Security Basics mailing list archives
Re: wireless help
From: Tomas Wolf <tomas () skip cz>
Date: Thu, 02 Oct 2003 23:03:34 -0600
Yes, I fully agree... There is always a posibility :-) - RSN (Robus Security Networks -as it was named :-) ) was proven hijackable and volnurable to MitM attacks, and DoS attacks... Sorry for not making myself more clear about the MAC fingerprinting... It actually probes the card for several test and that evaluates against their fingerprint database - so that way it can say that a MAC saying "CISCO" is really not. Of course reliability is unknown to me... Hopefuly high. :-)
Thank you for your input. I appreciate it. Good luck - Tomas N407ER wrote:
Tomas Wolf wrote:But the problem is, that after WEP is cracked (talking easy with 802.11b), one has total access to traffic (for passive listening) and the network (nodes, bandwith, wherever this LAN leads to -- Internet, internet... etc.). Let's not forget that unauthorized wireless user can be a user that wants to be unauthorized, not just an accidental cross-authorization. So if some relies on WEP and complexity of maintaining mac filter rules for mobile users is unreachable, then we should look at some "unconventional" solutions. IP filter doesn't change much, since by observing decoded traffic for a while one can pretty much guess what "ranges" or selective IPs are allowed. DHCP would make it just "automatic". In WPA, there is a technology (if I remember corectly - it might be somewhere else though :-), maybe one of the cisco wireless aps) that looks at the "manufacturer" part of MAC and can tell spoofed MAC. But that is just a little off topic :-)Just my little something... TomasThough presumably an attacker could spoof a MAC address which you have listed as valid, no? Simply by passively sniffing, he could gain a valid IP *and* MAC, and use both.Even if you were to require user authentication, and time out inactive sessions, he could concievably hijack an active session, so long as the legit client doesn't do anything when it recieves responses to connections it's never made (I suspect a Windows machine with a personal firewall like ZoneAlarm would behave in this way, failing to terminate connections initiated by the attacker in its name). So a hijacker could probably grab an active connection for the duration of its activity, or even keep it active after it's been abandoned. The only real foolproof way to prevent this would be encryption like VPN or IPSec, I suspect. Which is certainly overkill or simply unfeasable for many installations.
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: wireless help George Peek (Oct 02)
- RE: wireless help David Gillett (Oct 02)
- Re: wireless help Tomas Wolf (Oct 02)
- Re: wireless help N407ER (Oct 03)
- Re: wireless help Tomas Wolf (Oct 03)
- Re: wireless help N407ER (Oct 03)
- <Possible follow-ups>
- RE: wireless help Zachary Mutrux (Oct 03)
- Re: wireless help Patoff Pat-EtHiQ (Oct 03)