Forum Thread

Community Network

Queeny6411 20 August 29, 2016 at 06:03 PM
Thank you in advance to anyone who is willing to share their hard earned knowledge!

So I live within Community that offers Wi-Fi for a monthly fee. I feel like the network has been tampered with, and someone is monitoring the communities network usage. Maybe even created an "Evil Twin" AP?

My question is, what networking tools should I use to prove that the community network has been compromised. And do I use them?

Any info./guidance would be most appreciated.

16 Comments

1 2

Sign up for a Slickdeals account to remove this ad.

Joined Jun 2008
I Trade Your Bing Credit$
739 Posts
82 Reputation
#2
depends how much you know about the community wifi,

most simple one i think is look at the MAC address. you can google what company owns that MAC for a simple quick check(they may change MAC to match the original, but can't use the exact same one).
if it's Apple, but the genuine one Cisco, then it maybe fake, need both should be able to show up on scan to prove.
less likely they only have one, so it's harder to find out.
i don't have any app to recommend.
but can use arp -a in command prompt to show current connected wifi's MAC,

locate it by signal strength, see if match the actual location, directional antenna is better.

ask them to add VPN or use your own.
Reply Helpful Comment? 0 0
Last edited by Left4Deal August 29, 2016 at 08:46 PM
Drunk driving on the sea to find deals.
95% of sea remains unexplored,
unseen by human eyesbulb.
Joined Aug 2005
L10: Grand Master
12,662 Posts
4,824 Reputation
Pro
#3
Can you share more info on how it works? Is it open wifi? Does everyone have their own wifi password? Is it a shared password between different houses/families? What makes you think it's been compromised or is being tampered with? Have you considered using a VPN?
Reply Helpful Comment? 0 0
Vague questions receive vague answers . . . . . .
#4
Personally, I would not use a wifi network from my home I did not control. Just asking for trouble and absolutely no reason for it if you have your own router.

If you are talking about wifi access in some common area\rec center or other such thing, I would just get a vpn client installed and make sure you always go through it if you absolutely need to connect via wifi from those locations.
Reply Helpful Comment? 0 0
#5
If you don't control or have access to the router providing access then there is little you can do aside from trying to protect yourself. I would suggest not using that network for anything that is important. If it is open, the general assumption is that someone can simply see everything that you are doing if they try hard enough.

If you have access to the router, as said earlier, logging and matching MAC addresses and cycling passwords for everything is a decent thing to do. As for the Evil twin API, that sounds amazingly paranoid, but you could just change or shut off the normal network and see what is still there. More likely, if someone got into a router they are simply redirecting traffic. Spoofing is rather hard to do and not worth the effort in most cases.

There are much easier ways to learn something via wifi.
Reply Helpful Comment? 0 0
Caldari on the streets
Minmatar in the sheets
Joined Jun 2005
Let Sleeping Dogs Lie
5,848 Posts
2,388 Reputation
#6
they are probably using private IPs within the network and a proxy server it is them who is monitoring

see this if you want to stop using the internet all together

https://www.bluecoat.com/products...management

The SSL Visibility Appliance Gives you ‘x-ray’ vision into all your encrypted traffic and lets you easily add SSL/TLS decryption and inspection capabilities to your existing network security solutions, as well as your advanced threat protection solutions. This appliance utilizes Blue Coat’s unrivaled Global Intelligence Network for up-to-date threat knowledge and traffic
Reply Helpful Comment? 0 0
#7
Quote from komondor View Post :
they are probably using private IPs within the network and a proxy server it is them who is monitoring

see this if you want to stop using the internet all together

https://www.bluecoat.com/products...management

The SSL Visibility Appliance Gives you 'x-ray' vision into all your encrypted traffic and lets you easily add SSL/TLS decryption and inspection capabilities to your existing network security solutions, as well as your advanced threat protection solutions. This appliance utilizes Blue Coat's unrivaled Global Intelligence Network for up-to-date threat knowledge and traffic
These shared networks are practically never well implemented and often done in violation of the ISP's terms of service. Yet some people feel obliged to use them because they're paying something for it through rent or an HOA.


For that bluecoat product to work, you have to add a certificate or CA to the computers don't you? or does it have modules to exploit various ssl bugs?
Reply Helpful Comment? 0 0
Why do conservative politicians oppose conservation?
Have you ever stopped to think the long-term GOP immigration policy might be to make the United States of America a less desirable place to live than Mexico?

"If you tell a lie big enough and keep repeating it, people will eventually come to believe it" -Joseph Goebbels
#8
Quote from jkee View Post :
These shared networks are practically never well implemented and often done in violation of the ISP's terms of service. Yet some people feel obliged to use them because they're paying something for it through rent or an HOA.


For that bluecoat product to work, you have to add a certificate or CA to the computers don't you? or does it have modules to exploit various ssl bugs?
Quote from jkee View Post :
These shared networks are practically never well implemented and often done in violation of the ISP's terms of service. Yet some people feel obliged to use them because they're paying something for it through rent or an HOA.


For that bluecoat product to work, you have to add a certificate or CA to the computers don't you? or does it have modules to exploit various ssl bugs?
Yeah, you need a certificate. This wouldn't be something performed on a community network like this. You don't actually need the certificate to perform the SSL inspection, but without it being installed on the user's devices they will get a certificate warning. Most people probably click through these without any worries, but this is one good reason why they shouldn't.
Reply Helpful Comment? 0 0
Last edited by PerfectPoo September 1, 2016 at 01:02 PM

Sign up for a Slickdeals account to remove this ad.

Joined Jun 2005
Let Sleeping Dogs Lie
5,848 Posts
2,388 Reputation
#9
Well Bluecoat is owned by Symantec which owns Verisign
Reply Helpful Comment? 0 0
#10
Quote from komondor View Post :
Well Bluecoat is owned by Symantec which owns Verisign
And I'm sure they provide fraudulent certs to certain entities, probably including your employer.
Reply Helpful Comment? 0 0
#11
Quote from LiquidRetro View Post :
Can you share more info on how it works? Is it open wifi? Does everyone have their own wifi password? Is it a shared password between different houses/families? What makes you think it's been compromised or is being tampered with? Have you considered using a VPN?

Well, my community goes through a hotel guest Internet access company. And each owner, if subscribed, each has their own login on the provided splash page.

But the reason I think someone is tampering with it is because when I first boot up my computer, there's always updates being done to my registry.
And I have norton anti-virus installed but there's a little flag in the notifications that says I need to find an anti-virus online.
Or when checking my Gmail on my phones chrome browser, it just redirects and wont load.


Evil twin AP was like the only thing I was able to come up on google when trying to figure out what may be going on.

Not to mention my Command Prompt has disappeared from my start menu. Only way I can access that is windows+R
Reply Helpful Comment? 0 0
Last edited by Queeny6411 September 5, 2016 at 07:25 PM
#12
Quote from Queeny6411 View Post :
Well, my community goes through a hotel guest Internet access company. And each owner, if subscribed, each has their own login on the provided splash page.

But the reason I think someone is tampering with it is because when I first boot up my computer, there's always updates being done to my registry.
And I have norton anti-virus installed but there's a little flag in the notifications that says I need to find an anti-virus online.
Or when checking my Gmail on my phones chrome browser, it just redirects and wont load.


Evil twin AP was like the only thing I was able to come up on google when trying to figure out what may be going on.

Not to mention my Command Prompt has disappeared from my start menu. Only way I can access that is windows+R
That type of network is insecure anybody in range can snoop on your un-encrypted communications. i wouldn't use it and would complain loudly about paying for it...


The issues you mention are all software related, possibly (but not too liekly) even malware.
Reply Helpful Comment? 0 0
Joined Aug 2005
L10: Grand Master
12,662 Posts
4,824 Reputation
Pro
#13
Quote from Queeny6411 View Post :
Well, my community goes through a hotel guest Internet access company. And each owner, if subscribed, each has their own login on the provided splash page.

But the reason I think someone is tampering with it is because when I first boot up my computer, there's always updates being done to my registry.
And I have norton anti-virus installed but there's a little flag in the notifications that says I need to find an anti-virus online.
Or when checking my Gmail on my phones chrome browser, it just redirects and wont load.


Evil twin AP was like the only thing I was able to come up on google when trying to figure out what may be going on.

Not to mention my Command Prompt has disappeared from my start menu. Only way I can access that is windows+R
Ya could be the redirection thing is some times required as those tend to reset. Either way I would scan my computer with Malwarebytes free and see what it found. It's possible you have a stuck update but i would suspect the wifi as well.
Reply Helpful Comment? 0 0
#14
Quote from Queeny6411 View Post :
Well, my community goes through a hotel guest Internet access company. And each owner, if subscribed, each has their own login on the provided splash page.

But the reason I think someone is tampering with it is because when I first boot up my computer, there's always updates being done to my registry.
And I have norton anti-virus installed but there's a little flag in the notifications that says I need to find an anti-virus online.
Or when checking my Gmail on my phones chrome browser, it just redirects and wont load.


Evil twin AP was like the only thing I was able to come up on google when trying to figure out what may be going on.

Not to mention my Command Prompt has disappeared from my start menu. Only way I can access that is windows+R
all of those except the gmail can be explained by an infected or screwed up windows install... Occam's razor.

as for gmail on your phone - where exactly is it redirecting you to?
Reply Helpful Comment? 0 0
#15
Quote from Ero View Post :
all of those except the gmail can be explained by an infected or screwed up windows install... Occam's razor.

as for gmail on your phone - where exactly is it redirecting you to?
It just keeps refreshing, won't load

https://mail.google.com/mail/mu/mp/937/#all


Have any of you ever heard of Mikrotik? What is it and can somebody use that maliciously? Whenever I go to 192.168.100.1 to login, sometimes it says Mikrotik and other times it says our hotel management companies name.
Reply Helpful Comment? 0 0
Last edited by Queeny6411 September 22, 2016 at 06:56 AM
Page 1 of 2
1 2
Join the Conversation
Add a Comment
 
Copyright 1999 - 2016. Slickdeals, LLC. All Rights Reserved. Copyright / Infringement Policy  •  Privacy Policy  •  Terms of Service  •  Acceptable Use Policy (Rules)  •  Interest-Based Ads
Link Copied to Clipboard