Jump to content

Using Wifi Pineapples to detect rouge Wifi APs


NovaSam
 Share

Recommended Posts

Was just curious if anyone has ever tried to use the WiFi Pineapple, or several of them to try and detect any rogue WAPs in the building?

I have seen this in commercial WiFi products, but would find this as a cheap solution if I could use a few of these in a building, and feeding into a central management system. Then basically have the option to send deauthentication packets as needed by adding them to the jammer blacklist. Might be a little much for the pineapple but thought I would check. The key might be having a centralized management. Systems like these are becoming a requirement for some institutions.

Wouldn't mind trying to put together such a system if it seems possible and useful for the rest of the community.

Edited by NovaSam
Link to comment
Share on other sites

Centralized management is coming. Could you spec out how this rogue detection feature would work? Am I correct in assuming the user would provide a list of legitimate ESSID / BSSID (MAC) pairs, then the WiFi Pineapple would deauth any similar ESSID that does not match the list whilst emailing an administrator?

Link to comment
Share on other sites

Deauthing "rogue" access points is cool, until you start deauthing the company across the street. In a past life I had to track down rogue access points. My boss said bring it back to him, the owner could come to him for it. I've actually ripped them out of the wall before. Sure I had to come back and fix the jack after hours, but it starts the gossip train rolling. The rogues became less of an issue after that. 90% of the time it was because the person wanted a switch in their room to hook up a couple more computers and the PFY at Fred Meyer's sold them a wifi router to make a little more commision. The other 10% didn't like our filtering of the network. Though they didn't understand we filtered at the gateway, and not at the access points or switches. Don't get me started about the time some ass hat kid figured out they could make all the iMacs wireless base stations....

Link to comment
Share on other sites

Deauthing "rogue" access points is cool, until you start deauthing the company across the street. In a past life I had to track down rogue access points. My boss said bring it back to him, the owner could come to him for it. I've actually ripped them out of the wall before. Sure I had to come back and fix the jack after hours, but it starts the gossip train rolling. The rogues became less of an issue after that. 90% of the time it was because the person wanted a switch in their room to hook up a couple more computers and the PFY at Fred Meyer's sold them a wifi router to make a little more commision. The other 10% didn't like our filtering of the network. Though they didn't understand we filtered at the gateway, and not at the access points or switches. Don't get me started about the time some ass hat kid figured out they could make all the iMacs wireless base stations....

Excellent use of classic reference, I love you, man! :)

Link to comment
Share on other sites

Still picturing APs being pulled from the walls at high velocity with network cables ripping through the sheetrock.

Yeah not so much for take downs, but just to assist with figuring out about where the Rouge APs might be. In a world where every smart phone can be a hot spot, and cheap portable MiFi type devices I know this might be a losing battle for some. On the other hand, in some industries they are actually requiring us to start looking out for access points that might be used to bypass network security controls.

The systems I have see use multiple APs to provide the coverage, Usually with the help of a scaled map on the centralized system you can then collect the date from these APs as well as their location on the map to identify where other APs might be located in the building and setting boundaries. Now with multiple floors, and knowing how wireless signals bounce around, I would be careful on the deauth side of the house. In this having good coverage and a number of detection AP's would probably increase the accuracy of detection. But would be an interesting project.

I have been using NetSpot Pro http://www.netspotapp.com, on my Mac pro to accomplish this manually. It is just a snapshot in time, but the resulting wifi heat map is very helpful in identifying the noise and coverage issues. I got my license for $29 last month.

Link to comment
Share on other sites

Nice, I'll try that one out. Still like the interface on NetSpot Pro better so far, but probably because I'm not limited to a screenshot.

I'm thinking of limiting to no heatmap, but simply an alert system when a new AP BSID is detected in the area. Then I'd go out inspect tare AP from wall or whitelist the AP as authorized. This way I'm not getting into too much trouble with the FCC deuth attacking every other WAP in the local area.

Maybe call the Infusion the Wifi Tripwire or something.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...