Tag Archives: wifi

Wifi tricks (public and limited networks)

(use your own discretion/risk)

When connecting to public Wi-Fi, watch what you are doing, it can be dangerous.
(Use a VPN whenever you can, like OpenVPN or Zerotier.)

But it also can be fun to have a look on those networks.

Sometimes there are IP camera’s you can find.
Use an App like Android TinyCam to scan for camera’s

I found at least 5 this way. Getting access, is something else.
One had access to RTSP without password. 🙂
But I found IP camera’s in the wild using a default password also.
(Just google for default passwords. Don’t know the brand of the device? Sometimes you can use the OUI (Organizationally Unique Identifier) part of the Mac Address to find the brand)

Other fun things to scan for are devices you can cast to!

At one time I was in Woerden, getting my Car fixed.
I started working on my Laptop using their guest Wi-Fi.
And checking out the network, I saw some TVs with Casting enabled.
Let’s Cast a Youtube video with a fireplace to it.
Next moment, the display behind the desks started playing the video.
The guys behind the desk were not facing the display.

I tried to revert my test, but I could not found/start the original cast stream.
I told them to get this fixed, and the network security.

Another idea is to scan for hidden camera’s in Hotels or B&Bs.
(There are more tricks to find these, like Flir/IR)

Some Hotels or B&B have a paid Wifi or a one device only policy.

Some tricks for that are:

Using a device which acts as an Access Point/Router.

I started using this trick with a Ravpower (RP-WD01)

I used this device to copy my Nikon photos to an external storage device.

I patched the OS on this Linux device.
Now it autocopied files from sdcard to usb-drive when inserted.

But it also could act as an AccessPoint.
Laptops/tablets and phones can connect using this hotspot.

After that I used a WD device in the same way.

After that I made a mini AP using a Raspberry PI.

When connecting with the first device which was a phone, I wanted to switch to an accesspoint.
So I spoofed the MAC address of the my AP, because it was mac-address locked in the B&B’s main access point.

Now it’s even easier, current mobile phone’s have dual Wi-Fi interfaces.
Connecting to an AP and at the same time setting up a hotspot is a breeze.
(Not that this is needed any more, Wi-Fi is not limited to one device any more. And mobile internet is almost everywhere)

Some access points still require payment, or you don’t know the password.

Some tricks below (use wisely):

Access point with a captive portal:
These are not protected initially.
But you have to enter a username/password to gain access to the internet.

  1. Try to start a VPN client (without logging into the captive portal)
    Sometimes those ports are not blocked.
    (Even more change to use UDP instead of TCP, try zerotier)
  2. Sometimes only DNS works though those AP’s.
    Then you could use a DNS tunnel. This is a method to embed your network traffic in DNS packages. (Note: you have to make your own DNS tunnel server!) https://github.com/yarrick/iodine
  3. Copy the Captive Portal website, write some logging code. And start AP using the same SSID you want the credentials for.
    Get close to someone using the real AP, so they try to log into your fake AP, using their credentials.
    (This is also illegal, and I won’t post code to do this.)

Mikrotik RB4011 Vlan Guest Wifi (IOT) devices

See inline comments:

# Add vlan bridge
/interface bridge
add name=bridge_vlan5

# add security profile for wifi
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=iot supplicant-identity=""

# add virtual wifi to 2.4G and 5G APs
/interface wireless
set [ find default-name=wlan2 ] band=2ghz-g/n country=netherlands disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge security-profile=xxxxxxxxxxx ssid=MYSSID station-roaming=enabled wireless-protocol=802.11 wps-mode=\
    disabled
set [ find default-name=wlan1 ] band=5ghz-a/n/ac channel-width=20/40mhz-Ce country=netherlands disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge name=wlan5 security-profile=xxxxxxxxxxxxx skip-dfs-channels=all ssid=\
    MYSSID station-roaming=enabled wireless-protocol=802.11 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=4A:8F:5A:48:A4:69 master-interface=wlan2 multicast-buffering=disabled name=wlan_iot2 security-profile=iot ssid=IOT vlan-id=5 vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 \
    wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=4A:8F:5A:80:CE:1D master-interface=wlan5 multicast-buffering=disabled name=wlan_iot5 security-profile=iot ssid=IOT vlan-id=5 vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 \
    wps-mode=disabled

# Add vlans to virtual Wifi
/interface vlan
add interface=wlan_iot2 name=vlan5_iot-2 vlan-id=5
add interface=wlan_iot5 name=vlan5_iot-5 vlan-id=5

# add ip range for dhcp
/ip pool
add name=dhcp_pool5_iot ranges=10.5.0.2-10.5.0.200

# add dhcp server with above range
/ip dhcp-server
add address-pool=dhcp_pool5_iot interface=bridge_vlan5 name=dhcpiot

# add vlans and interfaces to vlan  bridge
/interface bridge port
add bridge=bridge interface=wlan_iot2
add bridge=bridge interface=wlan_iot5
add bridge=bridge_vlan5 interface=vlan5_iot-5
add bridge=bridge_vlan5 interface=vlan5_iot-2

