Advanced ways of blocking rogue clients

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View


I am too tired and do not have time to look this up, sorry.

Which of the software apps out there can analyze transmission characteristics
and allow rules for who can connect to a public hotspot (not encrypted)? What
transmission characteristics does it analyze and how does it do it?

Jeff?

(repeated to insure propogation)


Re: Advanced ways of blocking rogue clients


On Fri, 17 Sep 2010 02:14:54 +0200 (CEST), Anne Onime

Quoted text here. Click to load it
    Wireshark, aircrack, kismet ... they analyze. But I have no
idea what "rules" you want to implement.
    You really should encrypt your hotspot, else you will get
nasty people like me stealing all the pop and smtp /etc passwords.
    []'s
Quoted text here. Click to load it
    He'll probably agree with me :)
Quoted text here. Click to load it

Re: Advanced ways of blocking rogue clients



Quoted text here. Click to load it
transmission
public
does it
have no
get
passwords.

You did not understand the o.p.

Re: Advanced ways of blocking rogue clients


On Fri, 17 Sep 2010 02:14:54 +0200 (CEST), Anne Onime

Quoted text here. Click to load it

I'm too lazy to do the same.  Mind if I just guess?

Quoted text here. Click to load it

Transmission characteristics?  Well, is it an automatic or manual
transmission?  You'll probably do better to tow it down to a tranny
shop and have them analyze whatever is wrong with your gearbox.

Quoted text here. Click to load it

Why me?

Reading between your lines and omissions, I'll guess you're trying to
keep the neighbors out of a wireless system.  This is a common problem
with open hot spots and unsecured home wireless systems.  Decoding
your question, it seems that you're trying to identify specific
culprits, and block them.  That's easy, but doesn't work well if the
leach has a clue.  Dive into the log file or status screen of your
unspecified model wireless router and see if it lists the connected
MAC addresses. Then, just add the evil bad guy to the block list.
They'll eventually change their MAC address, so just keep updating the
MAC address blocked until they get a clue.  If your router doesn't
have a connection list (most do), then try something like AirSnair:
<http://home.comcast.net/~jay.deboer/airsnare/
Note that this method does NOT work with wireless routers that have a
built in DSL or Cable modem.

I'm too lazy to go any further.  When you recover, try supplying what
hardware/software you have to work with, and what you're trying to
accomplish.

Quoted text here. Click to load it

I don't like repeaters.

--
Jeff Liebermann     jeffl@cruzio.com
150 Felker St #D    http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann     AE6KS    831-336-2558

Re: Advanced ways of blocking rogue clients



Quoted text here. Click to load it
transmission
public
does it
manual
a tranny
gearbox.

I think he means characteristics of the intruding signal.
Not sure if those can be specifically identified thou?
Mac address is pretty useless.

Quoted text here. Click to load it

Because your one of the few giving good replies?

Quoted text here. Click to load it
trying to
common problem
Decoding
specific
well if the
Quoted text here. Click to load it
of your
connected
list.
updating the
doesn't
AirSnair:
Quoted text here. Click to load it

Doesnt' work period. Mac address too easy to change.

 that have a
Quoted text here. Click to load it
supplying what
trying to

as opposed so smart asses? ;-)

Quoted text here. Click to load it


Re: Advanced ways of blocking rogue clients


wrote:

Quoted text here. Click to load it

Nope.  I make plenty of mistreaks.

Quoted text here. Click to load it

I think that's what I warned.  It really is too each to change, but
most clueless users don't know that.  I've found that if I
continuously follow the IP address changes with blocks, the culprit
usually gives up within a few days.  Few leaches will tolerate the
lack of a reliable connection, even if it is free.  At one point, I
was trying to be devious and would simply add a pre-assigned IP
address to the users MAC address of 127.0.0.1.  That must have been
loads of fun as nothing would work correctly.  Admittedly, it's easy
to circumvent with a static IP, but it was plenty of fun while it
lasted.  These days, I have QoS running on the few public wi-fi
hotspots that I still maintain, so I just slow down that MAC address
to a crawl.  Think of it as security through harassment.

Quoted text here. Click to load it

Yep, that's me.  I figure if I'm going to answer technical questions
for free, I might was well discard diplomacy and tact, especially if
they're too lazy to do some basic Googling or supply necessary
numbers.  If that doesn't do the trick, then I'll either cease using a
spelling checker, or start responding in poetry verse.

--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558
# http://802.11junk.com jeffl@cruzio.com
# http://www.LearnByDestroying.com               AE6KS

Re: Advanced ways of blocking rogue clients



Quoted text here. Click to load it
transmission
public
does it
manual
a tranny
gearbox.
trying to
common problem
Decoding
specific
well if the
Quoted text here. Click to load it
of your
connected
list.
updating the
doesn't
AirSnair:
Quoted text here. Click to load it
that have a
Quoted text here. Click to load it
supplying what
trying to

This looks a bit better than Airsnare, but I don't see
anything they are using except MAC address to identify rogue
clients.

http://www.airmagnet.com/products/wifi_analyzer /

Re: Advanced ways of blocking rogue clients


On Fri, 17 Sep 2010 19:26:25 +0000 (UTC), FeeFiFoFum

Quoted text here. Click to load it

Yep.  Nifty software and hardware.  Just one problem...the price:
<http://www.smallnetbuilder.com/content/view/30737/97/
   AirMagnet WiFi Analyzer Express and AirMagnet Survey Express
   cost $1,995 each or can be purchased together as a bundle
   for $3,495. AirMedic costs $995.


--
Jeff Liebermann     jeffl@cruzio.com
150 Felker St #D    http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann     AE6KS    831-336-2558

Site Timeline