gripgrizzly Posted April 17, 2014 Share Posted April 17, 2014 Just wanted to know if there is an infusion that could allow me to deny access to my open AP. ex: allow all to connect but not have internet access then allow them internet access by their mac address. or everyone is allowed to connect and have internet access but then you could specify specific mac addresses deny internet access to. -Is anything like this possible at all? Quote Link to comment Share on other sites More sharing options...
Foxtrot Posted April 17, 2014 Share Posted April 17, 2014 You mean like having a "Guest network" type thing, but the other way around? Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted April 17, 2014 Share Posted April 17, 2014 Just wanted to know if there is an infusion that could allow me to deny access to my open AP. ex: allow all to connect but not have internet access then allow them internet access by their mac address. or everyone is allowed to connect and have internet access but then you could specify specific mac addresses deny internet access to. -Is anything like this possible at all? You could achieve this by using iptables: Block all traffic on interface wlan0. Allow all traffic on MAC ABC on interface wlan0. Allow all traffic on MAC XYZ on interface wlan0. Remember, MAC addresses can be spoofed easily. Best Regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
gripgrizzly Posted April 17, 2014 Author Share Posted April 17, 2014 You mean like having a "Guest network" type thing, but the other way around? kind of sort of but thats a good idea ... is it possiple to broad cast two APs from one pinaple? Quote Link to comment Share on other sites More sharing options...
Foxtrot Posted April 17, 2014 Share Posted April 17, 2014 No, If i'm not mistaken you need two wireless NICs to broadcast two APs. Quote Link to comment Share on other sites More sharing options...
gripgrizzly Posted April 17, 2014 Author Share Posted April 17, 2014 You could achieve this by using iptables: Block all traffic on interface wlan0. Allow all traffic on MAC ABC on interface wlan0. Allow all traffic on MAC XYZ on interface wlan0. Remember, MAC addresses can be spoofed easily. Best Regards, Sebkinne ahhh iptables .... i see ..... hmmm i would have to look into this ..... i think this can do it tho ok so the MAC's can be spoofed so the best approach would be to block all traffic then allow individual MACs ..... that sounds about right what do you think.. could i get problems with that Quote Link to comment Share on other sites More sharing options...
m40295 Posted April 17, 2014 Share Posted April 17, 2014 Couldn't you configure evil portal with a username and password if the password and username are in file.txt allow access to wlan1 (brlan) Quote Link to comment Share on other sites More sharing options...
gripgrizzly Posted April 17, 2014 Author Share Posted April 17, 2014 (edited) Couldn't you configure evil portal with a username and password if the password and username are in file.txt allow access to wlan1 (brlan) ok this is intersting i thought that only wlan0 could create an AP and wlan1 can not so are you saying that users could connect to wlan1? or was that a typo and you ment wlan0? Edited April 17, 2014 by gripgrizzly Quote Link to comment Share on other sites More sharing options...
m40295 Posted April 18, 2014 Share Posted April 18, 2014 (edited) sorry now that i reread a bit confusing for me wlan0 is pineapple ap wlan1 is my client for internet my thouht is using a evilportal for user pass to allow the use of client mode for each user connected to ap so connecting to the pineapple is open but to get internet you need a user pass i hope that makes more sence Edited April 18, 2014 by m40295 Quote Link to comment Share on other sites More sharing options...
gripgrizzly Posted April 19, 2014 Author Share Posted April 19, 2014 (edited) sorry now that i reread a bit confusing for me wlan0 is pineapple ap wlan1 is my client for internet my thouht is using a evilportal for user pass to allow the use of client mode for each user connected to ap so connecting to the pineapple is open but to get internet you need a user pass i hope that makes more sence makes alot more sence now have you done that before? Edited April 19, 2014 by gripgrizzly Quote Link to comment Share on other sites More sharing options...
m40295 Posted April 19, 2014 Share Posted April 19, 2014 i haven been working on it as many other in a diffrent thread isnt learning fun Quote Link to comment Share on other sites More sharing options...
gripgrizzly Posted April 20, 2014 Author Share Posted April 20, 2014 i haven been working on it as many other in a diffrent thread isnt learning fun riiiiiiight..... You could achieve this by using iptables: Block all traffic on interface wlan0. Allow all traffic on MAC ABC on interface wlan0. Allow all traffic on MAC XYZ on interface wlan0. Remember, MAC addresses can be spoofed easily. Best Regards, Sebkinne following this format tip ......... i got this #Rules for allowing your mac addresses/sbin/iptables -A FORWARD -i eth1 -m mac --mac-source XX:XX:XX:XX:XX:11 -j ACCEPT/sbin/iptables -A FORWARD -i eth1 -m mac --mac-source XX:XX:XX:XX:XX:22 -j ACCEPT/sbin/iptables -A FORWARD -i eth1 -m mac --mac-source XX:XX:XX:XX:XX:33 -j ACCEPT#One final rule to drop all packets which do not match one of the rules above (are not from one of your allowed macs)/sbin/iptables -A FORWARD -i eth1 -j DROP cleaned it up a bit of corse change /sbin/ to sd and eth1 and such works ..but a little unconventional having to restart the pineapple everytime to make adjustments..... hmmm i think i might start from scratch with this.... mabe just Deauth...... will look into jammer Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.