PDA

View Full Version : What does it do ?



Shadow
03-09-08, 12:44 PM
I have a wireless PCI card based on a ralink RT61 chipset in
an old PC. It is connected to an antenna on top of my roof. There are
no ralink software or drivers on that PC.

So what does the card do ?

Does it transmit its MAC address ?
Try to discover other APs around it ?
Does it try to get an IP assigned to it ?
Does it transmit at all ?


Wandering about security issues ....

[]'s

News
03-09-08, 12:56 PM
Shadow wrote:

> I have a wireless PCI card based on a ralink RT61 chipset in
>an old PC. It is connected to an antenna on top of my roof. There are
>no ralink software or drivers on that PC.
>
> So what does the card do ?
>
> Does it transmit its MAC address ?
> Try to discover other APs around it ?
> Does it try to get an IP assigned to it ?
> Does it transmit at all ?
>
>
> Wandering about security issues ....
>
>
>

Keep wandering. You may stumble onto something.

Mark McIntyre
03-09-08, 03:52 PM
Shadow wrote:
> I have a wireless PCI card based on a ralink RT61 chipset in
> an old PC. It is connected to an antenna on top of my roof. There are
> no ralink software or drivers on that PC.
>
> So what does the card do ?

Sit there absorbing a small amount of electricity. :-)

Without drivers, its doing nothing. However are you /sure/ there are no
drivers? If its a Windows PC it may have builtin drivers for the card.
In which case it's probably active, trying to find an AP to connect to.

> Does it transmit its MAC address ?

If you activate it in infrastructure mode, then it'll periodically send
out broadcasts which will contain its MAC.

> Wandering about security issues ....

If security is an issue, disable or remove the card.

Jeff Liebermann
03-09-08, 03:58 PM
Shadow <sh@dow> hath wroth:

> I have a wireless PCI card based on a ralink RT61 chipset in
>an old PC. It is connected to an antenna on top of my roof. There are
>no ralink software or drivers on that PC.
>
> So what does the card do ?

That sounds like a frequency hopping spread spectrum chip used by
Raylink, Symbol, and WebGear cards. It's probably intended to connect
to a WISP (wireless internet service provider) that uses that
technology. Is it a PCMCIA card that's shoved into a PCI adapter?
Something like the tiny photos of the Raylink PCI adapter at:
<http://www.raylink.com/pdf/adapter_manual.pdf>

> Does it transmit its MAC address ?

Yes. All wireless bridging does that.

> Try to discover other APs around it ?

Nope.

> Does it try to get an IP assigned to it ?

Yep. From the WISP's central router and DHCP server. Without a
contract, it's not going to happen.

> Does it transmit at all ?

Yes.

> Wandering about security issues ....

NO internet connection = few security issues.

> []'s

???

--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Shadow
03-11-08, 10:59 AM
On Sun, 09 Mar 2008 13:58:53 -0700, Jeff Liebermann <jeffl@cruzio.com>
wrote:

>Shadow <sh@dow> hath wroth:
>
>> I have a wireless PCI card based on a ralink RT61 chipset in
>>an old PC. It is connected to an antenna on top of my roof. There are
>>no ralink software or drivers on that PC.
>>
>> So what does the card do ?
>
>That sounds like a frequency hopping spread spectrum chip used by
>Raylink, Symbol, and WebGear cards. It's probably intended to connect
>to a WISP (wireless internet service provider) that uses that
>technology. Is it a PCMCIA card that's shoved into a PCI adapter?
>Something like the tiny photos of the Raylink PCI adapter at:
><http://www.raylink.com/pdf/adapter_manual.pdf>

Here it is:

http://www.edimax.com/en/produce_detail.php?pd_id=1&pl1_id=1&pl2_id=44

>
>> Does it transmit its MAC address ?
>
>Yes. All wireless bridging does that.
>
>> Try to discover other APs around it ?
>
>Nope.
>
>> Does it try to get an IP assigned to it ?
>
>Yep. From the WISP's central router and DHCP server. Without a
>contract, it's not going to happen.
With drivers it gets an invalid 10.10.10.1 type address from
the ISP. Without drivers I can't see it :P
Using linux.
>
>> Does it transmit at all ?
>
>Yes.
>
>> Wondering about security issues ....
>
>NO internet connection = few security issues.
Like someone might locate the PC by the MAC address, even if I
unload the drivers. Using a directional antenna, and a netstumbler on
a laptop. Something like that.
I deduce the answer is yes ....
[]'s

msg
03-11-08, 03:11 PM
Shadow wrote:
<snip>
> With drivers it gets an invalid 10.10.10.1 type address from
> the ISP. Without drivers I can't see it :P

