- This topic has 14 replies, 10 voices, and was last updated 8 years, 4 months ago by
SephStorm.
-
AuthorPosts
-
-
September 15, 2012 at 5:14 pm #7897
SephStorm
ParticipantWe have people connecting to a WAP that we are in charge of, but dont have admin access to, the service provider tells us that individuals are using the WiFi to download stuff, assuredly movies and other such stuff. Is there a tool that could dissociate wireless clients?
-
September 15, 2012 at 5:31 pm #49869
jinwald12
ParticipantMdk3 will suit your needs if scripted, or you can look into http://openwips-ng.org/index.html however it is immature at this time.
-
September 15, 2012 at 7:59 pm #49870
m0wgli
ParticipantWhy can’t the AP be secured?
If it’s someone whose supposed to be using the AP that is responsible for the questionable behaviour as identified by the ISP, then no wireless security measure is going to help anyhow.
An acceptable use policy may be some cover from any comeback on yourselves from it’s abuse (I’m not a lawyer, so don’t take that advice as absolute).
If it’s someone that’s not supposed to be using it, the problem with any disassociation method is that it will be MAC based as far as I’m aware. Whats to stop them from changing their MAC address and regaining access?
Anyhow, in addition to the advice already given, Aireplay from the Aircrack suite can also achieve this.
-
September 15, 2012 at 9:19 pm #49871
S3curityM0nkey
ParticipantYou could try using Aircrack-ng to send deauthentication packets to kick the device offline….
-
September 15, 2012 at 10:27 pm #49872
rattis
ParticipantThe problem with aircrack, the device will try to re-connect.
How are you required to be in charge of it, if you don’t have admin access to it. What do they expect you to do, to be in charge of it?
Is the ISP in charge of it?
Maybe overkill, but figure out where those people are connecting from, if possible. Deploy fake WAPs in those locations. Access points without internet access. Same name, stronger signal than the real WAP. Look into authentication options if you can.
-
September 15, 2012 at 10:35 pm #49873
shadowzero
ParticipantDisassociating clients is just a temporary measure that the client can easily work around. Better to just secure the AP itself to prevent these people from connecting. If the ISP expects you to secure it, tell them to give you admin access, or have them send someone with admin access to deal with it.
-
September 16, 2012 at 2:29 am #49874
jjwinter
ParticipantWireless issues aside, you could deploy Untangle behind the AP and filter any torrent-like activity, and block other undesirable stuff. You could also present an Acceptable Use policy users must click on.
I ran into a similar situation at a public library that offers free open wifi. The Untangle box made all the would-be torrent folks pick up and move on.
-
September 16, 2012 at 7:06 am #49875
SephStorm
ParticipantThis is a basic rundown, we are using temporary site, and there is a contract here that provides for wireless access. When we originally came to the site, the wifi was decent. We noticed significant issues as time went on, from users only being able to load 1-2 pages, ect. Well, the bosses called the company who did a survey. They stated it was users downloading from the living area while they were at the work site. Now I suggested that they ask the company to block the commonly used torrent ports and such, ultimately I am not in contact with the company myself, but my understanding is that the contract puts them in charge of the wired and wireless AP’s, but we as the customer have some sort of support.
-
September 16, 2012 at 4:44 pm #49876
jjwinter
ParticipantSo you have responsibility for AP’s you have no control over? What is your role there?
Trying to tackle this from “boot people off with deauth tools” seems like too much hassle.
-
September 17, 2012 at 8:32 am #49877
Jamie.R
ParticipantI would try secure the wireless to be honest as its the best way the other alternative is to use air crack and write de auth script
-
September 17, 2012 at 5:22 pm #49878
SephStorm
ParticipantThe closest example I could give would be if your company goes to a hotel for a conference, they provide wireless access for your use, but you dont control the APs.
-
September 17, 2012 at 8:58 pm #49879
rattis
ParticipantAt which point it shouldn’t be your problem, it should be the providers. Is the app and cable / dsl / whatever modem built in, or can you put a device between them?
if you can put something between them, I’d say go with the Untagled solution that jjwinter suggested.
Also have the person in charge let them know that what they are doing isn’t authorized and there will be penalties for being caught.
-
September 17, 2012 at 11:28 pm #49880
DataDwarf
ParticipantThere is NetCut, which is windows only:
http://www.arcai.com/netcut-faq/62-what-is-netcut.html
and recently released WiFiKiller for android:
http://thehackernews.com/2012/09/eject-any-wifi-device-from-network.html
-
October 2, 2012 at 12:16 am #49881
BillV
ParticipantI don’t think I noticed anyone recommend this, but what’s stopping you from unplugging the WAP in question and plugging your own in? Seems that’d solve all the problems.
-
October 2, 2012 at 6:15 pm #49882
SephStorm
Participantquite right, thank you all for the suggestions. I’m not sure what they did, but the internet has worked much better recently.
-
-
AuthorPosts
- You must be logged in to reply to this topic.