[unisog] XP silently configuring ad-hoc wifi

Teklinski, Peter pt at ADM.NJIT.EDU
Mon Sep 26 20:12:45 GMT 2005


We have done a survey of the areas listed in the original posting and
have been unable to substantiate any of the claims made.  Please note,
that the original posting was done without our knowledge or permission
and the poster was not a member of NJIT infosec staff.  

Thank you,
Peter Teklinski
NJIT 

-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Frank Bulk
Sent: Monday, September 26, 2005 8:00 AM
To: 'UNIversity Security Operations Group'
Subject: Re: [unisog] XP silently configuring ad-hoc wifi

This is still all unconfirmed, and if you read the livejournal links,
you
would think the infosec staff at the New Jersey Institute of Technology
would be much more forthcoming.

Joshua Wright, the wireless guru of SANS, has been trying to confirm
some of
the details.

Frank

-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org]
On Behalf Of z./(--)\.s
Sent: Saturday, September 24, 2005 7:30 PM
To: unisog at lists.sans.org
Subject: [unisog] XP silently configuring ad-hoc wifi

Although this hasn't hit any of the major news sites out there (it was
mentioned on SANS' Internet Storm Center a few days ago -
http://isc.sans.org/diary.php?date=2005-09-23), it's been going around
the
rumor mill that there's a wireless worm out there that's attacking
unpatched
XP machines and reconfiguring them as ad-hoc wireless zombies. afaik
this
has only been noticed on the east coast but I'm not in the states so I
can't
confirm.
Check out preliminary details and a packetdump:

details:
http://www.livejournal.com/community/lj2600/79996.html
http://www.hacksrus.com/~recompiler/aec_le/
http://www.livejournal.com/community/infosec/47702.html


packetdumps:
http://www.hacksrus.com/~recompiler/aec_le/dump2aec

The packet dump doesn't seem to contain any illegitimate data, but if
you're
having similar issues maybe contributing to the conversation would be
useful.

~Angel

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com _______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog

_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog





More information about the unisog mailing list