not all things that say Orinoco
are the same...

http://www.proxim.com/products/wifi/client/11bgpccard/index.html
kismet forums may help
aircrack patches may help, the README is really educational
it's all about the chip
have fun.

> > Now what about a wireless honey pot, say hostap in master mode with
> > dhcpd and honeyd and of course snort...Add some unpatched servers
> > and a default iis install for entertainment.-- oh dear trouble is
> > brewing.
>
>
>I'm not sure if one can actually 'connect' to the APs. If you could,
>you'd have to finagle how DHCPd would work with that - but it'd be a
>lot of fun.

Minus fakeap.
Use hostap with a prism 2/2.5 card...

ifconfig wlan0 10.0.0.1 && iwconfig wlan0 essid kava && iwconfig wlan0
channel 6 && iwconfig wlan0 mode master

echo 1 > /proc/sys/net/ipv4/ip_forward

/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -F INPUT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -F OUTPUT
/sbin/iptables -P FORWARD DROP
/sbin/iptables -F FORWARD
/sbin/iptables -t nat -F
/sbin/iptables -A FORWARD -i eth0 -o wlan0 -m state --state
ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -m state --state NEW,INVALID -j DROP

service dhcpd start

Now your an access point with dhcpd support (after some bolt tightening).

now,

Wire up snort on the other interface (eth0), connected to that other
interface is a zaurus or laptop with honeyd running and creating illusions,
maybe also vmware with a fresh w2k and iis ;) Of course you can just use an
access point to a honeynet...But making your laptop an ap is fairly cool,
plus it finds the dishonest at wireless cafes - entertainment.

or

EVIL: Use ettercap and metasploit/socketninja to do dns spoofing for
google.com. Exploiting the latest ie vuln. The last can be done all on the
same laptop/ap. In fact, you don't even have to be an access point, just a
client in the same network - scary.

educational intent please...just to shock yourself...

Then there's a linksys wrt54g (v1 or 2- http://www.sveasoft.com) purchased
from ebay, with a 12 db omni and some lmr400. Hehe, a linksys up from <=40
to 200mW ;) I have a friend accross the pond who says he has a 5 mile bridge
set up with two of em, hmmmm. A Cisco 350 is 150mW, a 1300 I think is 250,
maybe it would work...Good yagis and aim/line...He says they get real
hot...I don't know...I do know such a thing makes a great cheap "rouge" ap
detector and wireless ids...Kismet is pretty darn good, plus you can pipe it
to snort.

fun stuff, hope it sparked some ideas...

ebay is awesome!
--eddie

>From: Adam bultman <adamb@glaven.org>
>CC: aklug@aklug.org
>Subject: Re: FakeAP
>Date: Wed, 19 Apr 2006 16:15:27 -0800
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>captgoodnight captgoodnight wrote:
>
> > Here's some other trickery to spark the imagination,
> >
> > kismet | gpsd | snort for wireless/rfmon ids
> >
>
>I'm using kismet to monitor the APs I'm creating (I have it working,
>sorta)
>
>
> >
> > ettercap, add this tool to any of the above methods and control
> > your wireless world ;)
> >
>For the gui version, see 'ethereal'. However, note issues below.
>
> >
> > http://www.blackalchemy.to/project/fakeap/
> >
> > Requires hostap modules and a prism card. You'll find nearly all
> > wifi trickery depends on hostap/prism and some orinoco here and
> > there (aircrack, kismet...) orinoco cards are really good for
> > chop-chop (see aircrack). Defeating fakeap with recon; no
> > associated radios in kismet.
> >
>
>Orinoco cards aren't all that good. Well, they are useful, but when it
>comes to 'trickery', they don't always work. For example, the Orinoco
>in one of the dells I have here will do everything BUT set mac
>addresses. Another Orinoco I have won't go into monitor mode. You
>can go to www.nongnu.org/orinoco and upgrade your drivers, but you're
>still at the mercy of your firmware. Firmware 6.x works best
>(6.14?). My one NIC is 6.x, and the other (that does virtually
>nothing) is 8.x . (Remember: no monitor mode, no promiscuous mode, no
>really good sniffing)
>
>I have one wireless NIC (ipw?) that works with fakeap - except I can't
>set the channel. At the moment, I have a few thousand APs wandering
>around here, but they're all on the same channel. Name, MAC, power,
>etc are all different, but the frequency is the same. Bummer.
>
> > Now what about a wireless honey pot, say hostap in master mode with
> > dhcpd and honeyd and of course snort...Add some unpatched servers
> > and a default iis install for entertainment.-- oh dear trouble is
> > brewing.
>
>
>I'm not sure if one can actually 'connect' to the APs. If you could,
>you'd have to finagle how DHCPd would work with that - but it'd be a
>lot of fun.
>
>Adam
> >
> > thanks, --eddie
> >
> >
> >> From: Adam bultman <adamb@glaven.org> To: aklug@aklug.org
> >> Subject: FakeAP Date: Wed, 19 Apr 2006 12:51:19 -0800
> >>
>
> > I can't remember if I have posted this to aklug yet or not, but
> > here goes:
> >
> > http://www.blackalchemy.to/project/fakeap/
> >
> > If installed and run, it'll create a ton of APs around on various
> > channels, MAC addresses, etc and pretty much make wardriving
> > impossible. Give it a dictionary of words, and it'll use those to
> > create the ESSIDs - although it comes with it's own (which isn't
> > very clever.)
> >
> > I've been trying to get it to run, but I'm not sure my wireless
> > cards are the right type. The kernel doesn't identify any of them
> > as Prism2 (One is an intel nic, another an orinoco, and the final
> > is some random Dell one).
> >
> > If I get it working, I'll bring it on friday, and we'll see what
> > kind of a mess we can make.
> >
> > Adam
>
>
>- ---------
>To unsubscribe, send email to <aklug-request@aklug.org>
>with 'unsubscribe' in the message body.
>
>
>
> > --------- To unsubscribe, send email to <aklug-request@aklug.org>
> > with 'unsubscribe' in the message body.
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.1 (GNU/Linux)
>
>iD8DBQFERtKekZb3NX+IDMsRAmFyAJ4t+7J2NqoWgSVBofvjuhK6LTDWgwCdHxqW
>0HzggZjp1fMeTWS2VfalHx4=
>=6Vm+
>-----END PGP SIGNATURE-----
>
>---------
>To unsubscribe, send email to <aklug-request@aklug.org>
>with 'unsubscribe' in the message body.
>

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed Apr 19 21:29:14 2006