On Sat, 18 Jun 2011 19:49:39 +0000 (UTC), humpty
<humptydumpty@wall.org> wrote:
>Having a problem here under XP using an unencrypted hotspot.
>Even using exclusively Tor to defeat hackers along with a
>good software firewall, my client adapter gets reset, turned
>off, turned back on again and my network connection settings
>get modified along with starting new client adapter entries
>that previously did not exist. I have run rootkit, AV and
>malware scans and come up empty. Also is this an example of a
>honeypot mirroring a gateway router as I read about in one
>forum? Is there a security page that emphasizes such wifi so
>I can educate myself more on this topic?
Sounds like witchcraft to me. Could you be more specific as to
what changes are made ? Windows defaults to the strongest signal,
maybe it's just roaming.
[]'s
On Mon, 20 Jun 2011 02:14:55 +0000 (UTC), humptydumpty
<humptydumpty@wall.org> wrote:
>Shadow <Sh@dow.br> wrote in
>news:mmtrv6th9g05eje6qejetnrj8a8etbvjm7@4ax.com :
>
>> On Sat, 18 Jun 2011 19:49:39 +0000 (UTC), humpty
>> <humptydumpty@wall.org> wrote:
>>
>>>Having a problem here under XP using an unencrypted
>>>hotspot. Even using exclusively Tor to defeat hackers along
>>>with a good software firewall, my client adapter gets
>>>reset, turned off, turned back on again and my network
>>>connection settings get modified along with starting new
>>>client adapter entries that previously did not exist. I
>>>have run rootkit, AV and malware scans and come up empty.
>>>Also is this an example of a honeypot mirroring a gateway
>>>router as I read about in one forum? Is there a security
>>>page that emphasizes such wifi so I can educate myself more
>>>on this topic?
>> Sounds like witchcraft to me. Could you be more
>> specific as to
>> what changes are made ? Windows defaults to the strongest
>> signal, maybe it's just roaming.
>> []'s
>
>Found the problem, they are blocked now.
On Mon, 20 Jun 2011 08:36:27 +0100, Bob L
<bl@thisaddressisnowhere.com> wrote:
>On Mon, 20 Jun 2011 02:14:55 +0000 (UTC), humptydumpty
><humptydumpty@wall.org> wrote:
>
//
>>> On Sat, 18 Jun 2011 19:49:39 +0000 (UTC), humpty
>>> <humptydumpty@wall.org> wrote:
>>>
>>>>Having a problem here under XP using an unencrypted
>>>>hotspot. Even using exclusively Tor to defeat hackers along
>>>>with a good software firewall, my client adapter gets
>>>>reset, turned off, turned back on again and my network
>>>>connection settings get modified along with starting new
>>>>client adapter entries that previously did not exist. I
>>>>have run rootkit, AV and malware scans and come up empty.
>>>>Also is this an example of a honeypot mirroring a gateway
>>>>router as I read about in one forum? Is there a security
>>>>page that emphasizes such wifi so I can educate myself more
>>>>on this topic?
//
>>Found the problem, they are blocked now.
>
>Is it a trade secret ??????
I was going to ask the same thing.
Who are "they"
:)
[]'s
On Tue, 21 Jun 2011 11:33:07 +0100, Pooh the Cat
<supersecret@IPaddress.invalid> wrote:
>On Mon, 20 Jun 2011 13:42:33 -0300, Shadow <Sh@dow.br> wrote:
>
>>>Is it a trade secret ??????
>> I was going to ask the same thing.
>> Who are "they"
>
>SMERSH
OMG, I'll just have to grab 99 and keep under covers....
PS Didn't know cats strayed this far from alt.comp.freeware..
[]'s
On Tue, 21 Jun 2011 11:33:07 +0100, Pooh the Cat
<supersecret@IPaddress.invalid> wrote:
>On Mon, 20 Jun 2011 13:42:33 -0300, Shadow <Sh@dow.br> wrote:
>
>>>Is it a trade secret ??????
>> I was going to ask the same thing.
