Penetration Testing mailing list archives
Re: OpenAir pen-testing
From: hwertz () avalon net
Date: Thu, 12 Jul 2007 02:19:42 -0500
Does anyone have any experience with pen-testing or general security setup/issues of any "OpenAir" wireless devices? It appears to be a pre-802.11 wlan protocol from proxim. I can't seem to find any *real* information on the protocol, or how it's used and implemented. I understand that the data is not encryped, but that there is a shared security ID that needs to be sent to join the network. Any advice on how to connect/sniff/break/audit/etc this type of traffic?
*cut*
I found what looks like a mirror of the files here, but this is still for old versions of linux: http://www.haucks.org/download/
Well, even if you don't succeed in any sort of sniff, I'd certainly advise the client that the data is sent in the clear. The security ID is just like a modern SSID, just there so there wouldn't be confusion if multiple wireless LANs were operating.. it doesn't provide true security. Now, "security through obscurity" is no good, but 802.11-FHSS is already obscure, and this is even more obscure, so it will at least stop your average wardriver, since it'll just show up as noise at best. As for actually sniffing it. It might be a pain, but any chance of this would probably involve sucking it up, building a really old kernel and building this driver you've found for it. Make sure you set this old kernel non-default, so if it turns out not to actually work you haven't made your system non-bootable 8-). The main concern regarding bootability is newer distro's tendency to use udev.. this requires a 2.6 kernel. I know several years ago, a non-udev system I had with earlier 2.6 kernel could boot up under 2.2 and even 2.0 kernels however. If your distro of choice won't deal with an older kernel, I'd get a temporary hard drive and just put something contemporary with the drivers you've found; my choice would be either Slackware, Debian, or lastly Redhat (but use it if you prefer.) If you can't find your tools of choice for the old distro, put on tcpdump, log what you need and copy the logs over for dissection by modern tool of choice... tcpdump dates back to the 1980's so any distro should have it no matter how old. That said, the RangeLan2 driver very well may not have sniffing capabilities. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Swap Out your SPI or Watchfire app sec solution for Cenzic's robust, accurate risk assessment and management solution FREE - limited Time Offer http://www.cenzic.com/wf-spi ------------------------------------------------------------------------
Current thread:
- OpenAir pen-testing Aaron Peterson (Jul 10)
- Re: OpenAir pen-testing Paul Melson (Jul 11)
- Re: OpenAir pen-testing Michael Painter (Jul 13)
- <Possible follow-ups>
- Re: OpenAir pen-testing hwertz (Jul 12)
- Re: OpenAir pen-testing Paul Melson (Jul 11)