Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Prevent users from using connectifyme to share wifi

    Scheduled Pinned Locked Moved General pfSense Questions
    12 Posts 4 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H Offline
      heper
      last edited by

      i don't know the product, but as far as i can tell, you have no way to detect it.

      you can probably get your wireless controller to list rogue AP's & some solutions offer autmatic containment or blocking of rogue AP's)

      1 Reply Last reply Reply Quote 0
      • T Offline
        tripplex
        last edited by

        ok thanks alot

        1 Reply Last reply Reply Quote 0
        • DerelictD Offline
          Derelict LAYER 8 Netgate
          last edited by

          @heper:

          i don't know the product, but as far as i can tell, you have no way to detect it.

          you can probably get your wireless controller to list rogue AP's & some solutions offer autmatic containment or blocking of rogue AP's)

          Dicey proposition unless, maybe, they are spoofing your SSID, which is what I would call a "rogue AP."

          http://www.networkworld.com/article/3042454/mobile-wireless/wi-fi-hotspot-blocking-persists-despite-fcc-crackdown.html

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • H Offline
            heper
            last edited by

            derelict:
            yes, actively disrupting connections towards a "rogue AP' is a big NO.

            but you could block access for the "rogue' device on you wired/wireless network . (either on your switches or on your wireless controller).

            1 Reply Last reply Reply Quote 0
            • T Offline
              tripplex
              last edited by

              Thanks all

              1 Reply Last reply Reply Quote 0
              • johnpozJ Offline
                johnpoz LAYER 8 Global Moderator
                last edited by

                Spoofing your SSID is not a rouge unless they on your actual network..  Just because someone uses the same ssid does make them rouge, makes them a dick but not a rouge..  An AP on your network that is not yours would be a rouge..

                So this connectivity software is a software AP/router, so yes since this client is on your network and then providing others access this would be rouge.  Here is your problem they are all using his mac which is authed through your CP?..  So you need to detect that he has multiple connections running which I assume he is natting?  You could look for packets coming from him with less TTL.. since they went through different hop.

                I would look for IP with large amount of sessions all over the place..  Here is a way to detect the nat via change in the TTL
                http://www.sflow.org/detectNAT/

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • DerelictD Offline
                  Derelict LAYER 8 Netgate
                  last edited by

                  I have an open WiFi SSID called My Hotel WiFi.

                  The problem is someone putting up an access point with the My Hotel WiFi SSID that is NOT on my network or is MITM for the traffic on its way to my network.

                  There is no reason - other than nefarious ones - for someone to put up a network like that and, in my opinion, I am well within my rights to tell my controller to tell the close APs clobber the snot out of that access point in order to protect my users.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ Offline
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    ^ completely agree with you.  Just saying by definition it is not a "rogue"

                    A rogue access point is a wireless access point that has been installed on a secure network without explicit authorization from a local network administrator.  If it is not on your network its not by definition a rouge..

                    If your ssid is "whatever", and there is some other AP using the same ssid "whatever" then that is a problem for your users and sure you should be able to do whatever it is you want to prevent/counter that.. Now if your using the default linksys ssid, and the guy next door also has linksys and didn't change his ssid prob not a nefarious attempt.

                    Now if someone connects a AP be it hardware or software and its on your network then sure its a rogue.. I have a hard time with typo on this word? ;)  rogue not rouge heheheh

                    Blocking this sort of thing on pfsense going to be hard.. Especially if they nat, but if this AP works how normal and clients to the AP use their own mac, then they would have to auth to your CP just like any other client.. But if they are natting and your not seeing their mac then you have a problem stopping them with CP.  Other methods would need be deployed.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • DerelictD Offline
                      Derelict LAYER 8 Netgate
                      last edited by

                      The Ruckus controller uses the term Rogue to be an access point it does not control offering SSIDs that are not configured on your access points and the term Malicious Rogue for access points that are using one of your configured SSIDs. They can receive different "treatment."

                      In a public environment (hotel, airport, coffee shop, etc) chasing rogues as defined is a fool's errand.

                      In a corporate environment it is a much different issue.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • T Offline
                        tripplex
                        last edited by

                        Seems this issue is a pressing one. Thanks to all the replies I have gotten.

                        1 Reply Last reply Reply Quote 0
                        • johnpozJ Offline
                          johnpoz LAYER 8 Global Moderator
                          last edited by

                          Agree again Derelict - in a corp setup could be a real issue.  With a public hotspot sort of setup worse case is you have someone either doing a mitm on your users which is more of an issue for your users than you running the hotspot.  Or users sharing an access what only 1 user paid for, etc.  While guess this a problem for the hotspot running, not really that big of a security issue like it would be in a corp setup.

                          You could play with the nat script I pointed out in trying to track down the people doing this..

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.