>> Who are "they"
>
>SMERSH
More probably WITCH (Wireless Intercept Terrorists and Computer
Hackers). They've been known to lurk in obscure coffee shops and
wireless hot spots, wait for unsuspecting users to connect via Wi-Fi,
sniff the traffic, and then sell the collected data to the highest
bidder. When there's no traffic to sniff and sell, they tend to
occupy the time hijacking patrons computers and tweaking the
configuration files.
Fortunately, they're easy to spot. The standard uniform includes a
large black hat, which is commonly worn indoors. While normal coffee
shop patrons tend to order overpriced and exotic coffee based
formulations, the WITCH operatives tend to order the cheapest decaf.
If you see someone slowly sipping such a mundane drink, be suspicious.
The laptop may also be a clue. If you see someone with a small dish
or panel antenna, slowly scanning the room, it's most likely a WITCH
operative.
On Tue, 21 Jun 2011 09:20:10 -0700, Jeff Liebermann <jeffl@cruzio.com>
wrote:
>On Tue, 21 Jun 2011 11:33:07 +0100, Pooh the Cat
><supersecret@IPaddress.invalid> wrote:
>
>>On Mon, 20 Jun 2011 13:42:33 -0300, Shadow <Sh@dow.br> wrote:
>>
>>>>Is it a trade secret ??????
>>> I was going to ask the same thing.
>>> Who are "they"
>>
>>SMERSH
>
>More probably WITCH (Wireless Intercept Terrorists and Computer
>Hackers). They've been known to lurk in obscure coffee shops and
>wireless hot spots, wait for unsuspecting users to connect via Wi-Fi,
>sniff the traffic, and then sell the collected data to the highest
>bidder. When there's no traffic to sniff and sell, they tend to
>occupy the time hijacking patrons computers and tweaking the
>configuration files.
>
>Fortunately, they're easy to spot. The standard uniform includes a
>large black hat, which is commonly worn indoors. While normal coffee
>shop patrons tend to order overpriced and exotic coffee based
>formulations, the WITCH operatives tend to order the cheapest decaf.
>If you see someone slowly sipping such a mundane drink, be suspicious.
>The laptop may also be a clue. If you see someone with a small dish
>or panel antenna, slowly scanning the room, it's most likely a WITCH
>operative.
LOL
They use a Yagi broom for that....
:)
[]'s
On Jun 21, 9:20*am, Jeff Liebermann <je...@cruzio.com> wrote:
> On Tue, 21 Jun 2011 11:33:07 +0100, Pooh the Cat
>
> <supersec...@IPaddress.invalid> wrote:
> >On Mon, 20 Jun 2011 13:42:33 -0300, Shadow <S...@dow.br> wrote:
>
> >>>Is it a trade secret ??????
> >> * * * *I was going to ask the same thing.
> >> * * * *Who are "they"
>
> >SMERSH
>
> More probably WITCH (Wireless Intercept Terrorists and Computer
> Hackers). *They've been known to lurk in obscure coffee shops and
> wireless hot spots, wait for unsuspecting users to connect via Wi-Fi,
> sniff the traffic, and then sell the collected data to the highest
> bidder. *When there's no traffic to sniff and sell, they tend to
> occupy the time hijacking patrons computers and tweaking the
> configuration files. *
>
> Fortunately, they're easy to spot. *The standard uniform includes a
> large black hat, which is commonly worn indoors. *While normal coffee
> shop patrons tend to order overpriced and exotic coffee based
> formulations, the WITCH operatives tend to order the cheapest decaf.
> If you see someone slowly sipping such a mundane drink, be suspicious.
> The laptop may also be a clue. *If you see someone with a small dish
> or panel antenna, slowly scanning the room, it's most likely a WITCH
> operative.
>
> --
> Jeff Liebermann * * je...@cruzio.com
> 150 Felker St #D * *http://www.LearnByDestroying.com
> Santa Cruz CA 95060http://802.11junk.com
> Skype: JeffLiebermann * * AE6KS * *831-336-2558
Hey, I drink black coffee, though leaded or half-leaded, depending on
the time of day.
I was running kismet to snoop on myself in a coffee shop environment.
I had been working on what I believe to be a privacy bug in blackberry
wifi. If you save profiles of the wifi you have used in the past, the
blackberry probes those WAPs. Anybody with a sniffer could see I drink
a lot of coffee and frequency nothing better than 3 star hotels/
motels.
