Jump to content

Simple ownage guide? Black list White list has me confused

Thaidog

By Thaidog
in WiFi Pineapples Mark I, II, III

 Share

Recommended Posts

Thaidog Newbie

Thaidog

Posted
Posted

So I got my fon up and running karma and Jasager. But I am confused as how to get it working. Say I want to play with my neighbor's wireless networks (with consent of course) How do I add them (Black list / whitelist... ??) and how do I intercept traffic? The interface is a little raw right now and it's confusing me. Also, they should not see any difference in there connection right? In other words they should still be able to surf the web right? I tried it on my own dlink g router and it just seemed to shut down my connection.

Lastly... is the "pineapple hack" just there to sniff ssid's so that you can use that to connect later on with a non-authorized laptop? If so how does that info get extracted?

As you see I'm a little confused on this one.... I'm a system admin but not an network admin ;)

Link to comment
Share on other sites
LESLIEx317537 Newbie

LESLIEx317537

Posted
Posted

I'm not to clear on this either, but I think in order for "your neighbor" to be able to still surf the web. You need to setup ICS or something of the like to share the internet through your laptop which would be in the middle.

People would then connect to the FON which is connected to your laptop, then access the net through that.

That way you would be in the middle and be able to sniff the packets.

The whitelist and blacklist also has me confused. But I know if I blacklist OpenWrt and try to connect to that SSID, it refuses the connection.

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

OK, information on the difference.......

By default the wireless drivers are in blacklist mode with an empty ssid list and will automatically accept any SSID that comes along. If you use the "add ssid to list" command the chosen ssid will be added to a blacklist so the drivers will ignore that ssid and not let it connect. This is useful if you are working in an environment where you want to make sure you are not capturing traffic you are not supposed to (maybe in an office where you don't want to capture the company nextdoors wifi traffic), it is also useful to stop Jasager from taking over your own wifi in a testing environment.

When you change to whitelist mode you are saying that the drivers should only accept ssids that are in the list, this is where you want to target a small range of ssids, maybe known home router ssids or ssids where you believe because of the ssid the client may be vulnerable.

As it states in the interface, switching modes does not clear the list down, you have to do that manually.

Hope this explains it.

Link to comment
Share on other sites
Thaidog Newbie

Thaidog

Posted
  • Author
Posted

Ok... so bare with me... It sounds like it's a good thing to put my home router on a "blacklist" to protect it... and then put everybody else's router on a white list... which the fon now masquerades as those ssids. That way I can check them all for viruses... that is if I hook the fon up with ICS or something so they can still actually hit the Internet... correct?

Link to comment
Share on other sites
iyeman Newbie

iyeman

Posted
Posted
Ok... so bare with me... It sounds like it's a good thing to put my home router on a "blacklist" to protect it... and then put everybody else's router on a white list... which the fon now masquerades as those ssids. That way I can check them all for viruses... that is if I hook the fon up with ICS or something so they can still actually hit the Internet... correct?

theres only one list. you either choose to blacklist or whitelist the ssids on that list. in my setup i have my home wifi blacklisted and it will accept connections from any other open SSID

Link to comment
Share on other sites
Thaidog Newbie

Thaidog

Posted
  • Author
Posted
theres only one list. you either choose to blacklist or whitelist the ssids on that list. in my setup i have my home wifi blacklisted and it will accept connections from any other open SSID

Ok so basically you want to blacklist your own router or any friendly router and whitelist anything suspect? (That sounds backwards in my opinion though)

Link to comment
Share on other sites
iyeman Newbie

iyeman

Posted
Posted
Ok so basically you want to blacklist your own router or any friendly router and whitelist anything suspect? (That sounds backwards in my opinion though)

ok once again theres one list and you are either blacklisting the SSIDS on that list or whitelisting them there is not a list for blacklisting and another for whitelisting it is ONE list.

As stated earlier the Whitelist means it will only accept connections from the SSIDs on that list and will drop every other request. In blacklist mode it will allow connections from any SSID other than the ones "blacklisted".

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

iyeman has it right, only one list, chose either, probably black list with your AP in it.

white list is designed for capturing specific targets, one test I did a client had 3 different SSIDs for different levels of business, I would add just those 3 to target that specific client.

Link to comment
Share on other sites
Thaidog Newbie

Thaidog

Posted
  • Author
Posted
iyeman has it right, only one list, chose either, probably black list with your AP in it.

white list is designed for capturing specific targets, one test I did a client had 3 different SSIDs for different levels of business, I would add just those 3 to target that specific client.

