Security Basics mailing list archives
Re: radius+ wireless // Yes.. It's true..
From: "Steve Choi (drwx@Argos)" <drwx () argos or kr>
Date: Thu, 18 Nov 2004 10:56:21 +0900
In my experience, IEEE 802.11b and IEEE 802.1X are more vulnerable than other security enhanced standard like IEEE 802.11i. In vulnerable environment, anybody who have wireless station can sniff most of data. For example, management frames are transferred to AP with plaintext. And I've implemented integrated penetration testing tool to test my wireless environment. Throughout my tool, sniffing, DoS(management, EAP related), session hijacking, and Man in The Middle attack are possible. Especially, in commercial environment, session hijacking is more dangerous because malicious user can use wireless without paying. I recommend to use IEEE 802.11i standard, or certification based IEEE 802.1X. And also using high bit WEP keys can help you to enhance your wireless environment. -----Original Message----- From: Gaspar de Elías [mailto:gaspar.delias () gmail com] Sent: Thursday, November 18, 2004 7:18 AM To: security-basics () securityfocus com Subject: radius+ wireless hello I'm an isp, and i'm providing internet to my customers via wireless, authenticating with a radius server on freeBSD. My question is the folowing: Can somebody sniff the wireless conections, crack WEP alghoritm, and cheat his mac and ip addresses in order to steal information from one of my customers? A friend told me that doing this is incredibly easy, so i'm investigating. What should i implement to make my wireless lan more secure? -- Gaspar de Elías
Current thread:
- Re: radius+ wireless // Yes.. It's true.. Steve Choi (drwx@Argos) (Nov 18)