I found there is a check off box in the blackberry profile where you
can indicate the WAP broadcasts it's SSID. If you check that box, the
blackberry does not probe for the WAP. The connections still work. I
presume the phone waits for the SSID to be broadcast. Perhaps the
probe makes a faster connection.
For TMobile, there are two predefined WAPs. One for the @home (their
UMA router) and one for TMobile hotspots. [In 2011, wifi that you pay
for must be a crappy business.) You can't alter the settings of those
WAPs, but you can disable them in your profile, and thus eliminate the
probe,
At this point, I can leave my wifi on without it singing "cheap ***
coffee drinker"!
When I put the wifi dongle on the table, the woman at the next table
gave me "the look." The combination of wrap around sun glasses and
black T-shirt perhaps was a bad idea. Had she got to know me better,
she would have discovered the cammo boxers.
> On Jun 21, 9:20*am, Jeff Liebermann <je...@cruzio.com> wrote:
> > On Tue, 21 Jun 2011 11:33:07 +0100, Pooh the Cat
> >
> > <supersec...@IPaddress.invalid> wrote:
> > >On Mon, 20 Jun 2011 13:42:33 -0300, Shadow <S...@dow.br> wrote:
> >
> > > > > Is it a trade secret ??????
> > >> * * * *I was going to ask the same thing.
> > >> * * * *Who are "they"
> >
> > > SMERSH
> >
> > More probably WITCH (Wireless Intercept Terrorists and Computer
> > Hackers). *They've been known to lurk in obscure coffee shops and
> > wireless hot spots, wait for unsuspecting users to connect via Wi-Fi,
> > sniff the traffic, and then sell the collected data to the highest
> > bidder. *When there's no traffic to sniff and sell, they tend to
> > occupy the time hijacking patrons computers and tweaking the
> > configuration files. *
> >
> > Fortunately, they're easy to spot. *The standard uniform includes a
> > large black hat, which is commonly worn indoors. *While normal coffee
> > shop patrons tend to order overpriced and exotic coffee based
> > formulations, the WITCH operatives tend to order the cheapest decaf.
> > If you see someone slowly sipping such a mundane drink, be suspicious.
> > The laptop may also be a clue. *If you see someone with a small dish
> > or panel antenna, slowly scanning the room, it's most likely a WITCH
> > operative.
> >
> > --
> > Jeff Liebermann * * je...@cruzio.com
> > 150 Felker St #D * *http://www.LearnByDestroying.com
> > Santa Cruz CA 95060http://802.11junk.com
> > Skype: JeffLiebermann * * AE6KS * *831-336-2558
>
> Hey, I drink black coffee, though leaded or half-leaded, depending on
> the time of day.
>
> I was running kismet to snoop on myself in a coffee shop environment.
> I had been working on what I believe to be a privacy bug in blackberry
> wifi. If you save profiles of the wifi you have used in the past, the
> blackberry probes those WAPs. Anybody with a sniffer could see I drink
> a lot of coffee and frequency nothing better than 3 star hotels/
> motels.
>
> I found there is a check off box in the blackberry profile where you
> can indicate the WAP broadcasts it's SSID. If you check that box, the
> blackberry does not probe for the WAP. The connections still work. I
> presume the phone waits for the SSID to be broadcast. Perhaps the
> probe makes a faster connection.
>
> For TMobile, there are two predefined WAPs. One for the @home (their
> UMA router) and one for TMobile hotspots. [In 2011, wifi that you pay
> for must be a crappy business.) You can't alter the settings of those
> WAPs, but you can disable them in your profile, and thus eliminate the
> probe,
>
> At this point, I can leave my wifi on without it singing "cheap ***
> coffee drinker"!
>
> When I put the wifi dongle on the table, the woman at the next table
> gave me "the look." The combination of wrap around sun glasses and
> black T-shirt perhaps was a bad idea. Had she got to know me better,
> she would have discovered the cammo boxers.
On Wed, 22 Jun 2011 08:15:44 +0000 (UTC), "humpty-dumpty"
<humpty-dumpty@Use-Author-Supplied-Address.invalid> wrote:
>Yawn.
