Wireless Security
detecting IP address in WPA traffic Apr 23 2009 09:18PM
Robin Wood (dninja gmail com) (3 replies)
Re: detecting IP address in WPA traffic Apr 24 2009 12:03PM
Cedric Blancher (blancher cartel-securite fr)
Re: detecting IP address in WPA traffic Apr 24 2009 07:54AM
Ivan Davidkov (ivan davidkov gmail com)
Re: detecting IP address in WPA traffic Apr 24 2009 05:12AM
Mike Kershaw (dragorn kismetwireless net) (1 replies)
Re: detecting IP address in WPA traffic Apr 24 2009 06:45PM
Mike Kershaw (dragorn kismetwireless net)
On Fri, Apr 24, 2009 at 01:12:16AM -0400, Mike Kershaw wrote:
> On Thu, Apr 23, 2009 at 10:18:20PM +0100, Robin Wood wrote:
> > Hi
> > I've got kismet running and it has picked up a network which it says
> > is WPA/TKIP but it has also identified an IP address and marked it as
> > identified by TCP traffic. How could this be? The SSID is linksys so
> > it there may be another unencrypted linksys AP just out of range that
> > it picked up for a short period then lost but apart fro that I can't
> > think how it could get the IP address.
>
> It's gotten traffic which wasn't marked as encrypted and looked like
> tcp, OR it's seen that MAC when it wasn't encrypted and has a cached
> value OR it's somehow hitting the factory handlers. I'd have to see the
> pcap file. Contact me off-list since I'm sure most ppl here don't care.

Looks like you saw the AP previously unencrypted. It's not guessing a
factory IP range and there isn't any IP traffic for the linksys TKIP AP,
so it's using the old cached IP.

Newcore doesn't cache IP ranges; I suggest using that in general anyhow.

-m

--
Mike Kershaw/Dragorn <dragorn (at) kismetwireless (dot) net [email concealed]>
GPG Fingerprint: 3546 89DF 3C9D ED80 3381 A661 D7B2 8822 738B BDB1

"Hostility towards Microsoft is not difficult to find on the Net, and it
blends two strains: resentful people who feel Microsoft is too powerful,
and disdainful people who think it's tacky. This is all strongly reminiscent
of the heyday of Communism and Socialism, when the bourgeoisie were hated
from both ends: by the proles, because they had all the money, and by the
intelligentsia, because of their tendency to spend it on lawn ornaments."
-- Neal Stephenson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)

iEYEARECAAYFAknyCOAACgkQ17KIInOLvbFnvQCcCHX/xMM6BnUfTG+YgO7vOgBL
mc0AoN+UEgiEGEpleJGGFxS/k49xVoog
=SXUJ
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus