BarCamp WiFi Disaster

Okay, this one left me scratching my head.

When I arrived at BarCamp, we were allocated two IP addresses on the QUB network and I set about using one of them to provide a public network and the other to provide a Private network for the Webcasts or whatever and to act as a failover. Things were fine at first until people started to arrive. We might have had ten to fifteen laptops on the network when the WiFi just started playing up.

Using iStumbler, we determined that there was some sort of issue with the network. WiFi channels 1, 6 and 13 were stuffed with ambient traffic so we repositioned to avoid those and still we were getting this problem. In our WiFi network scans we were seeing multiple instances of our networks, though the second one was encrypted. Attempts to join our unencrypted networks would fail silently and the only stable network we could manage was the Ad-hoc one provided by my Macbook Pro – which not everyone could join (the Nokia N800s and Vista laptops mainly).

The theory went:

There was some sort of Trojan effect going on, either automatically or malevolently (and presumably from an attendee). When you put up a network, it would spawn a copy of the network which had a WiFi password. This would cause your attempts to join our network to fail – it was like it was jammed. If you put up an encrypted network, then you had a 50% chance of latching onto the wrong network and entering your WiFi password. This would make WiFi password harvesting to be very quick. They theory continued that the malevolent presence would then join your encrypted network using the harvested password details and start to sniff for passwords on the WiFi.

Bastard, eh?

I would really hate to think this was an attendee acting malevolently but then I’ve seen worse from humans. I wouldn’t be surprised if this was a trojan on someone’s machine because someone definitely had an unpatched Windows machine on the network, the “Free Public Wifi” ad-hoc network that appears nearly everywhere there’s a collection of Windows machines.

See

The puzzling phenomenon of seeing “Free Public Wi-Fi” that you can’t connect to when you’re searching for free public wi-fi has been solved. It’s “Microsoft Windows Silent Adhoc Network Advertisement.”
From a Nomad Research Centre Advisory:
This advisory documents an anomaly involving Microsoft’s Wireless Network Connection. If a laptop connects to an ad-hoc network it can later start beaconing the ad-hoc network’s SSID as its own ad-hoc network without the laptop owner’s knowledge. This can allow an attacker to attach to the laptop as a prelude to further attack.

Not recent and not unpatched. But there it was.

This post explains something else:

At Emerging Tech 4-5 years ago, someone had set up an ad hoc network with the same name as the real one. It was interfering with the real one, so the organizers repeatedly asked whoever had set up the ad hoc network to shut it down. The culprit turned out to be …. me. But I knew that I had not set up an ad hoc network, much less set one up and name it the same as the conference network. All I did was open my laptop and click on one of the ones that had the official conference name … which must have been an ad hoc network someone else set up. I then became the “carrier.” Ack.

That’s just brilliant. So it’s entirely possible that it wasn’t malevolent and wasn’t a clever Trojan/Worm but rather was just the way Windows works.

If this is the case, an extra special thanks to everyone who uses an unpatched version of Windows. I loved missing talks because I was troubleshooting why the WiFi was screwy.