Yeah, I know. It's late. 2:15AM here. It's really difficult to act
cool at this hour, but you managed it. However, you must be really
tired because you seem to have forgotten to answer the question. Who
are "they"? Inquiring and paranoid minds want to know. Are they
friendly? Are humans on their menu?
On Wed, 22 Jun 2011 08:15:44 +0000 (UTC), "humpty-dumpty"
<humpty-dumpty@Use-Author-Supplied-Address.invalid> wrote:
>Yawn.
>
>You guys can dish it out, but you cannot take it.
>Amusing really.
>
>To any newbies who hazard upon this rather lame newsgroup,
>when they ask you for particulars on your system, etc. do not
>think that's always to help you.
>
>Ok you lusers can now all go back to you packet injecting now.
>See ya all later when I have installed the necessarily tools
>on a new system, then let's see how funny y'all are.
C'mon now, you can take a joke. We do actually try to help
people here. But if you had been clearer it would have helped. Read
your original post.
[]'s
On Jun 22, 12:27*am, "Dr Who" <dead_letter_off...@hotmail.com> wrote:
> m...@sushi.com wrote:
> > On Jun 21, 9:20*am, Jeff Liebermann <je...@cruzio.com> wrote:
> > > On Tue, 21 Jun 2011 11:33:07 +0100, Pooh the Cat
>
> > > <supersec...@IPaddress.invalid> wrote:
> > > >On Mon, 20 Jun 2011 13:42:33 -0300, Shadow <S...@dow.br> wrote:
>
> > > > > > Is it a trade secret ??????
> > > >> * * * *I was going to ask the same thing.
> > > >> * * * *Who are "they"
>
> > > > SMERSH
>
> > > More probably WITCH (Wireless Intercept Terrorists and Computer
> > > Hackers). *They've been known to lurk in obscure coffee shops and
> > > wireless hot spots, wait for unsuspecting users to connect via Wi-Fi,
> > > sniff the traffic, and then sell the collected data to the highest
> > > bidder. *When there's no traffic to sniff and sell, they tend to
> > > occupy the time hijacking patrons computers and tweaking the
> > > configuration files. *
>
> > > Fortunately, they're easy to spot. *The standard uniform includes a
> > > large black hat, which is commonly worn indoors. *While normal coffee
> > > shop patrons tend to order overpriced and exotic coffee based
> > > formulations, the WITCH operatives tend to order the cheapest decaf.
> > > If you see someone slowly sipping such a mundane drink, be suspicious..
> > > The laptop may also be a clue. *If you see someone with a small dish
> > > or panel antenna, slowly scanning the room, it's most likely a WITCH
> > > operative.
>
> > > --
> > > Jeff Liebermann * * je...@cruzio.com
> > > 150 Felker St #D * *http://www.LearnByDestroying.com
> > > Santa Cruz CA 95060http://802.11junk.com
> > > Skype: JeffLiebermann * * AE6KS * *831-336-2558
>
> > Hey, I drink black coffee, though leaded or half-leaded, depending on
> > the time of day.
>
> > I was running kismet to snoop on myself in a coffee shop environment.
> > I had been working on what I believe to be a privacy bug in blackberry
> > wifi. If you save profiles of the wifi you have used in the past, the
> > blackberry probes those WAPs. Anybody with a sniffer could see I drink
> > a lot of coffee and frequency nothing better than 3 star hotels/
> > motels.
>
> > I found there is a check off box in the blackberry profile where you
> > can indicate the WAP broadcasts it's SSID. If you check that box, the
> > blackberry does not probe for the WAP. The connections still work. I
> > presume the phone waits for the SSID to be broadcast. Perhaps the
> > probe makes a faster connection.
>
> > For TMobile, there are two predefined WAPs. One for the @home (their
> > UMA router) and one for TMobile hotspots. [In 2011, wifi that you pay
> > for must be a crappy business.) You can't alter the settings of those
> > WAPs, but you can disable them in your profile, and thus eliminate the
> > probe,
>
> > At this point, I can leave my wifi on without it singing "cheap ***
> > coffee drinker"!
