Security Basics mailing list archives
Re: About War Driving ..
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Thu, 7 Dec 2006 15:27:09 +0100
On 2006-12-06 FatalSaint wrote:
Ansgar -59cobalt- Wiechers wrote:Then you simply failed to understand my objections.Your first email consisted mostly of "Pointless." Over and over. How is one to understand that without a more detailed explanation?
I consider it basic, if not common knowledge on a security-related list, that MAC and IP addresses can be sniffed and spoofed most easily on a WLAN. Anyway, I hope to have cleared that up with my last mail.
*thousand passphrases per second*With computers today it's actually quite a bit more though I don't have specific numbers. (especially if you can run a cluster or multiple SMP's)
Assume you have a cluster of 1000 nodes each of which can try a billion passphrases per second. That reduces the average time to crack a 30 (!) character passphrase from 3.66 * 10^95 years to 3.66 * 10^83 years. A noticable reduction, yes, but still not to a point that would be even remotely insecure. Not to mention that you'd normally use a passphrase much longer than 30 characters.
However, the point of your argument is still sound that it requires time to do. The bigger better machinery you have the less time is required.
True, but see above. [...]
It seems that you don't understand what the SSID's purpose is....In order to connect a user needs to have the SSID. I didn't mean his network will appear "invisible" .. it will just show a wireless signal with no name. A Program like Kismet -will- detect a hidden ssid if there is enough traffic - sure. But when I was reading up on this I remember seeing some wireless sniffers wouldn't.
I don't know about that, but even if there are sniffers that don't: from a security PoV you have to assume that the attacker is using tools of reasonable quality. And as I pointed out before: if the encryption is strong it doesn't matter at all if the attacker knows the SSID to begin with. [...]
You're still giving your attacker the benefit of the doubt and just not trying. At the least the admin should attempt. It could very well be an inside user using their own laptop (not corporate)- having no idea how to crack wep or spoofing anything. Or it could be someone who knows how to crack WEP and set their IP using Red Hat's cutesy GUI having no knowledge of ifconfig or the HW option. Etc... these people -do- exist. I've met them. There are still people who think spoofing the MAC is a difficult endeavor. I don't know how in Windows, personally, but in Linux it's a simple matter of 1 command - but you can't assume *everyone* knows that command.
When planning security measures I always assume a knowledgeable attacker. And I usually don't consider measures that won't keep him out, because they add complexity without creating appropriate security. [...]
More layers also mean increased complexity, thus making the network (and its security) harder to maintain. Which, in consequence, can *reduce* the network's security.Only if you're untrained/uneducated in what you are implementing.. or just afraid of a little work.
I like to keep my workload low. Besides, with higher complexity you increase your risk to simply overlook something, regardless of how well educated you are.
Any security measure implemented incorrectly can be a security flaw.
Which is why you want to keep things simple.
Even your almighty WPA if the pass phrase is just "aaaaaaaa".
You remember that I had suggested using strong passphrases, and that I said I'm aware of WPA-PSK being vulnerable in case of weak ones, don't you?
Bottom line: your suggestions are either ineffective or don't address the OP's original problem. Which is what I was objecting to.Not the way it sounded to me. And why -just- tell him the one thing when you can offer suggestions on damage mitigation as well?
If you re-read my first mail you'll notice that I did not criticize those measures in general, but pointed out a) that they only become effective *after* a successful break-in, and b) where I think they may cause problems. [...]
Why even bother about additional measures that don't add any significant amount of security, but do require (significant) additional maintenance? It's - as I said before - pointless.Firstly, enabling those items don't require a 'significant' amount of work.
So you don't update the MAC filter every time you add a new device or retire an old one? IBTD.
Secondly - why stop building your security diagram once you've done just one item?
I don't. I just don't add things that aren't worth bothering, security- wise. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- Re: About War Driving .., (continued)
- Re: About War Driving .. Dave Moore (Dec 04)
- Re: About War Driving .. Steven (Dec 06)
- list moderation (was Re: About War Driving.) Kelly Martin (Dec 07)
- Re: About War Driving .. Joel W Pauling (Dec 01)
- Re: About War Driving .. giles (Dec 01)
- Re: About War Driving .. FatalSaint (Dec 01)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 04)
- Re: About War Driving .. FatalSaint (Dec 06)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 06)
- Re: About War Driving .. FatalSaint (Dec 07)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 07)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 04)
- Re: About War Driving .. Brian Loe (Dec 07)
- Re: About War Driving .. FatalSaint (Dec 07)
- Re: About War Driving .. Brian Loe (Dec 07)
- Re: About War Driving .. FatalSaint (Dec 07)
- Re: About War Driving .. Kelly Martin (Dec 08)
- Re: About War Driving .. pryorda pryor (Dec 12)
- RE: About War Driving .. Alan Greig (Dec 06)