Thaidog Posted October 24, 2008 Share Posted October 24, 2008 So I got my fon up and running karma and Jasager. But I am confused as how to get it working. Say I want to play with my neighbor's wireless networks (with consent of course) How do I add them (Black list / whitelist... ??) and how do I intercept traffic? The interface is a little raw right now and it's confusing me. Also, they should not see any difference in there connection right? In other words they should still be able to surf the web right? I tried it on my own dlink g router and it just seemed to shut down my connection. Lastly... is the "pineapple hack" just there to sniff ssid's so that you can use that to connect later on with a non-authorized laptop? If so how does that info get extracted? As you see I'm a little confused on this one.... I'm a system admin but not an network admin ;) Quote Link to comment Share on other sites More sharing options...
LESLIEx317537 Posted October 24, 2008 Share Posted October 24, 2008 I'm not to clear on this either, but I think in order for "your neighbor" to be able to still surf the web. You need to setup ICS or something of the like to share the internet through your laptop which would be in the middle. People would then connect to the FON which is connected to your laptop, then access the net through that. That way you would be in the middle and be able to sniff the packets. The whitelist and blacklist also has me confused. But I know if I blacklist OpenWrt and try to connect to that SSID, it refuses the connection. Quote Link to comment Share on other sites More sharing options...
digininja Posted October 24, 2008 Share Posted October 24, 2008 OK, information on the difference....... By default the wireless drivers are in blacklist mode with an empty ssid list and will automatically accept any SSID that comes along. If you use the "add ssid to list" command the chosen ssid will be added to a blacklist so the drivers will ignore that ssid and not let it connect. This is useful if you are working in an environment where you want to make sure you are not capturing traffic you are not supposed to (maybe in an office where you don't want to capture the company nextdoors wifi traffic), it is also useful to stop Jasager from taking over your own wifi in a testing environment. When you change to whitelist mode you are saying that the drivers should only accept ssids that are in the list, this is where you want to target a small range of ssids, maybe known home router ssids or ssids where you believe because of the ssid the client may be vulnerable. As it states in the interface, switching modes does not clear the list down, you have to do that manually. Hope this explains it. Quote Link to comment Share on other sites More sharing options...
Thaidog Posted October 24, 2008 Author Share Posted October 24, 2008 Ok... so bare with me... It sounds like it's a good thing to put my home router on a "blacklist" to protect it... and then put everybody else's router on a white list... which the fon now masquerades as those ssids. That way I can check them all for viruses... that is if I hook the fon up with ICS or something so they can still actually hit the Internet... correct? Quote Link to comment Share on other sites More sharing options...
iyeman Posted October 24, 2008 Share Posted October 24, 2008 Ok... so bare with me... It sounds like it's a good thing to put my home router on a "blacklist" to protect it... and then put everybody else's router on a white list... which the fon now masquerades as those ssids. That way I can check them all for viruses... that is if I hook the fon up with ICS or something so they can still actually hit the Internet... correct? theres only one list. you either choose to blacklist or whitelist the ssids on that list. in my setup i have my home wifi blacklisted and it will accept connections from any other open SSID Quote Link to comment Share on other sites More sharing options...
Thaidog Posted October 24, 2008 Author Share Posted October 24, 2008 theres only one list. you either choose to blacklist or whitelist the ssids on that list. in my setup i have my home wifi blacklisted and it will accept connections from any other open SSID Ok so basically you want to blacklist your own router or any friendly router and whitelist anything suspect? (That sounds backwards in my opinion though) Quote Link to comment Share on other sites More sharing options...
iyeman Posted October 24, 2008 Share Posted October 24, 2008 Ok so basically you want to blacklist your own router or any friendly router and whitelist anything suspect? (That sounds backwards in my opinion though) ok once again theres one list and you are either blacklisting the SSIDS on that list or whitelisting them there is not a list for blacklisting and another for whitelisting it is ONE list. As stated earlier the Whitelist means it will only accept connections from the SSIDs on that list and will drop every other request. In blacklist mode it will allow connections from any SSID other than the ones "blacklisted". Quote Link to comment Share on other sites More sharing options...
digininja Posted October 24, 2008 Share Posted October 24, 2008 iyeman has it right, only one list, chose either, probably black list with your AP in it. white list is designed for capturing specific targets, one test I did a client had 3 different SSIDs for different levels of business, I would add just those 3 to target that specific client. Quote Link to comment Share on other sites More sharing options...
