Jump to content


Photo
- - - - -

Using Long Range Wifi Antenna to Reach Wifi Network Miles Away

Wifi Antenna Network Legal frequency GPS

  • Please log in to reply
15 replies to this topic

#1 MikeNewman

MikeNewman

    Newbie

  • Members
  • 2 posts

Posted 29 January 2013 - 05:13 PM

I'm kind of a newb here but I just started watching the show and thought I would sign up here. I was watching the episode where Darren demos the pineapple mark III from inside a bar using a long range directional wifi antenna to access the coffeehouse a ways away. It got me thinking about how slow and expensive my current interenet provider at my home is and how fast and free the wifi network at my university is which is only 2.4 miles away from my house with a pretty clear line of sight from my roof. So after doing a little research online, I think I will be able to connect to the school's network with a 24 dBi directional wifi booser antenna I found on eBay for $75. However, I am not sure how the university would react if they found out I was taking such full advantage of my tuition dollars off-campus. So my question is: Can the network host such as the university tell how far away geograpichally a client like myself is when accessing their wirelesss network? Could they triangluate my location if I was showing up on multiple routers belonging to them or tell that I am using a long range antenna? I have to use my student id and password to get past the home screen on their network and access full internet so I'm not worried about them knowing what I am viewing online or anything just curious about the range issue. Any insight would be greatly appreciated. Thanks



#2 airman_dopey

airman_dopey

    Hak5 Zombie

  • Active Members
  • PipPipPipPipPip
  • 159 posts
  • Gender:Male
  • Location:Salem, OR

Posted 29 January 2013 - 05:46 PM

Could they triangulate it? Yes.

Is it easy to do? meh, not really difficult, but not trivial.

Would they waste the effort? Not unless you were doing something to warrant it.

 

Moral of the story: Do not abuse the privilege and/or do anything malicious and I'm sure you'll be fine.

 

On a side note, there's nothing wrong with ebay, but know that you gamble getting what you paid for (I.E. Antenna not REALLY 24db). I did a fair amount of research when I was looking to start upgrading my antennas and found that simplewifi.com is a good place to buy from. I have no affiliation with the company, just a fellow geek sharing his insights. The choice is ultimately yours.



#3 MikeNewman

MikeNewman

    Newbie

  • Members
  • 2 posts

Posted 29 January 2013 - 05:59 PM

Yes simple wifi is the company who has it listed on eBay actually. And that's about what I figured I just wanted to be sure there wasn't any kind of obvious give away that would make me stick out thanks



#4 Jason Cooper

Jason Cooper

    Hak5 Pirate

  • Active Members
  • PipPipPipPipPipPip
  • 461 posts
  • Gender:Male
  • Location:Great Britain
  • Interests:Cards,
    Computers,
    Cryptography,
    Hacking,
    Lock Picking,
    Programming,
    And many more

Posted 30 January 2013 - 04:35 AM

Will your university notice you connecting from your home?  If it notices you it won't be because you are connecting from home.  Doing illegal things or breaking any IT policy's you signed when joining the University will get you noticed however.

 

Seriously though you can always cover yourself by simply contacting the IT department at your University and say something like "I do a lot of work for my studies at home.  From home I can see the University's wireless network and just wanted to check that I would not be infringing any IT policies by connecting to the Universities wireless network from my home."



#5 barry99705

barry99705

    Hak5 1337 Fan

  • Active Members
  • PipPipPipPipPipPipPipPipPipPip
  • 1,471 posts
  • Gender:Male

Posted 05 February 2013 - 11:17 AM

Just because you can see it doesn't mean you can connect or talk reliably. Wifi is a two way street. If they don't have a big honking antenna pointed at you it probably won't work.