>
> > When I put the wifi dongle on the table, the woman at the next table
> > gave me "the look." The combination of wrap around sun glasses and
> > black T-shirt perhaps was a bad idea. Had she got to know me better,
> > she would have discovered the cammo boxers.
>
> Yeah, a wifi dongle can do that to women.
Nothing gets a woman more wild eyed than an 8dBi Hyperlink omni if you
know what I mean.
On Jun 22, 7:02*am, Shadow <S...@dow.br> wrote:
> On Wed, 22 Jun 2011 08:15:44 +0000 (UTC), "humpty-dumpty"
>
> <humpty-dum...@Use-Author-Supplied-Address.invalid> wrote:
> >Yawn.
>
> >You guys can dish it out, but you cannot take it.
> >Amusing really.
>
> >To any newbies who hazard upon this rather lame newsgroup,
> >when they ask you for particulars on your system, etc. do not
> >think that's always to help you.
>
> >Ok you lusers can now all go back to you packet injecting now.
> >See ya all later when I have installed the necessarily tools
> >on a new system, then let's see how funny y'all are.
>
> * * * * C'mon now, you can take a joke. We do actually try to help
> people here. But if you had been clearer it would have helped. Read
> your original post.
> * * * * []'s
Is it possible for any signal to turn off or reset your wifi? Seems to
me only the PC itself could alter the wifi settings.
On Wed, 22 Jun 2011 14:33:59 -0700 (PDT), "miso@sushi.com"
<miso@sushi.com> wrote:
>On Jun 22, 7:02*am, Shadow <S...@dow.br> wrote:
>> On Wed, 22 Jun 2011 08:15:44 +0000 (UTC), "humpty-dumpty"
>
>Is it possible for any signal to turn off or reset your wifi? Seems to
>me only the PC itself could alter the wifi settings.
See my first reply. Roaming changes the settings. XP can look
for the strongest signal. It will jump from one to another (hence
"changing the settings"
As to resetting the connection, or turning off the connection,
the hotspot owner could do that with a push of a switch, specially if
he thought someone was leeching.
[]'s
On Thu, 23 Jun 2011 00:58:00 +0200, hlexa@hotmail.com (Axel
Hammerschmidt) wrote:
>miso@sushi.com <miso@sushi.com> wrote:
>
><snip>
>
>> Is it possible for any signal to turn off or reset your wifi? Seems to
>> me only the PC itself could alter the wifi settings.
>
>Deauth.
Yep. That works on most clients. Details and scripted attack:
<http://www.thesubodh.com/2011/06/wi-fi-deauth-attack-demystified.html>
However, as soon as the DoS or packet injection attack stops, the
client will re-associate with the AP and continue as before (if auto
reconnect is set correctly).
One common defense is to simply drop deassociate and deauthorize
management packets if too many arrive in too small a time period. This
varies with client and AP firmware.
Reading between the lines of bad grammar, methinks the question is
whether an attacker can reset the *SETTINGS* of the wi-fi card. Nope.
Only the client computah can do that. Of course, if some kind of
remote control software has been installed on the client and is being
run by the evil hacker, all things are possible.
On Jun 22, 5:38*pm, Shadow <S...@dow.br> wrote:
> On Wed, 22 Jun 2011 14:33:59 -0700 (PDT), "m...@sushi.com"
>
> <m...@sushi.com> wrote:
> >On Jun 22, 7:02 am, Shadow <S...@dow.br> wrote:
> >> On Wed, 22 Jun 2011 08:15:44 +0000 (UTC), "humpty-dumpty"
>
> >Is it possible for any signal to turn off or reset your wifi? Seems to
> >me only the PC itself could alter the wifi settings.
>
> * * * * See my first reply. Roaming changes the settings. XP can look
> for the strongest signal. It will jump from one to another (hence
> "changing the settings"
> * * * * As to resetting the connection, or turning off the connection,
> the hotspot owner could do that with a push of a switch, specially if
> he thought someone was leeching.
> * * * * []'s
I was assuming you were already connected and somehow the PC settings
were being changed. I suppose if the link it broken and your system
goes back to roaming, that could be interpreted as the settings being
changed.
I usually only put my linux partition on wifi when on a public
network, and KDE would not randomly connect to some WAP.
