{"id":130236,"date":"2009-12-07T15:36:00","date_gmt":"2009-12-07T20:36:00","guid":{"rendered":"tag:blogger.com,1999:blog-7196788127833928948.post-6649497434838172701"},"modified":"2009-12-07T15:36:00","modified_gmt":"2009-12-07T20:36:00","slug":"corporate-guest-wlan-the-best-place-for-eavesdropping-to-interesting-traffic","status":"publish","type":"post","link":"https:\/\/mereja.media\/index\/130236","title":{"rendered":"Corporate Guest WLAN &#8211; The best place for Eavesdropping to Interesting Traffic"},"content":{"rendered":"<p>When pen-testing a corporation, always look for the Guest WLAN. If there is one and you manage to get on it, you are in luck!<br \/>Corporate Guest WLANs are a great place to get a lot of interesting and possibly confidential information without much effort. And this is simply because there are a lot of corporate laptops on the same WLAN.<\/p>\n<p>Ofcourse, you&#8217;ll discuss that the corporate devices have wired access to the internet, which is much more reliable and faster. But also, the wired infrastructure is fully controlled by IT &#8211; with web filters, content filters etc. So on the guest WLAN you can easily find the following high-profile targets related to the corporation:<\/p>\n<ol>\n<li><span style=\"font-weight: bold;\">corporate laptop holders <\/span>&#8211; usually employees higher in the hierarchy who just got bored from the restrictions of the corporate Internet filters can easily turn on their wi-fi and check the private e-mail, or just download something.<\/li>\n<li><span style=\"font-weight: bold;\">corporate guests<\/span> &#8211; most visitors to corporations have WLAN enabled devices, ranging from mobile phones\/pda, over netbooks to full blown laptops<span style=\"font-weight: bold;\"><\/span><\/li>\n<li><span style=\"font-weight: bold;\">external contractors<\/span> &#8211; a lot of corporations will isolate external contractors to the guest WLAN for internet access.<\/li>\n<\/ol>\n<p><span style=\"font-weight: bold;\">The following diagram is an example of hunting for interesting targets in the corporate WLAN<\/span><br \/><a onblur=\"try {parent.deselectBloggerImageGracefully();} catch(e) {}\" href=\"http:\/\/3.bp.blogspot.com\/_Hu1rpxRsqcU\/Sx1ozchKamI\/AAAAAAAAAY4\/Fb4YxrGxZ7E\/s1600-h\/Wireless_Snare_Trap.jpg\"><img decoding=\"async\" style=\"margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 320px;\" src=\"http:\/\/3.bp.blogspot.com\/_Hu1rpxRsqcU\/Sx1ozchKamI\/AAAAAAAAAY4\/Fb4YxrGxZ7E\/s320\/Wireless_Snare_Trap.jpg\" alt=\"\" id=\"BLOGGER_PHOTO_ID_5412597560207108706\" border=\"0\" \/><\/a><br \/>The diagram clearly depicts the high concentration of possible high profile targets &#8211; marked in red color.<\/p>\n<p>One can always make the argument that the same attack can be made within a Mall, or even in the home networks of those interesting targets. This argument is completely true, but in a Mall your high profile targets are blended in the multitude of the students, casual freebie surfers and even the mall store clerks with their WLAN devices.<\/p>\n<p>And the home environment is even more difficult, because the high profile targets are dispersed all over the city, and you may not know where they reside. So, sniffing the networks one specific high profile target will bring a lot of costs to the attacker.<\/p>\n<p><span style=\"font-weight: bold;\">The following diagram is an example of the difficulties in sniffing for interesting targets in the home or public places WLAN<\/span><\/p>\n<p><a onblur=\"try {parent.deselectBloggerImageGracefully();} catch(e) {}\" href=\"http:\/\/1.bp.blogspot.com\/_Hu1rpxRsqcU\/Sx1pwoPj0jI\/AAAAAAAAAZA\/Uq_asoz3YzM\/s1600-h\/Snare_Trap_In_Houses.jpg\"><img decoding=\"async\" style=\"margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 282px;\" src=\"http:\/\/1.bp.blogspot.com\/_Hu1rpxRsqcU\/Sx1pwoPj0jI\/AAAAAAAAAZA\/Uq_asoz3YzM\/s320\/Snare_Trap_In_Houses.jpg\" alt=\"\" id=\"BLOGGER_PHOTO_ID_5412598611326521906\" border=\"0\" \/><\/a><br \/><span style=\"font-weight: bold;\">So, for my money, I&#8217;ll always prefer to sniff for traffic in the corporate guest WLAN<\/span><\/p>\n<p>Talkback and comments are most welcome<\/p>\n<p>Related posts<br \/><a href=\"http:\/\/www.shortinfosec.net\/2008\/04\/5-rules-to-home-wi-fi-security.html\">5 Rules to Home Wi-Fi Security<\/a><br \/><a href=\"http:\/\/www.shortinfosec.net\/2008\/07\/example-bypassing-wifi-mac-address.html\">Example &#8211; Bypassing WiFi MAC Address Restriction<\/a><br \/><a href=\"http:\/\/www.shortinfosec.net\/2008\/07\/obtaining-valid-mac-address-to-bypass.html\">Obtaining a valid MAC address to bypass WiFi MAC Restriction<\/a><br \/><a href=\"http:\/\/www.shortinfosec.net\/2008\/04\/dhcp-security-most-overlooked-service.html\">DHCP Security &#8211; The most overlooked service on the network<\/a><\/p>\n<div class=\"blogger-post-footer\"><img width='1' height='1' src='https:\/\/blogger.googleusercontent.com\/tracker\/7196788127833928948-6649497434838172701?l=www.shortinfosec.net' alt='' \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/feeds.feedburner.com\/~r\/shortinfosec\/~4\/ycawEXl2TTM\" height=\"1\" width=\"1\"\/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>When pen-testing a corporation, always look for the Guest WLAN. If there is one and you manage to get on it, you are in luck!Corporate Guest WLANs are a great place to get a lot of interesting and possibly confidential information without much effort. And this is simply because there are a lot of corporate [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-130236","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/130236","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/comments?post=130236"}],"version-history":[{"count":0,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/130236\/revisions"}],"wp:attachment":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/media?parent=130236"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/categories?post=130236"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/tags?post=130236"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}