How is this 'attack' possible ?

mongobongo · November 1, 2017, 1:56pm

Hi,

Will be as clear and accurate as I can.

Is it possible to create a ‘pseudo AP’ using the following information

Wireless Radio Name
Wireless Channel
Wireless MAC Address

I am asking as today somone created a ‘pseudo AP’ to mimic one of our AP’s with the information listed above.

Basically this is what happened,

Our clients authenticate using MAC authentication, i.e we add their MACs into the ‘Access List’ of the AP

This morning, out of the blue, non of the clients could connect, the error log was

‘authentication no valid (2)’

So I set about troubleshooting, first thing I did was turn on WPA2 authentication for the AP and all the connecting Stations

The clients could then connect, for a little while, then the message in the logs changed to

‘management protection failure’

So I hit the wiki to read up about what this meant, then came to understand that somebody was doing something they shouldnt be doing!

Essentially, this is what I found out,

Somebody set up an AP that was using my radio name, mac address and channel of my AP !

Simply by changing the channel or mac address I was able to circumvent there underhanded actions.

I have my SSID hidden, but they can easily scan the airwaves and see the new MAC address I am using.

This is only effecting nstream and 802.11, NV2 is uneffected but we cant use it as performance is terrible

How can we circumvent this ???
psudo-AP.jpg
Thanks

jarda · November 1, 2017, 2:41pm

Only by bigger force… Or negotiate with the neighbor to stop that. None has exclusive right for ssid or Mac address number. At least until you registrate some word as trademark. Then you can maybe suit your neighbor for misusing your intellectual property… Very hard, complicated and not enough effective approach.

mongobongo · November 1, 2017, 3:26pm

Hi Jarda, thank you for your reply,

are you aware of the reasons why NV2 is not effected by this ?

And finding the neighbour will be difficult, I already made some ‘fishing’ phone calls to the parties I suspect are doing this …

Thanks

jarda · November 2, 2017, 11:10am

Nv2 is not 802.11 standard. It is proprietary mikrotik protocol and therefore works in other way.

jarda · November 2, 2017, 11:14am

Finding the bad neighbour should not be so much difficult. Use directional antenna to find location /mast and mobile phone to find a device at the place.

mistry7 · November 3, 2017, 4:47am

@mongobongo

You are yousing unencrypted wireless in 2017?

jimmy1ghetto · November 3, 2017, 4:38pm

this has happend to me i had to call him personnaly but then he apologised and promised not to repeate it but i still would love to know if there is a solution to this

jarda · November 4, 2017, 10:00pm

Use wpa2 encryption.