Deathdefyer2002 Posted March 4, 2008 Share Posted March 4, 2008 Hey, I was just wondering if anyone out there knew a way to stop a Cisco Wireless device from attacking my access point. So far in my tests, it looks as if my AP will work for a short amount of time then Cisco will attack it, and traffic wont go through. When this happens I loose about 90% of all my traffic. Now if I change channels, It will work again for a short amount of time before happening again. I am currently using a WRT54G with the DD-WRT firmware installed. I have limited the output power to 1 MW and am still having the same problem. The only difference is that Traffic will go though a little bit longer before being attacked. Any help or suggestions would be very much appreciated Thanks Deathdefyer Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted March 4, 2008 Share Posted March 4, 2008 best idea shut down the AP for 9 days the dude attacking will get bored and then leave you alone... also setting the SSID to hidden will also stop him from fucking with you Quote Link to comment Share on other sites More sharing options...
Sparda Posted March 4, 2008 Share Posted March 4, 2008 setting the SSID to hidden will also stop him from fucking with you No it won't. I suggest you point a microwave with the door open at their access point (if that is what it be). Quote Link to comment Share on other sites More sharing options...
snakey Posted March 4, 2008 Share Posted March 4, 2008 you should let a worm loose on your network that would fuck him Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted March 4, 2008 Share Posted March 4, 2008 setting the SSID to hidden will also stop him from fucking with you No it won't. I suggest you point a microwave with the door open at their access point (if that is what it be). you're right I should have said might stop him if you're lucky. I like the microwave idea it also has the added benefit of giving him cancer if he doesn't stop screwing with your wireless Quote Link to comment Share on other sites More sharing options...
Deathdefyer2002 Posted March 4, 2008 Author Share Posted March 4, 2008 Hey, I have tried turning the SSID off and changing it to no effect. It is actually a device that is attacking my WAP not a person. I looked it up and it looks like its a "Cisco Wireless Lan Controller". On their website it says "Cisco wireless LAN controllers also play a prominent role in rogue access point detection and containment, as well as wireless intrusion prevention. With Cisco wireless LAN controllers, IT staff can create and enforce consistent security policies across an entire wireless network." Im thinking that might be what is happening to my AP. Quote Link to comment Share on other sites More sharing options...
VaKo Posted March 4, 2008 Share Posted March 4, 2008 The important thing here is to work out exactly how your wireless is being disabled before you attempt to stop it from happening. Until you do that your attempts are likely to be fruitless. What you should do is get hold of a wireless card that allows you to drop into monitor mode, and capture these attacks as they happen. Once you do this you should be able to work out who they are coming from and what is going on behind the scenes. If it is a local business, go bang on there door and if that fails send them a letter threatening them with action from who ever controls the airwaves. If its a malicious attack from an individual then you should probally just call the police regarding this. Fancy shit about microwaves etc are not going to help you. Quote Link to comment Share on other sites More sharing options...
Razor512 Posted March 4, 2008 Share Posted March 4, 2008 around my area there was a idiot who kept trying to crack my wpa so i changed the password to something easily cracked with a dictionary attack (must have been some kid with aircrack and thought he could steal bandwidth) the idiot was dumb enough to log into a few accounts which my packet sniffer saw, so i messed with him a little if you need you can try to find their location and head to their house then then smear dog feces all over the door or if your able to get any password of theirs, then on the side of their house, write the user name and pass using dog feces on the side of their house or using crazy glue, glue their bedroom window shut PS people who use someone else's bandwidth to log into non ssl websites will generally use the same password for every other account they have Quote Link to comment Share on other sites More sharing options...
arran Posted March 4, 2008 Share Posted March 4, 2008 Whatever you decide to do I reccomend that you record the attackers MAC address (it should be in the DHCP client list.) However do be aware that this may be a spoofed MAC address depending on what kind of attacker your dealing with. Quote Link to comment Share on other sites More sharing options...
VaKo Posted March 4, 2008 Share Posted March 4, 2008 around my area there was a idiot who kept trying to crack my wpa so i changed the password to something easily cracked with a dictionary attack (must have been some kid with aircrack and thought he could steal bandwidth) the idiot was dumb enough to log into a few accounts which my packet sniffer saw, so i messed with him a little if you need you can try to find their location and head to their house then then smear dog feces all over the door or if your able to get any password of theirs, then on the side of their house, write the user name and pass using dog feces on the side of their house or using crazy glue, glue their bedroom window shut PS people who use someone else's bandwidth to log into non ssl websites will generally use the same password for every other account they have What are you? Like 13? GROW. THE. FUCK. UP. Quote Link to comment Share on other sites More sharing options...
Sparda Posted March 4, 2008 Share Posted March 4, 2008 I meant to ask. How do you know you are under attack by "Cisco Wireless Lan Controller"? Some thing not particularly relevant but Interesting. When some one not on the BT network port scans some one on the BT network, BT forwards all there traffic to a hunny pot which finger prints as a Cisco PIX. Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted March 4, 2008 Share Posted March 4, 2008 around my area there was a idiot who kept trying to crack my wpa so i changed the password to something easily cracked with a dictionary attack (must have been some kid with aircrack and thought he could steal bandwidth) the idiot was dumb enough to log into a few accounts which my packet sniffer saw, so i messed with him a little if you need you can try to find their location and head to their house then then smear dog feces all over the door or if your able to get any password of theirs, then on the side of their house, write the user name and pass using dog feces on the side of their house or using crazy glue, glue their bedroom window shut PS people who use someone else's bandwidth to log into non ssl websites will generally use the same password for every other account they have What are you? Like 13? GROW. THE. FUCK. UP. QFE is this wireless where you work or at home? Quote Link to comment Share on other sites More sharing options...
Razor512 Posted March 4, 2008 Share Posted March 4, 2008 generally you don't want some random person using your connection the agreement with many isp's makes it so your responsible for what ever happens so if they decide to download child porn using your connection, you will have the fbi after you instead of that person Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted March 4, 2008 Share Posted March 4, 2008 generally you don't want some random person using your connection the agreement with many isp's makes it so your responsible for what ever happens so if they decide to download child porn using your connection, you will have the fbi after you instead of that person and? that's why you 'unlocked' your wifi? Quote Link to comment Share on other sites More sharing options...
Deathdefyer2002 Posted March 4, 2008 Author Share Posted March 4, 2008 I know that it is a cisco device because thats what they said they used. I did some research online and that was one of the models that will actively attack a connection. Im just wonering how I can stop it from attacking me Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted March 4, 2008 Share Posted March 4, 2008 is this wireless where you work or at home? Quote Link to comment Share on other sites More sharing options...
Sparda Posted March 4, 2008 Share Posted March 4, 2008 I know that it is a cisco device because thats what they said they used. wtf? You know who's doing it? Quote Link to comment Share on other sites More sharing options...
VaKo Posted March 4, 2008 Share Posted March 4, 2008 Just drop a line to Home Land Security with the details lol. Quote Link to comment Share on other sites More sharing options...
Deathdefyer2002 Posted March 4, 2008 Author Share Posted March 4, 2008 Basically what I am trying to do is get my n800 up and running. My college has its own wireless system that uses Cisco Clean Access which somehow De-Authenticates wireless traffic that Isnt its own. I know that it is Cisco equipment that they are running and after doing some research, that was the model that I found that does that. I would normally just connect to their wireless but it doesent work half the time and my n800 doesent support java. Java is a necessary component of their clean access agent therefore you cant connect without it. This is why im trying to get my own access point running. Quote Link to comment Share on other sites More sharing options...
VaKo Posted March 4, 2008 Share Posted March 4, 2008 Ah, the bug becomes a feature. If you've just hooked an AP into there network then what is happening is exactly what is supposed to happen. The system finds an AP nearby and kills it. Quote Link to comment Share on other sites More sharing options...
Sparda Posted March 4, 2008 Share Posted March 4, 2008 I recommend you ask the admin to stop his/the schools equipment from DoS'ing your rouge AP so you can be more productive. Quote Link to comment Share on other sites More sharing options...
Razor512 Posted March 4, 2008 Share Posted March 4, 2008 and if they wont stop, try using a different channel like 13 they cant really DOS those channels with out breaking some FCC rules Quote Link to comment Share on other sites More sharing options...
VaKo Posted March 5, 2008 Share Posted March 5, 2008 Or, just go have a word with the network admin. Say your having some issues connecting a linux based device to the network and you were wondering if they could spare a couple of minutes to go over a few things before you gave up. I've worked at a university and been in charge of supporting connection issues with non-standard kit, and this approach worked far better than "I'm paying $$$ for university, make this work" or wankers and there 3rd party unsecured AP's they'd jury rigged onto the network until the entire 6 person flat was disconnected for a day. Quote Link to comment Share on other sites More sharing options...
Sparda Posted March 5, 2008 Share Posted March 5, 2008 they cant really DOS those channels with out breaking some FCC rules More importantly, you can't brake thing using FCC certified hardware. Quote Link to comment Share on other sites More sharing options...
Razor512 Posted March 5, 2008 Share Posted March 5, 2008 you can , most generic firmware and moded firmware allow you to use the extra channels supported by he router hardware Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.