Handfull of Questions

[ssjaken]

So ive gone through and got my FON setup with 2.1. Its up and running and collecting USERS, but i got a few about the application and some software issues.

1. Regarding ICS, if i put a laptop between the Jasager, my laptops wireless card connecting to the internet and then have a cat5 cable running from the wired NIC to the wired NIC on the jasager, would i just use the same ICS steps listed on the ICS Wiki? In theory i believe yes, but im not sure if the Jasager and OPENWRT has any issues with getting internet this way.

2. In the video, Darren had the openwrt SSID changed to a different name and protected with WPA. Whenever i try to enable WPA, OpenWRT says it needs to install hostapd-mini, but errors out when it tries to install it. I did a manual install and moved it over to the FON, but it didnt want to install that way either. Has anyone else ran into this issue before? Is it alright to run it default SSID named openwrt with no password?

3. Once Jasager is up and running and im in the middle of users ( Im testing the deauthing abilities of my NDS with an R4 chip ) what applications or tricks/hacks would be easily ran? Im guess you could Ferret and Hamster the packets pretty easy, but what kind of Cool tricks could you do to the targets?

4. Between me and my friends we have access to 4 FON routers ( took advantage of their free give away a few years ago ) how could be rigg 2 up together to take place of the laptop, or would multiple jasager units be more effective. Anyone have any ideas about multiple jasagers

Any suggestions/help with these questions would be very appreciated

[colforbin]

Hallo,

Regarding your question about ICS with a wired connection between your Fonera and your laptop, the answer is yes you can. It makes no difference whether you're setting it up wired or wirelessly.

[digininja]

So ive gone through and got my FON setup with 2.1. Its up and running and collecting USERS, but i got a few about the application and some software issues.

1. Regarding ICS, if i put a laptop between the Jasager, my laptops wireless card connecting to the internet and then have a cat5 cable running from the wired NIC to the wired NIC on the jasager, would i just use the same ICS steps listed on the ICS Wiki? In theory i believe yes, but im not sure if the Jasager and OPENWRT has any issues with getting internet this way.

I run linux so I don't know about the ICS steps in the wiki but I know that it does work.

2. In the video, Darren had the openwrt SSID changed to a different name and protected with WPA. Whenever i try to enable WPA, OpenWRT says it needs to install hostapd-mini, but errors out when it tries to install it. I did a manual install and moved it over to the FON, but it didnt want to install that way either. Has anyone else ran into this issue before? Is it alright to run it default SSID named openwrt with no password?

If you want to but beaware that if you don't protect it anyone can get on it and own you

3. Once Jasager is up and running and im in the middle of users ( Im testing the deauthing abilities of my NDS with an R4 chip ) what applications or tricks/hacks would be easily ran? Im guess you could Ferret and Hamster the packets pretty easy, but what kind of Cool tricks could you do to the targets?

password sniffing

airpwn

site redirection

dns redirection

exploit injection

the list goes on

4. Between me and my friends we have access to 4 FON routers ( took advantage of their free give away a few years ago ) how could be rigg 2 up together to take place of the laptop, or would multiple jasager units be more effective. Anyone have any ideas about multiple jasagers

Two together would let you have one as a dedicated client connecting to an AP leaving the other as the AP. You'd have to wire the two together and setup routing so that traffic flows from the wireless AP, through the wire and out the client wireless.

You could run Jasager on a couple of devices and set them both on different channels but most clients I've see channel hop to find the ssid they are looking for so they would always land on one if you had it running. Setting up load balancing between them, that could be interesting, not sure how much use, but interesting!

[ssjaken]

so after a night of no sleep i got everything working kosher. I changed the named of the default OpenWRT SSID, and made it invisible. When i first boot Jasager i just add that SSID to the blacklist. I was able to see my Wii on the network, i was able to hijack it and run ferret and hamster on it and was able to get everything working.

For the NDS doing deauthing, the range is actually pretty good, i was able to get my neighbors WiFi from my office (my laptop/Cellphone/upstairs computer cannot detect this AP) so its range could possibly be better than previously thought.

I was able to kick my Wii off the network and then have Jasager jump in the way.

I have a few questions, and i may have to start another thread for these extra ones.

