Vulnerability Development mailing list archives
RE: Wireless Lans give EVERYONE ACCESS
From: sa7ori <sa7ori () tasam com>
Date: Fri, 10 Aug 2001 14:18:52 -0400 (EDT)
Additionally, one of the problems with the idea of placing a "network sniffer" on an "active" 802.11b NIC, is that you WONT receive packets from the Access Point unless you have successfully authenticated, and the firmware in the card has flipped some Rx bit. Many people have suggested using utils like HUNT, and Airopeek...but the best method I have found is to use WaveLan PC card and hack the drivers manually....granted, it can be a fairly daunting task but rewarding nontheless. If you dont care to do any work, there are such utilites for PRiSM based chipsets floting about on the net. On Thu, 9 Aug 2001, Jonas Thambert wrote:
WLAN is best used on a separate VLAN/NIC of the firewall in combination with VPN into the rest of the internal networks. The VPN authentication is best handled my RSA, safeword or biometric systems. Even then its not safe since it only takes 15 min to decrypt the 40-bits key. Maybe WEP2 128-bits key will solve that :-) /Jonas -----Original Message----- From: Conal Darcy [mailto:hersh () blindskier com] Sent: den 8 augusti 2001 04:29 To: Russell Handorf Cc: VULN-DEV () securityfocus com; bugtraq () securityfocus com Subject: Re: Wireless Lans give EVERYONE ACCESS But can't you just set up a firewall to block any packets from the wireless device that claim they're coming from the loopback device (127.0.0.1)? My experience with wireless devices is minimal so I may be wrong. Conal Darcy hersh () blindskier com On Mon, 6 Aug 2001, Russell Handorf wrote:Traditional authentication with wireless lan's consist of the following simplified procedure: 1). Wireless nic asks for an IP 2). Base station checks to see if the MAC Address can be passed. 3). If the authentication is successful then the DHCP server leases an IP to the Wireless nic. Today, I have circumvented the MAC Address authentication method, and had also sniffed successfully on a switched network with wireless stations on it without authentication into the network. For sniffing onto a wireless network without a registered MAC Address AND using WEP Encryption Methods: 1). Set the MAC Address of the card to 127.0.0.1 and the Netmask to 255.255.0.0 2). The card takes care of the rest. Just sit back and listen to the sounds of the network (NOTE: There will NOT be any DNS RESOLVING and quite possibly NO IP's will show up, only the computers MAC Addressed) (Double NOTE: All you need is another machines MAC Address to start a Man-in-the-Middle). For Getting an IP Address for Internet Connectivity: First Method requires that you have already sniffed on the network for an extended amount of time. Needed information is the IP Ranges, Netmask, and Gateway of the Lan. All of this can be acquired through HUNT. All you do is sift through the data generated, find an IP that hasn't sent any traffic take it and configure the other things (such as Netmask and Gateway manually). Second method requires you to have physical access to the lan. Take a hardwired nic and spoof it's MAC Address to that of the wireless nic's address. Run a command like 'pump,' swap cards and you should be on the network. The following instructions were executed on a Dell laptop with Redhat 7.0. The Ethernet card that was used is a Xircom 10/100 56k Combo thingy and the wireless lan card is a Lucent Technologies Wavelan Gold Turbo 128RC4. The base stations that these were tested on is a D-Link 1000AP, Orinoco AP-1000 Access Point, Orinoco COR-1100, and Cisco Aironet 350 Series. Will someone else please confirm that this is successful? Thanks Russ ================================== Russell Handorf oooo, shiney ::Wanders after it:: www.russells-world.com www.inside-aol.com www.terrorists.net www.bad-mother-fucker.org www.philly2600.net "Computer games don't affect kids, I mean if Pacman affected us as kids, we'd all be running around in darkened rooms, munching pills and listening to repetitive music." ~unknown ==================================
Current thread:
- Wireless Lans give EVERYONE ACCESS Russell Handorf (Aug 06)
- Re: Wireless Lans give EVERYONE ACCESS diphen (Aug 06)
- Re: Wireless Lans give EVERYONE ACCESS Jonah Horowitz (Aug 06)
- Re: Wireless Lans give EVERYONE ACCESS Shade (Aug 07)
- Re: Wireless Lans give EVERYONE ACCESS Jose Nazario (Aug 07)
- Re: Wireless Lans give EVERYONE ACCESS Conal Darcy (Aug 08)
- <Possible follow-ups>
- Re: Wireless Lans give EVERYONE ACCESS Russell Handorf (Aug 06)
- RE: Wireless Lans give EVERYONE ACCESS Jonas Thambert (Aug 10)
- RE: Wireless Lans give EVERYONE ACCESS sa7ori (Aug 10)
- Re: Wireless Lans give EVERYONE ACCESS Erik Fichtner (Aug 10)
- RE: Wireless Lans give EVERYONE ACCESS Jon Erickson CCG (Aug 10)
- RE: Wireless Lans give EVERYONE ACCESS Jonas Thambert (Aug 13)
- RE: Wireless Lans give EVERYONE ACCESS dgillett (Aug 13)
- [Site available] :: RE: Wireless Lans give EVERYONE ACCESS Inno Eroraha (Aug 15)
- RE: Wireless Lans give EVERYONE ACCESS dgillett (Aug 13)
- RE: Wireless Lans give EVERYONE ACCESS Jonas Thambert (Aug 14)
- RE: Wireless Lans give EVERYONE ACCESS big bon (Aug 14)
- RE: Wireless Lans give EVERYONE ACCESS Jerry Vogler (Aug 14)