If someone hypothetically wanted to set up a NAT’d network under an enterprise network with WIDS/WIPS how detectable would it be?
I’m going to preface this by saying I am not looking for “just don’t do it” I am already highly considering that option but morbid curiosity wins and I am curious if it’s just an unbeatable system.
- You can authenticate by connecting a laptop then spoofing the MAC to the router. That covers authentication.
- Beacon broadcasting: One could hide the ssid but that does jack shit. does anyone know of a router software that can suppress beacons and only respond to probes?
- TTL Inspection: that one is easy just set it to 128
- rf triangulation: this one seems like the biggest issue. If there was a rouge AP several of the enterprise ap’s could just triangulate based on rssi. that one seems like the real issue here, I thought of having variable Tx power but then realised they probably do it based on the difference in power at several ap’s at any given time so that could ruin that plan.
- DHCP fingerprints seem simple enough to deal with because opnsense default wan dhcp is pretty distinctive but that could be easily spoofed as another device.
Anyways, that’s all. Please tell me any information that I got completely wrong or any other interesting stuff about enterprise networks or if you have any suggestions on how someone could potentially solve some of the listed problems. I really am just curious to learn and don’t intend to hypothetically implement really any of this because routers are allows just not wireless ap’s and i don’t need that anyways.
[link] [comments]
from hacking: security in practice https://ift.tt/HKCOf8k
Comments
Post a Comment