Trick to Protect your wifi hotspot !!

Yes, I post article one month later (exactly) from previous one.I don’t tell you how vulnerable is WEP. If you decide to provide commercial hotspot to anybody that want to access. So you don’t need to provide the wifi with WEP, or lock mac adress in access-list. It’s not practical for your client. Your security just captive portal that ask username and password. Your client get ip address dynamically from dhcp server. Once your client successfully logon to wifi system, an attacker already have waited for sniffing the traffic. Dump the raw packet, and collect some information. What is it ?. IP address of the client and mac address. So ?
Once an attacker get ip address and mac, they do duplicate mac and ip address. Both computer can connect to Internet improperly. Sometimes could connect and sometimes not. The original client feel uncomfortable access to Internet, meanwhile the spoof client also get same experience too, at least they could access together which one client paid for the service and another one get for “free”.

The hotspot system could detect if any mac address is duplicated by an attacker. How ?.
Do u know arping ?. Examples:

Normally, if there’s no duplicate mac adress
arping -I eth1 -c 1
ARPING from eth1
Unicast reply from [00:19:21:6C:7E:8D] 0.676ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)
If any attacker do duplicate mac address
arping -I eth1 -c 1
ARPING from eth1
Unicast reply from [00:19:21:6C:7E:8D] 0.676ms
Sent 1 probes (1 broadcast(s))
Received 2 response(s)

The server will receive 2 response if any duplicate mac address. Great, you could detect the attacker, so what’s next ?. Here i make simple script to check every IP that connected to your hotspot.

arp -an -i eth1 | awk ‘{ print $2 }’ | sed s/\(// | sed s/\)// > /tmp/listip
for a in `cat /tmp/listip` ; do
numresponse=`arping -I eth1 -c 1 $a | grep “Received” | awk ‘{print $2 }’`
echo $numresponse
if [ “$numresponse” == “2″ ] ; then
echo “IP $a has duplicate mac address”
After knowing the duplicate mac address, what’s next ?.

1. Log the mac address and IP
2. Redirect the victim IP to certain page to tell the origin client that there’s attacker.
3. Renewal of IP address.
4. Doing investigation in field.


Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:


You are commenting using your account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

%d blogger menyukai ini: