Forgot your password?
typodupeerror
Australia Security Wireless Networking IT Linux

Fighting Rogue Access Points At linux.conf.au 80

Posted by timothy
from the your-boy-zoolander's-on-the-move dept.
An anonymous reader writes "Last week's linux.conf.au saw the return of the rogue access points. These are Wi-Fi access points which bear the same SSID as official conference hotspots. Often it might be a simple mistake, but sometimes it's more nefarious. To combat the attacks this year, conference organisers installed a Linux-based Wi-Fi 'intrusion prevention and detection system' supplied by sponsor Xirrius." At most conferences I've been to, I'd be grateful just to be able to get on any access point.
This discussion has been archived. No new comments can be posted.

Fighting Rogue Access Points At linux.conf.au

Comments Filter:
  • by vlm (69642) on Tuesday January 24, 2012 @01:34PM (#38807623)

    Note for next revision of the protocol... public key signed SSID names. Or SSL certed SSIDs

  • by King_TJ (85913) on Tuesday January 24, 2012 @01:35PM (#38807631) Journal

    As wi-fi becomes a mainstream Internet on-ramp when you're out and about, I think the rogue AP issue needs to be addressed FAR better than it is today. As the story's submitter said, tech. conferences might be the least of the problem since most of the time, you've got a massive flood of wi-fi usage attempts concentrated under one roof at such things. The tech-savvy will already plan on other forms of connectivity (such as 3G or 4G cellular). Plus, the vast majority of conference-goers are trying to send photos, video or blog entries of the happenings ... not taking out time to do their online banking, shopping or what-not. So rogue sites trying to scape for data are less likely to capture anything really useful.

    My co-workers have started asking me, "How do I know if it's safe to connect to a wi-fi hotspot when I'm traveling?" ... and I'm realizing the answer isn't very clear-cut. I can advise them that certain companies contract to provide thousands of APs for chain restaurants, and typically have an AP identifying themselves as such. (You'll often see an SSID of "wayport" at a McDonalds for example.) But beyond that, the average laptop or smartphone user really doesn't even think about someone spoofing a legitimate-looking SSID. I've even run across such things as multiple SSIDs showing up with no password at our airport, where I knew at least 1 or 2 of them were fakes. (One had an SSID of "airport wifi", as I recall, when I know our airport only provides wifi in the terminal waiting area via AT&T - who would NOT name it anything like that.)

  • by Hatta (162192) on Tuesday January 24, 2012 @01:47PM (#38807849) Journal

    My co-workers have started asking me, "How do I know if it's safe to connect to a wi-fi hotspot when I'm traveling?" ... and I'm realizing the answer isn't very clear-cut.

    The answer is very clear cut. All networks are hostile until proven otherwise. The solution is an encrypted tunnel back to a secure network. VPN or SSH tunneling are both easy to set up and use.

  • by Skarecrow77 (1714214) on Tuesday January 24, 2012 @04:50PM (#38810399)

    depends on what criteria you're talking about.

    If it's internet access, yeah most of europe and a good portion of asia kicks our ass.

    if it's access to junk food, guns, or street drugs... hard to beat the USA.

"The value of marriage is not that adults produce children, but that children produce adults." -- Peter De Vries

Working...