Re: radius+ wireless // Yes.. It's true..

["Steve Choi (drwx@Argos)" <drwx () argos or kr>]

In my experience, IEEE 802.11b and IEEE 802.1X are more vulnerable than other security enhanced standard like IEEE 
802.11i.
In vulnerable environment, anybody who have wireless station can sniff most of data. For example, management frames are 
transferred to AP with plaintext.
And I've implemented integrated penetration testing tool to test my wireless environment. Throughout my tool, sniffing, 
DoS(management, EAP related), session hijacking, and Man in The Middle attack are possible.
Especially, in commercial environment, session hijacking is more dangerous because malicious user can use wireless 
without paying. 
I recommend to use IEEE 802.11i standard, or certification based IEEE 802.1X.
And also using high bit WEP keys can help you to enhance your wireless environment.


-----Original Message-----
From: Gaspar de Elías [mailto:gaspar.delias () gmail com] 
Sent: Thursday, November 18, 2004 7:18 AM
To: security-basics () securityfocus com
Subject: radius+ wireless

hello
I'm an isp, and i'm providing internet to my customers via wireless,
authenticating with a radius server on freeBSD. My question is the
folowing: Can somebody sniff the wireless conections, crack WEP
alghoritm, and cheat his mac and ip addresses in order to steal
information from one of my customers?
A friend told me that doing this is incredibly easy, so i'm investigating. 
What should i implement to make my wireless lan more secure?


-- 
Gaspar de Elías