A pineapple can have any subnet it wants. Also I have multiple subnets that start 172.16.xx.xx
this post was submitted on 06 Jul 2024
482 points (100.0% liked)
196
668 readers
107 users here now
Be sure to follow the rule before you head out.
Rule: You must post before you leave.
founded 2 years ago
MODERATORS
you must be leet haxor
172.16.0.0/12 is a valid prefix for private networks. In fact, you get more hosts than 192.168.0.0/16, but less than 10.0.0.0/8.
Yeah, it’s not that it’s not valid for private networks, it’s that 172.16.42.x is common for WiFi Pineapples
Every "well ackqually" person in this thread is insufferable
IDK, I find them quite sufferable and in fact I'm learning something from this thread.
Can't argue with that, I guess
really start to worry when it’s 169.254.0.x …
That just means the ~~DNS~~DHCP is disabled.
Edit: words
-
“The hotel’s free WiFi is really fast”
-
“the DNS is disabled”
That is not what that means, it means there's no dhcp on that network segment.
In my defense, whenever there's a networking issue, it's always DNS related.
The three stages of grief:
- It can’t be DNS
- There’s no way it could be DNS
- It was DNS
DNS being down is why the DHCP server didn't start ;)
I can totally see dnsmasq causing this sort of thing.
If there isn't DHCP and you device isn't set for a static IP, would it even connect?
So, no... but also yes.
You're correct that it's unlikely that the device connecting to the network would be able to reach the outside Internet, but it would still be able to reach any local resource to itself, which is to say any other device which is in its network segment and also in the same state (DHCPless) that it is, via what's referred to as a link-local address. These are in the 169.254.x.x/16 or fe80::/10 space and allow devices to self-assign addresses independent of upstream connectivity for communication on the local network segment. Usually, these aren't useful, but these address are consistent, and can be used to directly contact known local hosts from your machine without DHCP. As to whether or not they can reach upstream hosts in this state, the answer is 'probably not', but that's not the same as what you said.
Public WiFi is just PvP enabled
[x] Client isolation on
This is now a safe zone
The only part of this I didn't immediately realize is the wifi pineapples default IP range.
From now on, I'm going to set that as my clients default public IP range to troll anyone who knows.
So I guess I must be a leet haxor because of all the businesses I configured for the 172.x space because 192.168.x space was too small and 10.x space was way the hell too big.
wdym too big? That's what subnetting is for.
I know what subnetting is for. That’s why I know which RFC range to use. I’m talking based on the number of devices and needed groupings, 172 is a good sweet spot where 198.x would be a bit tight and 10.x is complete overkill.
Could you please explain, how 172.x is different "size" than 10.x? Don't both of those have 255*255*255 spaces?
Edit: Ok, I made ChatGPT explain it to me. Apparently, with 172.x the convention is to only use range from 172.16.x.x to 172.31.x.x because that range is designated for private networks under some internet regulations...
Yeah. Here’s a breakdown of the allocations and their sizes:
- 192.168.0.0/16 - 65,536 addresses
- 172.16.0.0/12 - 1,048,576 addresses
- 10.0.0.0/8 - 16,777,216 addresses
Most home applications only need a single /24 (256 addresses) so they are perfectly fine with 192.168.0.0/24, but as you get larger businesses, you don’t use every single address but instead break it out by function so it’s easier to know what is what and to provide growth in each area.
But tbh, I still don't see why you can't just use 10.x but only as many subnets as you need.
I know jack shit about networking, but I've set up OpenWrt routers a couple of times, and set my home network to 10.99. because that was suggested by a ZeroTier tutorial and I thought that's cool.
You’re technically correct, you can use any of them. It’s honestly just a matter of preference.
thank you lain
also omw to set up my dhcpv4 server to use that network whenever I create a hotspot
Thank you, Lain.
Thanks Lain.
Thank you Lain.
Thank you lain.
While I've never seen a router default to the 172.16... range, to me it just means that someoe bothered to modify the settings. No wonder the network is faster.
Fear-mongering much?
The .42 combined with it being a public AP is what raises suspicions
Fair enough, but 42 in any octet is going to be common anyways because nerds love us some Douglass Adams.
A lot of the comments here are saying that a pineapple can configure their subnet to use 10.x.x.x or 192.168.x.x. Is there any other way to determine if an access point is compromised?
Thank you lain.
Thank you lain
Thank you Lain.
Thank you Lain!
My ass, Lain.
Thank you Lain.
neither is that range pineapple exclusive nor should ppl use public wifi without a proper vpn.
so the meme makes no sense. if you recognize the pineapple default range but yet dont use a vpn..then you re a dumbass.
Isn’t that how the setup works for any relatively large company? I admittedly haven’t worked in many, but that’s usually the case for corporate computers at least.
I think the idea there is that the whole Class B private range starts at 172.16.0.x so it's unlikely, that any hotel you're at would be using 172.16.42.x because it's so far irom the start of that range unless it's a chain that needs to keep its ranges separate between sites for VPN or documentation reasons.
Basically, seeing 172.16.42.x doesn't inherently mean something's wrong, and I'm sure people using the pineapple for nefarious reasons would be smart enough to change its default LAN, but if you see it, maybe be more cautious.
Also if you bring one onto a real network to pwn it you're probably deliberately not replacing it's DHCP server so you don't break static IP assignments (but you might fake the routes so traffic goes through you anyway with ARP spoofing, etc)