Yes, but this doesn't involve MAC spoofing, which was what the question was
specifically about. Unless you have two-way authentication, a la 802.1x (not
typically available even at for-pay hotspots), clients have no way of
knowing they're talking to a legitimate AP.
Seems like what you suggest could be done, but would be high-risk for the
hacker. He would probably have to be physically inside the hotspot, in order
to generate a strong enough signal to make it likely that some client would
connect to him. Then other stations with borderline signals from both APs
would either thrash or refuse to connect, someone would report it to the
hotspot owner, and the hacker might get caught. Plus, the hacker would
probably need to replicate the hotspot's splash page very accurately. Not
saying it couldn't be done, but given the existence of so many unsecured,
completely unauthenticated hotspots, I think it would be low on the target
list for a malicious wardriver. Too much work, too much risk, too easy to go
for the low-hanging fruit.
"Mark Cabiling" <(E-Mail Removed)> wrote in message
news:40a7e2c1$0$19017$(E-Mail Removed)...
> An "easier" way to do this is to spoof the wireless ISP's portal
> (usually a captive portal system such as NoCat) and setting up an AP
> with the same SSID on full power next to the WISP access point (forcing
> his card to connect to your AP). The user will log in thinking that he
> was on the good portal... then u have to kickoff the user and let him
> relog on the normal portal (or relay to the normal portal). And thus you
> got his login and password and MAC...
>
> Mark
>
> --
> Check out :
> http://mark.cabiling.free.fr/mobilemesh
>
> gary wrote:
> > If a public hotspot is providing access to a customer-pay ISP (like
> > T-Mobile), then customer authentication is required, and this is a
secure
> > http transaction. Yes, you could monitor for the MAC address of someone
> > already logged in, but if you tried to open your own TCP connection by
> > spoofing that address, both your client and the legitimate client would
> > receive all downstream IP packets. This would generate errors on both
> > clients, and quite likely cause terminal consfusion. At the very least,
the
> > legitimate user would become aware that something is very wrong. And,
once
> > the legitimate user has logged off, his MAC address alone is useless to
> > you - you'd need the userid/password to reauthenticate.
> >
> >
> > "ahh" <(E-Mail Removed)> wrote in message
> > news:Z46dnUKYt53SyzrdRVn-(E-Mail Removed)...
> >
> >>What prevents cloning of another computer in a paid hotspot? Is it just
> >
> > the
> >
> >>Mac address? Wouldn't it be simple to snatch another computers
> >>identification at an airport hotspot and then surf the net with the
> >
> > hotspot
> >
> >>thinking you were that computer that already bought access? It would
seem
> >>they would have found a solution to stop this otherwise I would be
reading
> >>about it more. But as of now I don't even know what words to search for
> >
> > to
> >
> >>find information on this.
> >>
> >>
> >
> >
> >
>
Similar Threads
Linear Mode