Lol ok I was thinking "hosts allow, hosts deny" but it is one or the other... ok. I got that but forgive my ignorance - is there any functional difference between putting them in black list or white list?

Finally, if they will not have any Internet unless I hook the fon up to a "real" router with access to the Internet, right?

Link to comment
Share on other sites
iyeman Newbie

iyeman

Posted
Posted
Lol ok I was thinking "hosts allow, hosts deny" but it is one or the other... ok. I got that but forgive my ignorance - is there any functional difference between putting them in black list or white list?

Finally, if they will not have any Internet unless I hook the fon up to a "real" router with access to the Internet, right?

well the 2 lists allow you to either only allow certain networks or allow all but certain networks so there is a tad difference in the 2 seetings

Secondly, you can use a laptop to share a network connection to the fon (Darren shared his phones internet at the airport in the latest episode). Also this is a work in progress so hopefully in the future someone will come across a way to get the fon to connect to another access point as a client and pass traffic to it. The fon does have an unused antenna port on the circuit board.

Link to comment
Share on other sites
Thaidog Newbie

Thaidog

Posted
  • Author
Posted

Ok so since I don't want to infect my network I could blacklist it and let everybody else connect to the fon which could be hooked up to a linux box via the rj45 and an Internet connection could be passed through the linux box and I could use the linux box to scan for viruses... etc... correct?

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted
Ok so since I don't want to infect my network I could blacklist it and let everybody else connect to the fon which could be hooked up to a linux box via the rj45 and an Internet connection could be passed through the linux box and I could use the linux box to scan for viruses... etc... correct?

Yes, but why would you scan for viruses in network traffic? The traffic would be going through you but wouldn't stop at you unless it was something designed to actually attack your servers. So, you want to make sure your box in the middle is sufficiently hardened to prevent attackers from going after it but that should be standard setup anyway.

Link to comment
Share on other sites
Thaidog Newbie

Thaidog

Posted
  • Author
Posted
Yes, but why would you scan for viruses in network traffic? The traffic would be going through you but wouldn't stop at you unless it was something designed to actually attack your servers. So, you want to make sure your box in the middle is sufficiently hardened to prevent attackers from going after it but that should be standard setup anyway.

Could be a worm.... could be many things. This way I can quarantine them and see what they do. Not to mention find out where the viruses are coming from... what websites... etc.

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted
Could be a worm.... could be many things. This way I can quarantine them and see what they do. Not to mention find out where the viruses are coming from... what websites... etc.

Your plan for Jasager is different to mine, mine is for MITM auditing attacks so I don't really care about what nasty stuff is going on to the clients machine as long as it isn't affecting the nasty stuff I'm sending in their direction.

I keep my machine fully hardened and don't open anything that I don't fully control to client access.

Link to comment
Share on other sites
Thaidog Newbie

Thaidog

Posted
  • Author
Posted
Your plan for Jasager is different to mine, mine is for MITM auditing attacks so I don't really care about what nasty stuff is going on to the clients machine as long as it isn't affecting the nasty stuff I'm sending in their direction.

I keep my machine fully hardened and don't open anything that I don't fully control to client access.

Well my real rig is running Gentoo and I'm really not very worried about that... I'm more worried about the rest of my network that was to run XP or Vista for work. Plus it's a great way to help keep your Windows boxes ready for anything.... since they are the target for everything!!!! But I'm still at a miss as to what the plan is to place a battery powered fon in the middle of startbucks central if it can't redirect traffic... I'm guessing that's something on the way?

Link to comment
Share on other sites
iyeman Newbie

iyeman

Posted
Posted
But I'm still at a miss as to what the plan is to place a battery powered fon in the middle of startbucks central if it can't redirect traffic... I'm guessing that's something on the way?

The project is a work in progress....hince it being a project.

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted
Well my real rig is running Gentoo and I'm really not very worried about that... I'm more worried about the rest of my network that was to run XP or Vista for work. Plus it's a great way to help keep your Windows boxes ready for anything.... since they are the target for everything!!!! But I'm still at a miss as to what the plan is to place a battery powered fon in the middle of startbucks central if it can't redirect traffic... I'm guessing that's something on the way?

A few options

* just sniff/store traffic - stick some dummy services on the fon and let people connect

* connect via a second wifi interface and bridging to a laptop somewhere else to give an internet connection

* in an office environment, find a spare wall jack and use their network to route traffic.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...