Prevent users from using connectifyme to share wifi
-
ok thanks alot
-
i don't know the product, but as far as i can tell, you have no way to detect it.
you can probably get your wireless controller to list rogue AP's & some solutions offer autmatic containment or blocking of rogue AP's)
Dicey proposition unless, maybe, they are spoofing your SSID, which is what I would call a "rogue AP."
http://www.networkworld.com/article/3042454/mobile-wireless/wi-fi-hotspot-blocking-persists-despite-fcc-crackdown.html
-
derelict:
yes, actively disrupting connections towards a "rogue AP' is a big NO.but you could block access for the "rogue' device on you wired/wireless network . (either on your switches or on your wireless controller).
-
Thanks all
-
Spoofing your SSID is not a rouge unless they on your actual network.. Just because someone uses the same ssid does make them rouge, makes them a dick but not a rouge.. An AP on your network that is not yours would be a rouge..
So this connectivity software is a software AP/router, so yes since this client is on your network and then providing others access this would be rouge. Here is your problem they are all using his mac which is authed through your CP?.. So you need to detect that he has multiple connections running which I assume he is natting? You could look for packets coming from him with less TTL.. since they went through different hop.
I would look for IP with large amount of sessions all over the place.. Here is a way to detect the nat via change in the TTL
http://www.sflow.org/detectNAT/ -
I have an open WiFi SSID called My Hotel WiFi.
The problem is someone putting up an access point with the My Hotel WiFi SSID that is NOT on my network or is MITM for the traffic on its way to my network.
There is no reason - other than nefarious ones - for someone to put up a network like that and, in my opinion, I am well within my rights to tell my controller to tell the close APs clobber the snot out of that access point in order to protect my users.
-
^ completely agree with you. Just saying by definition it is not a "rogue"
A rogue access point is a wireless access point that has been installed on a secure network without explicit authorization from a local network administrator. If it is not on your network its not by definition a rouge..
If your ssid is "whatever", and there is some other AP using the same ssid "whatever" then that is a problem for your users and sure you should be able to do whatever it is you want to prevent/counter that.. Now if your using the default linksys ssid, and the guy next door also has linksys and didn't change his ssid prob not a nefarious attempt.
Now if someone connects a AP be it hardware or software and its on your network then sure its a rogue.. I have a hard time with typo on this word? ;) rogue not rouge heheheh
Blocking this sort of thing on pfsense going to be hard.. Especially if they nat, but if this AP works how normal and clients to the AP use their own mac, then they would have to auth to your CP just like any other client.. But if they are natting and your not seeing their mac then you have a problem stopping them with CP. Other methods would need be deployed.
-
The Ruckus controller uses the term Rogue to be an access point it does not control offering SSIDs that are not configured on your access points and the term Malicious Rogue for access points that are using one of your configured SSIDs. They can receive different "treatment."
In a public environment (hotel, airport, coffee shop, etc) chasing rogues as defined is a fool's errand.
In a corporate environment it is a much different issue.
-
Seems this issue is a pressing one. Thanks to all the replies I have gotten.
-
Agree again Derelict - in a corp setup could be a real issue. With a public hotspot sort of setup worse case is you have someone either doing a mitm on your users which is more of an issue for your users than you running the hotspot. Or users sharing an access what only 1 user paid for, etc. While guess this a problem for the hotspot running, not really that big of a security issue like it would be in a corp setup.
You could play with the nat script I pointed out in trying to track down the people doing this..
