@ John -

You really believe I have a malicious intent here? Look around the
internet, Google my name, you'll see that I'm just a tech guy like you
trying to learn. I've even offered lots of advice and help to others
who request it. If I really wanted to hack them and cause damage, I
would have done so via the wired terminals they provide in the Business
Center. When you were first learning about your profession, would you
have appreciated someone who brushed you off like you were a criminal?
I'm extremely offended at your response and just hope that no one else
you offer "advice" to encounters this same type of treatment.

@miso -

Thanks for the idea; we had actually done that to begin with before
changing my MAC address. We used a crossover to connect his computer to
mine and enabled ICS on his Windows laptop. The antenna idea is a
really interesting option for me to keep in mind for the future; I
don't have one with me but I'll experiment when I get back from my
trip. Thanks for giving me a helpful reply!


If anyone else would like to contribute to this discussion, you're
welcome to do so!

miso@sushi.com wrote:
> logankriete@gmail.com wrote:
> > Alright, let me start off by saying that I'm not a malicious hacker -
> > like hacker ethic's state, I do this soley for exploration and
> > advancement of knowledge.
> >
> > Let me also say that this may be a long post, but I hope all of you
> > respond so we can have an exciting discussion!
> >
> > Now that the legalese and foreward is out of the way, I've got a
> > discussion to start with you wireless experts. I've done my share of
> > hacking before, but I've not done any WiFi hacking, so I thought I'd
> > post this here to sort of get a consensus on a crazy idea I had
> > tonight.
> >
> > I'm staying at this hotel in NYC over the next 3 days (the Doubletree
> > by Times Square). They don't offer wired internet because it's an old
> > building and they don't want to rewire it all. So they offer wireless
> > internet in the suites for $9.95/day. Bummer, right? So the person I'm
> > staying with in the hotel signs up wirelessly with his laptop and gets
> > on just fine. The system makes him register an account, and he's got
> > his high-speed internet. So I try the account on my computer - no such
> > luck. Perhaps only one laptop at a time is allowed to connect? He logs
> > off and shuts down his wireless, and I try again. Strike two. Alright,
> > so perhaps they're filtering based on something else - what's the most
> > permanent thing most people have associated with their network cards? A
> > MAC address! Looking more closely at the history log of my friend's
> > laptop (we're both computer people and keep logs of these sorts of
> > things), I notice that when he first signed up with the system, it
> > passed his MAC address around via some GET variables in the URL. So I
> > go ahead and change my MAC address to his and re-connect, again making
> > sure he's off. Bingo! Wireless internet. Main problem: solved.
> >
> > Now here's where I started getting excited. They obviously have
> > wireless coverage in all of the rooms built in, and the gateway filters
> > who's allowed to connect by A) an account with user/pass combo; B) the
> > MAC address; or C) a combination of both. Now, I had typed in the
> > account information with my old MAC address enabled - not with his,
> > which leads me to believe that they're using option B. This really
> > doesn't matter anyway, as you'll see later on. So, wireless in all the
> > rooms. Based on my findings, theoretically, couldn't I just find
> > someone else who's signed up for the internet, get their MAC address,
> > spoof theirs as mine, and get internet, in their name? Wouldn't that
> > then allow me to get free wireless internet? Remember, whatever you
> > tell me can't steal from the hotel - I've already paid to get the
> > internet in our room. So, how to get the MAC addresses? I've got a tool
> > which can recover the MAC address of a remote machine by giving it the
> > IP address - anyone know of a tool which can give me a list of all the
> > live hosts' IP addresses in my subnet? I've got SuperScan, but it's
> > slow & bloated - I'm thinking maybe nmap? Granted, not every wireless
> > MAC address I get will have signed up for the free internet - most
> > laptop users who aren't computer literate will just leave their
> > wireless adapter on and it'll connect to the default network. But a
> > strong percentage (or at least a few) will have done so, and that could
> > then be used a list to rotate among for my MAC address, to continually
> > get free wireless internet.
> >
> > But wait, Logan, you're all now thinking - two machines with the same
> > MAC address on the same network? Surely the router or gateway would go
> > mad! Or something like that. Well, I anticipated that, too - I had once
> > read an article about WEP hacking and in it was mentioned a way to send
> > a broadcast packet to tell certain clients to
> > disconnect/disassociate/disauthenticate from a certain SSID, again by
> > spoofing the MAC address to appear as if it the packet were coming from
> > the router/gateway. Anyone know of a way to achieve this? If so, then
> > one would be able to construct a tool which rotated one's MAC address
> > among a list and sending out the appropriately spoofed packets to
> > ensure that the MAC address currently in use was not connected to the
> > network. Sure, one user at a time will have some wireless troubles, but
> > that's their problem to deal with.
> >
> > And now for the granddaddy of them all - I got the MAC address of the
> > main gateway assigned to my laptop when I first connected wirelessly.
> > This device, I'm assuming, allows access only to its manufacturer's
> > special website for some legalese agreements & logins, etc. Now,
> > couldn't I change my MAC address to that of the main gateway, do the
> > same for the IP address, and flood the network with spoofed ARP packets
> > to, in essence, redirect all the traffic normally going to the gateway
> > to my laptop? I could then easily create a fake website which looked
> > like the real gateway, grab their user details, and send them along to
> > the real gateway. Don't know how much or what I could harvest with an
> > attack like that, but any comments would be appreciated to further
> > discuss! Another note: I believe an attack like this was described in
> > one of the "Stealing the Network" books (I'm not at home right now
> > otherwise I'd look it up since I've got the whole series): where a
> > student did something similar to grab the personal details of all the
> > registering students at a college who were creating accounts at the
> > school's "personal" website (you know, sites like my.mit.edu). He used
> > a tool, I think, called webmitmd to man-in-the-middle the secure server
> > on campus.
> >
> > That's all I've been brooding about over the past hour or so. I was
> > thinking more and more about it but really wanted a bunch of
> > knowledgeable experts I could share my thoughts with to further discuss
> > the feasability, both technically and otherwise, of the possibility of
> > things like these actually happening. Because I'm sure with your
> > stimulating responses, I can learn much more than I could have trying
> > to research all of this!
> >
> > That's it! Looking forward to some discussions!
>
> Well, you are in the same room. Perhaps a crossover cable between PCs
> and enable sharing. Or haul a wireless router that you both share.
>
> Another idea is to stick an antenna at your window and find some free
> wifi.