Thaidog Posted October 24, 2008 Author Share Posted October 24, 2008 iyeman has it right, only one list, chose either, probably black list with your AP in it. white list is designed for capturing specific targets, one test I did a client had 3 different SSIDs for different levels of business, I would add just those 3 to target that specific client. Lol ok I was thinking "hosts allow, hosts deny" but it is one or the other... ok. I got that but forgive my ignorance - is there any functional difference between putting them in black list or white list? Finally, if they will not have any Internet unless I hook the fon up to a "real" router with access to the Internet, right? Quote Link to comment Share on other sites More sharing options...
iyeman Posted October 24, 2008 Share Posted October 24, 2008 Lol ok I was thinking "hosts allow, hosts deny" but it is one or the other... ok. I got that but forgive my ignorance - is there any functional difference between putting them in black list or white list? Finally, if they will not have any Internet unless I hook the fon up to a "real" router with access to the Internet, right? well the 2 lists allow you to either only allow certain networks or allow all but certain networks so there is a tad difference in the 2 seetings Secondly, you can use a laptop to share a network connection to the fon (Darren shared his phones internet at the airport in the latest episode). Also this is a work in progress so hopefully in the future someone will come across a way to get the fon to connect to another access point as a client and pass traffic to it. The fon does have an unused antenna port on the circuit board. Quote Link to comment Share on other sites More sharing options...
Thaidog Posted October 24, 2008 Author Share Posted October 24, 2008 Ok so since I don't want to infect my network I could blacklist it and let everybody else connect to the fon which could be hooked up to a linux box via the rj45 and an Internet connection could be passed through the linux box and I could use the linux box to scan for viruses... etc... correct? Quote Link to comment Share on other sites More sharing options...
digininja Posted October 24, 2008 Share Posted October 24, 2008 Ok so since I don't want to infect my network I could blacklist it and let everybody else connect to the fon which could be hooked up to a linux box via the rj45 and an Internet connection could be passed through the linux box and I could use the linux box to scan for viruses... etc... correct? Yes, but why would you scan for viruses in network traffic? The traffic would be going through you but wouldn't stop at you unless it was something designed to actually attack your servers. So, you want to make sure your box in the middle is sufficiently hardened to prevent attackers from going after it but that should be standard setup anyway. Quote Link to comment Share on other sites More sharing options...
Thaidog Posted October 24, 2008 Author Share Posted October 24, 2008 Yes, but why would you scan for viruses in network traffic? The traffic would be going through you but wouldn't stop at you unless it was something designed to actually attack your servers. So, you want to make sure your box in the middle is sufficiently hardened to prevent attackers from going after it but that should be standard setup anyway. Could be a worm.... could be many things. This way I can quarantine them and see what they do. Not to mention find out where the viruses are coming from... what websites... etc. Quote Link to comment Share on other sites More sharing options...
digininja Posted October 24, 2008 Share Posted October 24, 2008 Could be a worm.... could be many things. This way I can quarantine them and see what they do. Not to mention find out where the viruses are coming from... what websites... etc. Your plan for Jasager is different to mine, mine is for MITM auditing attacks so I don't really care about what nasty stuff is going on to the clients machine as long as it isn't affecting the nasty stuff I'm sending in their direction. I keep my machine fully hardened and don't open anything that I don't fully control to client access. Quote Link to comment Share on other sites More sharing options...
LESLIEx317537 Posted October 24, 2008 Share Posted October 24, 2008 Also, if your home network is WPA2 or security protected, you don't have to Blacklist it right? Quote Link to comment Share on other sites More sharing options...
Thaidog Posted October 24, 2008 Author Share Posted October 24, 2008 Your plan for Jasager is different to mine, mine is for MITM auditing attacks so I don't really care about what nasty stuff is going on to the clients machine as long as it isn't affecting the nasty stuff I'm sending in their direction. I keep my machine fully hardened and don't open anything that I don't fully control to client access. Well my real rig is running Gentoo and I'm really not very worried about that... I'm more worried about the rest of my network that was to run XP or Vista for work. Plus it's a great way to help keep your Windows boxes ready for anything.... since they are the target for everything!!!! But I'm still at a miss as to what the plan is to place a battery powered fon in the middle of startbucks central if it can't redirect traffic... I'm guessing that's something on the way? Quote Link to comment Share on other sites More sharing options...
iyeman Posted October 25, 2008 Share Posted October 25, 2008 But I'm still at a miss as to what the plan is to place a battery powered fon in the middle of startbucks central if it can't redirect traffic... I'm guessing that's something on the way? The project is a work in progress....hince it being a project. Quote Link to comment Share on other sites More sharing options...
digininja Posted October 25, 2008 Share Posted October 25, 2008 Well my real rig is running Gentoo and I'm really not very worried about that... I'm more worried about the rest of my network that was to run XP or Vista for work. Plus it's a great way to help keep your Windows boxes ready for anything.... since they are the target for everything!!!! But I'm still at a miss as to what the plan is to place a battery powered fon in the middle of startbucks central if it can't redirect traffic... I'm guessing that's something on the way? A few options * just sniff/store traffic - stick some dummy services on the fon and let people connect * connect via a second wifi interface and bridging to a laptop somewhere else to give an internet connection * in an office environment, find a spare wall jack and use their network to route traffic. Quote Link to comment Share on other sites More sharing options...
Infolookup Posted October 26, 2008 Share Posted October 26, 2008 I was confused about the white vs black list but thanks for clearing this up, also you could always create a DMZ on your home network and use that to plug the Jasager into that. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.