The Pineapple Wiki

http://wiki.wifipineapple.com

1JRos2rbs9wKRBMchL9Ahw.png


#6 Jason Cooper

Jason Cooper

    Hak5 Pirate

  • Active Members
  • PipPipPipPipPipPip
  • 461 posts
  • Gender:Male
  • Location:Great Britain
  • Interests:Cards,
    Computers,
    Cryptography,
    Hacking,
    Lock Picking,
    Programming,
    And many more

Posted 05 February 2013 - 12:19 PM

Just because you can see it doesn't mean you can connect or talk reliably. Wifi is a two way street. If they don't have a big honking antenna pointed at you it probably won't work.

 

If you are using a high gain antenna then you will receive the gain for both signals being sent and received.  Really the only way to know if it will work reliably over the distance is to try it.  I have seen some places where there is so much interference in the 2.4Ghz range that you can barely connect when stood next to the access point, but then there are other places where you can connect from half a mile away (with a good antenna).



#7 Infiltrator

Infiltrator

    Gray-Hat Specialist

  • Active Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 4,392 posts
  • Gender:Male
  • Location:Over the Atlantic, at a cruising altitude of 70.000 feet.
  • Interests:Wireless and Network Security
    Server Virtualization
    Computer Network Infrastructure
    Server implementation.
    General Aviation
    RC Airplanes and Helicopters
    Scuba Diving
    Sky Diving
    War driving
    Solar battery Systems.
    Pen-Testing
    Command & Conquer

Posted 07 February 2013 - 04:17 AM

As Airman_dopey pointed out they could use Triangulation or simply Kismet and a GPS receiver to pin point your physical location.

But as long as you have a clear line of sigh and no obstructions, you should receive good signals with a directional antenna.


Regards,
Infiltrator


Posted Image

Currently studying for my CCE.

#8 barry99705

barry99705

    Hak5 1337 Fan

  • Active Members
  • PipPipPipPipPipPipPipPipPipPip
  • 1,471 posts
  • Gender:Male

Posted 11 February 2013 - 01:32 PM

 
If you are using a high gain antenna then you will receive the gain for both signals being sent and received.  Really the only way to know if it will work reliably over the distance is to try it.  I have seen some places where there is so much interference in the 2.4Ghz range that you can barely connect when stood next to the access point, but then there are other places where you can connect from half a mile away (with a good antenna).


Unless you're transmitting over spec, the other side still might not hear you.

The Pineapple Wiki

http://wiki.wifipineapple.com

1JRos2rbs9wKRBMchL9Ahw.png


#9 Jason Cooper

Jason Cooper

    Hak5 Pirate

  • Active Members
  • PipPipPipPipPipPip
  • 461 posts
  • Gender:Male
  • Location:Great Britain
  • Interests:Cards,
    Computers,
    Cryptography,
    Hacking,
    Lock Picking,
    Programming,
    And many more

Posted 11 February 2013 - 03:48 PM

Generally (and without being there trying it for Mike we can only talk about generalisations) if you can receive a signal from an access point (AP) you should be able to transmit a signal at the same power used by the AP and it should be able to receive it.  Unless the AP is transmitting over spec then you shouldn't have to transmit over spec.

 

 Having said that the real world doesn't always cooperate and the closer you are to the limit of your range the less reliable the connection will be as the signal to noise ratio will be lower.  Hence the recommendation that the only way that Mike will find out if a reliable connection can be made will be for him to try it.



#10 condor

condor

    run.amok

  • Active Members
  • PipPipPipPipPip
  • 156 posts
  • Gender:Male
  • Location:midwest
  • Interests:tcp/ip, 802.x.
    perl (tim towtdi!)
    quantum physics for the laymen
    sk8boarding
    Open_Source
    interaction with women

Posted 11 February 2013 - 07:48 PM

If your a student, and have legitimate reason to use said network, then as long as you can communicate with the network you should be able to use it. Can you imagine a University stating "wifi connections are limited to use within 500 ft" or someshit? Wait, they've done way, way crazier, and non-logical requirements of their networks and policies.

 

If you were to set up a rogue wifi ap, THEN I can see them being upset. But if they are broadcasting to your location, and you have legit credentials, fuck 'em. 


