Full Disclosure mailing list archives
RE: Wireless Security
From: "Patrick Doyle" <patrick.doyle () bbc co uk>
Date: Fri, 28 Nov 2003 17:27:10 -0000
It's an interesting topic, thanks to all your replies. Have a good weekend Paddy -----Original Message----- From: Jonathan A. Zdziarski [mailto:jonathan () nuclearelephant com] Sent: 28 November 2003 16:46 To: jan.muenther () nruns com Cc: Simon Hailstone; Patrick Doyle; full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Wireless Security
You should be aware that MAC addresses can be forged as well.
I believe this also works (at least in Linux) ifconfig wlan0 hw ether [new mac] Tools like kismet make it all too easy to find a valid MAC address to spoof on the network. Application-Layer encryption is definitely the most secure method. EAP+Dynamic WEP keys is a significant enhancement, but still vulnerable to session hijacking. You may also consider using Token-based authentication if you are going to run EAP (and to authenticate your shells too). RSA SecurID's ACE/Server will emulate a RADIUS server, making it very useful for these types of authentication. I'm sure Cryptocard has something useful too. What would be schweet is if you could use the SecurID token code (which changes every 30 or 60 seconds) as a one-time pad for dynamic WEP key changes. Then you wouldn't have to pass WEP keys across the network where they could be intercepted...and changing every 60 seconds would make it virtually un-bruteable. If you haven't read "Wireless Hacks" by O'Reilly yet, I strongly recommend you grab a copy; it's an excellent little book. http://www.amazon.com/exec/obidos/tg/detail/-/0596005598/qid=1070037607/sr=1-1/ref=sr_1_1/002-0400399-7348019?v=glance&s=books Jonathan BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Wireless Security Patrick Doyle (Nov 28)
- RE: Wireless Security Simon Hailstone (Nov 28)
- Re: Wireless Security jan . muenther (Nov 28)
- Re: Wireless Security Jonathan A. Zdziarski (Nov 28)
- Re: Wireless Security jan . muenther (Nov 28)
- RE: Wireless Security Ben Nagy (Nov 28)
- Re: Wireless Security Dennis Opacki (Nov 28)
- Re: Wireless Security Joel R. Helgeson (Nov 28)
- RE: Wireless Security Michael Chenetz (Nov 30)
- <Possible follow-ups>
- RE: Wireless Security Patrick Doyle (Nov 28)
- Re: Wireless Security Chris Adams (Nov 28)
- RE: Wireless Security Simon Hailstone (Nov 28)