# add vlan to existing bridge (Not really needed) is for inter vlan traffic
/interface bridge vlan
add bridge=bridge_vlan5 vlan-ids=5

# add interfaces to LAN list (firewall needs this)
/interface list member
add interface=vlan5_iot-2 list=LAN
add interface=bridge_vlan5 list=LAN
add interface=vlan5_iot-5 list=LAN

# Add gateway/dhcpserver ip address
/ip address
add address=10.5.0.254/24 comment="IOT (vlan5)" interface=bridge_vlan5 network=10.5.0.0

# dhcp server network
/ip dhcp-server network
add address=10.5.0.0/24 dns-server=1.1.1.1 gateway=10.5.0.254 netmask=24

# generic NAT rule
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN

Mikrotik todo

My work document for my Mikrotiks
(Also for my friend Vincent, with a similar setup.)

I’m going to collect information on this page for below changes.

WIFI

  • Access list connections only
  • Default forward – only certain clients
  • Guest network – better setup.
    I’ve got a folkband guest network right now and
    a captive portal AP on my internet router. (Outside my network)
    This is for colleagues of Coline.
  • Vlan for certain clients

Zerotier

  • Network routing
  • Security

IOT

Move all clients to own vlan
New or better VLAN setup

  • Redo Guest network
  • IOT Vlan
  • Manage Vlan better setup
  • Lab – a redo because of changes in DMZ

Info

YT : https://www.youtube.com/watch?v=Hqu8JlieSq4

Mikrotik

Switches and access-points

Today i got my RB4011 ! Wooot!

Total tally

  • MikroTik CRS305-1G-4S+IN – Lab
  • MikroTik RB2011UiAS-RM – Office
  • MikroTik hAP AC2 – Studio
  • MikroTik CRS109-8G-1S-2HnD-IN – Attic
  • MikroTik RB4011iGS+5HacQ2HnD-IN – Livingroom
  • NEW (2022-04-02) crs125-24g-1s-in (2022-04-02)

To replace .. 4 SLM2008 and a TPLink switch 🙂

How much fun is this! .. A display on a switch!

I’ll be posting something about connecting an arduino to the serial console using a tcp server later.

Mikrotiks are all you can eat .. And there is a lot of functionality. One of the main features (besides being switches and routers)

  • Openvpn server
  • DIY display connect
  • Proxy
  • Today Vincent mentioned Mqtt plugin (2022-apr-6)
  • https://help.mikrotik.com/docs/display/ROS/Packet+Sniffer sounds interesting also

Installing extra packages

  • Download correct package zip from ( https://mikrotik.com/download )
  • Extract and use file upload
  • Reboot your mikrotik

Mikrotik Guest Network

I’ve got several AccessPoints in my network.
Using a roaming setup, clients can connect to strongest AP.

For our Folkband i’ve setup same.
With the exception of those clients only being able to connect to the Internet, and not the rest of my Network

  • Virtual Access Point
  • Own subnet
  • dhcp server only for this access point
  • NAT and Firewall rules for access limitation
/interface bridge 
add name=bridgeguest
/interface wireless security-profiles 
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=guest supplicant-identity=MikroTikHAP wpa2-pre-shared-key=guestkey
/interface wireless
add disabled=no mac-address=MACADDRESS master-interface=wlan1 name=guest security-profile=guest ssid=guest station-roaming=enabled wds-default-bridge=bridge wps-mode=disabled
/ip pool
add name=guest ranges=10.5.0.2-10.5.0.250
/ip dhcp-server
add address-pool=guest disabled=no interface=bridgeguest name=dhcpserverguest
/interface bridge port
add bridge=bridgenb interface=guest
/ip address
add address=10.1.0.5/24 comment=defconf interface=ether2 network=10.1.0.0
add address=10.5.0.1/24 interface=bridgeguest network=10.5.0.0
/ip dhcp-client
/ip dhcp-server network
add address=10.5.0.0/24 dns-server=1.1.1.1 gateway=10.5.0.1
/ip dns static
add address=10.1.0.5 name=router.lan type=A
/ip firewall filter
add action=drop chain=input dst-address=10.1.0.5 dst-port=22,80,443,8291,21,23 protocol=tcp src-address=10.5.0.1-10.5.0.254
add action=drop chain=input dst-address=MYNETWORKSHERE/16 src-address=10.5.0.2-10.5.0.250
add action=drop chain=forward dst-address=MYNETWORKSHERE/16 src-address=10.5.0.2-10.5.0.250
add action=drop chain=forward dst-address=MYNETWORKSHERE/16 src-address=10.5.0.2-10.5.0.250
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=accept chain=srcnat src-address=10.5.0.0/24