Full Disclosure mailing list archives
Re: Cisco LEAP exploit tool...
From: "KF (lists)" <kf_lists () secnetops com>
Date: Wed, 14 Apr 2004 23:04:30 -0400
http://classes.weber.edu/wireless/ -KF Jeff Schreiner wrote:
7 miles away is stretching it a bit far considering that all 802.11g wireless transmissions range between 2.4 - 2.4835 Ghz 802.11a/h/j range between 5.47 - 5.725 Ghz not only are the frequencies prone to scatter...the radio waves bounce off everything. All wireless routers are limited by FCC regulations to a maximum of 1 watt. http://www.odessaoffice.com/wireless/fcc_ism.html (1) For frequency hopping systems in the 2400-2483.5 MHz band employing at least 75 hopping channels, all frequency hopping systems in the 5725-5850 MHz band, and all direct sequence systems: 1 watt. For all other frequency hopping systems in the 2400-2483.5 MHz band: 0.125 watts. To get a 2.4 Ghz signal to travel 7 miles you would have to install an amplifier to boost the output to somewhere between 5 to 10 watts a 5 Ghz signal would require even more at which point you're in violation of FCC rules and Uncle Sam might come looking for ya. Just an FYI. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Williams Jon Sent: Wednesday, April 14, 2004 2:15 PM To: Paul Schmehl; Email List: Full Disclosure Subject: RE: [Full-disclosure] Cisco LEAP exploit tool... Well, that depends. For example, if you aren't using some form of strong authentication (i.e. smart cards, SecureID tokens, etc.) then its possible for someone to steal a laptop, use something like Cain (from the package Cain & Able) to extract their password from the registry. With that and a known wireless laptop, the attacker can then access your whole network from the parking lot (or the neighbor's house, or 7 miles away, etc.) While the same password vulnerability exists for non-wireless environments, it does mean that the attacker would have to have physical access to the building to use the credentials.Jon_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Cisco LEAP exploit tool..., (continued)
- Re: Cisco LEAP exploit tool... Valdis . Kletnieks (Apr 15)
- RE: Cisco LEAP exploit tool... Dave Horsfall (Apr 15)
- RE: Cisco LEAP exploit tool... Jeff Schreiner (Apr 15)
- RE: [inbox] RE: Cisco LEAP exploit tool... Curt Purdy (Apr 16)
- Office XP Update: March 23, 2004 insecure (Apr 16)
- Re: Office XP Update: March 23, 2004 Frank Knobbe (Apr 16)
- Re: [inbox] RE: Cisco LEAP exploit tool... marc (Apr 16)
- RE: Cisco LEAP exploit tool... Ron DuFresne (Apr 16)
- RE: Cisco LEAP exploit tool... Jason Slagle (Apr 15)
- Re: Cisco LEAP exploit tool... Ken Anderson (Pacific Internet) (Apr 16)
- Re: Cisco LEAP exploit tool... KF (lists) (Apr 14)
- Re: Cisco LEAP exploit tool... Byron Copeland (Apr 14)
- Re: Cisco LEAP exploit tool... Amaury Jacquot (Apr 14)
- RE: [inbox] Re: Cisco LEAP exploit tool... Curt Purdy (Apr 15)
- RE: Cisco LEAP clueless exploit tool... morning_wood (Apr 14)
- RE: [inbox] RE: Cisco LEAP exploit tool... Curt Purdy (Apr 15)
- RE: [inbox] RE: Cisco LEAP exploit tool... Bart . Lansing (Apr 16)