On Tue, 21 Jun 2011 16:39:03 -0700 (PDT), "miso@sushi.com"
<miso@sushi.com> wrote:
>Hey, I drink black coffee, though leaded or half-leaded, depending on
>the time of day.
Like I said, only hackers drink the cheap stuff at Starbucks.
(I prefer hot chocolate). The really dedicated hackers order tea and
coffee. They pocket the tea bag for later use at home, and use the
hot water to dilute and extend the coffee. One cup can then last all
afternoon.
>I was running kismet to snoop on myself in a coffee shop environment.
For this you need a coffee shop environment? Couldn't you do this at
home?
>Anybody with a sniffer could see I drink
>a lot of coffee and frequency nothing better than 3 star hotels/
>motels.
My suspicions about you are confirmed.
>I found there is a check off box in the blackberry profile where you
>can indicate the WAP broadcasts it's SSID. If you check that box, the
>blackberry does not probe for the WAP. The connections still work. I
>presume the phone waits for the SSID to be broadcast. Perhaps the
>probe makes a faster connection.
Clients don't broadcast, so are you using the Blackberry as a WAP or
cellular router? Having an AP (or cellular router) broadcast is not
necessary to get a connection. The client only needs to know the SSID
of the AP in order to connect.
>For TMobile, there are two predefined WAPs. One for the @home (their
>UMA router) and one for TMobile hotspots. [In 2011, wifi that you pay
>for must be a crappy business.) You can't alter the settings of those
>WAPs, but you can disable them in your profile, and thus eliminate the
>probe,
>
>At this point, I can leave my wifi on without it singing "cheap ***
>coffee drinker"!
Known problem, but with the client, not the AP. The default behavior
is for the client to associate with the list of known saved SSID's
before doing a probe request. Somewhat faster and less traffic. The
problem is that it needs to belch the SSID of the saved SSID's while
attempting to associate. The list can be collecting, giving your
ex-wife or former girlfriend a clue where you have been hanging. You
can disarm this feature in various ways. No clue on the Blackberry,
but in Windoze XP, you just turn off the "connect automatically"
mis-feature.
>When I put the wifi dongle on the table, the woman at the next table
>gave me "the look." The combination of wrap around sun glasses and
>black T-shirt perhaps was a bad idea. Had she got to know me better,
>she would have discovered the cammo boxers.
The cammo shorts are usually worn by those that do their laundry
infrequently. The stains don't show.
Unrelated drivel: I got convinced into designing some more ADS-B
AMOS/Franklin derivative antennas. Here's an inverted AMOS-3 that
will be part of a 4 antenna array. Note that with 4 of these, at 200
ohms each, I don't need the 4:1 balun:
<http://802.11junk.com/jeffl/antennas/AMOS-3-INV-10990Mhz/index.html>
Works nicely (on paper) but the insulator is much longer than the
normal AMOS antenna.
Ignore this one as it's totally screwed up (it was late and I was
tired):
<http://802.11junk.com/jeffl/antennas/AMOS-5-INV-1090MHz/index.html>
I'll fix it after Field Day.
Shadow <Sh@dow.br> wrote in
news:5f250755dhmceffg7lddm1um2j7hdvj0jr@4ax.com:
> On Wed, 22 Jun 2011 14:33:59 -0700 (PDT), "miso@sushi.com"
> <miso@sushi.com> wrote:
>
>>On Jun 22, 7:02*am, Shadow <S...@dow.br> wrote:
>>> On Wed, 22 Jun 2011 08:15:44 +0000 (UTC), "humpty-dumpty"
>>
>>Is it possible for any signal to turn off or reset your wifi? Seems to
>>me only the PC itself could alter the wifi settings.
> See my first reply. Roaming changes the settings. XP can look
> for the strongest signal. It will jump from one to another (hence
> "changing the settings"
> As to resetting the connection, or turning off the connection,
> the hotspot owner could do that with a push of a switch, specially if
> he thought someone was leeching.
> []'s
By "changes the settings" you mean what exactly? Changes the MAC address
it associates with? If that's the case how does a user keep a connection
if the signal strength drops off from one AP-windows will auto connect
to another MAC and you lose your connection. Will it also create a new
entry in the Registry for a new NIC card in any situation? Also, have no
idea what you mean (do you?) by "flip of the switch".
