Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

A possible counter for pineapple or EVIL ssid's

Comments

  • #2
    shayno90
    Registered Users, Registered Users 2 Posts: 547 ✭✭✭shayno90


    2FA is currently the best option for business users to counteract tools like Pineapple if connecting to open Wifi networks (or just turn off wireless adapter and use mobile data).
    For non business users avoid using open Wifi networks for any PII browsing or again use mobile data.
    Unfortunately the above is not really practical for the non business user.


  • #3
    dbit
    Closed Accounts Posts: 1,322 ✭✭✭dbit


    Yes thats all well and grand but to detect it while its in action is the point of this thread. I can assure you not many corps use 2fa.


  • #4
    shayno90
    Registered Users, Registered Users 2 Posts: 547 ✭✭✭shayno90


    Unless there is a WIPS in place with sensors to detect this activity then it would be difficult to detect it.
    In any case the onus is on the mobile user to have the awareness about the risks enabling a wireless adapter and connecting without 2FA or certificates.
    To detect it without a WIPS the user would want a packet analyser running to see if their traffic is being redirected/encrypted etc.
    What do you suggest?


  • #5
    syklops
    Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    dbit wrote: »
    http://www.theregister.co.uk/2015/04/02/tool_automatically_detects_doses_evil_twin_access_points/

    Great idea but its still just as illegal as the attacker .

    I have a script which runs regularly on my laptop. It sends a broadcast request to a highly unlikely SSID and tells me if it gets found thus suggesting the presence of a pineapple. It works for me.
    . I can assure you not many corps use 2fa.

    The state of security in some companies is so shockingly bad its shameful. 2FA? Some still use shared passwords. People who left the company 6 years ago can still access the VPN. It would lead you to tears at times.


  • #6
    dbit
    Closed Accounts Posts: 1,322 ✭✭✭dbit


    I dont think there is any better approach than What syklops suggests , having device that polls 24/7 in and around site and infosec office would be the best option though. But that technique would only work for one channel and one SSID ? (Or you could sniff rotating the channels for that unlikely ssid - making it attractive is always the best way , once its breeched though it wouldn't take long for said hacker/attacker to realize its a dead end and disappear.


  • Advertisement
  • #7
    dbit
    Closed Accounts Posts: 1,322 ✭✭✭dbit


    it would give you time to mod ssids and thus knock offline attacks in the head.


  • #8
    shayno90
    Registered Users, Registered Users 2 Posts: 547 ✭✭✭shayno90


    Great app for Android for checking active APs, channels used and signal strength called Wifi Analyzer.

    Can show what encryption, channel and frequency the AP is configured for so could compare with the expected configuration of the AP you are meant to connect to.


  • #9
    dbit
    Closed Accounts Posts: 1,322 ✭✭✭dbit


    A basic wps attack is very easy to do and if a target was viable in that it was worthy say a councilor , solicitor, Garda , judge ,........................
    Its as a home user you pretty much have no chance of knowing your being monitored and sslstrip tearing your ass out.

    Never used Wifi analyzer on andriod have always used backtrack/kali netstumbler , still though can it see hidden ssids? if so still useful for those "Just let me check real quick moments"


  • #10
    dbit
    Closed Accounts Posts: 1,322 ✭✭✭dbit


    home routers that are susceptible to offline wifi attack via pixie dust and so on need really to have an awareness built in, of this type of stuff as it is if i scan around with 7dbi antenna in a village i can see almost 40 networks 30 of which have wps - have not scanned them to see if they carry broadcom or Ralink chipsets.

    Its nasty as hell how quickly the vulnerable chipsets can be blown open. WPA2 PSK not a bodder.( Even though that's not the attack surface you still get what you want )


  • #11
    dbit
    Closed Accounts Posts: 1,322 ✭✭✭dbit


    dbit wrote: »
    home routers that are susceptible to offline wifi attack via pixie dust and so on need really to have an awareness built in, of this type of stuff as it is if i scan around with 7dbi antenna in a village i can see almost 40 networks 30 of which have wps - have not scanned them to see if they carry broadcom or Ralink chipsets.

    Its nasty as hell how quickly the vulnerable chipsets can be blown open. WPA2 PSK not a bodder.( Even though that's not the attack surface you still get what you want )

    And now with Auto=pixie !!


  • Advertisement
Advertisement