Security Basics mailing list archives
RE: Wireless range limiting
From: Nico Darrow <ndarrow () airdefense net>
Date: Wed, 16 Apr 2008 16:29:19 -0400
I wish I had the screenshot of the Newbury demo at defcon. But I remember their entire location tracking system was brought down by fake-ap running a cloned AP MAC address. It's a good idea, but not practical. They required such a high density of sensors to make accurate location predictions. And this can be easily circumvented by a well placed MAC-spoofed AP. Here's my recommendation. If you want to limit the range of an AP, then just disable it's lower bitrates. Take 802.11b/g router. Enable 802.11G only mode (if you can. Most internal cards are B/G cards at least). If you have a high-end AP (Cisco,Symbol,etc), then disable the lower bitrates. Not only will you lower your range and increase throughput (by not having to worry about slower B clients with longer transmit windows), but you also get out of reach of most script kiddies with their 802.11b prism2 chipset ;-P Just make sure everything is thoroughly tested before rolling out a change like this. Home environments are easy to tweak, work environments are harder. Remember nothing beats a good Wireless IDS/IPS :-P -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Joshua Wright Sent: Wednesday, April 16, 2008 12:42 PM To: Charles Hardin Cc: wifisec () securityfocus com; security-basics Subject: Re: Wireless range limiting -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Charles, Charles Hardin wrote: | A co-worker of mine was recently telling me of a tool he had seen | several years ago. A utility where you could upload a floor plan of | your building and specify where your access points are located. You | could then walk around your perimeter with a wireless client with an | agent on it that would allow you to marcate the physical boundries of | where you want the wireless signal to reach and it would reject | clients outside this range based on the signal. This is the Newbury Networks product (http://www.newburynetworks.com/products-rf-firewall.htm). I don't know if I trust such a system, since they do not know the transmit power of someone inside or outside of your facility (they probably assume something like 100 mW + 3 dBm antenna). If an attacker has a higher-gain antenna, they can appear to be inside your facility with a stronger signal. I do not claim to know the full detail of the product, but that is my skeptical 2 cents for today. - -Josh -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iQIVAwUBSAYsaDWX3FIa1TkuAQIhMQ/+Ks04mzt8VxZ47eP82Vsw2+Opd4Bk8ALi 171Ds0NgOEAD3supH2AlAmenrLtw6PPKO5FeoXEeWKP/FgbqgCu+vwTqH6oXJJvy pZVcMp6pMd+suvphoNREpzumyOwymmx7Cx8gWikdPWOeALWE3XsGWSS4LsuMNDEJ UbBusL0Aj938em7PDOKYLpMn6hiwh94ikQmrmA/M5C3WEr53zwscOlWWR9JobdVt b5nhWtM6VAmXDw+BQ/QxSBlywY/PAsoprOGBmZqyYczOVv5mVSQg43ZwE0tqpyjh NlSRbQ35CUxUSuYL2YmJ7bwHhFPEFllSVCU8QuMVwgbH2Wyr2I/cf4gNh2Uq7cUQ iEtDuBvdXzins8CX/YXn3a2+2r2S687RCdpULsie+hFTQ3czMWEfqbJD5EJn30SJ YS1dx40weCW7bnV1zIspPlmG+R7grxwKls6UB1oqnSWIQOOeDs/oIhYbV6WH9Ys8 KLrO5QMhmyRCyMLAutTNINehSpOnFB+ODEji0C0ISssF0cQZpyJa9QF6uJC5g82e ZP6jX301bGiI7uGOMdEOMcbBvqcROOW+4PUlfUDJtfWEMj6EyNESpfuNT9DFVbEp MLMOa/CCn/xg82XxhiTWgn4lJdo2qcjAxDDwYRfrdeIBV3dqydiHtNl8hROi4xkh WlaFgu8a6jc= =7BOH -----END PGP SIGNATURE-----
Current thread:
- Wireless range limiting Charles Hardin (Apr 16)
- RE: Wireless range limiting Nathan Sherlock (Apr 16)
- Re: Wireless range limiting Joshua Wright (Apr 16)
- RE: Wireless range limiting Nico Darrow (Apr 16)
- Re: Wireless range limiting RB (Apr 17)
- RE: Wireless range limiting Nico Darrow (Apr 16)
- Re: Wireless range limiting RB (Apr 16)
- Re: Wireless range limiting Kurt Buff (Apr 16)
- Re: Wireless range limiting Jeremy Bennett (Apr 16)
- RE: Wireless range limiting Oguz Tekeli (Apr 17)
- RE: Wireless range limiting Patterson, Michael (Apr 16)
- RE: Wireless range limiting Eggleston, Mark (Apr 16)