Community discussions

MUM Europe 2020
 
mongobongo
just joined
Topic Author
Posts: 14
Joined: Fri Jul 28, 2017 5:13 pm

How is this 'attack' possible ?

Wed Nov 01, 2017 3:56 pm

Hi,

Will be as clear and accurate as I can.

Is it possible to create a 'pseudo AP' using the following information

Wireless Radio Name
Wireless Channel
Wireless MAC Address

I am asking as today somone created a 'pseudo AP' to mimic one of our AP's with the information listed above.

Basically this is what happened,

Our clients authenticate using MAC authentication, i.e we add their MACs into the 'Access List' of the AP

This morning, out of the blue, non of the clients could connect, the error log was

'authentication no valid (2)'

So I set about troubleshooting, first thing I did was turn on WPA2 authentication for the AP and all the connecting Stations

The clients could then connect, for a little while, then the message in the logs changed to

'management protection failure'

So I hit the wiki to read up about what this meant, then came to understand that somebody was doing something they shouldnt be doing!

Essentially, this is what I found out,

Somebody set up an AP that was using my radio name, mac address and channel of my AP !

Simply by changing the channel or mac address I was able to circumvent there underhanded actions.

I have my SSID hidden, but they can easily scan the airwaves and see the new MAC address I am using.

This is only effecting nstream and 802.11, NV2 is uneffected but we cant use it as performance is terrible

How can we circumvent this ???
psudo-AP.jpg
Thanks
You do not have the required permissions to view the files attached to this post.
 
jarda
Forum Guru
Forum Guru
Posts: 7602
Joined: Mon Oct 22, 2012 4:46 pm

Re: How is this 'attack' possible ?

Wed Nov 01, 2017 4:41 pm

Only by bigger force... Or negotiate with the neighbor to stop that. None has exclusive right for ssid or Mac address number. At least until you registrate some word as trademark. Then you can maybe suit your neighbor for misusing your intellectual property... Very hard, complicated and not enough effective approach.
 
mongobongo
just joined
Topic Author
Posts: 14
Joined: Fri Jul 28, 2017 5:13 pm

Re: How is this 'attack' possible ?

Wed Nov 01, 2017 5:26 pm

Only by bigger force... Or negotiate with the neighbor to stop that. None has exclusive right for ssid or Mac address number. At least until you registrate some word as trademark. Then you can maybe suit your neighbor for misusing your intellectual property... Very hard, complicated and not enough effective approach.
Hi Jarda, thank you for your reply,

are you aware of the reasons why NV2 is not effected by this ?

And finding the neighbour will be difficult, I already made some 'fishing' phone calls to the parties I suspect are doing this .........

Thanks
 
jarda
Forum Guru
Forum Guru
Posts: 7602
Joined: Mon Oct 22, 2012 4:46 pm

Re: How is this 'attack' possible ?

Thu Nov 02, 2017 1:10 pm

Nv2 is not 802.11 standard. It is proprietary mikrotik protocol and therefore works in other way.
 
jarda
Forum Guru
Forum Guru
Posts: 7602
Joined: Mon Oct 22, 2012 4:46 pm

Re: How is this 'attack' possible ?

Thu Nov 02, 2017 1:14 pm

Finding the bad neighbour should not be so much difficult. Use directional antenna to find location /mast and mobile phone to find a device at the place.
 
mistry7
Forum Guru
Forum Guru
Posts: 1383
Joined: Tue Oct 13, 2009 11:57 am
Location: Germany

Re: How is this 'attack' possible ?

Fri Nov 03, 2017 6:47 am

@mongobongo

You are yousing unencrypted wireless in 2017?
 
jimmy1ghetto
just joined
Posts: 4
Joined: Mon Oct 30, 2017 8:08 pm

Re: How is this 'attack' possible ?

Fri Nov 03, 2017 6:38 pm

this has happend to me i had to call him personnaly but then he apologised and promised not to repeate it but i still would love to know if there is a solution to this
 
jarda
Forum Guru
Forum Guru
Posts: 7602
Joined: Mon Oct 22, 2012 4:46 pm

Re: How is this 'attack' possible ?

Sun Nov 05, 2017 12:00 am

Use wpa2 encryption.

Who is online

Users browsing this forum: Google [Bot] and 33 guests