Why do you think that IP address is 'invalid'? Many ISPs assign
IP addresses from the private spaces and do NAT at the head end.

<snip>
> Like someone might locate the PC by the MAC address, even if I
> unload the drivers. Using a directional antenna, and a netstumbler on
> a laptop. Something like that.

<snip>

A client radio does not broadcast beacons; with no significant traffic
on this client, there is little RF to do direction finding. Netstumbler
is not suited for direction finding in any case; there are other tools
for that. Being that this is FHSS, you wouldn't see it with conventional
software tools anyway; you might as well be sniffing for baby monitors
or microwave ovens.

Michael

Jeff Liebermann
03-11-08, 11:59 PM
Shadow <sh@dow> hath wroth:

>http://www.edimax.com/en/produce_detail.php?pd_id=1&pl1_id=1&pl2_id=44

OK, I was wrong. It's a conventional 802.11b/g wireless PCI card.

> With drivers it gets an invalid 10.10.10.1 type address from
>the ISP. Without drivers I can't see it :P

That's normal. Most WISP (wireless ISP) providers do NOT supply
routeable IP addresses. 10.xxx.xxx.xxx is part of RFC-1918
non-routeable private IP addresses.
<http://www.faqs.org/rfcs/rfc1918.html>

> Using linux.

OK, what makes you think there are no drivers? If you're using the
card and it gets an IP address, there's certainly a driver somewhere.
Probably came with your unspecified Linux mutation.

> Like someone might locate the PC by the MAC address, even if I
>unload the drivers. Using a directional antenna, and a netstumbler on
>a laptop. Something like that.

All 802.11 wireless is bridging. Bridging requires that everyone know
the various MAC addresses. MAC addresses are sent in the clear and
not encrypted. I suppose once can precipitate a DoS attack if I knew
your MAC address, but that's about it.

> I deduce the answer is yes ....

Ummm... what's the question? Actually, I don't see a problem. If you
disable the interface:
ifconfig wlan0 down
even with the MAC address, there's nothing I can do to your system.

However, if you're worried that the WISP might find out that you're
hacking their system with a machine that was formerly on their
network, you may have a problem. I don't know where the 10.10.10.1
address is coming from, but I suspect you don't have permission to use
that system.



--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Shadow
03-12-08, 07:44 PM
On Tue, 11 Mar 2008 21:59:58 -0700, Jeff Liebermann <jeffl@cruzio.com>
wrote:

