next »

[Phaëton]

i see these kids with iTampons and what not wandering around the neighborhood
like zombies looking for an unprotected router... every now and then for fun i
plug in my old linksys router and they gather underneath my window...

of course then i unplug it and laugh my ass off.....

 i want to set it up so that when freeloaders use the signal they go straight to my
*amp server.... so that I can be GOOGLE to them... lol

My question is, shouldnt i just be able to run a dns server along with *amp
and trap their requests and spit back goofed up pages to them?

 

[perkiset]

If they are pure DHCP then you can simply supply the address of the DNS server like you do the gateway. But any punk worth his salt will know to point to a trusted server, like the ATT roots at 4.2.2.x and such.

But us, if you really wanted to do this, have your Linksys point to a gateway wch is actually a*nix box sharing its internet connection on one side to the other. Then wireshark everything that comes across to watch or write your own protocol to diverte traffic through your own processing before it moves on.

Uncool, but totally doable.

But I was LMAO thinking of you putting up the net to attract the zombies. "brains... BRAINS must have BRAINS." funny as hell.

[Earl Grey]

but instead of just the router why not have some real fun.
put up a wifi antenna.
you can either have a small multi directional for $60 which will broadcast a good 2 to 3 km
or for $70 you can go directional and have 20 -30km

i run a load of wireless internet networks and the traffic and searches you see is just amazing
would highly recommend playing and expanding your idea a little more.

[vsloathe]

Use netcat/ngrep...airgrep, something like one of those apps.

Short answer is yes, if you own their gateway and DHCP server you are god. Even if you don't, if you poison the ARP cache on any wifi network and take over the ARP of the gateway and DHCP server, you're god. The protocols we all use were not designed with security in mind.

EDIT: I used to use Auditor and Backtrack to do this, I did some googling a few months back and it looks like the go-to project for pen testing live CDs right now is Whax (or could be backtrack, but if you google "auditor security suite" or "backtrack security suite" it should give you some tools to dick around with).

[LondonSEO]

Hi,

That sounds interesting, anyway is there a way to offer them FREE access but ask them to 'download an application' first?

I can see a lot of potential there 

LS