On Jun 22, 8:43*pm, Jeff Liebermann <je...@cruzio.com> wrote:
> On Tue, 21 Jun 2011 16:39:03 -0700 (PDT), "m...@sushi.com"
>
> <m...@sushi.com> wrote:
> >Hey, I drink black coffee, though leaded or half-leaded, depending on
> >the time of day.
>
> Like I said, only hackers drink the cheap stuff at Starbucks.
> (I prefer hot chocolate). *The really dedicated hackers order tea and
> coffee. *They pocket the tea bag for later use at home, and use the
> hot water to dilute and extend the coffee. *One cup can then last all
> afternoon.
>
> >I was running kismet to snoop on myself in a coffee shop environment.
>
> For this you need a coffee shop environment? *Couldn't you do this at
> home?
>
> >Anybody with a sniffer could see I drink
> >a lot of coffee and frequency nothing better than 3 star hotels/
> >motels.
>
> My suspicions about you are confirmed.
>
> >I found there is a check off box in the blackberry profile where you
> >can indicate the WAP broadcasts it's SSID. If you check that box, the
> >blackberry does not probe for the WAP. The connections still work. I
> >presume the phone waits for the SSID to be broadcast. Perhaps the
> >probe makes a faster connection.
>
> Clients don't broadcast, so are you using the Blackberry as a WAP or
> cellular router? *Having an AP (or cellular router) broadcast is not
> necessary to get a connection. *The client only needs to know the SSID
> of the AP in order to connect. *
>
> >For TMobile, there are two predefined WAPs. One for the @home (their
> >UMA router) and one for TMobile hotspots. [In 2011, wifi that you pay
> >for must be a crappy business.) You can't alter the settings of those
> >WAPs, but you can disable them in your profile, and thus eliminate the
> >probe,
>
> >At this point, I can leave my wifi on without it singing "cheap ***
> >coffee drinker"!
>
> Known problem, but with the client, not the AP. *The default behavior
> is for the client to associate with the list of known saved SSID's
> before doing a probe request. *Somewhat faster and less traffic. *The
> problem is that it needs to belch the SSID of the saved SSID's while
> attempting to associate. *The list can be collecting, giving your
> ex-wife or former girlfriend a clue where you have been hanging. *You
> can disarm this feature in various ways. *No clue on the Blackberry,
> but in Windoze XP, you just turn off the "connect automatically"
> mis-feature.
>
> >When I put the wifi dongle on the table, the woman at the next table
> >gave me "the look." The combination of wrap around sun glasses and
> >black T-shirt perhaps was a bad idea. Had she got to know me better,
> >she would have discovered the cammo boxers.
>
> The cammo shorts are usually worn by those that do their laundry
> infrequently. *The stains don't show.
>
> Unrelated drivel: *I got convinced into designing some more ADS-B
> AMOS/Franklin derivative antennas. *Here's an inverted AMOS-3 that
> will be part of a 4 antenna array. *Note that with 4 of these, at 200
> ohms each, I don't need the 4:1 balun:
> <http://802.11junk.com/jeffl/antennas/AMOS-3-INV-10990Mhz/index.html>
> Works nicely (on paper) but the insulator is much longer than the
> normal AMOS antenna. *
>
> Ignore this one as it's totally screwed up (it was late and I was
> tired):
> <http://802.11junk.com/jeffl/antennas/AMOS-5-INV-1090MHz/index.html>
> I'll fix it after Field Day.
>
> --
> # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
> # 831-336-2558
> #http://802.11junk.com* * * * * * * je...@cruzio.com
> #http://www.LearnByDestroying.com* * * * * * * AE6KS
Hey, I do my experiments in the field, since I would be snooped in the
field. Dr. Diana Ross said "Ain't nothing like the real thing baby."
Also, I like black coffee. My theory is the more complicated the
drink, the bigger the jerk!
I suspect the blackberry has the probe option for connecting to
stealth WAPs. Otherwise, it seems like a bad idea to broadcast your
wifi er um hookups.
