From: Andrew N. <an...@ro...> - 2008-12-10 23:19:08
|
Dominik, My AP can deauth from the command line. Where can I find this functionality? Would it be possible to replace telnet with SSH? Something like this: ssh $USER@$ACCESSPOINT 'iwpriv ath0 kickmac $MACADDRESS' For ssh to work you would have to setup keys so no password would be required. Also this would only work on Atheros Based AP's but could be easily ported to a whole bunch of other APs. This would be much easier than trying to do it with SMNP at least in my case and would open the door up to supporting many diffrent types of AP's. The main thing that I would need to get from PF is the MACADDRESS and ACCESSPOINT the user could be hard coded or set from a conf file some how. I don't even have a working PF install yet so I may be off my rocker, I don't want to install it and try to get it working if it won't work in my environment. The good news is this is the last piece (I think) that I have to figure out. Thanks for the help! _ /-\ ndrew On Wed, Dec 10, 2008 at 2:20 PM, Dominik Gehl <dg...@in...> wrote: > Hi Andrew, > > PF currently deauthenticates the MACs using telnet connections (and CLI > commands). I've recently heard about a Cisco MIB which should allow us to > replace the telnet connection by an actual SNMP query on Cisco Wireless > Controllers and will be testing this next week. > > Does the soft AP you are using have any documentation related to MAC > deauthentication ? > > Dominik > > On 10-Dec-08, at 3:53 PM, Andrew Niemantsverdriet wrote: > >> Well, I am using a linux computer as an AP. My plan is to edit the >> /etc/snmp/snmptrapd.conf so that when a de auth request is sent that >> file will act on it. I am mostly experimenting to see if that is even >> possible. I am looking for how PF deauthenticates a user. >> >> On Wed, Dec 10, 2008 at 1:12 PM, Dominik Gehl <dg...@in...> wrote: >>> >>> Hi Andrew, >>> >>> this OID is highly specify to the actual AP. Are you looking for how PF >>> deauthenticates a user ? Or are you trying to find out the 'right' OID >>> for >>> your AP ? >>> >>> Thanks, >>> Dominik >>> >>> On 10-Dec-08, at 12:38 PM, Andrew Niemantsverdriet wrote: >>> >>>> How can I find what OID is sent when a snmp de auth request is sent? I >>>> may have found a work around, also any idea on how to send a test snmp >>>> de-auth? What exactly is sent? Is the MAC address included or how does >>>> it know which station to de auth? Sorry for the flurry of questions. >>>> >>>> Thanks! >>>> >>>> -- >>>> _ >>>> /-\ ndrew Niemantsverdriet >>>> Academic Computing >>>> (406) 238-7360 >>>> Rocky Mountain College >>>> 1511 Poly Dr. >>>> Billings MT, 59102 >>>> >>>> >>>> On Sat, Dec 6, 2008 at 3:27 PM, Dominik Gehl <dg...@in...> wrote: >>>>> >>>>> Hi Andrew, >>>>> >>>>> you are right: in order to isolate wireless computers, you must be able >>>>> to >>>>> deauthenticate the MAC from the AP (using SNMP or telnet or any other >>>>> means). If you don't need isolation, you might be fine with APs which >>>>> don't >>>>> support deauthentication ... >>>>> >>>>> Dominik >>>>> >>>>> On 08-12-06, at 16:20, Andrew Niemantsverdriet wrote: >>>>> >>>>>> On the wireless side registration only would be fine. I take it that >>>>>> to isolate computers you need SNMP to do de-auth? >>>>>> >>>>>> On Sat, Dec 6, 2008 at 1:18 PM, Dominik Gehl <dg...@in...> wrote: >>>>>>> >>>>>>> Hi Andrew, >>>>>>> >>>>>>> what are your exact requirements ? Do you want to isolate computers >>>>>>> on >>>>>>> violations (for example based on snort rules) or do you require only >>>>>>> 'registration' ? >>>>>>> >>>>>>> Thanks, >>>>>>> Dominik >>>>>>> >>>>>>> On 5-Dec-08, at 1:36 PM, Andrew Niemantsverdriet wrote: >>>>>>> >>>>>>>> I am having trouble finding an AP that will allow SNMP >>>>>>>> deauthintication that is affordable for my puny budget. Can a linux >>>>>>>> box that is acting as an AP do SNMP deauthintication? Is there any >>>>>>>> work arounds on that requirement? Any suggestions welcome. >>> >>> >>> -- >>> Scanned for viruses and dangerous content by mailgate1.rocky.eduLinks may >>> still contain dangerous content. >>> >>> >> >> >> >> -- >> _ >> /-\ ndrew Niemantsverdriet >> Academic Computing >> (406) 238-7360 >> Rocky Mountain College >> 1511 Poly Dr. >> Billings MT, 59102 > > > -- > Scanned for viruses and dangerous content by mailgate.rocky.eduLinks may > still contain dangerous content. > > -- _ /-\ ndrew Niemantsverdriet Academic Computing (406) 238-7360 Rocky Mountain College 1511 Poly Dr. Billings MT, 59102 |