Wireless hacks

Having a problem here under XP using an unencrypted hotspot. Even using exclusively Tor to defeat hackers along with a good software firewall, my client adapter gets reset, turned off, turned back on again and my network connection settings get modified along with starting new client adapter entries that previously did not exist. I have run rootkit, AV and malware scans and come up empty. Also is this an example of a honeypot mirroring a gateway router as I read about in one forum? Is there a security page that emphasizes such wifi so I can educate myself more on this topic?

Reply to
humpty
Loading thread data ...

Sounds like witchcraft to me. Could you be more specific as to what changes are made ? Windows defaults to the strongest signal, maybe it's just roaming. []'s

Reply to
Shadow

Shadow wrote in news: snipped-for-privacy@4ax.com:

Found the problem, they are blocked now.

Reply to
humptydumpty

Is it a trade secret ??????

Reply to
Bob L

//

//

I was going to ask the same thing. Who are "they" :) []'s

Reply to
Shadow

SMERSH

Reply to
Pooh the Cat

OMG, I'll just have to grab 99 and keep under covers....

PS Didn't know cats strayed this far from alt.comp.freeware.. []'s

Reply to
Shadow

More probably WITCH (Wireless Intercept Terrorists and Computer Hackers). They've been known to lurk in obscure coffee shops and wireless hot spots, wait for unsuspecting users to connect via Wi-Fi, sniff the traffic, and then sell the collected data to the highest bidder. When there's no traffic to sniff and sell, they tend to occupy the time hijacking patrons computers and tweaking the configuration files.

Fortunately, they're easy to spot. The standard uniform includes a large black hat, which is commonly worn indoors. While normal coffee shop patrons tend to order overpriced and exotic coffee based formulations, the WITCH operatives tend to order the cheapest decaf. If you see someone slowly sipping such a mundane drink, be suspicious. The laptop may also be a clue. If you see someone with a small dish or panel antenna, slowly scanning the room, it's most likely a WITCH operative.

Reply to
Jeff Liebermann

LOL They use a Yagi broom for that.... :) []'s

Reply to
Shadow

Hey, I drink black coffee, though leaded or half-leaded, depending on the time of day.

I was running kismet to snoop on myself in a coffee shop environment. I had been working on what I believe to be a privacy bug in blackberry wifi. If you save profiles of the wifi you have used in the past, the blackberry probes those WAPs. Anybody with a sniffer could see I drink a lot of coffee and frequency nothing better than 3 star hotels/ motels.

I found there is a check off box in the blackberry profile where you can indicate the WAP broadcasts it's SSID. If you check that box, the blackberry does not probe for the WAP. The connections still work. I presume the phone waits for the SSID to be broadcast. Perhaps the probe makes a faster connection.

For TMobile, there are two predefined WAPs. One for the @home (their UMA router) and one for TMobile hotspots. [In 2011, wifi that you pay for must be a crappy business.) You can't alter the settings of those WAPs, but you can disable them in your profile, and thus eliminate the probe,

At this point, I can leave my wifi on without it singing "cheap ass coffee drinker"!

When I put the wifi dongle on the table, the woman at the next table gave me "the look." The combination of wrap around sun glasses and black T-shirt perhaps was a bad idea. Had she got to know me better, she would have discovered the cammo boxers.

Reply to
miso

Yeah, a wifi dongle can do that to women.

Reply to
Dr Who

Jeff Liebermann wrote in news: snipped-for-privacy@4ax.com:

Yawn.

You guys can dish it out, but you cannot take it. Amusing really.

To any newbies who hazard upon this rather lame newsgroup, when they ask you for particulars on your system, etc. do not think that's always to help you.

Ok you lusers can now all go back to you packet injecting now. See ya all later when I have installed the necessarily tools on a new system, then let's see how funny y'all are.

Reply to
humpty-dumpty

Yeah, I know. It's late. 2:15AM here. It's really difficult to act cool at this hour, but you managed it. However, you must be really tired because you seem to have forgotten to answer the question. Who are "they"? Inquiring and paranoid minds want to know. Are they friendly? Are humans on their menu?

Reply to
Jeff Liebermann

C'mon now, you can take a joke. We do actually try to help people here. But if you had been clearer it would have helped. Read your original post. []'s

Reply to
Shadow

Nothing gets a woman more wild eyed than an 8dBi Hyperlink omni if you know what I mean.

Reply to
miso

Is it possible for any signal to turn off or reset your wifi? Seems to me only the PC itself could alter the wifi settings.

Reply to
miso

Deauth.

Reply to
Axel Hammerschmidt

See my first reply. Roaming changes the settings. XP can look for the strongest signal. It will jump from one to another (hence "changing the settings" As to resetting the connection, or turning off the connection, the hotspot owner could do that with a push of a switch, specially if he thought someone was leeching. []'s

Reply to
Shadow

Yep. That works on most clients. Details and scripted attack:

However, as soon as the DoS or packet injection attack stops, the client will re-associate with the AP and continue as before (if auto reconnect is set correctly).

One common defense is to simply drop deassociate and deauthorize management packets if too many arrive in too small a time period. This varies with client and AP firmware.

Reading between the lines of bad grammar, methinks the question is whether an attacker can reset the *SETTINGS* of the wi-fi card. Nope. Only the client computah can do that. Of course, if some kind of remote control software has been installed on the client and is being run by the evil hacker, all things are possible.

Reply to
Jeff Liebermann

I was assuming you were already connected and somehow the PC settings were being changed. I suppose if the link it broken and your system goes back to roaming, that could be interpreted as the settings being changed.

I usually only put my linux partition on wifi when on a public network, and KDE would not randomly connect to some WAP.

Reply to
miso

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.