Wlan, Ad-hoc and malware

Discussion in 'other security issues & news' started by Searching_ _ _, Oct 16, 2008.

Thread Status:
Not open for further replies.
  1. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Hello,

    I am wondering about the possibility of the wlan cards inside laptops being switch without the users knowledge into ad-hoc mode.

    How would I as a user detect that my wlan is in ad-hoc mode?

    I know that ad-hoc mode doesn't provide encryption. Would I be vulnerable to anyone in my area who is infected if in ad-hoc mode?

    If I am in ad-hoc mode, would I notice any difference when surfing?
    [guess]Pages would not open seemingly instantly, there would be a delay.[/guess]

    [Edit2]: Would I be able to surf while in ad-hoc mode? (This is the ? I wanted to ask above.)
    I believe the answer to this is yes. http://wifi.aximsite.com/alternate.html#_adhoc
    Surfing is possible on the system in ad-hoc mode using ICS to bridge the nic to the wlan.[/Edit2]

    With ad-hoc mode, would an attacker be able to re-aquire me, after I clean up, via an unsecure local router in my neibhorhood?

    Thanks,

    Searching_ _ _

    edit: To do this remotely, I am guessing, they would need to be able to write to serial eeprom on the wlan, which normally uses parallel port programming to access. http://www.phanderson.com/printer/eeprom/eeprom.html
    But I have found that you can program hardware I/O ports using linux and C http://www.faqs.org/docs/Linux-mini/IO-Port-Programming.html
    At a glance, it may be possible to do it remotely. More reading.
    [edit3]I have found some of what I was looking for here, more reading.
     
    Last edited: Oct 17, 2008
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,

    I would not worry if I were you.

    It's difficult to flash hardware using normal stuff, like floppies, cds and similar media. Doing so remotely without breaking connection? Impossible.

    People love fancy hacking stuff, but things are much simpler. Before can anyone craft code that can do that, packets from remote first have to get into your machine, which they can't because your firewall is there.

    It's a chicken and egg problem and you hold them both.

    Mrk
     
  3. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Hi Mark,

    What you state might be true if I had not given away the keys to the castle to someone I had argued with.

    Basically, while trying to learn linux, I was sent to a defunct repository and downloaded whatever was cooked up for me. After arguing with the person I said to myself I probably shouldn't download what the anon suggested, but chose the good will of all men position instead.

    I had a very difficult cygwin or similar malware because of this. It was so persistent that some recomended techs advised a wipe and flash of the bios. While this did fix some issues it has not corrected all. What remains is connected to the network adapters, of which I have 3, nic, wlan, 1394 net adapter. If I disable the 1394, I lose all wired connectivity.

    The router I use is not visible using the wlan but is ok using wired connection.

    If I reset the router in order to reconfigure all, then my computer imediately begins talking to somewhere. During configuration I usually have the cable from the modem to the router unplugged yet the communication goes on.

    I can't see what or who using netstat and SIW (network shows no activity when there is lots). But my HDD is chugging ever so slightly and my router uploads downloads are blinking like crazy as well as the modem. So my computer is having a conversation with some one.

    Again the problems I am having are a little above my head to solve, they are hardware related or reaquires via bios lojack or something. Maybe I should make up that parralel port reset device.

    Maybe it's a virus that attaches to flash memory devices

    Getting lost brainstorming,

    Searching
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    You did not get any bios / flash malware.
    And cygwin is not malware either.
    Mrk
     
  5. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I am familiar with the argument that "guns are neither good nor bad, but the intentions in which they are used makes them so".
    Then I am just a crash test dummy. Which doesn't make me happy either. I refuse to be a patsy. :)

    Syslinux was present on my XP system when I had not installed any, and after numerous wipes.
    I have trouble detecting network activity.
    Raw data was written at the end of a wiped drive while using Bart PE.
    The size of my physical drive was changed.
    Someone in my neighborhood keeps shadowing my router channel, I change it and in a couple of days they have changed their channel to match mine.

    I will have to remove my wlan and my wireless router from the loop and see if the behavior continues.

    Lately it seems to be wifi related issues.

    Searching
     
Loading...
Thread Status:
Not open for further replies.