Re: Help: Can anyone identify what this is?
I'm a pen tester by trade. I don't believe these are for wireless attacks. They appear to be RF signal detectors; the dB scale is to indicate signal strength and for locating the proximity of broadcasting access points or devices. Sent from [ProtonMail](https://protonmail.ch), encrypted email based in Switzerland. -------- Original Message -------- Subject: Re: Help: Can anyone identify what this is? Time (GMT): Mar 20 2015 01:49:12 From: alfiej@fastmail.fm To: coderman@gmail.com CC: cypherpunks@cpunks.org, cryptography@metzdowd.com On Fri, Mar 20, 2015, at 11:21 AM, coderman wrote:
On 3/18/15, Alfie John wrote: this is likely automated wifi attack gear. the three units together could cover channels 1, 6, 11 concurrently. (in my own kit, 4-8 radios is sweet spot)
Well that's interesting. I wondered why there were three units.
the extra battery capacity lets it run for days attacking on full auto.
He put it in near the stairwell door (almost next to our door RFID), but it was in full view of anyone walking to the elevators. So I don't think he was trying to hide, otherwise he would have done it from behind the stairwell door and not in plain sight. Maybe it was just bad opsec?
you should be running wireless intrusion (e.g. custom kismet?) monitoring to look for malicious activity. and of course, it is time to change all your WPA2 passwords! (or switch to WPA-Enterprise)
Awesome. Thanks for the advice. Will look wireless intrusion detection. WPA-Enterprise too. Alfie -- Alfie John alfiej@fastmail.fm
On Fri, Mar 20, 2015, at 01:05 PM, Archivists wrote:
I'm a pen tester by trade. I don't believe these are for wireless attacks. They appear to be RF signal detectors; the dB scale is to indicate signal strength and for locating the proximity of broadcasting access points or devices.
Thanks for your input Archivists. So I guess detector vs jammer vs pineapplism isn't definitive (which is what I was hoping for). Alfie -- Alfie John alfiej@fastmail.fm
On 3/19/15, Archivists <archivists@protonmail.ch> wrote:
I'm a pen tester by trade. I don't believe these are for wireless attacks.
citation needed :P
They appear to be RF signal detectors; the dB scale is to indicate signal strength and for locating the proximity of broadcasting access points or devices.
9dBm / 18dBm / 23 dBm / 30 dBm - these are xmit powers common for 2.4Ghz. 200mW on rightmost device? it would need to be next to an access point for detection at that level with those antennas. (not likely in stairwell) however, 200mW is a common output power level for 802.11bg. and a stairwell carries lots of traffic - e.g. many devices going by. of course, without more info, it could be anything. i still put my money on offensive kit...
On Fri, Mar 20, 2015, at 02:26 PM, coderman wrote:
On 3/19/15, Archivists <archivists@protonmail.ch> wrote:
I'm a pen tester by trade. I don't believe these are for wireless attacks.
citation needed :P
They appear to be RF signal detectors; the dB scale is to indicate signal strength and for locating the proximity of broadcasting access points or devices.
9dBm / 18dBm / 23 dBm / 30 dBm - these are xmit powers common for 2.4Ghz. 200mW on rightmost device? it would need to be next to an access point for detection at that level with those antennas. (not likely in stairwell)
however, 200mW is a common output power level for 802.11bg. and a stairwell carries lots of traffic - e.g. many devices going by.
of course, without more info, it could be anything. i still put my money on offensive kit...
Ok wow, that's very interesting! Thanks for the tip. Alfie -- Alfie John alfiej@fastmail.fm
participants (3)
-
Alfie John -
Archivists -
coderman