Regarding ADSB, I have a j-pole cut and measured for 1090. You need to
be omni for ADSB. Also you do want some overhead reception.
I have an inverted AMOS that I tweaked to 300 ohms with the optimizer.
The idea was to parallel six and get it down to 50 ohmsm and put the
AMOS in a circle or six sided reflector to get omni. I never could
figure out how to get the transmission line hook up done in nec2. I
also gave the inverted amos a slight electrical tilt since most of the
targets will be higher than the antenna, not at the horizon.
Funny thing about the Kinentics stock antenna. Is it 1700MHz or so.
They must peddle some GSM antenna with the box. The homemade j-pole
is better than the DPD so called high gain antenna, which I suspect is
a coax colinear.
The j-pole does about 250miles. More gain would be better though.
Often the trails are not smooth at that distance, indicating missed
hits. About 300 miles is the theoretical limit due to line of sight
and the altitudes (target and observer).
On Thu, 23 Jun 2011 09:36:22 +0100, JamesK181 wrote:
> Shadow <Sh@dow.br> wrote in
> news:5f250755dhmceffg7lddm1um2j7hdvj0jr@4ax.com:
>
>> On Wed, 22 Jun 2011 14:33:59 -0700 (PDT), "miso@sushi.com"
>> <miso@sushi.com> wrote:
>>
>>>On Jun 22, 7:02Â*am, Shadow <S...@dow.br> wrote:
>>>> On Wed, 22 Jun 2011 08:15:44 +0000 (UTC), "humpty-dumpty"
>>>
>>>Is it possible for any signal to turn off or reset your wifi? Seems to
>>>me only the PC itself could alter the wifi settings.
>> See my first reply. Roaming changes the settings. XP can look
>> for the strongest signal. It will jump from one to another (hence
>> "changing the settings"
>> As to resetting the connection, or turning off the connection,
>> the hotspot owner could do that with a push of a switch, specially if
>> he thought someone was leeching.
>> []'s
>
> By "changes the settings" you mean what exactly? Changes the MAC address
> it associates with? If that's the case how does a user keep a connection
> if the signal strength drops off from one AP-windows will auto connect
> to another MAC and you lose your connection. Will it also create a new
> entry in the Registry for a new NIC card in any situation?
Yes , windows creates a new entry if you plug in a new card. New
MAC address and all. And yes, it will connect to the strongest point, and
change IP settings though DHCP. Hence "changing the settings"
> Also, have no idea what you mean (do you?) by "flip of the switch".
If the hotspot is open the guy is probably has some kind of mac
filtering. So he could easily blacklist your mac. Or he could flip the
switch if the only customers there were drinking the same cup of coffee
for hours. Literally flip the switch to off. Then the PCs would try to
hook up to the next strongest signal.
But the first poster gave no idea of the setup. So it's just
guessing.
[]'s
PS I rarely use Windows for wifi "research". My headers are
munged. Posting this with Pan 1.3.5/Gnome. So take it with a pinch of salt.
Meanwhile, at the alt.internet.wireless Job Justification Hearings,
cabbagebyanyothername chose the tried and tested strategy of:
> If XP, for example, changes it's MAC AP association based on
> signal strength, is this not a hazard for hijacking the XP
> user's browsing session? One second he is connected to AP-1
> and the next he is associated with stronger AP/MAC of
> cracker.
Recent versions of Windows [since XP SP2? 3?] won't connect to an open AP
without warning the user they're doing something potentially risky. So the
hacker will have to convince the user to connect somehow and then ignore the
warning. Calling the network "Bob's Coffee - Free Wifi!" would probably do
the trick. Some wireless managers that come with wifi adaptors may not give
such warnings.
> Seems to me that cracker can fire up a stronger
> radio and re-route all the XP connections to his AP? I am
> sure I am missing something here or not understanding it
> correctly.
IME XP isn't very good at hopping to a stronger AP unbidden. This may vary
by chipset and driver, however.
--
<http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm@ale.cx)
23:41:01 up 5 days, 6:14, 5 users, load average: 3.04, 1.05, 0.43
"People believe any quote they read on the internet
if it fits their preconceived notions." - Martin Luther King
Re: Wireless hacks 
Linear Mode