>Shadow <sh@dow> hath wroth:
>
>>http://www.edimax.com/en/produce_detail.php?pd_id=1&pl1_id=1&pl2_id=44
>
>OK, I was wrong. It's a conventional 802.11b/g wireless PCI card.
>
>> With drivers it gets an invalid 10.10.10.1 type address from
>>the ISP. Without drivers I can't see it :P
>
>That's normal. Most WISP (wireless ISP) providers do NOT supply
>routeable IP addresses. 10.xxx.xxx.xxx is part of RFC-1918
>non-routeable private IP addresses.
><http://www.faqs.org/rfcs/rfc1918.html>
Sure, it gives me a 10.10.10.x address via DHCP, if I use an
invalid mac and wep key.
If I use a valid one, I can choose which 172.x.x.x address I
use (depends only on mac, as wep key is same for all users). Legit
users do not have dhcp, they get static IPs
>
>> Using linux.
>
>OK, what makes you think there are no drivers? If you're using the
>card and it gets an IP address, there's certainly a driver somewhere.
>Probably came with your unspecified Linux mutation.
It's a router. It has a USRobotics 56k modem and the wireless
card.
And two linux liveCDs which I built myself. The dialup CD
certainly does not have a ralink driver, and vice-versa. I exchange
them as needed.
>
>> Like someone might locate the PC by the MAC address, even if I
>>unload the drivers. Using a directional antenna, and a netstumbler on
>>a laptop. Something like that.
You see, when I'm using the dialup CD, which I do 98% of the
time, my antenna and wireless card are all there, but no drivers.
Wondering if someone could sniff it out. That was the original
question. I don't have a laptop to test ....
>
>All 802.11 wireless is bridging. Bridging requires that everyone know
>the various MAC addresses. MAC addresses are sent in the clear and
>not encrypted. I suppose once can precipitate a DoS attack if I knew
>your MAC address, but that's about it.
>
>> I deduce the answer is yes ....
>
>Ummm... what's the question? Actually, I don't see a problem. If you
>disable the interface:
> ifconfig wlan0 down
>even with the MAC address, there's nothing I can do to your system.
True. Not a problem though.
>
>However, if you're worried that the WISP might find out that you're
>hacking their system with a machine that was formerly on their
>network, you may have a problem. I don't know where the 10.10.10.1
>address is coming from, but I suspect you don't have permission to use
>that system.
The 10.10.10.x I can. But it has no valid gateway. It's the
172.x.x.x one that they object to me using..... which I do only to dl
heavy stuff it the twilight hours.
PS this is the backwoods of South America. Lawyers please
refrain from commenting ....
[]'s

D. Stussy
03-12-08, 09:52 PM
"Shadow" <sh@dow> wrote in message
news:c788t3lomalutsgcsu3t0l8bb02ll35ga0@4ax.com...
> I have a wireless PCI card based on a ralink RT61 chipset in
> an old PC. It is connected to an antenna on top of my roof. There are
> no ralink software or drivers on that PC.
>
> So what does the card do ?
>
> Does it transmit its MAC address ?
> Try to discover other APs around it ?
> Does it try to get an IP assigned to it ?
> Does it transmit at all ?
>
>
> Wandering about security issues ....

http://www.google.com/search?q=ralink+RT61

Looks like an 802.11g card. Windows driver and hacks for Linux exist.

Shadow
03-13-08, 04:26 PM
On Wed, 12 Mar 2008 18:52:45 -0800, "D. Stussy"
<spam@bde-arc.ampr.org> wrote:

>"Shadow" <sh@dow> wrote in message
>news:c788t3lomalutsgcsu3t0l8bb02ll35ga0@4ax.com...
>> I have a wireless PCI card based on a ralink RT61 chipset in
>> an old PC. It is connected to an antenna on top of my roof. There are
>> no ralink software or drivers on that PC.
>>
>> So what does the card do ?
>>
>> Does it transmit its MAC address ?
>> Try to discover other APs around it ?
>> Does it try to get an IP assigned to it ?
>> Does it transmit at all ?
>>
>>
>> Wandering about security issues ....
>
>http://www.google.com/search?q=ralink+RT61
>
>Looks like an 802.11g card. Windows driver and hacks for Linux exist.
>
They certainly do ....
:P

