Jump to content

Cctv Mesh Network


biob

Recommended Posts

I've recently started mapping networks using Kismet and gpsd. I have discovered that my local council is using a mesh network or WDS to set up CCTV in my local area. I'm annoyed at this as they are using the system to spy on the housing estates. Even when they move their cameras around, it is easy to see where they have been previously installed as the sockets are still on the lighting lamp posts. I discovered these vacant lamp posts still transmit( must have AP's installed inside). Must admit the probe responses are what got my attention as they had 'CCTV' in the title:-)

Is there a way to view what these cameras are seeing? I would love to prove these cameras insecure. Can anyone point me in the right direction to research this?

Link to comment
Share on other sites

First check your local laws, intercepting wireless communication and cracking captured wireless communication may be illegal in your country (If you aren't sure then assume it is illegal and don't mess with it).

If I was investigating it I would start by finding some of the CCTV cameras in place and fire up kismet to check the details of the network (Things like channels and network security). When I knew what channel they are using I would lock Kismet to that channel to narrow the packets captured.

The network security in use would dictate the next step. If WEP then aircrack should give the network key in 5 to 10 minutes (Assuming ARP packets can be replayed).

If WPA-PSK then deauthing some of the attached devices should give is a handshake to be broken offline.

If WPA-Eneterprise then things get a bit more tricky and would require some further investigation.

Link to comment
Share on other sites

Regardless of local laws on intercepting communications cracking WEP using replay or deauthing clients in WPA-PSK mode are illegal in the UK. Best you can probably do legallly is sniff the traffic and hope that it is unencrypted but if they have the skills to setup an WDS then that is very unlikely.

Link to comment
Share on other sites

Kismet is reporting no encryption, which is funny as the ssid contains WPA. The council hasnt placed any type of sign that is clearly visible(which is breaking the law) , you need a pair of binoculars to see the sticker they have placed at the top of the lamp post :-).What's interesting is that they move them around and leave connection ports on the lamp posts, which are still transmitting as part of the WDS.

I know a little about the system as I found articles on the net. I've identified the cameras they are using as D-link(I have a lovely brochure on them :-))

I went for a walk with my net book in backpack to try and collect more data , but when I had got home I discovered that it had gone into hibernation(doh). Will try again tomorrow.

Thanks guys for the quick response.

Link to comment
Share on other sites

Hi Digininja, they are council. When I used my camera to zoom in they have a yellow sticker right at the top of the lamp post.( basically the sign they are suppose to put in clear view).

I find it very interesting that the lamp posts have AP's.( just sad in my old age :-))

Link to comment
Share on other sites

Kismet seems to be unable to tell what channel they are operating on. Looking at some of the logs, I think they are using a channel 1,5,9 scheme. I have found a few without a CCTV unit attached. I may have to loiter Around one tomorrow:-)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...