Jump to content

Observed pineapple-like behavior... on a secure network?


Recommended Posts

Yesterday I observed something fairly interesting.

I had just changed locations (just out of town) and was met with a bit of a surprise when I opened my laptop. Oddly enough, it reconnected to the old network that is now a few miles away. Furthermore, it doesn't seem like some sort of odd Windows glitch. I seem to have connected to the point of being assigned an IP from a dhcp service, but nothing more. No gateway or anything, thus blocking any connections. Also, the IP that I was assigned was a fairly interesting one.. I believe it began with 196.xx or 169.xx. Not the default pineapple address, but as far as I know, a default pineapple isn't effective against open preffered networks... right?

This whole thing was odd at best. Honestly, I'm still not convinced that it wasn't just some very strange Windows malfunction. The best I can think to do is write down a few bulletpoints for anyone interested to draw their own conclusion.

Why it seems like more than a glitch:

- I was connected enough to have an IP assigned

- The AP's MAC address is nothing even close to my card or either of the routers. (MAC was 6C:71:D9:02:01:FC if you're curious.)

- I've honestly never heard of a glitch doing something like this.. glitches don't usually come up with a MAC and hand out an IP... It simply seems too advanced.

Why it seems like just a glitch:

- Nothing more than an IP assigning happened (as far as I could tell)

- As far as I know, the method that Karma uses to make a honeypot hotspot only works with open preffered networks, right? Or did I just miss a memo somewhere?...

- It's Windows. It's glitchy.

Anyways, I'm very curious about what you guys think about this. I'm curious as to:

A: Do you think it's just some odd glitch, some failed attack, or something completely different?

B: Have any of you ever seen this kind of thing before?

C: Pineapples are only effective against open preffered networks, right?

I look forward to any input that you may have on this, and will gladly elaborate on any details. Oh, and I'm going to find my Alfa and see about taking a look around, see if there's anything overtly funky, but I have a feeling that little, if anything, will be found.

Link to comment
Share on other sites

the ip addr "169.xx" smells liek mulicast ick

i think the windoze zeroconf like service can reg that address when it has no dhcp.

windoze networking is crappy.

go into manage wireless networks and remove everything and try again.

Link to comment
Share on other sites

169.254.x.x is APIPA,windows will auto-assign a random address in this range when it connects to a network and doesn't have a static address assigned AND doesn't receive a DHCP offer from the network it attached to, as to why you connected to the AP in question, what was the SSID, if you had associated to an open AP that had a default SSID and then came across another open AP at the new location with the same default SSID not much mystery there. What was the SSID you auto-connected to?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...