Security Basics mailing list archives
Re: radius+ wireless
From: "Kenzo" <kenzo_chin () hotmail com>
Date: Fri, 19 Nov 2004 07:48:36 -0600
what ever happened to the idea of using the wireless thru a VPN device and add IPsec encryption or something added to wep? I haven't seen anyone bring it up. Did that idea die or something? ----- Original Message ----- From: "Bowes, Ronald (EST)" <RBowes () gov mb ca> To: "'Gaspar de Elías'" <gaspar.delias () gmail com>; <security-basics () securityfocus com> Sent: Thursday, November 18, 2004 2:34 PM Subject: RE: radius+ wireless There is software and hardware that lets you cycle your WEP key. You will probably want to change your WEP key every 10 minutes or so, since it takes about 10 minutes to crack it. I'm afraid I don't have any specific references to key-cycling software, but Google should be able to help you with that. And to answer your question, whoever receives the frame first will get the signal, since they'll respond with their own ACK and the server who receives it second will have the wrong SEQ/ACK numbers. Yes, this is a terrible security risk. There's also the issue of sniffing -- A user could put his wireless card into the equivalent of "promiscuous" mode, and look at all traffic that goes across it (passwords, emails, etc.). That's clearly a security risk. Again, WEP with cycling keys Ron Bowes Information Protection Centre Government Of Manitoba 204-945-1594 -----Original Message----- From: Gaspar de Elías [mailto:gaspar.delias () gmail com] Sent: Wednesday, November 17, 2004 9:40 PM To: Scott Bauer; security-basics () securityfocus com Subject: Re: radius+ wireless Thanks for your answers. I'll investigate in google. But i'm still thinking on something: Suppose somebody cracks my WEP key, and he clones his mac address and ip address; How could the access point distingish one pc from another? i mean if my customer is checking his mail, and the cracker is trying to download something, and both are comunicating to port 80, how would the information find a way to go to the right device? I think that ethernet frames would be accepted by both, customer and cracker (they have the same mac address). Then the frame become a package, and it's accepted by both too (same ip address) at internet or network layer. Finally is in the transport layer where it becomes a segment. And here is where data is accepted or rejected depending on the header's flags (ack,syn,seq). I wanted to know if i'm right or not. What do you think? thanks On Wed, 17 Nov 2004 19:00:36 -0700, Scott Bauer <scottybauer () gmail com> wrote:
Yes, Every wireless sends out Becaon Packets. Some of these packets contain the WEP Key, Right now im in the middle of cracking a 128 bit key, and I have captured 100,000 of the packets I need over the past 3 days. You need Alot of packets to beable to crack the key. Once the key is cracked. The user will log on under the ap and He wont be athentacated but if he puts his card in proximious mode He will get all packets. Therefor he would be able to see a MAC adress that is athentacated. With the server. Also If you have a static IP on the server he (I think) could just put in the static IP and wala he is in. I really dont think You should be worried with all these security
features.
PS if you have WPA you should use it. There is a way to crack it (very underground right now) but only a few know how ( encluding me). So if you do have WPA you should use it. Also if the user is just getting the antenna directly from the antenna to the computer through a wireless card. You will need to update the drivers and make sure those drivers will support WPA. There are other security features. But You will get more responses from other people. Hope I helped. Scott. PS the tools I use are as followed. I use Airopeek nx Demos' files to make a program work. The program is Air-Crack. its a zip and contains alot of things. I use Ethereal and Netstumbler Cheers On Wed, 17 Nov 2004 19:18:03 -0300, Gaspar de Elías <gaspar.delias () gmail com> wrote:hello I'm an isp, and i'm providing internet to my customers via wireless, authenticating with a radius server on freeBSD. My question is the folowing: Can somebody sniff the wireless conections, crack WEP alghoritm, and cheat his mac and ip addresses in order to steal information from one of my customers? A friend told me that doing this is incredibly easy, so i'm
investigating.
What should i implement to make my wireless lan more secure? -- Gaspar de Elías
-- Gaspar de Elías
Current thread:
- radius+ wireless Gaspar de Elías (Nov 17)
- Re: radius+ wireless GuidoZ (Nov 18)
- RE: radius+ wireless Andre Derek Protas (Nov 18)
- Re: radius+ wireless Jimi Thompson (Nov 19)
- RE: radius+ wireless Andre Derek Protas (Nov 18)
- Message not available
- Re: radius+ wireless Gaspar de Elías (Nov 18)
- Re: radius+ wireless GuidoZ (Nov 18)
- Re: radius+ wireless Tomas Wolf (Nov 18)
- <Possible follow-ups>
- RE: radius+ wireless Keodouangsy, Chinda (Keo) (Nov 18)
- RE: radius+ wireless Matvei Kliuchnikov (Nov 18)
- Re: radius+ wireless Gaspar de Elías (Nov 19)
- RE: radius+ wireless Bowes, Ronald (EST) (Nov 19)
- Re: radius+ wireless Kenzo (Nov 19)
- Re: radius+ wireless - ssh Alvin Oga (Nov 22)
- RE: radius+ wireless Brett Zink (Nov 19)
- RE: radius+ wireless M. Shirk (Nov 19)
- RE: radius+ wireless Dante Mercurio (Nov 19)
- RE: radius+ wireless M. Shirk (Nov 29)