8bf46ea097.gif


#11 michael_kent123

michael_kent123

    Hak5 Fan +

  • Active Members
  • PipPipPip
  • 45 posts

Posted 16 February 2013 - 05:37 PM

So anyone who purchases an antenna as the OP plans to do would then have access to presumably hundreds of wifi networks which would suddenly become in range?

 

Or is there something I am missing here?

 

And what is "transmitting over spec"?

 

Thanks!



#12 Jason Cooper

Jason Cooper

    Hak5 Pirate

  • Active Members
  • PipPipPipPipPipPip
  • 461 posts
  • Gender:Male
  • Location:Great Britain
  • Interests:Cards,
    Computers,
    Cryptography,
    Hacking,
    Lock Picking,
    Programming,
    And many more

Posted 17 February 2013 - 07:31 AM

Using a directional antenna will increase your range (in some directions at the expense of others) and if there are any wireless networks in this range then you will be able to connect to them.  Of course most wireless networks are protected via encryption so you still won't be able to use them (unless you crack the encryption).

 

"transmitting over spec" refers to the amount of power that your wireless interface is set to use when transmitting.  Most wireless interfaces will transmit below 1 Watt, there are a few that will transmit at this or higher but not by much. 



#13 michael_kent123

michael_kent123

    Hak5 Fan +

  • Active Members
  • PipPipPip
  • 45 posts

Posted 18 February 2013 - 11:39 AM

OK, but let's say that 1 mile away was an unsecured home router.

 

Now if you were next door you could connect to it, then use ARP spoof to be the MITM, then use SSLStrip (for example).

 

Could the equivalent occur from 1 mile away.  You might be able to connect to them but would your ARP requests be successful due to your distance away?  Or would this be totally irrelevant?



#14 Jason Cooper

Jason Cooper

    Hak5 Pirate

  • Active Members
  • PipPipPipPipPipPip
  • 461 posts
  • Gender:Male
  • Location:Great Britain
  • Interests:Cards,
    Computers,
    Cryptography,
    Hacking,
    Lock Picking,
    Programming,
    And many more

Posted 18 February 2013 - 12:10 PM

If you have a stable connection then distance won't affect the ARP spoofing as it isn't a race condition type attack.  In your example as long as you can connect reliably you could mount a MITM attack with SSLStrip.



#15 michael_kent123

michael_kent123

    Hak5 Fan +

  • Active Members
  • PipPipPip
  • 45 posts

Posted 20 February 2013 - 04:56 PM

But surely my ARP packets would be competing with the 'real' routers packets.

 

I am saying from a mile away that I am the router but the router itself is a few feet away.

 

Wouldn't that matter?



#16 Jason Cooper

Jason Cooper

    Hak5 Pirate

  • Active Members
  • PipPipPipPipPipPip
  • 461 posts
  • Gender:Male
  • Location:Great Britain
  • Interests:Cards,
    Computers,
    Cryptography,
    Hacking,
    Lock Picking,
    Programming,
    And many more

Posted 21 February 2013 - 07:49 AM

If ARP poisoning relied on a race condition then your distance from the router would be an issue, but there is a big weakness in the ARP protocol.  Each machine keeps a cache table of known IPs and their related MAC address for the local network and when ever they receive a ARP reply they update their cache table with that information.  A machine will first check that table for an IP to MAC mapping and only if it fails to find a suitable entry will it send out an ARP request.

 

An attacker can take advantage of this weakness by regularly send out fake ARP replies mapping the IPs they want to intercept to their MAC address.  Those machines receiving those fake ARP replies update their ARP cache table, then when they try to send a packet to one of those IP addresses they find they already have an entry in their ARP cache table and use it.  That entry though is the attackers fake one and the packet is actually sent to the attacker's MAC, which then does its stuff with it and forwards it on to the correct MAC address for the desired IP.







Also tagged with one or more of these keywords: Wifi, Antenna, Network, Legal, frequency, GPS

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users