Announcement

Collapse
No announcement yet.

Thoughts on making DC WiFi useful w/a55es arp-spoofing default gateway

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Thoughts on making DC WiFi useful w/a55es arp-spoofing default gateway

    Those who remember the WIFi @ DCX remember being frustrated. DCXI had more APs and tended to have a little better ability to be useful. So my thought & question to the community is how can we make the network useable? Anyone bringing good directional antennas to trace people down? How about a script on the AP (if it is linux/bsd ap) that looks for people arpspoofing it's IP and just disassociate them from the AP and rearp out?

    Thoughts/comments/flames/?
    Imagination is greater than knowledge * Albert Einstein
    Every day is a good day, whether you like it or not! * DMZ
    Tags: None
  • #2
    Originally posted by dmz
    Thoughts/comments/flames/?
    Not a flame, but...

    802.11* is sort of the FRS of wireless networking. Ergo, you've got to expect people to screw with it, particularly at Defcon. As for tracking them down - screw it. It's precisely the sort of environment that this kind of thing is best contained to.

    What I can't figure out is why people feel the need to ARP spoof on an open AP. It just seems sorta... Redundant.

    Comment

    • #3
      Originally posted by dmz
      How about a script on the AP (if it is linux/bsd ap) that looks for people arpspoofing it's IP and just disassociate them from the AP and rearp out?
      The thing is many 802.11b cards allow you to spoof the AP and send deauthentication frames to whoever you please via the use of raw sockets and frame injection. There's no sort of handshaking involved in this process, so the clients blindly obey. This can't really be prevented, other than by throwing the person doing it (and supposedly the equipment they're using) in the pool.
      45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
      45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
      [ redacted ]

      Comment

      • #4
        Given the nature of wireless LANs and the environment at Defcon, it's amazing the DC11 wireless worked as well as it did.

        802.11 is trivial to DoS--so trivial I don't know why anyone bothers. Why send disassociation frames when a cheap microwave oven causes similar issues? Every security mechanism for it involves either shared keys (useless with 4,000 potential users) or credentials that aren't worth the bother for a 3-day conference. If that's not enough, you have the wireless spectrum getting crowded with a bunch of private APs set up in hotel rooms.

        Furthermore, the goons are already busy enough dealing with everyday shenanigans without chasing down rogue APs, too. Fucking with the wireless LAN ranks way down on the annoyances list, below the many things in the categories, "shit that can get us into legal trouble" and "just trying to keep the con running."

        Now, if you wanted to get into a little gedankenwanking, it might be technically possible to set up a wireless network at Defcon that wouldn't be vulnerable to spoofed APs. All you have to do is use 802.1x, find or invent an EAP type that only authenticates the server (not the client -- like a backwards MD5), distribute the server's cert on the Defcon CD, and require anyone that uses the DC wireless LAN to have an 802.1x client supporting the mythical EAP type. That might prevent spoofed APs. It would have the added advantage of pretty good bandwidth for the three users able to do all that.

        But even if it were possible to make the DC wireless LAN ultra-stable, it seems like it's just not worth the effort.

        Comment

        Previous template Next
        Working...
        X