Im using TFTP32 as my DHCP server because like Darren, my windows isnt doing the job properly. It works flawlessly, but for some reason im seeing 50 IP's being assigned within the span of 3 seconds, all to the same IP MAC address. 46:46:3A:46:46:3A. Im not sure what device this is, its not the router or any of the devices on my network, Coffer.net MAC address lookup doesnt reveal what the device is. TFTP32 wont display more than 50 IP's at a time, and if i try to delete one, it gets repopulated with the next numerical one. When running hamster, my Wii was displayed as 192.168.0.183.

As you can see, having this large allocation of IP's that arent doing anything makes sorting the specific MAC address in the Jasager menu. Has anyone run into any of these issues with TFTP32? Does anyone know what specific settings that Darren used on his in episode 412?

thanks again

[digininja]

46:46:3A:46:46:3A Looks like a fake MAC address, is there someone who may be attacking your network?

Getting as many dhcp addresses as possible is a dhcp flooding attack which can result in a DOS.

[ssjaken]

mmm you know it could be an attack. I dont know who would want to , i live in a suburban/rural area. And i know there arent anybody around here that is a Hacker or anyone thats network savvey, im usually the one causing mischift. Ill test it with my cable modem disconnected and see.

I think that it may be my powered switch taking up the IP's.

------UPDATE------

so i disconnected my cable modem, still getting the MAC address flood. Disconnected my powered switch, no change. I changed my houses SSID, security, and i made it invisible. I rebooted the router and im still getting this huge flood of MAC addresses. i pinged a handfull of the addresses on 2 different machines and the request timed out. I also pinged the MAC address and it timed out. Im not sure what this is, im going to do a deep full scan of my pc and see if that fixes it.

[digininja]

Is the dhcp request coming in from the wired or wireless side? To find out if it is wired just unplug the machine from anything wired. Wireless, just turn off wireless.

[ssjaken]

well this is odd. i changed the starting ip address pool from 192.168.1.100 to 192.168.12.1 and the problem went away. I can see my wii , my phone any thing right there. I switched back to x.x.1.100 and its working fine....something weird is going on here

----update----

now it seems that im having another set of issues.

i can either have the tftpd32 up and running and people getting access or karma on and me able to snag peoples info...but that doesnt seem right does it? for my local dns server to be working karma has to be working to have people move over to my man in the middle.

how should i run the software. have the tftpd32 up and running its dhcp server then turn on karma or karma first or should it even matter? should i have the DHCP in the windows ICS settings turned on or off in conjunction with tftpd32.

does anyone have the configuration/settings that darren used in episode 412 on his tftpd32 ?

And again, thanks for the help and thanks for making this software, its really cool to actually have a use for my FON

[DingleBerries]

Strange MAC adress 46:46:3A:46:46:3A

That non existant MAC address seems to be a comon problem... LINK,

Developer Post

This is a "virtual" MAC address.
When an assigned IP address is freed, Tftpd32 replaces its MAC address by this one (lease expired or address not acked by receiver).
I have chosen to display it since it can help to debug DHCP process.

Make sure you are using the newest edition, and if you are maybe try an older one.

[DoDg3]

I too would like to see the setup Darren has with TFTP as the DHCP server keeps trying to assign IP's on a different NIC not chosen by TFTP.

[ssjaken]

ok so i think i figured a few things out from all the tinkering. Im going to list a few discoveries ive made my self that i think will be significant.

1. Firewall off! for some reason i cannot access the webif for open-wrt or jasager when its on. You know the dangers so use protection

2. tftpd32 isnt needed, if you statically assign the DNS servers ( i just use the open dns servers ) on both NICS, clients that are connecting through your computer will be able to sites, for some reason without doing this it wont work, i dont know WHY it wont work it just wont.

3. Jasager for me isnt displaying IP addresses inside the wed interface, so i just did an

 arp -a

command it it showed me the IP of my phone ( testing with Phone and WII ) and i just matched it with the MAC address karma was displaying.

NOW for some questions of my own

i cannot get ferret.exe or hamster.exe working the way it SHOULD be working. Whenever i go to the hamster web interface it will only show data that goes over the shared NICs connection, so all im getting it the cookies from OPEN WRT's web interface and Jasager interface. Anyone have any ideas as to why this is happening when the data from my phone and my wii is going accross the network?

Thanks