NovaSam Posted June 16, 2014 Share Posted June 16, 2014 (edited) Was just curious if anyone has ever tried to use the WiFi Pineapple, or several of them to try and detect any rogue WAPs in the building? I have seen this in commercial WiFi products, but would find this as a cheap solution if I could use a few of these in a building, and feeding into a central management system. Then basically have the option to send deauthentication packets as needed by adding them to the jammer blacklist. Might be a little much for the pineapple but thought I would check. The key might be having a centralized management. Systems like these are becoming a requirement for some institutions. Wouldn't mind trying to put together such a system if it seems possible and useful for the rest of the community. Edited June 20, 2014 by NovaSam Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted June 16, 2014 Share Posted June 16, 2014 Centralized management is coming. Could you spec out how this rogue detection feature would work? Am I correct in assuming the user would provide a list of legitimate ESSID / BSSID (MAC) pairs, then the WiFi Pineapple would deauth any similar ESSID that does not match the list whilst emailing an administrator? Quote Link to comment Share on other sites More sharing options...
barry99705 Posted June 16, 2014 Share Posted June 16, 2014 Deauthing "rogue" access points is cool, until you start deauthing the company across the street. In a past life I had to track down rogue access points. My boss said bring it back to him, the owner could come to him for it. I've actually ripped them out of the wall before. Sure I had to come back and fix the jack after hours, but it starts the gossip train rolling. The rogues became less of an issue after that. 90% of the time it was because the person wanted a switch in their room to hook up a couple more computers and the PFY at Fred Meyer's sold them a wifi router to make a little more commision. The other 10% didn't like our filtering of the network. Though they didn't understand we filtered at the gateway, and not at the access points or switches. Don't get me started about the time some ass hat kid figured out they could make all the iMacs wireless base stations.... Quote Link to comment Share on other sites More sharing options...
hfam Posted June 17, 2014 Share Posted June 17, 2014 Deauthing "rogue" access points is cool, until you start deauthing the company across the street. In a past life I had to track down rogue access points. My boss said bring it back to him, the owner could come to him for it. I've actually ripped them out of the wall before. Sure I had to come back and fix the jack after hours, but it starts the gossip train rolling. The rogues became less of an issue after that. 90% of the time it was because the person wanted a switch in their room to hook up a couple more computers and the PFY at Fred Meyer's sold them a wifi router to make a little more commision. The other 10% didn't like our filtering of the network. Though they didn't understand we filtered at the gateway, and not at the access points or switches. Don't get me started about the time some ass hat kid figured out they could make all the iMacs wireless base stations.... Excellent use of classic reference, I love you, man! :) Quote Link to comment Share on other sites More sharing options...
NovaSam Posted June 19, 2014 Author Share Posted June 19, 2014 Still picturing APs being pulled from the walls at high velocity with network cables ripping through the sheetrock. Yeah not so much for take downs, but just to assist with figuring out about where the Rouge APs might be. In a world where every smart phone can be a hot spot, and cheap portable MiFi type devices I know this might be a losing battle for some. On the other hand, in some industries they are actually requiring us to start looking out for access points that might be used to bypass network security controls. The systems I have see use multiple APs to provide the coverage, Usually with the help of a scaled map on the centralized system you can then collect the date from these APs as well as their location on the map to identify where other APs might be located in the building and setting boundaries. Now with multiple floors, and knowing how wireless signals bounce around, I would be careful on the deauth side of the house. In this having good coverage and a number of detection AP's would probably increase the accuracy of detection. But would be an interesting project. I have been using NetSpot Pro http://www.netspotapp.com, on my Mac pro to accomplish this manually. It is just a snapshot in time, but the resulting wifi heat map is very helpful in identifying the noise and coverage issues. I got my license for $29 last month. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted June 19, 2014 Share Posted June 19, 2014 Ekahau heatmapper is what I use in windows. http://www.ekahau.com/wifidesign/ekahau-heatmapper Quote Link to comment Share on other sites More sharing options...
NovaSam Posted June 20, 2014 Author Share Posted June 20, 2014 Nice, I'll try that one out. Still like the interface on NetSpot Pro better so far, but probably because I'm not limited to a screenshot. I'm thinking of limiting to no heatmap, but simply an alert system when a new AP BSID is detected in the area. Then I'd go out inspect tare AP from wall or whitelist the AP as authorized. This way I'm not getting into too much trouble with the FCC deuth attacking every other WAP in the local area. Maybe call the Infusion the Wifi Tripwire or something. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.