Thank you lain.
The only part of this I didn’t immediately realize is the wifi pineapples default IP range.
From now on, I’m going to set that as my clients default public IP range to troll anyone who knows.
really start to worry when it’s
169.254.0.x…That just means the
DNSDHCP is disabled.Edit: words
-
“The hotel’s free WiFi is really fast”
-
“the DNS is disabled”
-
That is not what that means, it means there’s no dhcp on that network segment.
If there isn’t DHCP and you device isn’t set for a static IP, would it even connect?
So, no… but also yes.
You’re correct that it’s unlikely that the device connecting to the network would be able to reach the outside Internet, but it would still be able to reach any local resource to itself, which is to say any other device which is in its network segment and also in the same state (DHCPless) that it is, via what’s referred to as a link-local address. These are in the 169.254.x.x/16 or fe80::/10 space and allow devices to self-assign addresses independent of upstream connectivity for communication on the local network segment. Usually, these aren’t useful, but these address are consistent, and can be used to directly contact known local hosts from your machine without DHCP. As to whether or not they can reach upstream hosts in this state, the answer is ‘probably not’, but that’s not the same as what you said.
In my defense, whenever there’s a networking issue, it’s always DNS related.
The three stages of grief:
- It can’t be DNS
- There’s no way it could be DNS
- It was DNS
DNS being down is why the DHCP server didn’t start ;)
I can totally see dnsmasq causing this sort of thing.
nothing to see here :)
Isnt it also for docker?
Yes
You mean op’s waifu was wrong?
Wtf is with the “…” Explain why pls.
There’s nothing at all suspicious about the 172.16.0.0/12 address block. It’s a standard block of IP addresses that’s reserved for use on local networks, just like 10.0.0.0/8 and 192.168.0.0/16. It’s not a scheme exclusively or primarily used for illicit purposes.
There’s nothing at all suspicious about the 172.16.0.0/12 address block.
Correct. However the 172.16.42.0/24 block is the default for a WiFi Pineapple. Any other range is usually ok, but the 42 on a /24 specifically would make me (and most people who actually know what a WiFi Pineapple is) avoid that network.
nothing to see here :)
It’s just one of many private ranges.
Sure, it’s one of many, but how often do you see that specific (42) block used? I honestly don’t think I ever have, outside of a pentest lab. The 172.16.42.0/24 (not just any 172.16 like you’re saying) block is the default for a WiFi Pineapple. Any other range is usually ok, but the 42 on a /24 granting WAN access specifically would make me (and most people who actually know what a WiFi Pineapple is) avoid that network.
Saying 172.16.0.0/12 is usually for pentesting scummy thing is very misleading…Saying it’s dangerous is like saying every websites using
.xyzdomain is dangerous(which makes little more sense than this, btw)You clearly don’t know what a WiFi Pineapple is, because we’re zeroing in on the 42 and you liken it to the entire 172.16 block. And linking every .xyz domain to a specific block (42) that is used by default for a pentest device is even more misleading.
nothing to see here :)
It’s not that it’s on the 172.16.0.0/12 range. That’s totally normal and used for all kinds of stuff.
It’s that it’s in 172.16.42.0/24 which is the default dhcp settings for a wifi pineapple. It’s the /24 mask given on the .42 that’s a little suspicious because that’s not a common range for anything else.
Being assigned one of those specific 253 hosts with that subnet mask would definitely make me think twice.
could calyx vpn save you from a wifi pineapple?
It’s the /24 mask given on the .42 that’s a little suspicious because that’s not a common range for anything else.
Well now I know. I operate a ton of /24 subnets in the 172.16.0.0/12 scope. Technically I could fit them in the 192.168.0.0/16 scope, but I have lots of students connecting SoHo wifi-routers to the subnets, and this way it’s pretty easy to tell, if someone put the WAN cable in a LAN port when people are getting 192.168.1.0/24 DHCP offers.
but I have lots of students connecting SoHo wifi-routers to the subnets, and this way it’s pretty easy to tell, if someone put the WAN cable in a LAN port when people are getting 192.168.1.0/24 DHCP offers.
I use 172.31.254.0/23 on my WiFi router. I guess I’d confuse you. /23 to just separate it nicely into 2 /24 blocks.
172.31.254.0/24 range is for manual assignments and 172.31.255.0/24 range is given out by DHCP.
I do not need that many IPs, it’s just for convenience.I chose this range because of my school as it uses 192.168.0.0/16 range.
To help mitigate my possible mistakes when connecting to school network, I set the DHCP lease time to just 5 minutes.172.31.254.0/24 range is for manual assignments and 172.31.255.0/24 range is given out by DHCP. I do not need that many IPs, it’s just for convenience.
I do similar for my home network, mostly for a combination of future proofing and ease of use.
Realistically it would probably make more sense to segment it with more networks, but I’m only going to go so far with complexity for my home production
Thank you Lain!
Thank you Lain.
neither is that range pineapple exclusive nor should ppl use public wifi without a proper vpn.
so the meme makes no sense. if you recognize the pineapple default range but yet dont use a vpn…then you re a dumbass.
Does that anime still hold up today? I’ve thought of watching it at times.
if you’re looking for something ambient and trippy, i’d say it’s worth the watch
Thank you Lain.
Public WiFi is just PvP enabled
[x] Client isolation on
This is now a safe zone
Isn’t that how the setup works for any relatively large company? I admittedly haven’t worked in many, but that’s usually the case for corporate computers at least.
I think the idea there is that the whole Class B private range starts at 172.16.0.x so it’s unlikely, that any hotel you’re at would be using 172.16.42.x because it’s so far irom the start of that range unless it’s a chain that needs to keep its ranges separate between sites for VPN or documentation reasons.
Basically, seeing 172.16.42.x doesn’t inherently mean something’s wrong, and I’m sure people using the pineapple for nefarious reasons would be smart enough to change its default LAN, but if you see it, maybe be more cautious.
Also if you bring one onto a real network to pwn it you’re probably deliberately not replacing it’s DHCP server so you don’t break static IP assignments (but you might fake the routes so traffic goes through you anyway with ARP spoofing, etc)
172.16.0.0/12 is a valid prefix for private networks. In fact, you get more hosts than 192.168.0.0/16, but less than 10.0.0.0/8.
Yeah, it’s not that it’s not valid for private networks, it’s that 172.16.42.x is common for WiFi Pineapples
Every “well ackqually” person in this thread is insufferable
IDK, I find them quite sufferable and in fact I’m learning something from this thread.
Can’t argue with that, I guess
A pineapple can have any subnet it wants. Also I have multiple subnets that start 172.16.xx.xx
you must be leet haxor
Thank you Lain.
