Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Prevent users from using connectifyme to share wifi

    Scheduled Pinned Locked Moved General pfSense Questions
    12 Posts 4 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      tripplex
      last edited by

      ok thanks alot

      1 Reply Last reply Reply Quote 0
      • DerelictD Offline
        Derelict LAYER 8 Netgate
        last edited by

        @heper:

        i don't know the product, but as far as i can tell, you have no way to detect it.

        you can probably get your wireless controller to list rogue AP's & some solutions offer autmatic containment or blocking of rogue AP's)

        Dicey proposition unless, maybe, they are spoofing your SSID, which is what I would call a "rogue AP."

        http://www.networkworld.com/article/3042454/mobile-wireless/wi-fi-hotspot-blocking-persists-despite-fcc-crackdown.html

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • H Offline
          heper
          last edited by

          derelict:
          yes, actively disrupting connections towards a "rogue AP' is a big NO.

          but you could block access for the "rogue' device on you wired/wireless network . (either on your switches or on your wireless controller).

          1 Reply Last reply Reply Quote 0
          • T Offline
            tripplex
            last edited by

            Thanks all

            1 Reply Last reply Reply Quote 0
            • johnpozJ Offline
              johnpoz LAYER 8 Global Moderator
              last edited by

              Spoofing your SSID is not a rouge unless they on your actual network..  Just because someone uses the same ssid does make them rouge, makes them a dick but not a rouge..  An AP on your network that is not yours would be a rouge..

              So this connectivity software is a software AP/router, so yes since this client is on your network and then providing others access this would be rouge.  Here is your problem they are all using his mac which is authed through your CP?..  So you need to detect that he has multiple connections running which I assume he is natting?  You could look for packets coming from him with less TTL.. since they went through different hop.

              I would look for IP with large amount of sessions all over the place..  Here is a way to detect the nat via change in the TTL
              http://www.sflow.org/detectNAT/

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • DerelictD Offline
                Derelict LAYER 8 Netgate
                last edited by

                I have an open WiFi SSID called My Hotel WiFi.

                The problem is someone putting up an access point with the My Hotel WiFi SSID that is NOT on my network or is MITM for the traffic on its way to my network.

                There is no reason - other than nefarious ones - for someone to put up a network like that and, in my opinion, I am well within my rights to tell my controller to tell the close APs clobber the snot out of that access point in order to protect my users.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • johnpozJ Offline
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  ^ completely agree with you.  Just saying by definition it is not a "rogue"

                  A rogue access point is a wireless access point that has been installed on a secure network without explicit authorization from a local network administrator.  If it is not on your network its not by definition a rouge..

                  If your ssid is "whatever", and there is some other AP using the same ssid "whatever" then that is a problem for your users and sure you should be able to do whatever it is you want to prevent/counter that.. Now if your using the default linksys ssid, and the guy next door also has linksys and didn't change his ssid prob not a nefarious attempt.

                  Now if someone connects a AP be it hardware or software and its on your network then sure its a rogue.. I have a hard time with typo on this word? ;)  rogue not rouge heheheh

                  Blocking this sort of thing on pfsense going to be hard.. Especially if they nat, but if this AP works how normal and clients to the AP use their own mac, then they would have to auth to your CP just like any other client.. But if they are natting and your not seeing their mac then you have a problem stopping them with CP.  Other methods would need be deployed.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • DerelictD Offline
                    Derelict LAYER 8 Netgate
                    last edited by

                    The Ruckus controller uses the term Rogue to be an access point it does not control offering SSIDs that are not configured on your access points and the term Malicious Rogue for access points that are using one of your configured SSIDs. They can receive different "treatment."

                    In a public environment (hotel, airport, coffee shop, etc) chasing rogues as defined is a fool's errand.

                    In a corporate environment it is a much different issue.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • T Offline
                      tripplex
                      last edited by

                      Seems this issue is a pressing one. Thanks to all the replies I have gotten.

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ Offline
                        johnpoz LAYER 8 Global Moderator
                        last edited by

                        Agree again Derelict - in a corp setup could be a real issue.  With a public hotspot sort of setup worse case is you have someone either doing a mitm on your users which is more of an issue for your users than you running the hotspot.  Or users sharing an access what only 1 user paid for, etc.  While guess this a problem for the hotspot running, not really that big of a security issue like it would be in a corp setup.

                        You could play with the nat script I pointed out in trying to track down the people doing this..

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.