P.Schuman
03-13-08, 10:26 PM
"Shadow" <sh@dow> wrote in message
news:06tgt31a95h6oo28jdb6sq3s6enk99j5rh@4ax.com...
> On Tue, 11 Mar 2008 21:59:58 -0700, Jeff Liebermann <jeffl@cruzio.com>
> wrote:
>
>>Shadow <sh@dow> hath wroth:
>>
>>>http://www.edimax.com/en/produce_detail.php?pd_id=1&pl1_id=1&pl2_id=44
>>
>>OK, I was wrong. It's a conventional 802.11b/g wireless PCI card.
>>
>>> With drivers it gets an invalid 10.10.10.1 type address from
>>>the ISP. Without drivers I can't see it :P
>>
>>That's normal. Most WISP (wireless ISP) providers do NOT supply
>>routeable IP addresses. 10.xxx.xxx.xxx is part of RFC-1918
>>non-routeable private IP addresses.
>><http://www.faqs.org/rfcs/rfc1918.html>
> Sure, it gives me a 10.10.10.x address via DHCP, if I use an
> invalid mac and wep key.
> If I use a valid one, I can choose which 172.x.x.x address I
> use (depends only on mac, as wep key is same for all users). Legit
> users do not have dhcp, they get static IPs
>>
>>> Using linux.
>>
>>OK, what makes you think there are no drivers? If you're using the
>>card and it gets an IP address, there's certainly a driver somewhere.
>>Probably came with your unspecified Linux mutation.
> It's a router. It has a USRobotics 56k modem and the wireless
> card.
> And two linux liveCDs which I built myself. The dialup CD
> certainly does not have a ralink driver, and vice-versa. I exchange
> them as needed.
>>
>>> Like someone might locate the PC by the MAC address, even if I
>>>unload the drivers. Using a directional antenna, and a netstumbler on
>>>a laptop. Something like that.
> You see, when I'm using the dialup CD, which I do 98% of the
> time, my antenna and wireless card are all there, but no drivers.
> Wondering if someone could sniff it out. That was the original
> question. I don't have a laptop to test ....
>>
>>All 802.11 wireless is bridging. Bridging requires that everyone know
>>the various MAC addresses. MAC addresses are sent in the clear and
>>not encrypted. I suppose once can precipitate a DoS attack if I knew
>>your MAC address, but that's about it.
>>
>>> I deduce the answer is yes ....
>>
>>Ummm... what's the question? Actually, I don't see a problem. If you
>>disable the interface:
>> ifconfig wlan0 down
>>even with the MAC address, there's nothing I can do to your system.
> True. Not a problem though.
>>
>>However, if you're worried that the WISP might find out that you're
>>hacking their system with a machine that was formerly on their
>>network, you may have a problem. I don't know where the 10.10.10.1
>>address is coming from, but I suspect you don't have permission to use
>>that system.
> The 10.10.10.x I can. But it has no valid gateway. It's the
> 172.x.x.x one that they object to me using..... which I do only to dl
> heavy stuff it the twilight hours.
> PS this is the backwoods of South America. Lawyers please
> refrain from commenting ....
> []'s

ok - you have a PC box acting as a local router
with a dialup modem or a local WISP connection
all driven by a bootable Linux CD config'd for either the modem or WiFi -

ok - back to original type question....
The WiFi is gonna be like any other WiFi card....
if "active" it will transmit it's SSID (or not) and Netstumbler will "see"
it.
That's the RF level - no driver, no activation, no RF signal ?

Next, is the connection "into" the Access Point - either end -
You would need your WEP/WPA or whatever to get past the Access Point.

Next level - IP - you would need to get an IP address on the "network
segment".
Past that - you need to find some "service" or "open port" to connect.

SO - all of these things need to be in place to make a connection "into",
or "out of" your router box.... no different than any other situation.

Shadow
03-14-08, 10:19 PM
On Fri, 14 Mar 2008 03:26:00 GMT, "P.Schuman"
<pschuman_no_spam_me@interserv.com> wrote:

>ok - you have a PC box acting as a local router
>with a dialup modem or a local WISP connection
>all driven by a bootable Linux CD config'd for either the modem or WiFi -
Yes
>
>ok - back to original type question....
>The WiFi is gonna be like any other WiFi card....
>if "active" it will transmit it's SSID (or not) and Netstumbler will "see"
>it.
>That's the RF level - no driver, no activation, no RF signal ?
That was my original question. What kind of built in activity
does a PCI wireless card have if no drivers are loaded ? Does it scan,
transmit MAC, try to find an AP ? Or does it just sit there, dead to
the world, waiting for a driver to start it up ?
>
>Next, is the connection "into" the Access Point - either end -
>You would need your WEP/WPA or whatever to get past the Access Point.
>
Yes, the wireless linux CD router works fine. I understand
that part of it. It spoofs the mac address, enters a valid wep key,
joins the ISP, sets up routing and nameservers.
Its what happens when the dialup CD is working that worries
me.
>Next level - IP - you would need to get an IP address on the "network
>segment".
>Past that - you need to find some "service" or "open port" to connect.
>
>SO - all of these things need to be in place to make a connection "into",
>or "out of" your router box.... no different than any other situation.
>